We like mechanical calculators like slide rules, but we have to admit that we had not heard of the Ott Derivimeter that [Chris Staecker] shows us in a recent video. As the name implies, the derivimeter finds the derivative of a function. To do that, you have to plot the function on a piece of paper that the meter can measure.

If you forgot calculus or skipped it altogether, the derivative is the rate of change. If you plot, say, your car’s speed vs time, the parts where you accelerate or decelerate will have a larger derivative (either positive or negative, in the decelerate case). If you hold a steady speed, the derivative will be zero.

To use the derivimeter, you sight the curve through the center glass and twist the device so the cursor, which is a lens and mirror system that lets you precisely find a tangent line. You can read the angle and find the true derivative using a table of tangents.

[Chris] has another derivimeter from Gerber. However, he found a different type of derivimeter that uses a prism, and he sure would like to find one of those for his collection.

Calculus is actually useful and not as hard as people think if you get the right explanations. This isn’t exactly a slide rule, but since it is a mechanical math device, we think it counts anyway.

youtube.com/embed/w4Wdjz2uiPY?…

hackaday.com/2025/01/06/mechan…

Introduction

In our recent investigation into the EAGERBEE backdoor, we found that it was being deployed at ISPs and governmental entities in the Middle East. Our analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, we discovered previously undocumented components (plugins) deployed after the backdoor’s installation. These enabled a range of malicious activities such as deploying additional payloads, exploring file systems, executing command shells and more. The key plugins can be categorized in terms of their functionality into the following groups: Plugin Orchestrator, File System Manipulation, Remote Access Manager, Process Exploration, Network Connection Listing and Service Management.

In this blog, we provide a detailed analysis of the EAGERBEE backdoor’s capabilities, focusing on the service injector, Plugin Orchestrator module and associated plugins. We also explore potential connections of the EAGERBEE backdoor with the CoughingDown threat group.

Initial infection and spread

Unfortunately, the initial access vector used by the attackers remains unclear. However, we observed them executing commands to deploy the backdoor injector named “tsvipsrv.dll” along with the payload file ntusers0.dat, using the SessionEnv service to run the injector, as can be seen below.
//change the creation, last access and write time, timestamp of the file to "1/8/2019 9:57"
attrib.exe -s -h -a C:\users\public\ntusers0.dat
powershell.exe -Command "='1/8/2019 9:57'; = 'C:\users\public\ntusers0.dat';(Get-Item
).creationtime = ;(Get-Item ).lastaccesstime = ;(Get-Item ).lastwritetime = "

//set the attributes of the file (EAGERBEE backdoor) to archive (+a), system file (+s) and
//hidden (+h)
attrib.exe +s +h +a C:\users\public\ntusers0.dat

//set the attributes of the file (loader) to archive (+a), system file (+s) and hidden
//(+h)
attrib.exe +s +h +a system32\tsvipsrv.dll

//the malware runs now because of a DLL hijacking vulnerability, as the libraries in the
//system32 directory where the malicious library is located are the first to load
net.exe stop sessionenv
cmd.exe /c "sc config sessionenv Start= auto"
net.exe start sessionenv

attrib.exe -s -h -a C:\users\public\ntusers0.dat
net.exe use \\<<internal ip>>\c$ <password> /user:<username>
attrib.exe +s +h +a C:\users\public\ntusers0.dat
attrib.exe +s +h +a \\172.17.1.127\c$\users\public\ntusers0.dat
attrib.exe -s -h -a system32\tsvipsrv.dll
attrib.exe +s +h +a system32\tsvipsrv.dll
attrib.exe +s +h +a \\172.17.1.127\c$\windows\system32\tsvipsrv.dll
attrib.exe -s -h -a \\172.17.1.127\c$\windows\system32\tsvipsrv.dll
attrib.exe +s +h +a \\172.17.1.127\c$\windows\system32\

Malware components

Service injector

The service injector targets the Themes service process. It first locates and opens the process, then allocates memory within it to write EAGERBEE backdoor bytes (stored in C:\users\public\ntusers0.dat) along with stub code bytes. The stub code is responsible for decompressing the backdoor bytes and injecting them into the service process memory.

