The Linkielist

Linking ideas with the world

The Linkielist

Setapp Mobile shuts down alternative iOS app marketplace due to Apple’s crazy way of interpreting EU law

Posted on by

Setapp Mobile, MacPaw’s ambitious alternative iOS app store for European Union users, will close its doors in February after just over a year of operation, the service said Thursday.

On a support page, MacPaw cited Apple’s “still-evolving and complex business terms that don’t fit Setapp’s current business model” as the reason.

Setapp Mobile shuts down, blaming Apple’s complex EU marketplace terms

The Ukraine-based developer’s message appeared to suggest the widely criticized marketplace model resulting from the Digital Markets Act (DMA) is not financially sustainable under current conditions. The shutdown affects only the iOS version of Setapp in the EU. The company’s established Mac subscription service will continue operating normally.

Setapp Mobile launched in open beta in September 2024 as an early responder to EU legislation forcing Apple to allow alternative app stores within EU borders. The service shuts down February 16, 2026. It marks an early setback for third-party app distribution on iOS in the EU.

What Setapp Mobile offered, and what users should do

Setapp Mobile provided EU-based iPhone users with a unique value proposition. They could access more than 50 premium iOS apps through a single monthly subscription, with no in-app purchases or advertisements. The service offered a simplified alternative to traditional app purchasing, bundling multiple paid applications into one payment.

[…]

Setapp Mobile’s closure highlights the hurdles facing alternative app marketplaces in the EU, despite the Digital Markets Act requiring Apple to permit third-party distribution channels. The most prominent challenge appears to be Apple’s Core Technology Fee and associated business terms, which critics argue make it difficult for competing stores to achieve profitability.

Epic Games, which operates the most well-known alternative marketplace on iOS, absorbs the fees that EU developers would otherwise pay when distributing through the Epic Games Store. However, Epic CEO Tim Sweeney has publicly stated this approach is “not financially viable” long-term.

Sweeney characterized Apple’s fee structure as “ruinous for any hopes of a competing store getting a foothold.” And that prediction seems to hold true with Setapp Mobile’s closure.

[…]

Source: Setapp Mobile shuts down EU iOS app marketplace | Cult of Mac

For more on how Apple is like a tiny baby screaming it’s head off in the EU about wanting to stay a monopoly, read this and the links in the bottom

Turns Out Games Workshop Are Luddites, Bans Staff From Using AI in Its Content or Designs

Posted on by

Warhammer maker Games Workshop has banned the use of AI in its content production and its design process, insisting that none of its senior managers are currently excited about the technology.

Delivering the UK company’s impressive financial results, CEO Kevin Rountree addressed the issue of AI and how Games Workshop is handling it. He said GW staff are barred from using it to actually produce anything, but admitted a “few” senior managers are experimenting with it.

Rountree said AI was “a very broad topic and to be honest I’m not an expert on it,” then went on to lay down the company line:

“We do have a few senior managers that are [experts on AI]: none are that excited about it yet. We have agreed an internal policy to guide us all, which is currently very cautious e.g. we do not allow AI generated content or AI to be used in our design processes or its unauthorised use outside of GW including in any of our competitions. We also have to monitor and protect ourselves from a data compliance, security and governance perspective, the AI or machine learning engines seem to be automatically included on our phones or laptops whether we like it or not.

“We are allowing those few senior managers to continue to be inquisitive about the technology. We have also agreed we will be maintaining a strong commitment to protect our intellectual property and respect our human creators. In the period reported, we continued to invest in our Warhammer Studio — hiring more creatives in multiple disciplines from concepting and art to writing and sculpting. Talented and passionate individuals that make Warhammer the rich, evocative IP that our hobbyists and we all love.”

[…]

Source: Warhammer Maker Games Workshop Bans Its Staff From Using AI in Its Content or Designs, Says None of Its Senior Managers Are Currently Excited About the Tech – IGN

A bit sad that they have to go and ban it. You wonder if they are able to use a computer at all, or do they give hand painted stuff to the new fangled thing they call a printers?

Windows App breaks logins with first 2026 security patch

Posted on by

Microsoft has kicked off 2026 with another faulty Windows update. This time, it is connection and authentication failures in Azure Virtual Desktop and Windows 365 related to the Windows App.

The January 2026 security update, released on January 13, is the culprit. According to Microsoft, the update can result in credential prompt failures “during Remote Desktop connections using the Windows App on Windows client devices, impacting Azure Virtual Desktop and Windows 365.”

The upshot is that connecting to Windows 365 or Azure Virtual Desktop from the Windows App could be borked due to credential problems. Microsoft posted: “Investigation and debugging are ongoing, with coordination between Azure Virtual Desktop and Windows Update teams.”

The problem is widespread and appears to affect every supported version of Windows, from Windows 10 Enterprise LTSC 2016, right up to Windows 11 25H2. Windows Servers 2019 to 2025 are also affected.

Other than a swift uninstall of the update (which means losing important security fixes), Microsoft’s advice is to use the Remote Desktop Client to connect to Azure Virtual Desktop, or to use the Windows App web client.

Neither is an ideal solution. Microsoft said: “We are actively working on a resolution and plan to release an out-of-band (OOB) update in the coming days. Additional details will be shared as soon as they become available.”

Of the suggestion to use the Remote Desktop Client, one user wrote: “Thanks Microsoft, glad we spent ages migrating everyone over to Windows App.”

The Windows App is Microsoft’s one-stop shop for everything Windows launched via a rebranding exercise in 2024. According to Microsoft at the time, it “serves as your secure gateway to connect to Windows across Windows 365, Azure Virtual Desktop, Remote Desktop, Remote Desktop Services, Microsoft Dev Box, and more.” Until, of course, it doesn’t.

Another user reported: “It throws an ‘Unable to Authenticate’ error every time you try to click the ‘Connect’ button from Windows App. It instantly fails with the ‘Unable to Authenticate’ error.”

[…]

Source: Windows App breaks logins with first 2026 security patch • The Register

My art in a gallery show was destroyed over ai use by a guy he ATE and chewed up and spit out my photos!

