Pleopods Weekly #8 — April 24, 2026

This Week on Lobste.rs

Trending topics: security privacy linux release assembly

1. Deleteduser.com —a $15 PII Magnet security

submitted by fanf — 146 points (+129 this week) — 48 comments

A site that monetizes deleted accounts by selling access to their personal data has been operating openly for years, and the legal and ethical gaps that let it happen are still unfixed.

2. wsl9x: Windows 9x subsystem for Linux assembly linux retrocomputing windows

submitted by calvin — 129 points (+117 this week) — 15 comments

A developer got Linux running bare-metal inside Windows 95/98 by exploiting the GPF handler to catch syscalls, meaning you could spawn Linux shells directly from DOS without rebooting.

3. waves & particles art

submitted by quad — 104 points (+91 this week) — 3 comments

A visual exploration of wave-particle duality rendered as interactive sketches — the kind of thing that makes you understand the concept differently than a textbook ever could.

4. Claude Desktop installs undocumented browser extensions for Chrome and other browsers privacy vibecoding

submitted by jmillikin — 91 points (+89 this week) — 44 comments

Claude Desktop silently registers native messaging hosts in every Chromium browser, pre-authorizing any future extensions to read your authenticated sessions and interact with page content — without asking permission or documenting what it's doing.

5. The age of snarky UI design

submitted by edwardloveall — 111 points (+87 this week) — 65 comments

When UI tries to be charming but lands condescending instead — a Hyundai that tells you to "consider a break" via coffee cup emoji, or Duolingo pretending to break up with you — the snark just creates friction without clarity.

6. Forgejo v15.0 is available release

submitted by jussi — 115 points (+85 this week) — 9 comments

Forgejo's 100th release brings repo-scoped access tokens, auto-linking containers to sources via image labels, and a significant rework of reusable workflows that finally lets them run independent jobs on different runners — though you'll need to re-login after upgrading due to cookie name changes.

7. IPv6 traffic crosses the 50% mark networking

submitted by dhruvp — 89 points (+85 this week) — 44 comments

Google's IPv6 traffic crossed 50% globally, marking a genuine inflection point — though the regional map shows adoption is wildly uneven, with some countries still struggling with reliability issues even where IPv6 is deployed.

8. Jujutsu megamerges for fun and profit vcs

submitted by knl — 85 points (+81 this week) — 24 comments

Jujutsu's "megamerge" workflow lets you compose work across multiple branches into a single octopus merge, then push individual branches back out — the absorb command figures out which commits need which changes based on what they touch.

9. Yojam: a macOS default-browser shim that routes URLs through a rule engine mac privacy release

submitted by fluffypony — 87 points (+80 this week) — 48 comments

Lets you set routing rules for every link you click on macOS—send work domains to your Chrome profile, personal stuff to Safari, Figma links straight to the app, strip tracking parameters—and falls back to a fast picker at your cursor if nothing matches.

10. The zero-days are numbered security

submitted by freddyb — 86 points (+79 this week) — 32 comments

Mozilla's red team missed 271 vulnerabilities that Claude found in Firefox—a concrete result that raises real questions about whether AI code analysis has finally caught up to human attackers' advantage.

11. What are your favorite Emacs packages? ask emacs

submitted by jussi — 91 points (+78 this week) — 61 comments

A thread where Emacs devotees catalog their actual package stacks — Magit dominates the mentions, but the real value is in the mid-tier stuff like dwim-shell-command, rg.el, and the vertico/consult completion stack that people actually depend on day-to-day.

12. SQLite prefixes its temp files with etilqs_ databases

submitted by av — 89 points (+78 this week) — 17 comments

SQLite's temp files use the etilqs_ prefix because McAfee's antivirus was generating sqlite_ files that users mistakenly blamed on SQLite itself, leading to late-night support calls that prompted the developers to just reverse the name and move on.

13. Framework Laptop 13 Pro: Intel Core Ultra 3 & LPCAMM2 hardware

submitted by jalcine — 79 points (+76 this week) — 51 comments

Framework's latest pushes the repairability angle harder with a real battery win: 20 hours through pairing Core Ultra 3 efficiency with a 21% capacity bump, plus they're early adopters of LPCAMM2 (modular memory that doesn't get soldered down), so you can actually upgrade RAM without voiding your soul.

14. Clojure: The Documentary clojure video

submitted by binjip978 — 73 points (+67 this week) — 5 comments

A 90-minute deep dive into why Rich Hickey built Clojure around immutability and data-oriented programming instead of chasing OOP trends — the actual reasoning, not just the marketing.

15. Arch Linux now has a bit-for-bit reproducible Docker image linux

submitted by Foxboron — 72 points (+66 this week) — 4 comments

Arch Linux stripped pacman keys from their reproducible Docker image to guarantee bit-for-bit consistency across builds — users need to regenerate the keyring themselves before package operations work.

16. How The Heck Does Shazam Work? math programming

submitted by indigo — 70 points (+66 this week) — 3 comments

Shazam doesn't recognize melody or lyrics — it builds a sparse fingerprint from the loudest frequency peaks in a spectrogram, then matches pairs of peaks (anchor + nearby peak + time delta) as hashes against a database, making it robust to noise but terrible at humming.

17. Quantum Computers Are Not a Threat to 128-bit Symmetric Keys cryptography

submitted by Shorden — 71 points (+64 this week) — 11 comments

Grover's algorithm hits a wall when you try to distribute it across multiple processors—splitting a 128-bit keyspace loses enough of the quadratic speedup that breaking AES-128 jumps to 2^104.5 operations, while 256-bit elliptic curves fall to 2^26, making symmetric encryption the real quantum-safe bet for now.

18. AI as a Fascist Artifact ai rant

submitted by SoapDog — 67 points (+62 this week) — 33 comments

The concentration of compute required to train LLMs isn't a neutral constraint—it's a structural feature that centralizes power. Winner's argument that artifacts embed politics applies here: these systems don't just reflect fascistic goals imposed afterward, they're built on assumptions (optimization over all else, centralized authority as efficiency) that encode them from the ground up.

19. HTTP desync in Discord's media proxy: Spying on a whole platform security

submitted by videah — 62 points (+59 this week) — 7 comments

An HTTP desync bug in Discord's media proxy let attackers hijack pooled connections to steal attachment URLs from private messages—by timing concurrent requests to intercept data meant for other users.

20. It Is Time to Ban the Sale of Precise Geolocation Data privacy

submitted by white-star — 59 points (+57 this week) — 1 comments

Citizen Lab traced 500 million devices' worth of location data through commercial brokers to U.S. law enforcement and foreign intelligence agencies—tracking individuals to the meter, linking anonymous device IDs to social media profiles without warrants, and making clear that if American police can buy it, so can adversaries like China.

Pleopods is a weekly digest of the top links from Lobste.rs. Unsubscribe | Archive