If you haven’t been following [Will Cogley]’s animatronic adventures on YouTube, you’re missing out. He’s got a good thing going, and the latest step is an adorable robot that tracks you with its own eyes.

Yes, the cameras are embedded inside the animatronic eyes.That was a lot easier than expected; rather than the redesign he was afraid of [Will] was able to route the camera cable through his existing animatronic mechanism, and only needed to hollow out the eyeball. The tiny camera’s aperture sits nigh-undetectable within the pupil.

On the software side, face tracking is provided by MediaPipe. It’s currently running on a laptop, but the plan is to embed a Raspberry Pi inside the robot at a later date. MediaPipe tracks any visible face and calculates the X and Y offset to direct the servos. With a dead zone at the center of the image and a little smoothing, the eye motion becomes uncannily natural. [Will] doesn’t say how he’s got it set up to handle more than one face; likely it will just stick with the first object identified.

Eyes aren’t much by themselves, so [Will] goes further by creating a little robot. The adorable head sits on a 3D-printed tapered roller bearing atop a very simple body. Another printed mechanism allows for pivot, and both axes are servo-controlled, bringing the total number of motors up to six. Tracking prefers eye motion, and the head pivots to follow to try and create a naturalistic motion. Judge for yourself how well it works in the video below. (Jump to 7:15 for the finished product.)

We’ve featured [Will]’s animatronic anatomy adventures before– everything from beating hearts, and full-motion bionic hands, to an earlier, camera-less iteration of the eyes in this project.

Don’t forget if you ever find yourself wading into the Uncanny Valley that you can tip us off to make sure everyone can share in the discomfort.

youtube.com/embed/IPBu5Q2aogE?…

hackaday.com/2025/08/28/animat…

I ricercatori della Reichman University (Israele) hanno descritto in dettaglio in un articolo sulla rivista Nature Electronics i crescenti rischi e minacce derivanti da fattori naturali e artificiali sui cavi di comunicazione sottomarini, che costituiscono la spina dorsale dell’infrastruttura Internet globale e trasmettono oltre il 95% del traffico dati internazionale.

ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
Tra gli esempi da loro citati figurano un’eruzione vulcanica nel 2022 che ha causato uno tsunami e onde d’urto sottomarine che hanno interrotto il collegamento in fibra ottica tra il Regno di Tonga e la Repubblica delle Figi, facendo sprofondare la nazione insulare nell’isolamento digitale.

Nell’ultimo anno e mezzo, diversi nuovi incidenti hanno messo in luce la vulnerabilità delle infrastrutture via cavo. Linee sottomarine principali nel Mar Rosso, nel Mar Baltico e nell’Oceano Pacifico sono state danneggiate, in alcuni casi probabilmente intenzionalmente.

ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
I danni ai cavi principali causati da ancore o reti a strascico d’altura provocano frequenti interruzioni e la crescente tendenza a danneggiare in modo mirato aumenta il rischio di arresti intenzionali con gravi conseguenze. L’articolo presenta indicazioni scientificamente fondate per la modernizzazione dell’infrastruttura di comunicazione globale, basate su tre sistemi alternativi in grado di ridurre la dipendenza dalla vulnerabilità dei cavi sottomarini.

La prima opzione è rappresentata dalle reti satellitari per le comunicazioni laser. Costellazioni satellitari in orbita terrestre bassa sono già state create nell’ambito di progetti NASA e del sistema Starlink. Possono fornire velocità di trasferimento dati paragonabili alla fibra ottica, senza rischi sismici o geopolitici. I progressi nell’ottica adattiva e nei canali di comunicazione intersatellitare ad alta velocità consentono di contrastare efficacemente gli effetti delle interferenze atmosferiche.

La seconda soluzione è rappresentata dalle piattaforme aeree ad alta quota basate su droni alimentati a energia solare e dirigibili stratosferici. Gli sviluppi in questo campo non sono ancora completi, ma i prototipi hanno dimostrato che tali piattaforme possono fornire un’infrastruttura internet flessibile e resiliente.

ezstandalone.cmd.push(function () { ezstandalone.showAds(613); });
Un terzo approccio prevede la creazione di reti wireless ottiche sottomarine autonome basate su più veicoli robotici dotati di laser blu-verdi che formano una rete dinamica di canali di comunicazione ottica a corto raggio. Tali sistemi possono fornire ridondanza critica per i cavi operativi. Sono particolarmente promettenti per applicazioni militari, per l’energia in acque profonde e per il monitoraggio ambientale.

