I have discovered a number of security vulnerabilities in Bluesky and atproto. Each time I’ve found something new, I’ve chosen to report it to Bluesky at security@bsky.app, as requested at https://bsky.app/.well-known/security.txt, and provide them with details. Bluesky has responded to only one of these reports, one time, 4 days after submission, saying “We appreciate the report, and we’ll be taking a closer look at the issue.”. They did not follow up on that report and they have not responded to any of my other reports.

Susie Dent has an ever growing Twitter following of 1,1 million unique word lovers to whom she shares her daily word of the day. Word search engine Unscramblerer.com went through Susie Dent’s whole Twitter history and analyzed what are the most liked, shared and commented words of the day she has posted.

ingordigiousness, recrudescence, sequaciousness, ...

The Wasteland Theatre Company is not your average band of thespians. Dotted all across the world, they meet behind their keyboards to perform inside Fallout 76, a video game set in a post-nuclear apocalyptic America.

There are no ticketed seats, and the company makes no money. The majority of audiences stumble across the performances accidentally in the wasteland, and sit to watch the show for free – or tune in on Twitch, where the company broadcasts every performance live. Characters stride across stages that are cantilevered together from in-game objects. Lighting cues provide atmosphere. Soliloquies are passionately delivered.

source: HN

Still, its implications are wide-ranging. The court is basically saying that whoever presses the camera button owns the copyright, even if the button-pusher doesn’t own the equipment, the camera settings are provided to them, and they get some verbal direction from the camera owner/photo subject about when, where, and how to take the photo. Due to that conclusion, Shah does not own the copyrights to the photos on his phone and he can’t register the copyrights or enforce them.

Los Angeles-based Trilogy Media took “scambaiting” to a new level, but some claim they’re gaining viral fame at others’ expense.

Trilogy’s pursuit of vigilante justice has proved a hit with their many fans, whom they refer to as “the squad.” But for some, their antics lay bare an uncomfortable power dynamic in which YouTubers in Los Angeles gain viral fame at the expense of Indian call center workers, physically harassing people whose situation they may know little about.

Billed as the most secure phone on the planet, An0m became a viral sensation in the underworld. There was just one problem for anyone using it for criminal means: it was run by the police

source: HN

As just one example (unrelated to what follows), their software bundles FFmpeg DLLs that were built in 2012 and have not been updated since then. There have been over a hundred security updates in that time, none of which have been applied.

In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.

In response to Australia’s proposed new Media Bargaining law, Facebook will restrict publishers and people in Australia from sharing or viewing Australian and international news content.

This statement bears some resemblance to Justice Thomas’ statement in early 2019 that the Supreme Court should reconsider the actual malice standard from New York Times v. Sullivan. Like this statement, that statement was anti-media, pro-censorship, and quite unpersuasive. So far, the Supreme Court hasn’t taken up Justice Thomas’ initiative against the actual malice standard. I hope this statement suffers the same fate.

The person who types “lol” is never actually laughing; the person who types I’M SCREAMING is silently dabbing at a screen. In the same way, the person who is perpetually shocked and outraged and brimming with righteous fury is almost always lying to themselves. They’re as affectless as the rest of us: play-acting, downloading synthetic emotions, and then passing them on.

source: jwz

But on 10 June, one box office-topping movie was watched by just two people, in one cinema. Unsubscribe, a 29-minute horror movie shot entirely on video-conferencing app Zoom, generated $25,488 (£20,510) in ticket sales on that day. Nationwide, the movie hit the top of the charts, according to reputable revenue tacker Box Office Mojo. The budget of the movie: a flat $0. How was that possible?

source: HN

I am alone in my apartment, as always, and I’ve just replaced my left eyeball with an orange springing out of its peel. A mile away, a friend, also home alone, is taking her seat—every seat, actually—at the table in The Last Supper, yelling as the camera pans down the row of disciples and her face replaces that of one man after another. Another friend is watching a mouse dressed as the Pope dance across her kitchen floor. A third is smiling while a strange man wraps his arms around his throat.

>November 2019 is, as best I can recall, the 40th anniversary of the conception of Usenet. (What’s Usenet? The Wikipedia article is ok but not perfect.) I should have written a proper paper; instead, there will (probably) be an irregular series of blog posts.

I didn’t notice the series concluded a while back, so if you were waiting to read the whole thing, it’s done.

Knowing how relatively calm the situation has been here in the Netherlands (especially in Haarlem, where there is one reported case), we at Bellingcat felt that the video was likely fake — and set out to prove it.

You will probably notice immediately that it contains a full-width dash, in other words a Unicode (probably Chinese-origin?) character. For some reason, this is all over Twitter in posts from Anglophone people I am almost completely sure have no input method installed that can actually produce it.

It’s not a real dash at all but a “Katakana-Hiragana prolonged sound mark“:

This is a story about how the most sophisticated copyright filter in the world prevented us from explaining copyright law. It doesn’t involve TikTok dance moves or nuanced 90s remixes featuring AOC. No, it involves a debate at a law school conference over how and when one song can infringe the copyright of another and how exactly one proves in a courtroom if the accused song is “substantially similar” enough to be deemed illegal. In the end, because it was blocked by one of the music companies who owns the song, it also became a textbook study in how fair use still suffers online and what it takes to pushback when a video is flagged. A copyright riddle wrapped up in an algorithmic enigma, symbolic of the many current content moderation dilemmas faced by online platforms today.

source: HN

They have millions of fans and big endorsements, but there’s a twist — these ‘virtual celebrities’ don’t actually exist

Also, about Miquela: https://www.ft.com/content/ba6255d6-4186-11e8-803a-295c97e6fd0b

https://www.instagram.com/lilmiquela/

In February, an Instagram account called @BallerBusters cropped up and began wreaking havoc on the flashy Instagram entrepreneur community.

Its goal: To expose phony entrepreneurs. Using a mix of screen-shotted receipts, memes and crowdsourced information from followers, the account seeks out people who don’t “act their wage.”

As you can see, the chat participants–especially 7Up and Lady Gaga–seemingly discuss killing S, his goldfish, and his dog. But in the context of nonsense teen chatter, I don’t think anyone could read this transcript and believe that any of participants actually planned to harm S or any animals.

An unidentified person tipped off S to the thread’s existence. S asked “Me” about it. Me revealed the thread’s name to S. This got back to S’s mom, who told the principal, who brought the girls into his office, seized their phones, and turned them over to law enforcement. Prosecutors brought charges against 7Up/JP for misdemeanor online threats. A jury convicted 7Up. The appellate court reversed.

This is mostly nonsense, although it’s somewhat interesting to see court opinions wrestle with the conundrum of quoting screenshots.

Anyhoo, I’ve finally been mucking around with AX.25 packet radio. I’ve been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn’t have my amateur radio licence. But, now I do, and I’ve done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.