Amazing: #Debian is now shipping reproducible packages 💪

https://lists.debian.org/debian-devel-announce/2026/05/msg00001.html

Thanks to everyone who helped make this happen!

See https://reproducible-builds.org/ if you are not familiar with the topic

#QEMU 11.0 is out! And with it an exciting feature I was working on: Support for #nitroenclaves. Yes, you can now launch your enclave via -kernel directly in QEMU 😁

https://wiki.qemu.org/ChangeLog/11.0

NEW: Researchers have identified extensive spying campaigns abusing well-known weaknesses in the global cellphone infrastructure to track and locate targets.

Two (unnamed for now) surveillance vendors, whose customers are likely government agencies, were allegedly behind these spy campaigns.

The research exposes an industry that remains still largely in the shadows, armed with tech that can track people without the need to use spyware such as Pegasus.

http://techcrunch.com/2026/04/23/surveillance-vendors-caught-abusing-access-to-telcos-to-track-peoples-phone-locations-researchers-say/

A pretty significant change in resolver behavior is proceeding:

"[...] BIND 9 is switching to a parent-centric model of delegations. [...] The NS records in the child domain will be treated as normal DNS records and returned as authoritative data, but they will no longer overwrite the delegation data for the domain."

https://lists.isc.org/pipermail/bind-users/2026-April/110552.html

So much of what you may have learned about how #DNS works around the turn of the century is now out of date.

Getting serious ADHD and building software nobody asked.

checksec for Mach-O
https://github.com/ChiChou/macchk

⚠️ Warning: vibe coded

We publish a major Citizen Lab report on Webloc, an ad-based mass surveillance system that monitors the movements and personal characteristics of hundreds of millions people globally based on data obtained from mobile apps and digital advertising.

Customers include ICE, El Salvador and Hungary.

Our research shows that ad-based surveillance is now used by military, intelligence and law enforcement agencies down to local police in several countries.

Full report here:
https://citizenlab.ca/research/analysis-of-penlinks-ad-based-geolocation-surveillance-tech/

If you're following the situation in Iran, this one is of interest to you.

Today, we're publishing a story that I find very important for many reasons.

We can prove how the regime in Iran is using facial recognition software to surveil its citizens. We have obtained videos showing the software in a live-scenario, at metro stations in Teheran. We have contracts, and we have had a look at the code, built by the Russian company Ntechlab whose algorithms are deemed to be best-in class.

We spoke with a dozen people who know the regime, either because they had to flee after being imprisoned or from a technical point of view.

All of this, and more, you can find in our reporting, #EyesOfIran. Here are the links:

SPIEGEL: https://www.spiegel.de/ausland/iran-so-gnadenlos-spaeht-regime-die-eigene-bevoelkerung-aus-ein-insider-packt-aus-a-7990ef28-3c9d-427b-be9a-5f46d06bea6c?giftToken=7fdb6b96-b2f1-4799-b8ff-e55fed5496d1

Standard: https://www.derstandard.at/story/3000000310751/ein-regime-im-ueberlebensmodus-leak-zeigt-irans-massive-ueberwachung-im-land?ref=niewidget

ZDF: https://www.zdf.de/play/magazine/frontal-das-magazin-100/datenleak-iran-ueberwachung-gesichtserkennung-software-100

Forbidden Stories: https://forbiddenstories.org/iran-regime-monitors-citizens/