Posted on by
r/aiwars - My art in a gallery show was destroyed over ai use by a guy he ATE and chewed up and spit out my photos!

my friend was there took pics of it as it was happening police took the guy away in handcuffs. Hazmat had to be called to sanitize the area. WTF! stay safe friends antis are unhinged and becoming concerning/unlawful.

Photos 5&6 are ai from photos with their face burred out. :/ Im probly pressing charges and filing a nco

I shall repair the piece, alot actually went into this install formatting, cropping and the hand cutting/ hanging etc. The subject matter was very personal.

Its NOT ok to destroy artwork you dont agree with!!

Source: My art in a gallery show was destroyed over ai use by a guy he ATE and chewed up and spit out my photos! | Reddit

What kind of world are we living in that someone thinks that this is OK?! IMHO it’s quite performative art itself and I hope this guy manages to ride the wave of fame this gives him!

China has applied to launch 200,000 satellites, likely just to reserve the orbital area and stop others launching there – space squatting

Posted on by

China has applied to launch nearly 200,000 satellites into Earth orbit, but the move may be an attempt at merely reserving orbital space rather than a genuine effort to build the largest mega-constellation in existence.

On December 29, the newly formed Institute of Radio Spectrum Utilisation and Technological Innovation in China filed proposals for two satellite constellations with the International Telecommunications Union (ITU), a United Nations body that allocates spectrum in space.

The constellations, which are called CTC-1 and CTC-2 and backed by the Chinese government, would each contain 96,714 satellites spread over an eye-watering 3660 orbits. For comparison, there are 14,300 active satellites in orbit today, about 9400 of which are SpaceX Starlink satellites operating in a handful of orbits, which beam internet connections to the ground. SpaceX has filed to launch 42,000 satellites with the ITU.

Victoria Samson at the Secure World Foundation, a US non-profit, says the Chinese filing might be a land grab of sorts. “It is possible they’re just trying to create some space for later on,” she says. “It is also possible that maybe they’re planning on something that big.”

Staking this claim with the ITU means that other satellite operators filing to launch into the same orbits must demonstrate to the ITU that they will not interfere with their operations. Under ITU rules, at least one satellite must be launched seven years after China’s initial filing, with another seven years then allowed to finish launching all the proposed satellites.

“If you file ahead of someone else, if you meet your deadlines, those other operators should not interfere with you,” says Tim Farrar, a satellite communications consultant in the US, adding that China’s large filing for so many different orbits might signal some uncertainty in the structure of this constellation. “It gives them freedom of choice of what they want to do,” he says. “There’s very little penalty to doing it this way.”

But even if the application is genuine, achieving it seems to be almost impossible. China launched 92 rockets in 2025, a record for the nation, but would need to launch more than 500 satellites a week to deploy 200,000 in seven years, requiring hundreds, if not thousands, of launches a year.

This wouldn’t be the first attempt at a land grab in space. In 2021, Rwanda filed for a constellation of 327,000 satellites with the ITU into 27 orbits. However, the filing hasn’t hampered the activity of Starlink and other operators. “People have not really changed what they’re doing,” says Farrar. “These Rwandan satellites don’t seem likely to be built in any significant quantity.”

But China’s application does highlight the growing competition in the mega-constellation field, particularly for space internet companies that aim to capture a potential market of tens or hundreds of millions of people and control the world’s flow of information. Currently, everyone is playing catch-up to compete with SpaceX. Amazon’s Project Leo in the US, formerly called Project Kuiper, has launched about 200 satellites of a planned 3236, while two major state-backed Chinese constellations called Qianfan and Guowang have launched a few hundred out of thousands of planned satellites.

“Fifteen years ago, the idea of having 1000 satellites in one constellation was crazy,” says Samson. “Now here we are with 9000-plus with Starlink.”

Source: China has applied to launch 200,000 satellites, but what are they for? | New Scientist

Signal Founder Creates Truly Private GPT: Confer

Posted on by

When you use an AI service, you’re handing over your thoughts in plaintext. The operator stores them, trains on them, and–inevitably–will monetize them. You get a response; they get everything.

Confer works differently. In the previous post, we described how Confer encrypts your chat history with keys that never leave your devices. The remaining piece to consider is inference—the moment your prompt reaches an LLM and a response comes back.

Traditionally, end-to-end encryption works when the endpoints are devices under the control of a conversation’s participants. However, AI inference requires a server with GPUs to be an endpoint in the conversation. Someone has to run that server, but we want to prevent the people who are running it (us) from seeing prompts or the responses.

Confidential computing

This is the domain of confidential computing. Confidential computing uses hardware-enforced isolation to run code in a Trusted Execution Environment (TEE). The host machine provides CPU, memory, and power, but cannot access the TEE’s memory or execution state.

LLMs are fundamentally stateless—input in, output out—which makes them ideal for this environment. For Confer, we run inference inside a confidential VM. Your prompts are encrypted from your device directly into the TEE using Noise Pipes, processed there, and responses are encrypted back. The host never sees plaintext.

But this raises an obvious concern: even if we have encrypted pipes in and out of an encrypted environment, it really matters what is running inside that environment. The client needs assurance that the code running is actually doing what it claims.

[…]

Source: Private inference | Confer Blog

Passports, bank details compromised in Eurail / Interrail data breach

Posted on by

Eurail has confirmed customer information was stolen in a data breach, according to notification emails sent out this week.

The European travel company, also known as Interrail to EU residents, initially posted the news on January 10, but affected customers, the number of whom was not disclosed, began receiving emails on January 13.

While the company’s investigation is ongoing, it revealed the data potentially affected includes:

  • First and last names
  • Dates of birth
  • Genders
  • Email addresses
  • Home addresses
  • Telephone numbers
  • Passport numbers
  • Passport issuing country
  • Passport expiration date

Customers who purchased a travel pass directly from Eurail/Interrail did not have a visual copy of their passports stored on company systems.

However, the same is not true for those who received a pass through the DiscoverEU program, an Erasmus-funded initiative that invites travelers to explore the EU by rail.

