If you spend a lot of time at the command line, you probably have either a very basic prompt or a complex, information-dense prompt. If you are in the former camp, or you just want to improve your shell prompt, have a look at Starship. It works on the most common shells on most operating systems, so you can use it everywhere you go, within reason. It has the advantage of being fast and you can also customize it all that you want.

What Does It Look Like?

It is hard to explain exactly what the Starship prompt looks like. First, you can customize it almost infinitely, so there’s that. Second, it adapts depending on where you are. So, for example, in a git-controlled directory, you get info about the git status unless you’ve turned that off. If you are in an ssh session, you’ll see different info than if you are logged in locally.

However, here’s a little animation from their site that will give you an idea of what you might expect:

hackaday.com/wp-content/upload…

Installation

The web site says you need a Nerd Font in your terminal. I didn’t remember doing that on purpose, but apparently I had one already.

Next, you just have to install using one of the methods they provide, which depends on your operating system. For Linux, you can run the installer:

curl -sS starship.rs/install.sh | sh

Sure, you should download it first and look to make sure it won’t reformat your hard drive or something, but it was fine when we did it.

Finally, you have to run an init command. How you do that depends on your shell and they have plenty of examples. There’s even a way to use it with cmd.exe on Windows!

Customization

The default isn’t bad but, of course, you are going to want to change things. Oddly, the system doesn’t create a default configuration file. It just behaves a certain way if it doesn’t find one. You must make your own ~/.config/starship.toml file. You can change where the file lives using an environment variable, if you prefer, but you still have to create it.

The TOML file format has sections like an INI file. Just be aware that any global options have to come before any section (that is, there’s no [global] tag). If you put things towards the bottom of the file, they won’t seem to work and it is because they have become part of the last tag.

There are a number of modules and each module reads data from a different section. For example, on my desktop I have no need for battery status so:

[battery]disabled = true

Strings

In the TOML file you can use single or double quotes. You can also triple a quote to make a string break lines (but the line breaks are not part of the string). The single quotes are treated as a literal, while double quotes require escape characters for special things.

You can use variables in strings like $version or $git_branch. You can also place part of a string in brackets and then formating for the string in parenthesis immediately following. For example:
'[off](fg:red bold)'

Finally, you can have a variable print only if it exists:
'(#$id)'

If $id is empty, this does nothing. Otherwise, it will print the # and the value.

Globals and Modules

You can find all the configuration options — and there are many — in the Starship documentation. Of primary interest is the global format variable. This sets each module that is available. However, you can also use $all to get all the otherwise unspecified modules. By default, the format variable starts with $username $hostname. Suppose you wanted it to be different. You could write:
format='$hostname ! $username $all'

You’ll find many modules that show the programming language used for this directory, version numbers, and cloud information. You can shut things off, change formatting, or rearrange. Some user-submitted customizations are available, too. Can’t find a module to do what you want? No problem.

Super Custom

I wanted to show the status of my watercooler, so I created a custom section in the TOML file:

[custom.temp]
command = 'temp-status|grep temp|cut -d " " -f 7'
when = true
format='$output°'

The command output winds up in, obviously, $output. In this case, I always want the module to output and the format entry prints the output with a degree symbol after it. Easy!

Of Course, There are Always Others

There are other prompt helpers out there, especially if you use zsh (e.g., Oh My Zsh). However, if you aren’t on zsh, your options are more limited. Oh My Posh is another cross-shell entry into the field. Of course, you don’t absolutely need any of these. They work because shells give you variables like PS1 and PROMPT_COMMAND, so you can always roll your own to be as simple or complex as you like. People have been doing their own for a very long time.

If you want to do your own for bash, you can get some help online. Or, you could add help to bash, too.

hackaday.com/2025/03/20/linux-…

Una nuova vulnerabilità critica scuote il mondo della cybersecurity: questa volta tocca a Veeam Backup & Replication, con la CVE-2025-23120, una falla che consente l’esecuzione remota di codice (RCE) da parte di utenti di dominio autenticati. Il punteggio CVSS v3.1 di 9.9 non lascia spazio a dubbi: il rischio è elevatissimo!

La vulnerabilità

Questa vulnerabilità colpisce le versioni 12, 12.1, 12.2 e 12.3 di Veeam Backup & Replication (come riportato nel report) e riguarda in particolare i server di backup collegati al dominio. Un dettaglio che va contro le Best Practice di Sicurezza & Compliance, ma che, purtroppo, si riscontra ancora in molte infrastrutture IT.

