Vendor sold master keys to janitorial closet
Also Apple's tracking network is now a Python script and Spotify is just a very expensive hobby.

Litigation as a Service Strikes Again

The Israeli firm, NSO Group, has been found liable for an oopsie where its Pegasus surveillance tool was used to hack into user phones via WhatsApp. A U.S. judge confirmed that NSO Group was not acting as a government agency and therefore could not claim sovereign immunity, which is the international equivalent of "My dog ate my homework and the dog is a Head of State." The lawsuit filed by Meta-owned WhatsApp, which operates the messaging service, alleged the NSO Group violated the federal Computer Fraud and Abuse Act and breached WhatsApp's terms of service by sending installation messages through the service's servers to compromise user devices.

The core issue remains that NSO Group built and sold a tool that effectively bypassed the security on end-to-end encrypted messaging platforms. Meta, the parent company, initially filed the lawsuit, essentially saying that a third-party contractor sold master keys to the server room and now the landlord is facing all the fallout. The news just confirms what the security team has known since 2019, which is that one really expensive, very specific hole exists in the network and now it is going to cost everyone a whole lot of money to patch the legal exposure. A trial will now proceed solely to determine the damages NSO must pay, which feels like a very expensive way to finally admit that the vendor was never actually trustworthy.

Spotify's Business Model: The Math That Was Bad All Along

The "ugly truth" about Spotify has been revealed as being the same truth everyone has quietly suspected in the break room for years: the cost of inventory is too high. The company consistently pays a massive percentage of its revenue to music rights holders. Historically, this has kept the company's gross margins tight, a situation that means the premium coffee machine breaks even but the vending machine full of artisanal snacks runs at a perennial loss.

It is not a music company that makes money by selling music; it is a tech company that uses music as a very expensive "Loss Leader" to attract user data for its ad platform, according to some analyses. While the company has recently made strides toward profitability due to cost-cutting and premium margin expansion, it still pays out nearly 70% of its annual revenue to music rights holders. Chief Executive Officer Daniel Ek is essentially running a complicated Ponzi scheme based on the infinite dilution of stock, while artists receive fractional pennies and the finance department works tirelessly to reduce the cost of podcast content.

Apple's "Find My" Network Is Now Open Source Desktop Wallpaper

Someone has gone and written a Python library, FindMy.py, that allows anyone to query Apple's proprietary Find My network. This is the global, crowdsourced mesh network that allows users to find their lost AirPods under the sofa or a stolen AirTag somewhere in Siberia. The library unifies previously fragmented code, making it easy to fetch and decrypt location reports from official Apple devices, custom AirTags, and even other devices.

The creator has essentially provided the administrative access code for the world's largest digital scavenger hunt, and they did it without needing a Mac, which defeats the entire purpose of Apple's ecosystem. The technology is being immediately implemented by the community for practical automation, such as making a smart home know when you are approaching, because finding your keys is less important than making sure the lights are on exactly 30 seconds before you walk through the door.

Briefs

• Mapping Project: City Roads is a tool that draws every road in a city at once. This is the only useful piece of data we have seen all day, and it proves that 90% of a city is just infrastructure designed to get you from a comfortable chair to another comfortable chair.
• Terminal Utility: A new CLI tool called spacer inserts a decorative gap when command output stops, solving the critical problem of knowing when your compiler is thinking versus when it has actually frozen forever. The productivity gains are theoretically infinite.
• HTTP Implementation: Curl's Chief Architect, Daniel Stenberg, announced he is removing the experimental HTTP back end written in Rust, returning to the tried-and-true C implementation. The pilot program for the new framework has been scrapped, and we are back to using the same tools that were already working.