The European Commission published a separate notice about the Eurail breach, saying that in addition to the data specified in the company’s email, DiscoverEU travelers may also have photocopies of their IDs, bank account reference numbers, and health data compromised.

[…]

Source: Passports, bank details compromised in Eurail data breach • The Register

Europe is Rediscovering the Virtues of Cash

Posted on by

After spending years pushing digital payments to combat tax evasion and money laundering, European Union ministers decided in December to ban businesses from refusing cash. The reversal comes as 12% of European businesses flatly refused cash in 2024, up from 4% three years earlier.

Over one in three cinemas in the Netherlands no longer accept notes and coins. Cash usage across the euro area dropped from 79% of in-person transactions in 2016 to just 52% in 2024. Sweden leads the digital shift where 90% of purchases now happen digitally and cash represents under 1% of GDP compared to 22% in Japan.

The policy change stems from concerns about financial inclusion for elderly and poor populations who struggle with digital systems. Resilience worries also drove the decision after Spaniards facing nationwide power cuts last spring found themselves unable to buy food. European officials worry about dependence on American payment giants Visa and MasterCard. The EU now recommends citizens store enough cash to survive a week without electricity or internet access.

Source: Europe is Rediscovering the Virtues of Cash | Slashdot

Also, when under digital attack it’s useful to be able to get at your money. This is not theoretical, bank attacks by the Russians regularly take down Finnish payment methods.

Google introduces personalised shopping ads to AI tools as all GPT makers push shopping through their chatbots

Posted on by
The enshittification of GPT didn’t take long, did it?
Google is introducing new personalised advertising into its AI shopping tools, as it seeks to make money from the hundreds of millions of people who use its chatbot for free and gain market share from rival OpenAI.
Advertisers will be able to present exclusive offers to shoppers who are preparing to buy an item through Google’s AI mode, which is powered by its Gemini model, the Alphabet-owned tech giant announced on Sunday.
[…]
It also represents a move away from the tech giant’s traditional ‘sponsored’ ad placements in search results, which generate tens of billions of dollars for the company but has come under threat by the rise of AI chatbots.
[…]
“It essentially gives retailers the flexibility to deliver value to people shopping in AI mode, whether that’s a lower price, a special bundle or free shipping. In the moment, it matters most . . . to just close the sale,”
[…]
AI groups, including OpenAI, Microsoft and Perplexity, have rushed to launch ecommerce features in their chatbots over the past year as they hunt for new ways to generate revenue from their popular but costly AI products.
OpenAI has been rolling out its checkout feature, first reported by the FT, which sees the AI start-up take a cut of the sales made on ChatGPT.
Microsoft launched its Copilot Checkout on Thursday, which also provides users with recommendations and checkout in its AI chats. The group said shopping through Copilot led to 53 per cent more purchases within 30 minutes of interaction compared to those without.
Google also introduced a “universal commerce protocol”, which it said would enable shopping agents to research products and make purchases without leaving its platform. The protocol was developed with large retailers and marketplaces including Walmart, Target and Shopify.
[…]
Google’s new ads feature will make use of the contextual information from peoples’ conversation with the chatbot in AI mode, and trigger offers on relevant products that user have clicked on.
Retailers can set up offers they want to be available, with Google then using AI to determine when it is best to display the deal to a potential customer.
Srinivasan said Google was “initially focusing on discounts for the pilot and will expand to support the creation of offers with other attributes that help shoppers prioritise value over price alone, such as bundles and free shipping”.
[…]

Source: Google introduces personalised shopping ads to AI tools

EU seeks feedback on Open Digital Ecosystems

Posted on by

It’s important you give your feedback on this:

The European Open Digital Ecosystem Strategy will set out:

  • a strategic approach to the open source sector in the EU that addresses the importance of open source as a crucial contribution to EU technological sovereignty, security and competitiveness
  • a strategic and operational framework to strengthen the use, development and reuse of open digital assets within the Commission, building on the results achieved under the 2020-2023 Commission Open Source Software Strategy.

Source: Call for evidence: European Open Digital Ecosystems

The US muscled the EU into adopting Article 6 of the EU Copyright Directive, preventing reverse engineering in return for free trade. By implementing tariffs, the US broke that agreement. Theres no reason not to delete Article 6 of the EUCD, and all the other laws that prevent European companies from jailbreaking iPhones and making their own App Stores (minus Apples 30% commission), as well as ad-blockers for Facebook and Instagrams apps (which would zero out EU revenue for Meta), and, of course, jailbreaking tools for Xboxes, Teslas, and every make and model of every American car, so European companies could offer service, parts, apps, and add-ons for them. Video games need to be able to be run after official support shuts down and servers close down. We need to get out from under the high tech lock-in scams, we need to get rid of e-waste. We need to get back to ownership of the products we buy. This is an important part of digital sovereignity and in an uncertain world with unreliable partners, the importance of being able to follow EU values needs to be underscored. FOSS and allowing FOSS to develop is an important lynchpin of this.

Plug Into USB, Read Hostname And IP Address | Hackaday

Posted on by

Ever wanted to just plug something in and conveniently read the hostname and IP addresses of a headless board like a Raspberry Pi? Chances are, a free USB port is more accessible than digging up a monitor and keyboard, and that’s where [C4KEW4LK]’s rpi_usb_ip_display comes in. Plug it into a free USB port, and a few moments later, read the built-in display. Handy!

The device is an RP2350 board and a 1.47″ Waveshare LCD, with a simple 3D-printed enclosure. It displays hostname, WiFi interface, Ethernet interface, and whatever others it can identify. There isn’t even a button to push; just plug it in and let it run.

Here’s how it works: once plugged in, the board identifies itself as a USB keyboard and a USB serial port. Then it launches a terminal with Ctrl-Alt-T, and from there it types and runs commands to do the following:

  1. Find the serial port that the RP2350 board just created.
  2. Get the parsed outputs of hostname, ip -o -4 addr show dev wlan0, ip -o -4 addr show dev eth0, and ip -o -4 addr show to gather up data on active interfaces.
  3. Send that information out the serial port to the RP2350 board.
  4. Display the information on the LCD.
  5. Update periodically.

