The watershed summit in 2015 was far from perfect, but its impact so far has been significant and measurable

‘A shift no country can ignore’: where global emissions stand, 10 years after the Paris climate agreement

^{Fiona Harvey (The Guardian)}

Mark Carney, once a U.N. special envoy on climate action and finance, is now winning praise from industry but alienating former environmental allies.

Access options:
* gift link — registration required
* archive.today

Companies tend to be rather picky about who gets to poke around inside their products. Manufacturers sometimes even take steps that prevent consumers from repairing their device when it breaks, or modifying it with third-party products.

But those unsanctioned device modifications have become the raison d'être of a bounty program set up by a nonprofit called Fulu, or Freedom from Unethical Limitations on Users. The group tries to spotlight the ways companies can slip consumer-unfriendly features into their products, and it offers cash rewards in the thousands of dollars to anyone who can figure out how to disable unpopular features or bring discontinued products back to life.

“We want to be able to show lawmakers, look at all these things that could be out in the world,” says right-to-repair advocate and Fulu cofounder Kevin O’Reilly. “Look at the ways we could be giving device owners control over their stuff.”

Fulu has already awarded bounties for two fixes. One revives an older generation of Nest Thermostats no longer supported by Google. And just yesterday, Fulu announced a fix that circumvents restrictive digital-rights-management software on Molekule air purifiers.

Fulu is run by O’Reilly and fellow repair advocate and YouTuber Louis Rossmann, who announced the effort in a video on his channel in June.

The basic concept of Fulu is that it works like a bug bounty, the long running practice in software development where devs will offer prize money to people who find and fix a bug in the operating system. Fulu adopts that model, but the bounty it offers is usually meant to “fix” something the manufacturer considers an intended feature but turns out to be detrimental to the user experience. That can mean a device where the manufacturer has put in restrictions to prevent users from repairing their device, blocked the use of third-party replacement parts, or ended software support entirely.

“Innovation used to mean going from black-and-white to color,” Rossmann says. “Now innovation means we have the ability to put DRM in an air filter.”

Fulu offers up a bounty of $10,000 to the first person to prove they have a fix for the offending feature of a device. Donors can also pool money to help incentivize tinkerers to fix a particular product, which Fulu will match up to another $10,000. The pot grows as donations roll in.

Bounties are set on devices that Rossmann and O’Reilly have deemed deliberately hostile to the owners that have already paid for them, like some GE refrigerators that have DRM-locked water filters, and the Molekule air purifiers with DRM software that blocks customers from using third-party air filters. A bounty on the XBox Series X seeks a workaround to software encryption on the disk drive that prevents replacing the part without manufacturer approval. Thanks to donations, the prize for the Xbox fix has climbed to more than $30,000.

Sounds like a sweet payout for sure, but there is risk involved.

Fixing devices, even ones disabled and discontinued by the manufacturer, is often in direct violation of Section 1201 of the Digital Millennium Copyright Act, the 1998 US law that prevents bypassing passwords and encryption or selling equipment that could do so without manufacturer permission. Break into a device, futz with the software inside to keep it functional, or go around DRM restrictions, and you risk running afoul of the likes of Google's gargantuan legal arm. Fulu warns potential bounty hunters they must tackle this goal knowing full well they're doing so in open violation of Section 1201.

“The dampening effect on innovation and control and ownership are so massive,” O’Reilly says. “We want to prove that these kinds of things can exist.”
Empty Nest

In October, Google ended software support for its first- and second-generation Nest thermostats. For lots of users, the devices still worked but couldn’t be controlled anymore, because the software was no longer supported. Users lamented that their fancy thermostats had now become hunks of e-waste on their walls.

Fulu set up a bounty that called for a software fix to restore functionality to the affected Nest devices. Cody Kociemba, a longtime follower of Rossmann’s YouTube channel and a Nest user himself, was eager to take the bounty on. (He has “beef with Google,” he says on his website.) After a few days of tinkering with the Nest software, Kociemba had a solution. He made his fix publicly available on GitHub so users could download it and restore their thermostats. Kociemba also started No Longer Evil, a site devoted to his workaround of Nest thermostats and perhaps hacks of future Google products to come.

“My moral belief is that this should be accessible to people,” Kociemba says.

Kociemba submitted his fix to Fulu, but discovered that another developer, calling themselves Team Dinosaur, had just submitted a fix slightly before Kociemba did. Still, Fulu paid out the full amount to both, roughly $14,000 apiece. Kociemba was surprised by that, as he thought he had lost the race or that he might have to split the prize money.

