iOS notifications leaking deleted chats & Firefox IndexedDB fingerprinting identifier - Hacker News (Apr 23, 2026)

Please support this podcast by checking out our sponsors: - SurveyMonkey, Using AI to surface insights faster and reduce manual analysis time - https://get.surveymonkey.com/tad - KrispCall: Agentic Cloud Telephony - https://try.krispcall.com/tad - Discover the Future of AI Audio with ElevenLabs - https://try.elevenlabs.io/tad Support The Automated Daily directly: Buy me a coffee: https://buymeacoffee.com/theautomateddaily Today's topics: iOS notifications leaking deleted chats - Apple patched iOS so notification caches can’t retain deleted or disappearing message text from apps like Signal—closing a major privacy gap for seized devices. Firefox IndexedDB fingerprinting identifier - A Firefox IndexedDB bug created a stable cross-site fingerprint via `indexedDB.databases()` ordering (CVE-2026-6770), impacting Private Browsing and even Tor Browser until fixes land. Telecom SS7 and Diameter tracking - Citizen Lab reports covert location surveillance using telecom signaling abuse—SS7 and misconfigured Diameter—via “ghost” carriers and repeated transit providers. SQLite gets durable pubsub - Honker adds Postgres-style LISTEN/NOTIFY semantics to SQLite with durable queues and event streams, reducing reliance on separate brokers while keeping transactions atomic. Zig-built C compiler journey - A developer chronicled building a C compiler in Zig, offering a practical learning log that tracks progress from parsing to linking and highlights Zig’s growing systems-language ecosystem. Color-coded hex editing usability - A proposal argues hex editors should color bytes by default—like syntax highlighting—so humans can spot structure, anomalies, and boundaries faster in binary data. AI-shaped comment spam conversations - Bloggers are seeing AI-like comment spam that mimics real conversation threads, slipping links into plausible back-and-forth to bypass moderation and social trust cues. Cloud primitives and cost friction - A cloud critique claims today’s hyperscaler primitives push awkward constraints and high network costs; a new platform pitch argues AI coding agents will make that friction more painful. Repairable tractors without electronics - Ursa Ag is drawing interest for tractors built around remanufactured 1990s diesel engines with minimal electronics—betting farmers value repairability over locked-down software. - David Crawshaw Launches exe.dev to Rebuild Cloud Computing Primitives - Ursa Ag Bets on Electronics-Free Tractors to Win Over Repair-Weary Farmers - Honker Adds Postgres-Style NOTIFY/LISTEN, Queues, and Streams to SQLite via WAL-Based Push Notifications - Blog Post Calls for Default Byte Color-Coding in Hex Editors - Apple Patches iOS Bug That Let Forensic Tools Retrieve Deleted Messages From Notification Cache - Bloggers Warn of Conversation-Style Comment Spam Hiding Links - Jiga pitches AI-driven manufacturing sourcing platform and outlines remote-first, transparent culture amid hiring push - Citizen Lab Finds Covert Vendors Exploiting Telecom Signaling to Track Phone Locations - Developer Indexes a Zig-Based C Compiler Tutorial Series - Firefox and Tor Browser Bug Enabled Cross-Site Tracking via IndexedDB Result Ordering Episode Transcript iOS notifications leaking deleted chats First up: Apple has pushed an iPhone and iPad update to fix a privacy issue where notification content could linger on-device longer than users—and some apps—intended. The core problem was that iOS could retain notifications marked for deletion, meaning message text from apps like Signal might remain recoverable in a system database for weeks. The story matters because disappearing messages only work as well as the layers beneath them, and device seizures are exactly the scenario where those guarantees are supposed to hold. Firefox IndexedDB fingerprinting identifier Sticking with privacy, Mozilla fixed a subtle but serious fingerprinting vector in Firefox tied to IndexedDB. Researchers found that the order returned by the `indexedDB.databases()` API could act like a stable identifier across unrelated websites within the same browser process. That’s especially uncomfortable because it could persist in Private Browsing as long as the process stays running—and in Tor Browser, it could even undermine “New Identity” in that same session. The takeaway is a bit humbling: even something as mundane as result ordering can become a high-entropy tracking signal when it’s influenced by global internal state. Telecom SS7 and Diameter tracking And zooming out from browsers to networks: Citizen Lab says it uncovered two covert surveillance campaigns abusing telecom signaling systems to track phone locations. This is the long-running SS7 story, but with a modern twist—attackers can also exploit Diameter when carriers don’t enforce protections correctly, and