The only catch is that the host system must be able to respond to launching a new terminal with Ctrl-Alt-T, which typically means the host must have someone logged in.

It’s a pretty nifty little tool, and its operation might remind you, in concept, of how BadUSB attacks happen: a piece of hardware, once plugged into a host, identifies itself to the host as something other than what it appears to be. Then it proceeds to input and execute actions. But in this case, it’s not at all malicious, just convenient and awfully cute.

Source: Plug Into USB, Read Hostname And IP Address | Hackaday

A Starlink satellite just exploded and left ‘trackable’ debris

Posted on by

SpaceX said it experienced an anomaly with one if its Starlink satellites that was likely caused by a small explosion. “The anomaly led to venting of the propulsion tank, a rapid decay in semi-major axis by about 4 km [2.5 miles] and the release of a small number of trackable low relatively velocity objects,” Starlink wrote in a post on X. Orbital tracking company LeoLabs assessed that the issue was caused by an “internal energetic source rather than a collision with space debris or another object.”

SpaceX said it’s working with NASA and the US Space Force to track the remains of the object. “The satellite is largely intact, tumbling and will reenter the Earth’s atmosphere and fully demise within weeks,” the company said. It’s trajectory is well below the International Space Station (ISS) so it poses no risk to the lab or its crew. Starlink has yet to say how many pieces it’s tracking.

The incident happened just days after a Starlink satellite narrowly avoided a collision with a rival Chinese satellite from CAS Space last week. Starlink vice president Michael Nicholls said that the incident happened due to a lack of coordination between the two companies. “When satellite operators do not share emphemeris for their satellites, dangerously close approaches can occur in space,” he wrote on X.

Starlink’s constellation consists of almost 9,300 active satellites making up around 65 percent of all orbiting spacecraft, not including defunct units. That number grew by more than 3,000 this year alone, launched aboard 121 separate SpaceX missions — around one every three days.

Source: A Starlink satellite just exploded and left ‘trackable’ debris

US bans new foreign-made drones and components

Posted on by

The Federal Communications Commission has added foreign-made drones and their critical components to the agency’s “Covered List,” making them prohibited to import into the US. In a public notice published by the FCC, it said several national security agencies have determined that umanned aircraft systems (UAS) and their critical components produced in foreign countries pose an unacceptable risk to the national security of the United States.

“UAS and UAS critical components must be produced in the United States,” the agency said. “UAS are inherently dual-use: they are both commercial platforms and potentially military or paramilitary sensors and weapons. UAS and UAS critical components, including data transmission devices, communications systems, flight controllers, ground control stations, controllers, navigation systems, batteries, smart batteries, and motors produced in a foreign country could enable persistent surveillance, data exfiltration, and destructive operations over U.S. territory, including over World Cup and Olympic venues and other mass gathering events.”

[…]

Source: US bans new foreign-made drones and components

So how are they going to reverse engineer all the great drones out there? None of them are being made in the US.

Anna’s Archive Backs up Spotify and analyses the data

Posted on by

Anna’s Archive normally focuses on text (e.g. books and papers). We explained in “The critical window of shadow libraries” that we do this because text has the highest information density. But our mission (preserving humanity’s knowledge and culture) doesn’t distinguish among media types. Sometimes an opportunity comes along outside of text. This is such a case.

A while ago, we discovered a way to scrape Spotify at scale. We saw a role for us here to build a music archive primarily aimed at preservation.

Generally speaking, music is already fairly well preserved. There are many music enthusiasts in the world who digitized their CD and LP collections, shared them through torrents or other digital means, and meticulously catalogued them.

However, these existing efforts have some major issues:

  1. Over-focus on the most popular artists. There is a long tail of music which only gets preserved when a single person cares enough to share it. And such files are often poorly seeded.
  2. Over-focus on the highest possible quality. Since these are created by audiophiles with high end equipment and fans of a particular artist, they chase the highest possible file quality (e.g. lossless FLAC). This inflates the file size and makes it hard to keep a full archive of all music that humanity has ever produced.
  3. No authoritative list of torrents aiming to represent all music ever produced. An equivalent of our book torrent list (which aggregate torrents from LibGen, Sci-Hub, Z-Lib, and many more) does not exist for music.

This Spotify scrape is our humble attempt to start such a “preservation archive” for music. Of course Spotify doesn’t have all the music in the world, but it’s a great start.

Before we dive into the details of this collection, here is a quick overview:

  • Spotify has around 256 million tracks. This collection contains metadata for an estimated 99.9% of tracks.
  • We archived around 86 million music files, representing around 99.6% of listens. It’s a little under 300TB in total size.
  • We primarily used Spotify’s “popularity” metric to prioritize tracks. View the top 10,000 most popular songs in this HTML file (13.8MB gzipped).

[…]

Source: Backing up Spotify – Anna’s Blog

Belkin announces a wireless HDMI dongle that doesn’t need Wi-Fi access

Posted on by

Belkin has announced a plug-and-play casting system at CES 2026 that allows for screen sharing from a laptop, tablet or smartphone to another display without Wi-Fi or Bluetooth. The $150 ConnectAir Wireless HDMI Display Adapter comes with a USB-C transmitter dongle and a USB-A to HDMI receiver that can be connected to a TV, monitor or projector to wirelessly cast over a range of up to 131 feet (40 meters).

Belkin's ConnectAir Wireless USB-C transmitter and HDMI receiver
Belkin’s ConnectAir Wireless USB-C transmitter and HDMI receiver (Belkin)

The ConnectAir Wireless casts in 1080p at 60Hz, with latency under 80ms according to Belkin. It’s compatible with USB-C devices that support DisplayPort Alt Mode, including Windows, macOS and ChromeOS laptops, tablets such as the M1 and M2 iPad Pro and iPad Air, and smartphones with video output. Belkin also says it supports multi-user screen sharing at up to 8 transmitters. The dongle comes in black and while it’s not available to purchase just yet, it’s expected to be released early this year.