In pratica, un utente autenticato nel dominio può sfruttare questa falla per eseguire codice arbitrario da remoto, aprendo le porte a scenari devastanti: furto di dati, attacchi ransomware, compromissione dell’intera infrastruttura IT. Il rischio è ancor più elevato se il controllo sugli account di dominio non è adeguato.

Un’arma nelle mani dei cybercriminali

Le TTP (Tactics, Techniques, and Procedures) adottate da gruppi APT e cybercriminali dimostrano quanto vulnerabilità di questo tipo siano ambite per attacchi mirati. Minacce avanzate come ransomware-as-a-service (RaaS) potrebbero sfruttare CVE-2025-23120 per distribuire payload malevoli sui sistemi vulnerabili. Inoltre, attori sponsorizzati da stati nazionali potrebbero utilizzarla per movimento laterale e persistenza, ottenendo il controllo di intere infrastrutture senza essere rilevati immediatamente.

A lanciare l’allerta è stato Piotr Bazydlo di watchTowr, dimostrando ancora una volta quanto sia fondamentale il coinvolgimento della community nella scoperta e segnalazione di falle critiche.

Le organizzazioni devono correre ai ripari immediatamente: ora che la vulnerabilità è stata divulgata, gli attacchi ai sistemi non aggiornati sono solo questione di tempo.

Aggiornare subito!

Veeam ha già rilasciato la patch risolutiva nella versione 12.3.1 (build 12.3.1.1139). Se la vostra infrastruttura utilizza una delle versioni vulnerabili, l’aggiornamento non è un’opzione.

Oltre all’update, le aziende devono rivedere la configurazione dei loro backup server, evitando di integrarli nel dominio e adottando strategie di sicurezza più rigorose per limitare gli accessi.

Conclusione

Ogni volta che una vulnerabilità critica viene resa pubblica, il tempo per mettersi al sicuro è limitato. Gli attaccanti non perdono un secondo nel tentare di sfruttare falle come la CVE-2025-23120 per penetrare nelle infrastrutture aziendali.

Chi gestisce ambienti IT deve agire subito: aggiornare, rivedere le configurazioni di sicurezza e limitare al massimo i permessi di dominio. Perché nel mondo della cybersecurity, chi arriva tardi paga il prezzo più alto.

L'articolo Vulnerabilità critica da 9.9 di Score in Veeam Backup & Replication che consente RCE proviene da il blog della sicurezza informatica.

Dedicato a chi dice che gli scioperi non servono.

[...] prevede l'immediata erogazione di una tantum di 500 euro e un incremento economico medio mensile a regime tra i 220 e i 240 euro

agi.it/economia/news/2025-03-2…

THIS IS A BONUS EDITION OF DIGITAL POLITICS. I'm Mark Scott, and I don't usually speak about my day job in this newsletter. But today, that changes.

One of my goals this year is to help open up social media platforms to greater outside transparency. To do that, I'm working on ways to jumpstart data access to these platforms, or efforts to allow independent researchers to delve into the public data that these firms collect on all of us.

It's not an easy task — especially because any form of such data access must protect people's privacy, at all cost, and uphold the highest levels of security.

But, for me, it's a fundamental step in filling the democratic deficit associated with how social media may (or may not) affect our everyday lives.

Below gives you a glimpse about what I've been up to in recent months. It's a cross-post from Tech Policy Press.

Let's get started.

What happens online doesn't just stay online

IT'S HARD TO REMEMBER A WORLD WITHOUT SOCIAL MEDIA. From the United States to Brazil, people now spend hours on TikTok, Instagram, and YouTube each day, and these platforms have become embedded in everything from how we talk to friends and family to how we elect our national leaders.

But one thing is clear: despite researchers’ efforts to decipher social media’s impact, if any, on countries’ democratic institutions, no one still has a clear understanding of how these global platforms work. What’s worse — we have less awareness about what happens on these platforms in 2025 than we did five years ago.

This is a problem.

It’s a problem for those who believe these tech companies censor people’s voices online. It’s a problem for those who believe these firms do not do enough to police their platforms for harmful content. And it’s a problem for democratic countries whose political systems are fracturing under increased polarization — some of which is amplified via social media.

In 2025, there is a fundamental disconnect between what happens on social media and what academics, independent researchers and regulators understand about these platforms.

That has led to a democratic deficit. No one can quantify the effect, if any, of these platforms’ impact on public discourse. It has also led to a policymaking void. Lawmakers worldwide don’t know what steps are needed via potential new legislation, voluntary standards or the doubling down on existing efforts to reduce online harm on social media while upholding individuals’ right to free speech.