To execute the stub code, the injector replaces the original service control handler with the address of the stub code in the service process memory. The stub is then triggered by sending a SERVICE_CONTROL_INTERROGATE control code to the service. After the stub completes its execution, the injector cleans up by removing the stub code from the service memory and restoring the original service control handler.

EAGERBEE backdoor

When we found the backdoor in the infected system, it was named
dllloader1x64.dll. It can create a mutex with the name mstoolFtip32W if one doesn’t exist yet. After that, it starts collecting information from the system: the NetBIOS name of the local computer, OS information (major and minor version numbers, build number, platform identifier, and information about product suites and the latest service pack installed on the system), product type for the operating system on the local computer, processor architecture, and list of IPv4 and IPv6 addresses.
The backdoor has an execution day and time check. It compares the current system day and hour to the hardcoded string
0-6:00:23;6:00:23;, where the numbers mean the following:

• 0: start day of the week;
• 6: end day of the week;
• 00: start hour;
• 23: end hour.

If the execution day and hour do not match, it sleeps for 15 seconds and checks again. In the cases we’ve seen, the backdoor is configured to run 24/7.

The backdoor configuration is either stored in C:\Users\Public\iconcache.mui or hardcoded within the binary. If stored in the file, the first byte serves as the XOR key to decode the remaining data. When hardcoded, the configuration is decoded using a single-byte XOR key (0x57). This configuration includes the command-and-control (C2) hostname and port.

The backdoor retrieves the proxy host and port information for the current user by reading the registry key Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer. If proxy details are available, the backdoor connects through the proxy; otherwise it connects to the C2 server directly.

To establish communication, the backdoor creates a TCP socket capable of operating over both IPv4 and IPv6. If the C2 port has an “s” appended, an SSL session is initiated. Depending on the configuration, it may use the SCHANNEL security package, which supports SSL and TLS encryption on Windows. In this mode, it can validate server credentials (passive mode) or use local client credentials to prepare an outgoing token (active mode).

Once a connection is established, the backdoor transmits the previously collected victim-specific details to the C2 server. The server responds with a string followed by a payload known as the Plugin Orchestrator. If the response string matches a hardcoded value in the backdoor (unique to each sample), the backdoor retrieves the raw address of the first export method in the received payload and invokes it. Notably, at this stage, the payload (Plugin Orchestrator) is not yet mapped into memory.

Plugin Orchestrator

The payload downloaded by the EAGERBEE backdoor is a plugin orchestrator in the form of a DLL file with the internal name “ssss.dll” which exports a single method: “m”. As previously mentioned, EAGERBEE does not map the plugin orchestrator DLL directly into memory. Instead, it retrieves the raw address of the “m” export method and invokes it.

The “m” method of the plugin orchestrator DLL is responsible for injecting the orchestrator into memory and subsequently calling its entry point. In addition to the victim-specific data already collected, the plugin orchestrator gathers and reports to the C2 server the following additional information:

• The NetBIOS name of the domain;
• Current usage of physical and virtual memory;
• System locale and time zone settings;
• Windows character encoding;
• The current process identifier;
• Identifiers for any loaded plugins.

After transmitting this information, the plugin orchestrator also reports whether the current process has elevated privileges. It then collects details about all running processes on the system, including:

• Process identifiers;
• The number of execution threads started by each process;
• The identifier of the parent process;
• The fully qualified path of each process executable.

