Nightmare Eclipse has released a new exploit: RoguePlanet

It's reportedly not 100% reliable, but it worked on the first attempt for me.

RE: https://infosec.exchange/@jerry/116714204183091991

DO NOT CONNECT YOUR TV TO THE INTERNET

It's 1998, you make a website in the copy of frontpage express that came with your computer, it's just like Word and it's very easy, you figure out how to upload it to the couple megs of web space that your ISP gives you (the instructions are on their website), you visit your site in your browser and everything's fine and the site's readable and everything looks the way it should

🦝 "Wow, if it's this easy in 1998, I bet it'll be even easier in 2026" you think to yourself for some reason

With 26.5, you get ads in #Apple Maps. At least #Apple automatically opts you out of personalized ads. You Can't Turn Ad Display Off, however. Thank you Apple for making 26.x a clusterf%%k of bad design, an accessibility disaster, and now an exemplar for #enshittification(@pluralistic). When you upgrade to 26.5 and visit Maps, read the Advertising and Privacy link carefully. A good reason NOT to update. Can't tell you truly how disgusted this makes me!

I hope this BADLY damages Apple's reputation.

#boostingIsSharing and #altText

#iOS #macOS #iPadOS #author #writer #writingCommunity #WritersOfMastodon.

I found that crafted #MeshCore node names could compromise #HomeAssistant instances running meshcore-card, with an XSS leading to remote root access on the HA host. An attacker could then access anything controlled or visible through Home Assistant. The attacker doesn't need to be near the target, as MeshCore advertisements are repeated over the mesh, which is dense in NL.

This also affects around 20 public MeshCore analyzer websites. Some of those run CoreScope, where it looks like a vibecoding bot broke the XSS filter while hallucinating a bugfix. The analyzers are mostly public data though. In addition, the less popular MeshCore-Home-Assistant-Panel-v2 is likely also affected, but I was unable to make contact with the maintainer.

MeshCore node names are only 32 bytes, and each rendered in a different place in the page, so I had to be creative to run a more substantial payload. I found a way with three node names using an iframe feature I never heard of before.

https://mxsasha.eu/posts/meshcore-xss-home-assistant/

PBS did a documentary showing infrared/thermal drone footage of the massive gas turbine plants being built next to AI datacenters.

As I’ve pointed out in the past, despite greenwashing these massive datacenter campuses being built by so-called “hyperscalers” are being primarily fueled by on-site gas turbines, which in addition to climate crisis-causing CO2 also emit high amounts of NOx and particulate matter.

https://youtu.be/5p426fSlYH4

#climatecrisis

After todays news related to rsync, I felt compelled to share some other concerns related to AI generated code.

https://handorf.org/thoughts/2026/05/25/blog.html

So my systems recently updated to rsync 3.4.3, and as soon as that happened my backup system - which does incremental backups using multiple --compare-dest= arguments - started to fail on anything but a full backup.

Revert to 3.4.1 and it works.

So I go look at the source in GitHub to see what might have changed, because there doesn't seem to be anything relevant in the changelog.

Since 3.4.1, 36 commits by "tridge and claude"

Oh for fuck's sakes.