In short, we just don’t know enough about social media’s impact on society.

Thanks for reading Digital Politics. If you've been forwarded this newsletter (and like what you've read), please sign up here. For those already subscribed, reach out on digitalpolitics@protonmail.com

Without quantifiable evidence of harm (or lack of it) — driven by independent outside access to platform data, or the ability for people to research the inner workings of these social media giants — there is no way to make effective online safety legislation, uphold people’s freedom of expression, and hold companies to account when, inevitably, things go wrong.

And yet, there is a way forward. One that relies on the protection of people’s privacy and free speech. One that limits government access to people’s social media posts. And one that gives outside researchers the ability to kick the tires on how these platforms operate by granting them access to public data in ways that improves society’s understanding of these social media giants.

What are we going to do about it?

To meet this need, Columbia World Projects at Columbia University and the Hertie School’s Centre for Digital Governance have been running workshops with one aim in mind: How to build on emerging online safety regimes worldwide — some of which allow, or will soon allow, for such mandatory data access from the platforms to outside groups — to fill this democratic deficit.

With support from the Knight Foundation, that has involved bringing together groups of academic and civil society researchers, data infrastructure providers and national regulators for regular meetings to hash out what public and private funding is required to turn such data access from theory into reality.

The initial work has focused on the European Union’s Digital Services Act, which includes specific mandatory requirements for outsiders to delve into platform data.

But as other countries bring online similar data access regimes, the hope is to provide a route for others to follow that will build greater capacity for researchers to conduct this much-needed work; support regulators in navigating the inherent difficulties in opening up such platforms’ public data to outsiders; and ensure that people’s social media data is protected and secured, at all cost, from harm and surveillance.

As with all research, much relies on funding. Just because a country’s online safety laws dictate that outsiders can access social media data does not mean that researchers can just flick on a switch and get to work.

At every turn, there’s a need for greater public and private backing.

As part of the ongoing workshops, the discussions have focused on four areas where we believe targeted funding support from a variety of public and private donors can make the most impact. Taken together, it represents an essential investment in our wider understanding of social media that will ensure companies uphold their stated commitments to make their platforms accountable and transparent to outside scrutiny.

Four ways to make social media giants more accountable

The first component is the underlying infrastructure needed to carry out this work. Currently, accessing social media data is confined to the few, not the many. Researchers either need existing relationships with platforms or access to large funding pots to pay for cloud storage, technical analysis tools and other data access techniques that remain off limits to almost everyone.

Currently, there is a cottage industry of data providers — some commercial, others nonprofit — that provide the baseline infrastructure, in terms of access to platforms, analytics tooling and user-friendly research interfaces. Yet to meet researchers’ needs, as well as the growing regulatory push to open up social media giants to greater scrutiny, more needs to be done to make such infrastructure readily accessible, particularly to experts in Global Majority countries.

That includes scaling existing data infrastructure, making analytical tools more universally available to researchers, and using a variety of techniques — from using Application Programming Interfaces, or APIs, that plug directly into platform data to allowing researchers to scrape social media sites in the public interest to promoting “data donations” directly from users themselves — to meet different research needs.

The second focus has been on the relationships between researchers and regulators. As more countries pursue online safety legislation, there is a growing gap between in-house regulatory capacity and outsider expertise that needs to be closed for these regimes to operate effectively. Yet currently, few, if any, formal structures exist for researchers and regulators to share best practices — all while maintaining a safe distance via so-called “Chinese Walls” between government oversight and researcher independence.

What is needed are more formal information-sharing opportunities between regulators and researchers so that online safety regimes are based on quantifiable evidence — often derived from outside data access to social media platforms. That may include regular paid-for secondments for researchers to embed inside regulators to share their knowledge; the development of routine capacity building and information sharing to understand the evolving research landscape; and a shift away from informal networks between some researchers and regulators into a more transparent system that is open to all.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

For that to work, a third element is needed in terms of greater capacity building — in the form of technical assistance, data protection and security training and researcher community engagement. Currently, outside experts have varying levels of technical understanding, policy expertise and knowledge of privacy standards that hamstring greater accountability and transparency for platforms. If people’s public social media data is not secured and protected against harm, for instance, then companies will rightly restrict access to safeguard their users from Cambridge Analytica-style leakages of information.

What is needed is the expansion of existing research networks so that data access best practices can be shared with as many groups as possible. Technical support to maintain the highest data protection standards — in the form of regular training of researchers and the development of world-leading privacy protocols for all to use — similarly will provide greater legal certainty for social media users. The regular convening of researchers so that people can learn from each other about the most effective, and secure, way to conduct such research will also democratize current data access that has often been limited to a small number of experts.