Source: Belkin announces a wireless HDMI dongle that doesn’t need Wi-Fi access

iPolish brings color-changing press-on smart nails to CES

Posted on by

press-on acrylic nails that, when you apply an electric charge, change color almost like magic.

In order to enjoy kaleidoscopic nails, you’ll need to charge the wand, which then connects to your phone. Once you’ve selected your color of choice, you just put the tip of the nail into the wand, and it’ll pass a short charge into the nail to change it.

[…]

All in all, it took around five seconds to change the color of a single nail, so it’s not a big deal in the grand scheme of things.

iPolish
iPolish (Daniel Cooper for Engadget)

iPolish says that each nail can display 400 colors, and can be changed as many times as the user would like. So, if you’re coordinating your nails with your outfits, you’re not bound to a single color palette in the weeks between salon visits. They’re also surprisingly affordable, with the starter set costing $95  [NB by the time you pay for shipping (EUR 29!) and taxes, they come to Europe for EUR 141 which is a bit much less affordable] which contains two sets of nails, one in Ballerina cut, one in Squoval. The Ballerinas are relatively short, while the Sqovals are longer.

[…]

When it comes time to replace your nails when one breaks or you lose it in some nailbed mishap, you’ll be able to pick up spares for $6.50.

Source: iPolish brings color-changing press-on smart nails to CES

Would have bought these for around EUR 100,- but EUR 141,- is just too much.

Bose made the consumer friendly move to open source its SoundTouch speakers just before End of Life

Posted on by

Bose recently announced the pending end of cloud support for its SoundTouch line of home speakers. This will, in effect, turn the smart speakers into dumb speakers as they will no longer have access to many features and any related software updates. Well, there’s a spot of good news for SoundTouch owners. The company is turning to an open source model for the software, allowing third parties to keep the music playing.

The company has already begun mailing out the API documentation to customers so “independent developers can create their own SoundTouch-compatible tools and features.” This will take some time, so Bose is also extending the end-of-life (EoL) date for the SoundTouch speakers. They were set to stop receiving cloud updates in February, but that has been moved to May 6.

It made a couple of other changes to make life a bit easier for SoundTouch owners. The speakers will still be able to use AirPlay and Spotify Connect after EoL, which was something that had been in doubt. The app will also continue to work in a stripped-down format. That app was originally set to stop working altogether, so all of those angry customer comments on Reddit must have done the job.

The SoundTouch speakers were introduced in 2013 and were on the expensive side, starting at $600. Nobody likes spending hundreds of dollars on something only to have it become a useless brick several years later. Good on Bose for listening to their customers on this.

Source: Bose made the consumer friendly move to open source its SoundTouch speakers

Finally, a company that isn’t turning it’s goods into e-junk bricks after they stop support.

IXI’s autofocusing lenses are almost ready to replace multifocal glasses

Posted on by

IXI’s glasses are designed for age-related farsightedness, a condition that affects many, if not most people over 45. They combine cameraless eye tracking with liquid crystal lenses that automatically activate when the glasses detect the user’s focus shifting. This means that, instead of having two separate prescriptions, as in multifocal or bifocal lenses, IXI’s lenses automatically switch between each prescription. Crucially — like most modern smartglasses — the frames themselves are lightweight and look like just another pair of normal glasses.

IXI autofocus lenses
Mat Smith for Engadget

With a row of prototype frames and lenses laid out in front of him, CEO and co-founder Niko Eiden explained the technology, which can be separated into two parts. First, the IXI glasses track the movement of your eyes using a system of LEDs and photodiodes, dotted around the edges of where the lenses sit. The LEDs bounce invisible infrared light off the eyes and then measure the reflection, detecting the subtle movements of your eye and how both eyes converge when focusing on something close.

Using infrared with just a “handful of analog channels” takes far less power than the millions of pixels and 60-times-per-second processing required by camera-based systems. IXI’s system not only tracks eye movements, but also blinking and gaze direction, while consuming only 4 milliwatts of power.

IXI autofocus lenses
Mat Smith for Engadget

Most of the technology, including memory, sensors, driving electronics and eye tracker, is in the front frame of the glasses and part of the arms closest to the hinge. The IXI prototype apparently uses batteries similar in size to those found in AirPods, which gives some sense of the size and weight of the tech being used. The charging port is integrated into the glasses’ left arm hinge. Naturally, this does mean they can’t be worn while charging. IXI says that a single charge should cover a whole day’s usage.

The prototype frames I saw this week appeared to be roughly the same weight as my traditional chunky specs.

[…]

Autofocus lenses could eliminate the need for multiple pairs of glasses, such as bifocals and progressives. Even if the glasses were to run out of power, they’d still function as a pair of traditional specs with your standard prescription, just lacking the near-sighted boost. IXI’s sensor sensitivity can also offer insight into other health conditions, detect dry eyes, estimate attentiveness and, by tracking where you’re looking, even posture and neck movement. According to Eiden, blink rate changes with focus, daydreaming and anxiety, and all that generates data that can be shown in the companion app.

IXI autofocus lenses
Mat Smith for Engadget

Hypothetically, the product could even potentially adapt prescriptions dynamically, going beyond the simple vision correction of Gen 1. For example, it could offer stronger corrections as your eyes get fatigued through the day.

[…]

Source: IXI’s autofocusing lenses are almost ready to replace multifocal glasses

17.5 million Instagram accounts data stolen in 2024 now being exploited

Posted on by
This week, Malwarebytes discovered that hackers stole the sensitive information of 17.5 million Instagram accounts. Complete with usernames, physical addresses, phone numbers, email addresses, and more, this data can be abused by cybercriminals to impersonate trusted brands, trick users, and steal their passwords.
Critically, this data is already being offered on the dark web, with individual users also receiving legitimate password reset notifications from Instagram.
Instagram breach notice image
What to do:
  • Beware of emails and messages that claim to come from Instagram, as they could be sent by malicious hackers trying to trick you into handing over your password.
  • If you’re concerned, sign into your Instagram account and reset your password to a new, strong, unique password.