O’Reilly says that while they probably won't do double payouts again, both fixes worked, so it was important for Fulu’s first payout to show support for the people willing to take the risk of sharing their fixes.

“Folks like Cody who are willing to put it out there, make the calculated risk that Google isn't going to sue them, and maybe save some thermostats from the junk heap and keep consumers from having to pay $700 or whatever after installation to get something new,” O’Reilly says. “It's been cool to watch.”

This week, Fulu announced it had paid out its second-ever bounty. It was for a Molekule Air Pro and Air Mini, air purifier systems that used an NFC chip in its filters to ensure the replacement filters were made by Molekule and not a third-party manufacturer. The goal was to disable the DRM and let the machine use any filter that fit.

Lorenzo Rizzotti, an Italian student and coder who had gone from playing Minecraft as a kid to reverse engineering and hacking, submitted proof that he had solved the problem, and was awarded the Fulu bounty.

“Once you buy a device, it's your hardware, it's no longer theirs,” Rizzotti says. “You should be able to do whatever. I find it absurd that it's illegal.”

But unlike Kociemba, he wasn’t about to share the fix. Though he was able to fix the problem, he doesn’t feel safe weathering the potential legal ramifications that he might face if he released the solution publicly.

“I proved that I can do it,” he says. “And that was it.”

Still, Fulu awarded him the bounty. O’Reilly says the goal of the project is less about getting actual fixes out in the world, and more about calling attention to the lengths companies are allowed to go to wrest control from their users under the auspices of Section 1201.

“We need to show how ridiculous it is that this 27-year-old law is preventing these solutions from seeing the light of day,” O’Reilly says. “It's time for the laws to catch up with technology.”

https://www.wired.com/story/fulu-repair-bounties-nest-molekule/

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

What it does: By measuring Round-Trip Time (RTT) of WhatsApp message delivery receipts, this tool can detect:

• When a user is actively using their device (low RTT)
• When the device is in standby/idle mode (higher RTT)
• Potential location changes (mobile data vs. WiFi)
• Activity patterns over time

GitHub - gommzystudio/device-activity-tracker: A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp /...

^GitHub

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

What it does: By measuring Round-Trip Time (RTT) of WhatsApp message delivery receipts, this tool can detect:

• When a user is actively using their device (low RTT)
• When the device is in standby/idle mode (higher RTT)
• Potential location changes (mobile data vs. WiFi)
• Activity patterns over time

GitHub - gommzystudio/device-activity-tracker: A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp /...

^GitHub

Choosing a movie or series has become harder than watching one.

People scroll for 20–30 minutes across IMDb, Netflix, or JustWatch and still can’t decide.
I faced the same problem, so I built a small AI-powered app.

How it works:
– You answer a few short questions (mood, time, type)
– The AI instantly suggests what to watch
– It improves over time based on your choices

No accounts. No endless lists.
Just a fast decision.

I’m sharing this to get honest feedback:
– Would this be useful for you?
– What would you improve or remove?

App Store link above.

What to Watch – AI Movies & TV - Apps on Google Play

Mood based AI movie finder — better than JustWatch, Reelgood & IMDb lists.

^{play.google.com}

Self-hosting anything that is deemed "content" openly on the web in 2025 is a battle of attrition between you and forces who are able to buy tens of thousands of proxies to ruin your service for data they can resell.

This is depressing. Profoundly depressing. i look at the statistics board for my reverse-proxy and i never see less than 96.7% of requests classified as bots at any given moment. The web is filled with crap, bots that pretend to be real people to flood you. All of that because i want to have my little corner of the internet where i put my silly little code for other people to see.

i have to learn to protect myself from industrial actors in order to put anything online, because anything a person makes is valuable, and that value will be sucked dry by every tech giant to be emulsified, liquified, strained, and ultimately inexorably joined in an unholy mesh of learning weights.

Guarding My Git Forge Against AI Scrapers - VulpineCitrus

A summary of the techniques in place to protect my git forge

^{VulpineCitrus}

But Sweeney warns iOS devs are still afraid of “totally illegal” retaliation by Apple.