Once the information is sent, the plugin orchestrator waits for commands to execute. The following commands are supported:

Plugins

The plugins are DLL files and export three methods using ordinals. The plugin orchestrator first calls the exported method of the plugin with the ordinal number 3. This method is responsible for injecting the plugin DLL into memory. After that, the orchestrator calls the exported method of the plugin with the ordinal number 1, which is the
DllMain method. This method initializes the plugin with the required data structures. Finally, it calls the exported method of the plugin with the ordinal number 2. This method implements the functionality of the plugin.
All the plugins are responsible for receiving and executing commands from the orchestrator. Below, we provide brief descriptions of the analyzed plugins and the commands supported by each of them.

File Manager Plugin

This plugin performs a wide range of file system functions, including:

• Listing drives, files and folders in the system;
• Renaming, moving, copying and deleting files;
• Setting ACLs to manage file and folder permissions;
• Reading and writing files to and from the system;
• Injecting additional payloads into memory.

The table below contains commands it accepts.

Process Manager

This plugin manages process-related activities such as:

• Listing running processes in the system;
• Launching new modules and executing command lines;
• Terminating existing processes.

It accepts four commands.

Remote Access Manager

This plugin facilitates and maintains remote connections, while also providing command shell access.

The attackers launch the command shell by injecting
cmd.exe into the DllHost.exe process. The commands below were seen executed by the threat actor://list all users and users in the local admin group
net user
net localgroup administrators

//obtain system- and account-related information; the "dsquery" command implies that the
//attacker got hold of a Windows server machine with the Active Directory Domain Services
//(AD DS) server role installed.
dsquery computer
dsquery server
dsquery users
dsquery user
systeminfo
ping -n 1 <<computer name>>

//establish a connection to a shared resource using stolen credentials
net use \\<<ip in the network>>\admin$ <password> /user:<username>

//archive the information from the shared resource
rar.exe a -v100M idata001.rar -ta"20240101000000" -r -x"*.mp3" -x"*.dll" -x"*.exe" -
x"*.zip" -x"*.mxf" -x"*.rar" "\\<<ip in the network>>\c$\Users\<<user name>>\Documents"
"\\<<ip in the network>>\c$\Users\<<user name>>\Desktop"
rar.exe a -v100M idata001.rar -ta"20240101000000" -r -x"*.mp3" -x"*.dll" -x"*.exe" -
x"*.zip" -x"*.mp4" -x"*.rar" "\\<<ip in the network>>\c$\Users\<<user name>>\Documents"
"<<ip in the network>>\c$\Users\<<user name>>\Desktop"

Service Manager

This plugin manages system services, including installing, starting, stopping, deleting and listing them.

Network Manager

This plugin lists the network connections in the system.

Attribution

EAGERBEE was deployed in several organizations in East Asia. Two of these organizations were breached via the infamous ProxyLogon vulnerability (CVE-2021-26855) in Exchange servers, after which malicious webshells were uploaded and utilized to execute commands on the breached servers.

In May 2023, our telemetry indicated the execution of multiple commands to start and stop system services at one of the affected organizations in East Asia. The attackers abused the legitimate Windows services
MSDTC, IKEEXT and SessionEnv to execute malicious DLLs: oci.dll, wlbsctrl.dll and TSVIPSrv.dll, respectively.tasklist.exe
net stop IKEEXT
net start IKEEXT

net start msdtc
net stop msdtc
net start msdtc

NETSTAT.EXE -ano
tasklist.exe
ARP.EXE -a

net.exe use \\[[IP REDACTED]]\admin$
ipconfig.exe /all

net.exe stop IKEEXT

//all privileges are assigned to the service IKEEXT, which loads the malicious DLL
reg.exe add hklm\SYSTEM\CurrentControlSet\Services\IKEEXT /v RequiredPrivileges /t
REG_MULTI_SZ /d
SeAuditPrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeTakeOwnershipPrivilege\0SeImper
sonatePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeManageVolumePrivilege\0S
eCreateSymbolicLinkPrivilege\0SeShutdownPrivilege /f

