Ongoing shifts in who controls data, who pays for interoperability, and how tiny physiological tweaks change decisions thread through today’s stories. Pick a corner — device privacy, open standards, or the surprisingly behavioral power of breathing — and there’s a concrete takeaway you can act on or argue about.

In Brief

Loupe — an iOS app that shows what apps can see

Why this matters now: Loupe (an iOS/iPadOS app from Mysk) makes device fingerprinting tangible by reading the same public APIs available to third‑party apps, showing how innocuous fields combine into identifying vectors.

Loupe is a small, open-source tour through the fingerprint surface on iPhone and iPad. The app groups signals into "Passive" (no prompt), "Needs Permission" (contacts, location, photos) and "Advanced" (side‑channels like URL‑scheme probing and Keychain persistence), and it shows the raw values locally — the authors insist "Nothing Loupe reads leaves your device unless you explicitly export it." The project is MIT‑licensed and, amusingly, was "written almost entirely by AI coding tools," per the repo. See the Loupe repo for the code and notes.

"Nothing Loupe reads leaves your device unless you explicitly export it."

The practical punchline: small, non‑identifying bits — pasteboard change counts, volume creation dates, "iPhone last setup or erased on…" fields — add up fast. If you build or audit mobile apps, Loupe is an inexpensive way to make abstract privacy risks visible.

F-15 Strike Eagle II — reverse-engineered DOS game needs test pilots

Why this matters now: The F-15 Strike Eagle II reverse‑engineering project has reconstructed C source for the 1989 DOS game, produced playable executables, and asks volunteers to test on DOSBox or real hardware.

A hobbyist project reconstructed readable C for every game executable and released a v0.9.1 that can replace originals in a game folder (with caveats: no setup screen, MCGA/VGA assumed, no sound or joystick). The project is explicitly a "bug‑for‑bug reconstruction," so contributors should file reproducible bug reports and screenshots (Ctrl+F5 in DOSBox helps). The project page has instructions and the current testing wish list at the project blog.

This isn’t just nostalgia. Source-level reconstruction unlocks ports, mods, instrumentation and preservation — and it’s an example of how AI tooling can accelerate software archaeology, for better or worse.

Finland’s libraries — lending sewing machines, 3D printers, swimsuits

Why this matters now: Finland’s public libraries have evolved into civic maker- and service‑hubs that lend tools and provide digital-welfare assistance, demonstrating a replicable model for public infrastructure.

Finland spends roughly €65.78 per person on libraries and sees about 9.1 visits per person per year; its libraries lend everything from sewing machines to 3D printers and even swimming-pool passes. The BBC’s coverage spotlights Oodi in Helsinki as a social living room where librarians help with job applications and civic meetings. Read the feature at the BBC site.

"I have tears in my eyes when I see people almost run into the building at 08:00, heading straight to their favourite spots."

If you work in local government or civic tech, Finland’s model is a practical reminder that libraries can be social infrastructure, not merely book warehouses — and that demand management (waitlists, staffing) is the main scaling problem.

Developers don't understand CORS (revisited)

Why this matters now: A 2019 post on common CORS misunderstandings argues that developers often misuse or bypass CORS, creating real attack surface that could be avoided with correct headers and API design.

The essay revisits the Zoom localhost issue and argues the right solution was simple: set Access‑Control‑Allow‑Origin precisely and avoid exposing dangerous actions on GET endpoints. The piece is practical reading for anyone designing web APIs; the full argument is available on the author’s site at fosterelli.co.

Security teams should note the core reminder: CORS controls read access from pages, not whether requests are sent — and protecting state‑changing endpoints is primarily an API‑design responsibility, not a browser-only fix.

Deep Dive

SMPTE makes its standards freely accessible

Why this matters now: SMPTE has opened its entire catalog of standards and will publish future releases freely, changing how media‑technology implementations are built, taught and integrated.

SMPTE’s decision to remove the paywall on its standards — including Standards, Recommended Practices, Engineering Guidelines and Registered Disclosure Documents — is both symbolic and practical. The organization also modernized authoring by moving to GitHub workflows and structured HTML publishing, which should speed contributions and reduce implementation drift. SMPTE President Rich Welsh framed the move bluntly: “This was a decision we did not make lightly,” and Standards Director Steve LLamb emphasized access as core to standards’ value.

"Standards achieve their greatest value when they are accessible to everyone who needs to implement them."

Why this shift matters: previously, paywalls pushed some implementers toward reverse‑engineering or inconsistent implementations. Free access removes that friction for codec authors, metadata engineers, and open‑source projects — especially in places where budgets are tight. For cloud vendors, broadcasters and software vendors, the immediate impact is lower onboarding cost and better chance of interoperability out of the box.

There are still tradeoffs. SMPTE’s move was supported by big corporate members — AWS, Apple, Google among them — which raises the perennial funding question: how will the standards body cover editorial work and tooling costs without document sales? SMPTE’s hybrid model (member support plus sponsorships) is a plausible path, but keep an eye on whether long‑term governance and inclusivity remain robust as the technical bar rises (IP workflows, AI authenticity, provenance).

For implementers: expect faster bug fixes, clearer test vectors, and greater alignment between commercial and open implementations. For educators and small vendors: this should lower the barrier to building standards‑compliant tools and teaching the next generation of engineers.

Slow breathing changes reward processing and risk behavior

Why this matters now: A new fMRI study finds that prolonged exhalation (about 2 s inhale, 8 s exhale) boosts parasympathetic markers and makes people more likely to accept gambles by increasing reward representation in the vmPFC and precuneus.

Researchers scanned 41 volunteers doing 50/50 gamble decisions while breathing normally or with prolonged exhalation. The breathing pattern increased heart‑rate variability (a vagal, parasympathetic marker) and selectively amplified how rewards — not losses — drove choices. The authors summarize the result: “prolonged exhalation selectively enhances parasympathetic activity and heightens neural reward representation, thereby increasing reward sensitivity and biasing choice toward accepting gambles.” Read the paper at Neuron/Cell Press00339-9).

"prolonged exhalation selectively enhances parasympathetic activity and heightens neural reward representation..."

This flips a common assumption that calming techniques always improve decision-making. Here, a calmer physiological state increased reward sensitivity, which can be helpful (public speaking, creative risk‑taking) or harmful (financial risk when losses are likely). The neural data point to vmPFC and precuneus amplification, suggesting the effect operates at valuation rather than simple arousal reduction.

Practical takeaways: researchers and clinicians should treat breathwork as a state‑manipulation tool with predictable cognitive side effects. Designers of behavioral interventions — from therapy to nudges — need to consider when increasing reward sensitivity is desired. For individuals, the finding is a reminder: breathing exercises change more than anxiety levels; they can subtly shift what you value in the moment.

Closing Thought

Two structural shifts stood out today: systems-level access (who sees standards, who sees your phone) and state-level interventions (how breathing shifts valuation). Both are about leverage: small policy or design changes — opening a standard, showing a fingerprint field, or altering exhalation length — produce outsized behavior and implementation consequences. Pick the lever that matches your domain, and treat the second‑order effects as the real work.

Sources