Hackaday Podcast Episode 349: Clocks, AI, and a New 3D Printer Guy
Hackaday Editors Elliot Williams and Al Williams met up to cover the best of Hackaday this week, and they want you to listen in. There were a hodgepodge of hacks this week, ranging from home automation with RF, volumetric displays in glass, and some crazy clocks, too.
Ever see a typewriter that uses an ink pen? Elliot and Al hadn’t either. Want time on a supercomputer? It isn’t free, but it is pretty cheap these days. Finally, the guys discussed how to focus on a project like Dan Maloney, who finally got a 3D printer, and talked about Maya Posch’s take on LLM intelligence.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
html5-player.libsyn.com/embed/…
Download the human-generated podcast in mostly mono, but sometimes stereo, MP3.
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 349 Show Notes:
News:
What’s that Sound?
- What is that sound? Al didn’t guess, but if you can, you could win a coveted Hackaday Podcast T-Shirt.
Interesting Hacks of the Week:
- Bridging RTL-433 To Home Assistant
- The Key To Plotting
- Reverse Sundial Still Tells Time
- Trace Line Clock Does It With Magnets
- Volumetric Display With Lasers And Bubbly Glass
- The Engineering That Makes A Road Cat’s Eye Self-Cleaning
Quick Hacks:
- Elliot’s Picks:
- Production KiCad Template Covers All Your Bases
- RP2350 Done Framework Style
- Neat Techniques To Make Interactive Light Sculptures
- Al’s Picks:
- Super Simple Deadbuggable Bluetooth Chip
- LED Hourglass Is A Great Learning Project
- Your Supercomputer Arrives In The Cloud
Can’t Miss Articles:
Banca dati IRS con 18 milioni di record 401(k) in vendita nel dark web
Una presunta banca dati contenente informazioni sensibili su 18 milioni di cittadini statunitensi over 65 è apparsa in vendita su un noto forum del dark web.
L’inserzionista, che usa lo pseudonimo “Frenshyny”, sostiene di aver sottratto i dati direttamente dal portale governativo irs.gov, che gestisce, tra le altre cose, documentazione fiscale e informazioni sui piani pensionistici 401(k).
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Cosa conterrebbe il database
L’annuncio elenca una quantità impressionante di dati personali, indicati come:
- Nome e cognome
- Età
- Stato e città
- Indirizzo
- Codice postale
- Numero di telefono
Si tratterebbe, secondo il venditore, di informazioni relative ai beneficiari dei 401(k) Benefit Funds, il celebre piano di risparmio previdenziale statunitense attivo dagli anni ’80.
La quantità – 18 milioni di record – suggerisce una compromissione estremamente ampia, che se confermata implicherebbe il più grande data breach mai registrato sul sistema pensionistico privato statunitense.
Il contesto del forum
L’annuncio è pubblicato in una sezione dedicata alla vendita di database rubati. Il venditore si presenta come membro “V.I.P.” del forum, sottolineando una certa reputazione nella community e offrendo la possibilità di contattarlo su Telegram per “prove e prezzi”.
Il post contiene inoltre una lunga descrizione del funzionamento dei piani 401(k), probabilmente inserita per rendere più credibile la provenienza dei dati.
Perché questo leak sarebbe estremamente pericoloso
Se autentico, un database di tale portata esporrebbe milioni di cittadini anziani a:
- Frodi finanziarie su larga scala, incluse truffe relative alla previdenza.
- Furti d’identità, grazie al pacchetto completo di informazioni personali.
- Attacchi di social engineering mirati, particolarmente efficaci su persone più vulnerabili.
- Accesso fraudolento a conti o servizi collegati ai piani pensionistici.
Gli over 65 sono tra i bersagli preferiti dei criminali informatici, e possedere dati verificati li rende estremamente appetibili per campagne fraudolente.
Un nuovo segnale del boom del cyber-crimine finanziario
L’apparizione di questo presunto database conferma una tendenza ormai consolidata: il settore finanziario e previdenziale è diventato uno dei principali target per i threat actors.