The fourth component of the workshops is the most important: how to maintain independence between outside researchers and regulators in charge of the growing number of online safety regimes worldwide. It is important for both sides to work effectively with each other. But neither researchers nor regulators should become beholden — or perceived to be beholden — to each other. Independence for regulators to conduct their oversight and for researchers to criticize these agencies is a fundamental part of how democracies function.

That will require forms of public-private funding to support ongoing data access work to create strict safeguards between researchers and regulators. That’s a tricky balance between supporting close ties between officials and outsiders, while similarly ensuring that neither side feels subordinate to the other. To meet that balance, a mixture of hands-off public support and non-government funding will be critical.

Such structures already exist in other industries, most notably in the medical research field. They represent a clear opportunity to learn from others as outside researchers and regulators push for greater accountability and transparency for social media companies.

digitalpolitics.co/newsletter0…

There’s a classic grade school science experiment that involves extracting juice from red cabbage leaves and using it as a pH indicator. It relies on anthocyanins, pigmented compounds that give the cabbage its vibrant color but can change depending on the acidity of the environment they’re in, from pink in acidic conditions to green at higher pH. And anthocyanins are exactly what power this unusual kinetic art piece.

Even before it goes into action, [Nathalie Gebert]’s Anthofluid is pretty cool to look at. The “canvas” of the piece is a thin chamber formed by plexiglass sheets, one of which is perforated by an array of electrodes. A quartet of peristaltic pumps fills the chamber with a solution of red cabbage juice from a large reservoir, itself a mesmerizing process as the purple fluid meanders between the walls of the chamber and snakes around and between the electrodes. Once the chamber is full, an X-Y gantry behind the rear wall moves to a random set of electrodes, deploying a pair of conductors to complete the circuit. When a current is applied, tendrils of green and red appear, not by a pH change but rather by the oxidation and reduction reactions occurring at the positive and negative electrodes. The colors gently waft up through the pale purple solution before fading away into nothingness. Check out the video below for the very cool results.

We find Anthofluid terribly creative, especially in the use of such an unusual medium as red cabbage juice. We also appreciate the collision of chemistry, electricity, and mechatronics to make a piece of art that’s so kinetic but also so relaxing at the same time. It’s the same feeling that [Nathalie]’s previous art piece gave us as it created images on screens of moving thread.

youtube.com/embed/sC4Rg1wRP68?…

hackaday.com/2025/03/20/chemis…

Back in 2023, we first brought you word of the PiEEG: a low-cost Raspberry Pi based device designed for detecting and analyzing electroencephalogram (EEG) and other biosignals for the purposes of experimenting with brain-computer interfaces. Developed by [Ildar Rakhmatulin], the hardware has gone through several revisions since then, with this latest incarnation promising to be the most versatile and complete take on the concept yet.

At the core of the project is the PiEEG board itself, which attaches to the Raspberry Pi and allows the single-board computer (SBC) to interface with the necessary electrodes. For safety, the PiEEG and Pi need to remain electrically isolated, so they would have to be powered by a battery. This is no problem while capturing data, as the Pi has enough power to process the incoming signals using the included Python tools, but could be an issue if you wanted to connect the PiEEG system to another computer, say.

For the new PiEEG Kit, the hardware is now enclosed in its own ABS carrying case, which includes an LCD right in the lid. While you’ve still got to provide your own power (such as a USB battery bank), having the on-board display removes the need to connect the Pi to some other system to visualize the data. There’s also a new PCB that allows the connection of additional environmental sensors, breakouts for I2C, SPI, and GPIO, three buttons for user interaction, and an interface for connecting the electrodes that indicates where they should be placed on the body right on the silkscreen.

The crowdsourcing campaign for the PiEEG Kit is set to begin shortly, and the earlier PiEEG-16 hardware is available for purchase currently if you don’t need the fancy new features. Given the fact that the original PiEEG was funded beyond 500% during its campaign in 2023, we imagine there’s going to be plenty of interest in the latest-and-greatest version of this fascinating project.

youtube.com/embed/vVgMHCaZgIQ?…

hackaday.com/2025/03/20/pieeg-…

La banca ha scritto in un report che fatica a ricordare altri casi «in cui un marchio abbia perso così tanto valore in così poco tempo»

[...]

Secondo Lekander, Musk «sta dal lato sbagliato dei suoi acquirenti. Non è la gente con gli stivali da cowboy che compra le Tesla»

ilpost.it/2025/03/19/jp-morgan…