some setups effectively fall back to SS7-like weakness. The report points to “ghost” companies posing as legitimate operators and to a few providers showing up repeatedly as entry or transit points. Why it matters is simple: location is one of the most sensitive data types, and the infrastructure that routes calls and texts still offers too many ways to quietly query it. SQLite gets durable pubsub On the developer tooling side, an experimental project called Honker is trying to give SQLite something it’s famously missing: Postgres-style NOTIFY and LISTEN, plus durable queues and event streams—without adding a separate broker. The interesting angle is that jobs and events live as rows in the same SQLite database, so publishing a message can commit atomically with your application data. For teams shipping single-machine apps—or embedded systems that still need background work—this could shrink operational complexity while keeping reliability characteristics people normally reach for Redis or a message bus to get. Zig-built C compiler journey If you like learning-by-building, there’s also a collected set of posts on writing a C compiler in Zig, called “paella.” It’s based on a well-known compiler-writing guide, but the value here is the journal-like progression: it’s the messy, practical record of getting from “hello, parser” to producing linkable outputs. These kinds of write-ups matter because they’re often the on-ramp for the next wave of systems programmers—especially as Zig keeps attracting folks who want low-level control without the full pain of older toolchains. Color-coded hex editing usability A smaller, but oddly compelling usability argument: one developer is making the case that hex editors and hexdump tools should use richer color by default. The point is that monochrome byte grids hide patterns your eyes are actually good at spotting—boundaries, repetition, or the single weird byte that shouldn’t be there. Think of it as syntax highlighting for binary data: a low-cost change that can make debugging files, formats, and corruption issues faster and less disorienting. AI-shaped comment spam conversations Now for the unglamorous reality of running a website in 2026: comment spam is evolving. One blogger described a new flavor that shows up as a short, believable conversation—multiple replies posted minutes apart—so it feels like genuine engagement. The trick was that a casino link was tucked into the middle comment in a way that blended into normal text. The broader point is that AI-generated “plausible filler” doesn’t need to be great to be effective; it just needs to look socially real long enough to slip past moderation and capture a click. Cloud primitives and cost friction On infrastructure, developer David Crawshaw published a sharp critique of modern cloud primitives—alongside news that he’s building a new cloud platform. His argument is that the big clouds are fundamentally shaped around awkward constraints: fixed VM instance types, storage trade-offs that push you toward remote services, and network pricing that turns data movement into a tax. He also predicts AI coding agents will increase the amount of software we produce, meaning cloud friction and cost won’t feel like an inconvenience—it’ll become a bottleneck. Whether or not his new approach wins, the critique resonates because it challenges a quiet assumption: that higher-level platforms can fully paper over the economics and ergonomics of the underlying cloud building blocks. Repairable tractors without electronics And finally, a very different kind of backlash against complexity: a Canadian startup, Ursa Ag, says it’s seeing strong interest from U.S. farmers for tractors built around remanufactured 1990s-era diesel engines—and intentionally light on modern electronics. The appeal is repairability: fewer locked-down components, less dependence on dealer software, and a better chance of fixing problems during the narrow windows that matter in planting and harvest. The bigger signal here is market pressure. If enough buyers prioritize maintainability over extra features, major manufacturers may have to rethink where “smart” becomes “fragile,” and where control becomes a liability. Subscribe to edition specific feeds: - Space news * Apple Podcast English * Spotify English * RSS English Spanish French - Top news * Apple Podcast English Spanish French * Spotify English Spanish French * RSS English Spanish French - Tech news * Apple Podcast English Spanish French * Spotify English Spanish Spanish * RSS English Spanish French - Hacker news * Apple Podcast English Spanish French * Spotify English Spanish French * RSS English Spanish French - AI news * Apple Podcast English Spanish French * Spotify English Spanish French * RSS English Spanish French Visit our website at https://theautomateddaily.com/ Send feedback to [email protected] Youtube LinkedIn X (Twitter)