net.exe start IKEEXT
net.exe start IKEEXT

NETSTAT.EXE -ano
net.exe view

net.exe stop IKEEXT
net.exe start IKEEXT
net.exe start IKEEXT

net.exe start sessionenv
net.exe stop sessionenv

net.exe stop SessionEnv
net.exe start SessionEnv
net.exe start SessionEnv
net.exe start SessionEnv
net.exe start SessionEnv
net.exe start SessionEnv
net.exe stop SessionEnv
net.exe stop SessionEnv
According to our telemetry, the DLLs loaded and executed by the services
IKEEXT and SessionEnv are loaders in nature, loading the EAGERBEE backdoor into memory. Similar EAGERBEE loaders targeting Japanese organizations have been described by another security vendor. Examples of files loaded by these services are provided below.

IKEEXT

SessionEnv

The service MSDTC loaded and executed a DLL file named “
oci.dll”. By analyzing this file, we established that it was the CoughingDown Core Module.

We found several clues linking the EAGERBEE backdoor to the CoughingDown group:

1. One of the aforementioned DLLs, oci.dll (MD5 f96a47747205bf25511ad96c382b09e8), which is executed by abusing the legitimate MSDTC service, has a 25% match with CoughingDown samples according to the Kaspersky Threat Attribution Engine (KTAE). Analysis of the DLL reveals that it is a Core Module of multi-plugin malware developed by CoughingDown in late September 2020 and that there is indeed a significant code overlap (same RC4 key, same command numbers).
2. This Core Module was configured to use the IP addresses 45.90.58[.]103 and 185.82.217[.]164 as its C2. The IP address 185.82.217[.]164 is known to be used as an EAGERBEE C2 as reported by other security vendors.

Conclusions

Malware frameworks continue to advance as threat actors develop increasingly sophisticated tools for malicious activities. Among these is EAGERBEE, a malware framework primarily designed to operate in memory. This memory-resident architecture enhances its stealth capabilities, helping it evade detection by traditional endpoint security solutions. EAGERBEE also obscures its command shell activities by injecting malicious code into legitimate processes, such as dllhost.exe, and executing it within the context of explorer.exe or the targeted user’s session. These tactics allow the malware to seamlessly integrate with normal system operations, making it significantly more challenging to identify and analyze.

In the East Asian EAGERBEE attacks, the organizations were penetrated via the ProxyLogon vulnerability. ProxyLogon remains a popular exploit method among attackers to gain unauthorized access to Exchange servers. Promptly patching this vulnerability is crucial to securing your network perimeter.

Because of the consistent creation of services on the same day via the same webshell to execute the EAGERBEE backdoor and the CoughingDown Core Module, and the C2 domain overlap between the EAGERBEE backdoor and the CoughingDown Core Module, we assess with medium confidence that the EAGERBEE backdoor is related to the CoughingDown threat group.

However, we have been unable to determine the initial infection vector or identify the group responsible for deploying the EAGERBEE backdoor in the Middle East.

IOC

Service Injector
183f73306c2d1c7266a06247cedd3ee2

EAGERBEE backdoor compressed file
9d93528e05762875cf2d160f15554f44

EAGERBEE backdoor decompress
c651412abdc9cf3105dfbafe54766c44

EAGERBEE backdoor decompress and fix
26d1adb6d0bcc65e758edaf71a8f665d

Plugin Orchestrator
cbe0cca151a6ecea47cfaa25c3b1c8a8
35ece05b5500a8fc422cec87595140a7

Domains and IPs
62.233.57[.]94
82.118.21[.]230
194.71.107[.]215
151.236.16[.]167
www.socialentertainments[.]store
www.rambiler[.]com
5.34.176[.]46
195.123.242[.]120
195.123.217[.]139

securelist.com/eagerbee-backdo…

Germanium. It might sound like just another periodic table entry (number 32, to be exact), but in the world of infrared light, it’s anything but ordinary. A recent video by [The Action Lab] dives into the fascinating property of germanium being transparent to infrared light. This might sound like sci-fi jargon, but it’s a real phenomenon that can be easily demonstrated with nothing more than a flashlight and a germanium coin. If you want to see how that looks, watch the video on how it’s done.