Source: See if you’re at risk

Forum Breachforums Breached

Posted on by

In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies. In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k unique email addresses across all tables, including within forum posts and private messages. The users table alone contained 324k unique email addresses, usernames, and Argon2 password hashes.

Source: BreachForums (2025) Data Breach

Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS – won’t cave to media cabal. Well done.

Posted on by

Italy fined Cloudflare 14.2 million euros for refusing to block access to pirate sites on its 1.1.1.1 DNS service, the country’s communications regulatory agency, AGCOM, announced yesterday. Cloudflare said it will fight the penalty and threatened to remove all of its servers from Italian cities.

AGCOM issued the fine under Italy’s controversial Piracy Shield law, saying that Cloudflare was required to disable DNS resolution of domain names and routing of traffic to IP addresses reported by copyright holders. The law provides for fines up to 2 percent of a company’s annual turnover, and the agency said it applied a fine equal to 1 percent.

The fine relates to a blocking order issued to Cloudflare in February 2025. Cloudflare argued that installing a filter applying to the roughly 200 billion daily requests to its DNS system would significantly increase latency and negatively affect DNS resolution for sites that aren’t subject to the dispute over piracy.

AGCOM rejected Cloudflare’s arguments. The agency said the required blocking would impose no risk on legitimate websites because the targeted IP addresses were all uniquely intended for copyright infringement.

In a September 2025 report on Piracy Shield, researchers said they found “hundreds of legitimate websites unknowingly affected by blocking, unknown operators experiencing service disruption, and illegal streamers continuing to evade enforcement by exploiting the abundance of address space online, leaving behind unusable and polluted address ranges.” This is “a conservative lower-bound estimate,” the report said.

The Piracy Shield law was adopted in 2024. “To effectively tackle live sports piracy, its broad blocking powers aim to block piracy-related domain names and IP addresses within 30 minutes,” TorrentFreak wrote in an article today about the Cloudflare fine.

Cloudflare to fight fine, may withhold services

Cloudflare co-founder and CEO Matthew Prince wrote today that Cloudflare already “had multiple legal challenges pending against the underlying scheme” and will “fight the unjust fine.”

“Yesterday a quasi-judicial body in Italy fined Cloudflare $17 million for failing to go along with their scheme to censor the Internet,” Prince wrote. He continued:

The scheme, which even the EU has called concerning, required us within a mere 30 minutes of notification to fully censor from the Internet any sites a shadowy cabal of European media elites deemed against their interests. No judicial oversight. No due process. No appeal. No transparency. It required us to not just remove customers, but also censor our 1.1.1.1 DNS resolver meaning it risked blacking out any site on the Internet. And it required us not just to censor the content in Italy but globally. In other words, Italy insists a shadowy, European media cabal should be able to dictate what is and is not allowed online.

Prince said he will discuss the matter with US government officials next week and that Cloudflare is “happy to discuss this with Italian government officials who, so far, have been unwilling to engage beyond issuing fines.” In addition to challenging the fine, Prince said Cloudflare is “considering the following actions: 1) discontinuing the millions of dollars in pro bono cyber security services we are providing the upcoming Milano-Cortina Olympics; 2) discontinuing Cloudflare’s Free cyber security services for any Italy-based users; 3) removing all servers from Italian cities; and 4) terminating all plans to build an Italian Cloudflare office or make any investments in the country.”

“Play stupid games, win stupid prizes,” Prince wrote.

Google also in Piracy Shield crosshairs

AGCOM said today that in the past two years, the Piracy Shield law disabled over 65,000 domain names and about 14,000 IP addresses. Italian authorities also previously ordered Google to block pirate sites at the DNS level.

The Computer & Communications Industry Association (CCIA), a trade group that represents tech companies including Cloudflare and Google, has criticized the Piracy Shield law. “Italian authorities have included virtual private networks (VPN) and public DNS resolvers in the Piracy Shield, which are services fundamental to the protection of free expression and not appropriate tools for blocking,” the CCIA said in a January 2025 letter to European Commission officials.

The CCIA added that “the Piracy Shield raises a significant number of concerns which can inadvertently affect legitimate online services, primarily due to the potential for overblocking.” The letter said that in October 2024, “Google Drive was mistakenly blocked by the Piracy Shield system, causing a three-hour blackout for all Italian users, while 13.5 percent of users were still blocked at the IP level, and 3 percent were blocked at the DNS level after 12 hours.”

The Italian system “aims to automate the blocking process by allowing rights holders to submit IP addresses directly through the platform, following which ISPs have to implement a block,” the CCIA said. “Verification procedures between submission and blocking are not clear, and indeed seem to be lacking. Additionally, there is a total lack of redress mechanisms for affected parties, in case a wrong domain or IP address is submitted and blocked.”

30-minute blocking prevents “careful verification”

The 30-minute blocking window “leaves extremely limited time for careful verification by ISPs that the submitted destination is indeed being used for piracy purposes,” the CCIA said. The trade group also questioned the piracy-reporting system’s ties to the organization that runs Italy’s top football league.

“Additionally, the fact that the Piracy Shield platform was developed for AGCOM by a company affiliated with Lega Serie A, which is one of the very few entities authorized to report, raises serious questions about the potential conflict of interest exacerbating the lack of transparency issue,” the letter said.

A trade group for Italian ISPs has argued that the law requires “filtering and tasks that collide with individual freedoms” and is contrary to European legislation that classifies broadband network services as mere conduits that are exempt from liability.

“On the contrary, in Italy criminal liability has been expressly established for ISPs,” Dalia Coffetti, head of regulatory and EU affairs at the Association of Italian Internet Providers, wrote in April 2025. Coffetti argued, “There are better tools to fight piracy, including criminal Law, cooperation between States, and digital solutions that downgrade the quality of the signal broadcast via illegal streaming websites or IPtv. European ISPs are ready to play their part in the battle against piracy, but the solution certainly does not lie in filtering and blocking IP addresses.”