Ma la ridondanza dei cavi da sola non è sufficiente a contrastare le minacce del XXI secolo, dai disastri geologici ai conflitti geopolitici. È necessaria una reale diversificazione dell’infrastruttura digitale globale, sostengono gli autori dello studio.

L'articolo I cavi di sottomarini sono vulnerabili! Servono nuove strategie proviene da il blog della sicurezza informatica.

There’s a dizzying number of specialist 3D printing materials out there, some of which do try to offer an alternative to PLA, PA6, ABS, etc., while others are happy to stay in their own niche. Polyvinylidene fluoride (PVDF) is one of these materials, with the [My Tech Fun] YouTube channel recently getting sent a spool of PVDF for testing, which retails for a cool $188.
Some of the build plate carnage observed after printing with PVDF. (Credit: My Tech Fun, YouTube)
Reading the specifications and datasheet for the filament over at the manufacturer’s website it’s pretty clear what the selling points are for this material are. For the chemists in the audience the addition of fluoride is probably a dead giveaway, as fluoride bonds in a material tend to be very stable. Hence PVDF ((C₂H₂F₂)_n) sees use in applications where strong resistance to aggressive chemicals as well as hydrolysis are a requirement, not to mention no hygroscopic inclinations, somewhat like PTFE and kin.

In the video’s mechanical testing it was therefore unsurprising that other than abrasion resistance it’s overall worse and more brittle than PA6 (nylon). It was also found that printing this material with two different FDM printers with the required bed temperature of 110°C was somewhat rough, with some warping and a wrecked engineering build plate in the Bambu Lab printer due to what appears to be an interaction with the usual glue stick material. Once you get the print settings dialed in it’s not too complicated, but it’s definitely not a filament for casual use.

youtube.com/embed/tYyk9kOpGOE?…

hackaday.com/2025/08/28/pvdf-t…

A few days ago we brought you word that Google was looking to crack down on “sideloaded” Android applications. That is, software packages installed from outside of the mobile operating system’s official repository. Unsurprisingly, a number of readers were outraged at the proposed changes. Android’s open nature, at least in comparison to other mobile operating systems, is what attracted many users to it in the first place. Seeing the platform slowly move towards its own walled garden approach is concerning, especially as it leaves the fate of popular services such as the F-Droid free and open source software (FOSS) repository in question.

But for those who’ve been keeping and eye out for such things, this latest move by Google to throw their weight around isn’t exactly unexpected. They had the goodwill of the community when they decided to develop an open source browser engine to keep the likes of Microsoft from taking over the Internet and dictating the rules, but now Google has arguably become exactly what they once set out to destroy.

Today they essentially control the Internet, at least as the average person sees it, they control 72% of the mobile phone OS market, and now they want to firm up their already outsized control which apps get installed on your phone. The only question is whether or not we let them get away with it.

Must be This High to Ride

First, “sideloading”. The way you’re supposed to install apps on your Android device is through the Google Play store, and maybe your phone manufacturer’s equivalent. All other sources are, by default, untrusted. What used to be refreshing about the Android ecosystem, at least in comparison, was how easy it was to sideload an application that didn’t come directly from, and profit, Big G. That is what’s changing.

Of course, the apologists will be quick to point out that Google isn’t taking away the ability to sideload applications on Android. At least, not on paper. What they’re actually doing is making it so sideloaded applications need to be from a verified developer. According to their blog post on the subject, they have no interest in the actual content of the apps in question, they just want to confirm a malicious actor didn’t develop it.

The blog post attempts to make a somewhat ill-conceived comparison between verifying developer identities with having your ID checked at the airport. They go on to say that they’re only interested in verifying each “passenger” is who they say they are for security purposes, and won’t be checking their “bags” to make sure there’s nothing troubling within. But in making this analogy Google surely realizes — though perhaps they hope the audience doesn’t pick up on — the fact that the people checking ID at the airport happen to wear the same uniforms as the ones who x-ray your bags and run you through the metal detector. The implication being that they believe checking the contents of each sideloaded package is within their authority, they have simply decided not to exercise that right. For now.