The fun doesn’t stop at germanium. In experiments, thin layers of gold—yes, the real deal—allowed visible light to shine through, provided the metal was reduced to a thickness of 100 nanometers (or: gold leaf). These hacks reveal something incredible: light interacts with materials in ways we don’t normally observe.

For instance, infrared light, with its lower energy, can pass through germanium, while visible light cannot. And while solid gold might seem impenetrable, its ultra-thin form becomes translucent, demonstrating the delicate dance of electromagnetic waves and electrons.

The implications of these discoveries aren’t just academic. From infrared cameras to optics used in space exploration, understanding these interactions has unlocked breakthroughs in technology. Has this article inspired you to craft something new? Or have you explored an effect similar to this? Let us know in the comments!

We usually take our germanium in the form of a diode. Or, maybe, a transistor.

youtube.com/embed/b81q8-hscTc?…

hackaday.com/2025/01/05/shinin…

Normally, you have a choice with PCB prototypes: fast or cheap. [Stephen Hawes] has been trying fiber lasers to create PCBs. He’s learned a lot which he shares in the video below. Very good-looking singled-sided boards take just a few minutes. Fiber lasers are not cheap but they are within range for well-off hackers and certainly possible for a well-funded hackerspace.

One thing that’s important is to use FR1 phenolic substrate instead of the more common FR4. FR4 uses epoxy which will probably produce some toxic fumes under the laser.

We were surprised at how good the boards looked. Of course, the line definition was amazing, as you’d expect from a laser with details down to 200 microns (a little less than 0.008″), and he thinks it can go even lower. The laser also drills holes and can cut the board outline. A silk screen makes it easy to add a solder mask, and the laser will even cut the mask. [Stephen] also etched “silk screening” into the solder mask and filled it with a different color solder mask to make nice board legends.

Registration is critical and will be extra critical for two-sided boards which is what he’s working on now. We think if you put some scored carrier edges around the board with fiducials, you could make a jig that would hold the board in a very precise position using the holes in the carrier edges.

Vias are another issue. He mentions using rivets, but we’ve also seen people simply solder both sides of a wire through a hole, which isn’t that hard.

For most people, making your own PCBs is fun but not very practical. But there is something about being able to turn around actually good-looking boards multiple times in a day when you are doing heavy development. If you don’t mind fumes, you can laser mark your PCBs.

youtube.com/embed/wAiGCyZZq6w?…

hackaday.com/2025/01/05/perfec…

Good news this week from the Sun’s far side as the Parker Solar Probe checked in after its speedrun through our star’s corona. Parker became the fastest human-made object ever — aside from the manhole cover, of course — as it fell into the Sun’s gravity well on Christmas Eve to pass within 6.1 million kilometers of the surface, in an attempt to study the extremely dynamic environment of the solar atmosphere. Similar to how manned spacecraft returning to Earth are blacked out from radio communications, the plasma soup Parker flew through meant everything it would do during the pass had to be autonomous, and we wouldn’t know how it went until the probe cleared the high-energy zone. The probe pinged Earth with a quick “I’m OK” message on December 26, and checked in with the Deep Space Network as scheduled on January 1, dumping telemetry data that indicated the spacecraft not only survived its brush with the corona but that every instrument performed as expected during the pass. The scientific data from the instruments won’t be downloaded until the probe is in a little better position, and then Parker will get to do the whole thing again twice more in 2025.

Good news too for Apple users, some of whom stand to get a cool $100 as part of a settlement into allegations that Siri-enabled devices “unintentionally” recorded conversations. The $95 million agreement settles a lawsuit brought by users who were shocked — SHOCKED! — to see ads related to esoteric subjects they had recently discussed, apparently independently of uttering the “Hey, Siri” wake phrase. Apple seems to acknowledge that some recordings were made without the wake word, characterizing them as “unintentional” and disputing the plaintiffs’ claims that the recordings were passed to third parties for targeted advertising. The settlement, which may be certified in February, would award the princely sum of $20 to claimants for each Apple device they owned over a ten-year period, up to five devices total.