Source: Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS – Ars Technica

For more articles on how Piracy Shield has gone wrong, read here

Italy Fines Cloudflare €14 Million for Refusing to Filter Sites on Public 1.1.1.1 DNS

Posted on by

Italy’s communications regulator AGCOM imposed a record-breaking €14.2 million fine on Cloudflare after the company failed to implement the required piracy blocking measures. Cloudflare argued that filtering its global 1.1.1.1 DNS resolver would be “impossible” without hurting overall performance. AGCOM disagreed, noting that Cloudflare is not necessarily a neutral intermediary either.

italy flagLaunched in 2024, Italy’s elaborate ‘Piracy Shield‘ blocking scheme was billed as the future of anti-piracy efforts.

To effectively tackle live sports piracy, its broad blocking powers aim to block piracy-related domain names and IP addresses within 30 minutes.

While many pirate sources have indeed been blocked, the Piracy Shield is not without controversy. There have been multiple reports of overblocking, where the anti-piracy system blocked access to legitimate sites and services.

Many of these overblocking instances involved the American Internet infrastructure company Cloudflare, which has been particularly critical of Italy’s Piracy Shield. In addition to protesting the measures in public, Cloudflare allegedly refused to filter pirate sites through its public 1.1.1.1 DNS.

1.1.1.1: Too Big to Block?

This refusal prompted an investigation by AGCOM, which now concluded that Cloudflare openly violated its legal requirements in the country. Following an amendment, the Piracy Shield also requires DNS providers and VPNs to block websites.

The dispute centers specifically on the refusal to comply with AGCOM Order 49/25/CONS, which was issued in February 2025. The order required Cloudflare to block DNS resolution and traffic to a list of domains and IP addresses linked to copyright infringement.

Cloudflare reportedly refused to enforce these blocking requirements through its public DNS resolver. Among other things, Cloudflare countered that filtering its DNS would be unreasonable and disproportionate.

 

Cloudflare’s arguments (translated)

cloud
 

The company warned that doing so would affect billions of daily queries and have an “extremely negative impact on latency,” slowing down the service for legitimate users worldwide.

AGCOM was unmoved by this “too big to block” argument.

The regulator countered that Cloudflare has all the technological expertise and resources to implement the blocking measures. AGCOM argued the company is known for its complex traffic management and rejected the suggestion that complying with the blocking order would break its service.

€14,247,698 Fine

After weighing all arguments, AGCOM imposed a €14,247,698 (USD $16.7m) fine against Cloudflare, concluding that the company failed to comply with the required anti-piracy measures. The fine represents 1% of the company’s global revenue, where the law allows for a maximum of 2%.

 

AGCOM’s conclusion (translated)

14m
 

According to AGCOM, this is the first fine of this type, both in scope and size. This is fitting, as the regulator argued that Cloudflare plays a central role.

“The measure, in addition to being one of the first financial penalties imposed in the copyright sector, is particularly significant given the role played by Cloudflare” AGCOM notes, adding that Cloudflare is linked to roughly 70% of the pirate sites targeted under its regime.

In its detailed analysis, the regulator further highlighted that Cloudflare’s cooperation is “essential” for the enforcement of Italian anti-piracy laws, as its services allow pirate sites to evade standard blocking measures.

What’s Next?

Cloudflare has strongly contested the accusations throughout AGCOM’s proceedings and previously criticized the Piracy Shield system for lacking transparency and due process.

While the company did not immediately respond to our request for comment, it will almost certainly appeal the fine. This appeal may also draw the interest of other public DNS resolvers, such as Google and OpenDNS.

AGCOM, meanwhile, says that it remains fully committed to enforcing the local piracy law. The regulator notes that since the Piracy Shield started in February 2024, 65,000 domain names and 14,000 IP addresses were blocked.

A copy of AGCOM’s detailed analysis and the associated order (N. 333/25/CONS) available here (pdf).

Source: Italy Fines Cloudflare €14 Million for Refusing to Filter Pirate Sites on Public 1.1.1.1 DNS * TorrentFreak

The sites are not necessarily pirate sites – as noted above (and here), many many legitimate sites are blocked by Italy’s privacy shield, with little to no recourse.

China crew abused ESXi VM escape zero-days a year before disclosure

Posted on by

Chinese-linked cybercriminals were sitting on a working VMware ESXi hypervisor escape kit more than a year before the bugs it relied on were made public.

That’s according to researchers at Huntress, who this week published a breakdown of an intrusion they observed in December 2025 in which a “sophisticated” toolkit was used to break out of virtual machines and target the ESXi hypervisor itself. The security firm says parts of the code point to development starting as early as February 2024 – a full year before VMware disclosed the bugs in March 2025.

The incident began in a very unglamorous way – with a compromised SonicWall VPN appliance. From there, the attackers were able to commandeer a Domain Admin account, pivot across the network, and eventually deploy a suite of tools that Huntress says exploited multiple flaws to escape a guest VM and reach the underlying ESXi hypervisor.

VM escape bugs are particularly serious because they break a promise virtualization is built on: that a hacked VM stays in its own box. In this case, the attackers appear to have stitched together ESXi-specific tricks that enabled them to jump the fence and execute code on the hypervisor itself.

Huntress’s analysis of the binaries revealed development paths with simplified Chinese strings and folders labeled with Chinese text meaning “All version escape – delivery,” hinting at the region and intent behind the work. What’s more, the researchers say the code carried timestamps showing it was put together well before VMware acknowledged or fixed the vulnerabilities.

Those flaws – tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 – were flagged by VMware in March 2025 as critical and high-severity bugs that could be chained to compromise the hypervisor from a guest VM. At the time, the company warned it had “information to suggest that exploitation [of all three CVEs] has occurred in the wild.”

While organizations scrambled to patch their ESXi hosts once the advisory dropped, Huntress’s findings suggest at least some skilled actors were already weaponizing those issues long before IT teams were even aware they existed.

This wasn’t just a smash-and-grab. Huntress says the attackers disabled VMware’s own drivers, loaded unsigned kernel modules, and phoned home in ways designed to go unnoticed. The toolkit supported a wide range of ESXi versions, spanning over 150 builds, which would have let the attackers hit a broad swath of environments had they not been stopped, it added.