Case file: cdn.arstechnica.net/wp-content…

Apple loses its appeal of a scathing contempt ruling in iOS payments case

^{Kyle Orland (Ars Technica)}

From recognition of a Palestinian state, to tenant strikes, to a Youth Climate Corps, here are some of the political achievements of the past year

https://breachmedia.ca/15-movement-victories-in-2025-you-may-not-have-heard-about/

Carney’s immigration law C-12 is a new chapter in an old Canadian playbook of scapegoating migrants while serving the corporate elites

https://breachmedia.ca/canada-repeating-century-of-anti-migrant-harm-bill-c12/

A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company.

https://www.bleepingcomputer.com/news/security/coupang-data-breach-traced-to-ex-employee-who-retained-system-access/

0.4.0 Hotfix 4

• Fixed another client crash in cosmetics panel while using a controller.
• Fixed a client crash in the Guild UI.
• Fixed a client crash.
• Fixed a bug where wolves from Pounce/Predator's Mark would deal no damage and be invincible after you die and revive
• Fixed 5 instance crashes.
• Fixed a client crash on Vulkan renderer.
• Fixed a bug where Raging Cry Support wasn't delaying Rage decay.
• Dying outside of boss encounters in the Atziri's Temple now allows you to respawn at the checkpoint instead of the Vaal Ruins.
• Thrashing Vines will now more consistently target & hit the same enemy repeatedly, improving its Single Target DPS.
• Any existing Cartographer's Chisel and Engineer's Orb will be deleted upon next login.

Early Access Patch Notes - 0.4.0 Hotfix 4 - Forum - Path of Exile

Path of Exile is a free online-only action RPG under development by Grinding Gear Games in New Zealand.

^{Path of Exile}

0.4.0 Hotfix 3

• Fixed a bug where Cartographer's Chisels could drop 😳
• These items will be automatically removed soon.

Early Access Patch Notes - 0.4.0 Hotfix 3 - Forum - Path of Exile

Path of Exile is a free online-only action RPG under development by Grinding Gear Games in New Zealand.

^{Path of Exile}

0.4.0 Hotfix 2

• Fixed a client crash in cosmetics panel while using a controller.
• Fixed a common client crash.
• Fixed an instance crash.
• Fixed an instance crash when using Unearth
• Fixed an issue where the game would not pause properly sometimes.

Early Access Patch Notes - 0.4.0 Hotfix 2 - Forum - Path of Exile

Path of Exile is a free online-only action RPG under development by Grinding Gear Games in New Zealand.

^{Path of Exile}

0.4.0 Hotfix

• Fixed a client crash that could occur in party play with a Druid.
• Fixed an instance crash.

Early Access Patch Notes - 0.4.0 Hotfix - Forum - Path of Exile

Path of Exile is a free online-only action RPG under development by Grinding Gear Games in New Zealand.

^{Path of Exile}

3.27.0f Patch Notes

• Server maintenance and account system updates.

Downtime will be approximately 15 minutes, apologies for any inconvenience.

Patch Notes - 3.27.0f Patch Notes - Forum - Path of Exile

Path of Exile is a free online-only action RPG under development by Grinding Gear Games in New Zealand.

^{Path of Exile}

Rivian demonstrated the progress it's made, and in the process showed just how far it still has to go to make its cars autonomous.

Riding onboard with Rivian's race to autonomy | TechCrunch

^{Sean O'Kane (TechCrunch)}

Some things change. Some things stay the same.

Just a few minutes ago I had occasion to dredge up my truly ancient digital archives. These two photos are taken in the same location, and although I am positive they are not actually the selfsame flower, they are at least the same kind of flower.

Apparently I took the headline photo with my Canon PowerShot A60. This was the fourth digital camera I ever owned. First was an Afga ePhoto Smile, then HP PhotoSmart C200 which was a big deal at the time because achieved one whole megapixel, then a PowerShot A40, and then the A60.

I took this a few weeks ago with my Canon R10, using my RF 35mm ƒ/1.8.

As House Speaker Mike Johnson eyes a vote next week on a to-be-announced health care package, a growing number of House Republicans are revolting against leadership by trying to force a vote on extending the expiring Affordable Care Act enhanced subsidies.

Nearly a dozen Republicans -- many from swing districts -- have signed onto dueling bipartisan discharge petitions to extend and reform the subsidies in the hopes of bypassing leadership and triggering a vote on the House floor.

This move comes as the subsidies are set to expire at the end of the month, which will prompt health premiums for more than 20 million Americans to soar.

Growing number of House Republicans sign on to effort to force vote on ACA subsidies -- defying Speaker Johnson

Nearly a dozen Republicans have signed on to dueling measures.

^{Lauren Peller (ABC News)}