In related news, Apple is also getting some attention for apparently opting users into its Enhanced Visual Search system. The feature is intended to make it easier to classify and search your photos based on well-known landmarks or points of interest, so if you take a selfie in front of the Eiffel Tower or Grand Canyon, it’ll recognize those features visually and record the fact. It does so by running your snapshots through a local AI algorithm and then encrypting the portion of the image it thinks contains the landmark. The encrypted portion of the image then goes to the cloud for analysis, apparently without getting decrypted, and the suggested location goes back to your device in encrypted form. It’s possible to turn the feature off, but you have to know it’s there in the first place, which we imagine not a lot of Apple users do. While there’s no sign that this new feature leaks any user data, there are a lot of moving pieces that sure seem ripe for exploitation, given enough time.

Are you as sick of counting the numbers of bridges or traffic lights in potato-vision images or trying to figure out if that one square has a few pixels of the rear-view mirror of a motorcycle to prove you’re human? We sure are, and while we’d love to see CAPTCHAs go the way of the dodo, they’re probably here to stay. So, why not have fun with the concept and play a round of DOOM on nightmare mode to prove your non-robotness? That was Guillermo Rauch’s idea, and we have to say it’s pretty cool. You’ve got to kill three monsters to solve the puzzle, and we found it pretty difficult, in part because we’re more used to the WASD layout than using the arrow keys for player movement. Just watch out if you give it a try with headphones on — it’s pretty loud.

And finally, if you feel like your life is missing in-depth knowledge of the inner workings of a Boeing 777’s auxiliary power unit, we’ve got good news for you. We stumbled across this playlist of excellent animations that shows every nook and cranny of the APU, and how it operates. For the uninitiated, the APU is basically a gas turbine engine that lives in the tail of jetliners and provides electrical and pneumatic power whenever the main engines aren’t running. It sounds simple, but there’s so much engineering packed into the APU and the way it integrates into the aircraft systems. We’ve always known that jets have a lot of redundancy built into them, but this series really brought that home to us. Enjoy!

youtube.com/embed/9bMytwuwqew?…

And finally finally, we generally don’t like to plug the Hack Chat here in this space, but we thought we’d make an exception since we’re kicking off the 2025 series in a big way with Eben Upton! The co-founder and CEO of Raspberry Pi will stop by the Hack Chat on January 15 at noon Pacific time, and we just want to get the word out as soon as possible. Hope to see you there!

hackaday.com/2025/01/05/hackad…

Mi sono spesso chiesto cosa differenzi il rock del XX secolo da quello del XXI secolo. La differenza di forma è lampante e in qualche modo fisiologica, perché legata necessariamente alle risorse tecnologiche a disposizione al momento della produzione, all' evoluzione tecnico stilistica dei musicisti stessi, ecc. Ma c'è qualcosa di più profondo.

Senza mettermi a scrivere un trattato a riguardo, in primis perché non ne sarei in grado, citerei giusto qualche episodio.

