Blog (in English)

2005: Don’t trust anything you see on Wikipedia.

2025: Don’t trust anything you see online unless you saw it on Wikipedia.

White man, with glasses and goatee, smiling.Jason Lefkowitz
@jalefkowit@vmst.io

About the password leak of 183 million Gmail accounts

In the same vein as the “phones that will stop running WhatsApp” beat, Brazilian news sites seem to have found a new evergreen click source for tech desks imported from Forbes’: millions of leaked Gmail passwords.

There is, in fact, a database of that type circulating online, created by an undergraduate student in the United States. Troy Hunt, who runs Have I Been Pwned, a breach repository, analyzed the data and found that “only” 8% of the passwords — about 14 million — are new. That makes sense, given the database was glued together by aggregating entries from multiple sources and prior breaches.

The main takeaway from a story like this isn’t “your Gmail password may have leaked,” but rather that “any of your passwords could leak at any time.” Not to spread alarm, but to encourage awareness of good digital security practices.

Which ones? For this situation, mostly these two:

  1. Use a password manager. It makes easy creating and retrieving strong, unique passwords for each service.
  2. Enable two‑factor authentication (or two‑step verification). It can be integrated with the very same password manager for easier adoption. In a breach, the second factor blocks unauthorized access even if someone has your password.

You can check whether your passwords have leaked by entering your email at Have I Been Pwned. If it shows up, there’s no need to panic: change the password and enable a second authentication factor. Google explains how to do this for Gmail.

Many people were surprised to learn on the 20th that Signal uses Amazon/AWS infrastructure. Signal’s president, Meredith Whittaker, had to explain why:

Instant messaging demands near-zero latency. Voice and video in particular require complex global signaling & regional relays to manage jitter and packet loss. These are things that AWS, Azure, and GCP provide at global scale that, practically speaking, others (in the western context) don’t.

It’s important to note that Signal uses end‑to‑end encryption, which means nobody at AWS can access the content.

(By the way: the “reply guys” issue on Mastodon shows up in almost every technical post Meredith makes.)

I find it fascinating that so many people fall for the fallacy that artificial intelligence is reliable enough to guide decision‑making. And sometimes I find it funny, too.

Brazilian startup Jumpad is intriguing from the pitch itself: a “self‑hosted platform, deployed on the company’s cloud” that lets you enable APIs from external services like OpenAI and Google. Hm, okay. The service “involves engagement dashboards and gamified trainings, contributing to cultural transformation.” As an example of “cultural transformation,” we’re treated to this gem:

At one client, it was found that 25% of employees’ time was spent on calls and meetings, but about 80% of them were not actively participating. In other words, it was a huge waste of time.

Imagine having to burn the planet to “discover” that most meetings could have been an e‑mail.

(The information comes from Brazil Journal [pt_BR].)

On macOS 26 Tahoe, run this command to disable Liquid Glass:

defaults write -g com.apple.SwiftUI.DisableSolarium -bool YES

Kinda shocked this is possible. Is Liquid Glass just a skin layered on top of macOS’s now‑classic UI? That would explain a lot… (Tip from Capi Etheriel, via r/MacOS.)

Tech companies are finding out everything is political

Framework, which makes and sells modular, repairable computers, is facing a small uprising on its official forum after announcing sponsorships of the Hyprland and Omarchy projects — a Linux window manager and a pseudo‑distro based on Arch, respectively.

(more…)

It’s impossible to evaluate your sleep with only one number

iOS 26 brought a new score to the Health app: sleep quality. (It’s not exclusive to the Apple Watch; any band or watch compatible with iOS can contribute to that number.)

I’m skeptical of scores like this. It’s reductive and can be misleading to assign a single score to something as complex as sleep. And, in a great irony, my numbers (!) kind of prove that.

(more…)

Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.

Google's logo, capital “G” colored.Google
via Android Developers Blog

Liquid Glass

Major redesigns of graphical user interfaces (GUI) always provoke surprise and complaints. With Liquid Glass, Apple’s new visual language, it’s no different.

The good news is that beneath the new buttons, unreadable text blocks and modernized effects, the way you use systems like iOS and macOS hasn’t changed. People familiar with the previous versions will be able to find their way around the new ones.

That doesn’t mean Liquid Glass is a success. At the risk of contradicting myself later, I think Apple missed the mark.

(more…)

Three options to increase privacy on LinkedIn

1

LinkedIn changed its terms to share more data with Microsoft for advertising purposes. It’s routine — nothing dramatically new or alarming — but I liked that, in the explanatory document, LinkedIn included direct links to the three settings that, when turned off, stop that data sharing. Thanks…?

Just click the links while logged in and disable all of them:

While you’re at it, also disable sharing content to train generative AIs.

Apple forgot the “Compact” tab layout in macOS Safari

I’m not in a hurry to update my Apple devices to the 26 “crop” of OSs, but Safari on macOS… why not?

Every year Apple ships the big update to its browser for older macOS releases. It’s an exception to the rule of updating native apps only with the OS. The list of changes is always long and this year’s is no different.

Unfortunately, Safari 26 is broken for the five people who use the “compact” tab layout. And yes, I am (or was) one of them.

(more…)

Farewell to the fediverse

2

In December 2023, this blog joined the fediverse (pt_BR). Thanks to a WordPress plugin — the publishing platform used by Manual do Usuário — it became possible to follow updates here without leaving Mastodon, Pleroma, GoToSocial, or any other application compatible with the ActivityPub protocol.

Over nearly two years the plugin has improved a lot. And it’s set to improve further, judging by the developers’ roadmap, to the point that — if all goes well — it may one day be possible to turn blogs into full actors in the fediverse.

Despite that, I plan to remove ActivityPub support soon. Here’s why.

(more…)

Wireless earphones: a belated review

2

Since the early days of this Manual, my goal has been the “slow web,” which here translates to being the last to cover a topic. Even so, I didn’t expect I’d ever write about something eight years late.

Anyway — here we are. Let’s talk wireless earphones.

(more…)

What’s on your phone, Leonardo?

What’s your name and what do you do?

Leonardo, 40, southern Brazil, makes educational videos on the internet and has been a regular reader of the Manual do Usuário for years.

(more…)

The fact is that today, the open web is already in rapid decline.

Google's logo, capital “G” colored.Google
via Search Engine Roundtable

1