[…]

Source: China crew abused ESXi zero-days a year before disclosure • The Register

French Court Orders Google to block swathes of the internet through DNS for … sports TV

Posted on by

The Paris Judicial Court has ordered Google to block nineteen additional pirate site domains through its public DNS resolver. The blockade was requested by Canal+ and aims to stop pirate streams of Champions League games. In its defense, Google argued that rightsholders should target intermediaries higher up the chain first, such as Cloudflare’s CDN, but the court rejected that.

champions leagueThe frontline of online piracy liability keeps moving, and core internet infrastructure providers are increasingly finding themselves in the crosshairs.

Since 2024, the Paris Judicial Court has ordered Cloudflare, Google and other intermediaries to actively block access to pirate sites through their DNS resolvers, confirming that third-party intermediaries can be required to take responsibility.

These blockades are requested by sports rights holders, covering Formula 1, football, and MotoGP, among others. They argue that public DNS resolvers help users to bypass existing ISP blockades, so these intermediaries should be ordered to block domains too.

Google DNS Blocks Expand

These blocking efforts didn’t stop. After the first blocking requests were granted, the Paris Court issued various additional blocking orders. Most recently, Google was compelled to take action following a complaint from French broadcaster Canal+ and its subsidiaries regarding Champions League piracy..

Like previous blocking cases, the request is grounded in Article L. 333-10 of the French Sports Code, which enables rightsholders to seek court orders against any entity that can help to stop ‘serious and repeated’ sports piracy.

After reviewing the evidence and hearing arguments from both sides, the Paris Court granted the blocking request, ordering Google to block nineteen domain names, including antenashop.site, daddylive3.com, livetv860.me, streamysport.org and vavoo.to.

The latest blocking order covers the entire 2025/2026 Champions League series, which ends on May 30, 2026. It’s a dynamic order too, which means that if these sites switch to new domains, as verified by ARCOM, these have to be blocked as well.

Cloudflare-First Defense Fails

Google objected to the blocking request. Among other things, it argued that several domains were linked to Cloudflare’s CDN. Therefore, suspending the sites on the CDN level would be more effective, as that would render them inaccessible.

Based on the subsidiarity principle, Google argued that blocking measures should only be ordered if attempts to block the pirate sites through more direct means have failed.

The court dismissed these arguments, noting that intermediaries cannot dictate the enforcement strategy or blocking order. Intermediaries cannot require “prior steps” against other technical intermediaries, especially given the “irremediable” character of live sports piracy.

The judge found the block proportional because Google remains free to choose the technical method, even if the result is mandated. Internet providers, search engines, CDNs, and DNS resolvers can all be required to block, irrespective of what other measures were taken previously.

Proportional

Google further argued that the blocking measures were disproportionate because they were complex, costly, easily bypassed, and had effects beyond the borders of France.

The Paris court rejected these claims. It argued that Google failed to demonstrate that implementing these blocking measures would result in “important costs” or technical impossibilities.

[…]

A copy of the order issued by the Tribunal Judiciaire de Paris (RG nº 25/11816) is available here (pdf). The order specifically excludes New Caledonia, Wallis and Futuna, and French Polynesia due to specific local legal frameworks.

1. antenashop.site
2. antenawest.store
3. daddylive3.com
4. hesgoal-tv.me
5. livetv860.me
6. streamysport.org
7. vavoo.to
8. witv.soccer
9. veplay.top
10. jxoxkplay.xyz
11. andrenalynrushplay.cfd
12. marbleagree.net
13. emb.apl375.me
14. hornpot.net
15. td3wb1bchdvsahp.ngolpdkyoctjcddxshli469r.org
16. ott-premium.com
17. rex43.premium-ott.xyz
18. smartersiptvpro.fr
19. eta.play-cdn.vip:80

Source: French Court Orders Google DNS to Block Pirate Sites, Dismisses ‘Cloudflare-First’ Defense * TorrentFreak

These blocks can (and do) go horribly wrong. And, should you have another DNS provider, they give you a handy list of where to go to watch the Champions League 🙂

I Played Switch Games in 3D on XReal’s New Smart Glasses, and It’s Wild (and Weird) 

Posted on by

XReal is at CES, unveiling two new pairs of AR smart glasses. The XReal 1S builds on the XReal One, adding Real 3D technology that converts any video or game into a 3D experience. It also introduces an ultrawide mode, a standout feature carried over from the excellent XReal One Pro. The second model, the ROG XReal R1, is the result of XReal’s partnership with Asus’ Republic of Gamers (ROG) and is billed by both companies as the first pair of smart glasses to support a 240Hz refresh rate.

Real 3D on the XReal 1S is surprisingly effective, especially with video games. Mario Kart World and Yooka-Replaylee both have a compelling sense of depth with the mode enabled, and even 2D platformers like Hollow Knight Silksong and Rogue Legacy 2 get a neat pop-out effect that makes the games seem like you’re playing them in a diorama. Considering none of those games are built for 3D displays, it’s impressive how the Real 3D processing handles them in the glasses.

Video converted to 3D is less impressive. I watched some of Fallout on the glasses, and while some shots showed a bit of depth, it was more subtle and less consistent than the games. One shot of a shade-darkened Lucy against the brightly lit wasteland was outright disorienting, because the Real 3D seemed to assume Lucy was the background and the wasteland was the foreground.

Even with games, I turned off Real 3D after 10 minutes or so. It did a number on the framerate, causing some stuttering and flickering. I also saw regular processing artifacts, and across the board, the general picture just looked less sharp than it did in 2D. I started getting a headache, which usually doesn’t happen with smart glasses. (I have experienced that with 3D glasses in theaters, and with TVs during the 3D TV fad of the early 2010s, though.)

There’s a lot of potential here, and XReal will probably improve Real 3D in future firmware updates. If the company can stabilize the framerate and reduce the video artifacts that come from the 3D processing, it could become a must-have feature. In fact, even though I got a headache, the Real 3D processing I tried on the S1 seems to be a bit less stuttery than an earlier version I tried during a demo a few months ago.

Source: I Played Switch Games in 3D on XReal’s New Smart Glasses, and It’s Wild (and Weird) | PCMag