- 4 gennaio 1969. giusto ieri ricorreva il cinquantaseiesimo anniversario del ban di Jimi Hendrix dalla BBC. Il buon Jimi in quell'occasione decise di non seguire le regole del programma che imponevano di far salire la presentatrice Lulu durante il finale di Hey Joe, ma bloccò la sua hit più famosa a metà, e partì a dedicare "Sunshine of your love" a quelli che da poco erano diventati gli ex-Cream. La cosa fece incazzare non poco i bacchettoni della rete britannica. bbc.co.uk/programmes/p032vp1d
- Gennaio 1970. Concerto improvvisato dai Beatles sul tetto dello studio di registrazione dopo un mese di session, abbandoni e ritorni, Yoko Ono onnipresente che-fa-cose-a-caso e improbabili ospiti a spot, creatività alle stelle e frizioni. Serie documentario di Peter Jackson da vedere assolutamente. youtube.com/watch?v=Auta2lagtw…
- Anno 1982. Fondamentalisti cristiani americani danno dei satanisti agli Iron Maiden per l'album "the Number of the Beast", i quali di tutta risposta li prendono bellamente per il culo. Guarda caso a tutt'oggi la più grande band heavy metal della storia non è ancora stata inserita nella rock and roll hall of fame di Cleveland. A detta della stessa band non gliene può fregare di meno, e a ragione, visto che dopo cinquant'anni continuano ancora a riempire stadi in tutti e cinque i continenti. youtube.com/watch?v=A5W2A0PW0X…
- Anno 1992. Nirvana agli MTV video music awards. Vorrebbero eseguire "Rape me", la rete rifiuta per il testo troppo esplicito che potrebbe urtare delle sensibilità, così si accordano per "Lithium". Al momento dell'esibizione, dopo aver accennato qualche verso di "Rape me", Kurt parte con "Lithium" affiancato da Kris che nel mentre fa il gesto del saluto militare. Alla fine sfasciano tutto e Kris quasi sviene dopo essersi beccato il basso in testa. Punkissimi. youtube.com/watch?v=fOmUEHxZFq…

Voltiamo pagina.

- Il film "school of rock" col simpatico, positivo, sopra le righe ma non troppo Jack Black: posette, corna, linguacce, mitizzazioni che diventano formalizzazioni, conformazioni al sistema dominante. Dissacriamo, ma con la giusta misura, alle nove si va a nanna e ricordiamoci di mangiare le nostre verdure. youtube.com/watch?v=5afGGGsxvE…
- Celebrazione della musica dei Led Zeppelin con tanto di medaglie e autorità. Esecuzione (tecnicamente meravigliosa, tanto di cappello agli organizzatori) di "Stairway to Heaven" con presidente degli Stati Uniti in platea che annuisce orgoglioso. youtube.com/watch?v=2cZ_EFAmj0…

Fade to black.

Ricapitolando, la domanda è : "perché adoro Jimi Hendrix, i Beatles, gli Iron Maiden, i Nirvana, ma non riesco a farmi piacere i Foo Fighters, detesto Jack Black, adoro la musica delle tre messicane (musiciste meravigliose) The Warning ma senza particolare coinvolgimento emotivo? È solo perché sto diventando vecchio o c'è dell'altro?" La risposta è nell'accostamento di due immagini: da una parte Kris Novoselic che mima provocatoriamente un "Signorsì, Signore" ai soloni di MTV, dall'altra Obama che approva orgoglioso l'incasellamento nel sistema dominante di una delle band simbolo del rock degli anni settanta.

È toccato al jazz (da qualche tempo si insegna persino nei conservatori), è toccato al rock, toccherà all'hip-hop. L'assimilazione è il modo preferito dal capitalismo per eliminare tutto ciò che rappresenta in qualche modo un intralcio al proprio dominio.

"We are Borg, resistance is futile".

Un quarto di secolo fa nasceva "In Your Eyes Ezine" grazie ad una passione che non immaginavo potesse rimanere viva per così tanto tempo e portarmi così lontano. Oggi, dopo 25 anni di presenza sul web, guardo indietro con un senso di gratitudine e meraviglia. Mai avrei pensato che questo progetto sarebbe diventato ciò che è oggi, ma il cammino è stato incredibile.

iyezine.com/25-anni-di-in-your…

25 anni di In Your Eyes Ezine

25 anni di In Your Eyes Ezine - In Your Eyes Ezine: 25 anni di passione e creatività. Scopri il nostro viaggio, le storie e i talenti che ci hanno ispirato lungo la strada. - 25 anni

^{admin (In Your Eyes ezine)}