Conceptually, this initiative is not unlike another program Google announced this summer: OSS Rebuild. Citing the growing risk of supply chain attacks, where malicious code sneaks into a system thanks to the relatively lax security of online library repositories, the search giant offers a solution. They propose setting up a system by which they not only verify the authors of these open source libraries, but scan them to make sure the versions being installed match the published source code. In this way, you can tell that not only are you installing the authentic library, but that no rogue code has been added to your specific copy.

Google the Gatekeeper

Much like verifying the developer of sideloaded applications, OSS Rebuild might seem like something that would benefit users at first glance. Indeed, there’s a case to be made that both programs will likely identify some low-hanging digital fruit before it has the chance to cause problems. An event that you can be sure Google will publicize for all it’s worth.

But in both cases, the real concern is that of authority. If Google gets to decide who a verified developer is for Android, then they ultimately have the power to block whatever packages they don’t like. To go back to their own airport security comparison, it would be like if the people doing the ID checks weren’t an independent security force, but instead representatives of a rival airline. Sure they would do their duty most of the time, but could they be trusted to do the right thing when it might be in their financial interests not to? Will Google be able to avoid the temptation to say that the developers of alternative software repositories are persona non grata?

Even more concerning, who do you appeal to if Google has decided they don’t want you in their ecosystem? We’ve seen how they treat YouTube users that have earned their ire for some reason or another. Can developers expect the same treatment should they make some operational faux pas?

Let us further imagine that verification through OSS Rebuild becomes a necessary “Seal of Approval” to be taken seriously in the open source world — at least in the eyes of the bean counters and decision makers. Given Google’s clout, it’s not hard to picture such an eventuality. All Google would have to do to keep a particular service or library down is elect not to include them in the verification process.

Life Finds a Way

If we’ve learned anything about Google over the years, it’s that they can be exceptionally mercurial. They’re quick to drop a project and change course if it seems like it isn’t taking them where they want to go. Even projects that at one time seemed like they were going to be a pivotal part of the company’s future — such as Google+ — can be kicked to the curb unceremoniously if the math doesn’t look right to them. Indeed, the graveyard of failed Google initiatives has far more headstones than the company’s current roster of offerings.

Which is so say, that there’s every possibility that user reaction to this news might be enough to get Google to take a different tack. Verified sideloading isn’t slated to go live until 2027 for most of the world, although some territories will get it earlier, and a lot can happen between now and then.

Even if Google goes through with it, they’ve already offered something of an olive branch. The blog post mentions that they intend to develop a carve out in the system that will allow students and hobbyists to install their own self-developed applications. Depending on what that looks like, this whole debate could be moot, at least for folks like us.

In either event, the path would seem clear. If we want to make sure there’s choice when it comes to Android software, the community needs to make noise about the issue and keep the pressure on. Google’s big, but we’re bigger.

hackaday.com/2025/08/28/the-br…

Un esperto di sicurezza ha scoperto che sei dei gestori di password più diffusi, utilizzati da decine di milioni di persone, sono vulnerabili al clickjacking, un fenomeno che consente agli aggressori di rubare credenziali di accesso, codici di autenticazione a due fattori e dati delle carte di credito.

ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
Il problema è stato segnalato per la prima volta dal ricercatore indipendente Marek Tóth, che ha presentato un rapporto sulle vulnerabilità alla recente conferenza di hacker DEF CON 33. Le sue scoperte sono state successivamente confermate dagli esperti di Socket, che hanno contribuito a informare i fornitori interessati e a coordinare la divulgazione pubblica delle vulnerabilità.

Ha testato il suo attacco su varianti specifiche di 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass e LogMeOnce e ha scoperto che tutte le versioni del browser potevano far trapelare dati sensibili in determinati scenari.

ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
Gli aggressori possono sfruttare le vulnerabilità quando le vittime visitano pagine dannose o siti vulnerabili ad attacchi XSS o al cache poisoning. Di conseguenza, gli aggressori sono in grado di sovrapporre elementi HTML invisibili all’interfaccia del gestore delle password. L’utente penserà di interagire con innocui elementi cliccabili sulla pagina, ma in realtà attiverà il riempimento automatico, che “trapelerà” le sue informazioni riservate agli hacker.

L’attacco si basa sull’esecuzione di uno script su un sito web dannoso o compromesso. Questo script utilizza impostazioni di trasparenza, sovrapposizioni o eventi puntatore per nascondere il menu a discesa di compilazione automatica del gestore password del browser. Allo stesso tempo, l’aggressore sovrappone elementi falsi e fastidiosi alla pagina (come banner di cookie, pop-up o CAPTCHA). Tuttavia, i clic su questi elementi conducono a controlli nascosti del gestore delle password, che portano alla compilazione di moduli con informazioni riservate.

Ha dimostrato diversi sottotipi DOM e exploit dello stesso bug: manipolazione diretta dell’opacità dell’elemento DOM, manipolazione dell’opacità dell’elemento radice, manipolazione dell’opacità dell’elemento padre e sovrapposizione parziale o completa.

ezstandalone.cmd.push(function () { ezstandalone.showAds(613); });
Il ricercatore ha anche dimostrato l’utilizzo di un metodo in cui l’interfaccia utente segue il cursore del mouse e, di conseguenza, qualsiasi clic dell’utente, ovunque si trovi, attiva il riempimento automatico dei dati. Allo stesso tempo, Toth ha sottolineato che lo script dannoso può rilevare automaticamente il gestore di password attivo nel browser della vittima e quindi adattare l’attacco a un obiettivo specifico in tempo reale.

Di conseguenza, il ricercatore ha testato 11 gestori di password per individuare la vulnerabilità al clickjacking e ha scoperto che tutti erano vulnerabili ad almeno uno dei metodi di attacco. Sebbene Toth avesse informato tutti i produttori dei problemi già nell’aprile 2025 e li avesse anche avvisati che la divulgazione pubblica delle vulnerabilità era prevista per DEF CON 33, non ci fu alcuna risposta immediata. La scorsa settimana, Socket ha contattato nuovamente gli sviluppatori per ribadire la necessità di assegnare CVE ai problemi nei prodotti interessati.

I rappresentanti di 1Password hanno definito il rapporto del ricercatore “informativo”, sostenendo che il clickjacking è una minaccia comune da cui gli utenti dovrebbero essenzialmente proteggersi. Anche gli sviluppatori di LastPass hanno trovato il rapporto “informativo” e Bitwarden ha riconosciuto i problemi e, sebbene l’azienda non li abbia considerati gravi, le correzioni sono state implementate nella versione 2025.8.0, rilasciata la scorsa settimana. I seguenti gestori di password, che complessivamente contano circa 40 milioni di utenti, sono attualmente vulnerabili agli attacchi di clickjacking:

ezstandalone.cmd.push(function () { ezstandalone.showAds(614); });

• 1Password 8.11.4.27
• Bitwarden 2025.7.0
• Enpass 6.11.6 (correzione parziale implementata nella versione 6.11.4.2)ezstandalone.cmd.push(function () { ezstandalone.showAds(615); });
• Password iCloud 3.1.25
• LastPass 4.146.3
• LogMeOnce 7.12.4ezstandalone.cmd.push(function () { ezstandalone.showAds(616); });

Le patch sono già state implementate nei loro prodotti: Dashlane (v6.2531.1 rilasciata il 1° agosto), NordPass, ProtonPass, RoboForm e Keeper (17.2.0 rilasciata a luglio). Ora si consiglia agli utenti di assicurarsi di aver installato le versioni più recenti disponibili dei prodotti.

L'articolo I gestori di password più diffusi, tra cui LastPass, 1Password e Bitwarden sono vulnerabili al clickjacking proviene da il blog della sicurezza informatica.

more here: instagram.com/p/DN0iMNCWNpU

#genocide #zionism #israhell #izrahell #Gaza #Palestine #privacy #datamining #datacontrol #facialrecognition #ai #control #apartheid #ethniccleansing #google #googlecomplicity