Dati come quelli contenuti nei registri pensionistici, infatti, hanno un valore particolarmente alto nei mercati clandestini.
Se verificata, questa vendita rappresenterebbe l’ennesimo colpo alla sicurezza dei sistemi governativi statunitensi e un rischio enorme per milioni di pensionati.
L'articolo Banca dati IRS con 18 milioni di record 401(k) in vendita nel dark web proviene da Red Hot Cyber.
Weird Email Appliance Becomes AI Terminal
The Landel Mailbug was a weird little thing. It combined a keyboard and a simple text display, and was intended to be a low-distraction method for checking your email. [CiferTech] decided to repurpose it, though, turning it into an AI console instead.
The first job was to crack the device open and figure out how to interface with the keyboard. The design was conventional, so reading the rows and columns of the key matrix was a cinch. [CiferTech] used PCF8574 IO expanders to make it easy to read the matrix with an ESP32 microcontroller over I2C. The ESP32 is paired with a small audio output module to allow it to run a text-to-speech system, and a character display to replace the original from the Mailbug itself. It uses its WiFi connection to query the ChatGPT API. Thus, when the user enters a query, the ESP32 runs it by ChatGPT, and then displays the output on the screen while also speaking it aloud.
[CiferTech] notes the build was inspired by AI terminals in retro movies, though we’re not sure what specifically it might be referencing. In any case, it does look retro and it does let you speak to a computer being, of a sort, so the job has been done. Overall, though, the build shows that you can build something clean and functional just by reusing and interfacing a well-built commercial product.
youtube.com/embed/pRIfY21PpyI?…
Amnesty sbarca nel Dark Web: ecco perché ha aperto il suo sito .onion
Amnesty International ha attivato un proprio sito accessibile tramite dominio .onion sulla rete Tor, offrendo così un nuovo canale sicuro per consultare informazioni e ricerche dell’organizzazione. L’iniziativa, lanciata ufficialmente nel dicembre 2023, nasce dall’esigenza di garantire accesso ai contenuti anche in quei Paesi dove il sito principale viene oscurato o pesantemente monitorato.
La decisione arriva in un contesto globale segnato da crescenti restrizioni digitali. In Stati come Russia, Iran e Cina, l’intero portale di Amnesty International risulta bloccato, impedendo ai cittadini di informarsi liberamente sulle violazioni dei diritti umani. In diverse altre regioni, invece, la navigazione è esposta a sorveglianza governativa, con rischi diretti per attivisti, giornalisti e dissidenti.
Tor, acronimo di The Onion Router, rappresenta uno strumento fondamentale per aggirare queste limitazioni. La rete utilizza una serie di relay gestiti da volontari e applica più livelli di crittografia, rendendo estremamente difficile risalire all’indirizzo IP dell’utente. Questo sistema consente un livello di anonimato più elevato rispetto alla navigazione tradizionale.
Nei browser comuni, l’accesso a un sito avviene tramite DNS e connessioni dirette al server, un processo che espone gli utenti al tracciamento del loro indirizzo IP. Questo elemento, paragonabile all’indirizzo di ritorno di una lettera postale, può essere utilizzato per mappare le attività digitali di una persona senza che ne abbia consapevolezza.
Il browser Tor, invece, inoltra i dati attraverso una catena di nodi distribuiti, mascherando la vera origine del traffico. Quando si accede a un dominio .onion, la comunicazione non abbandona mai la rete Tor e beneficia di una crittografia end-to-end, riducendo ulteriormente i rischi di intercettazione o identificazione.
Amnesty International ha scelto questa infrastruttura proprio per proteggere gli utenti che consultano materiali sensibili relativi a denunce, indagini e campagne sui diritti umani. L’obiettivo è permettere l’accesso a informazioni indipendenti anche in contesti autoritari, senza che chi naviga sia costretto a esporre la propria identità digitale.
La necessità di strumenti come Tor è emersa in modo ancora più evidente dopo indagini come il Project Pegasus del 2021, in cui Amnesty ha documentato l’uso dello spyware della società NSO Group per monitorare fino a 50.000 dispositivi mobili. Tecnologie di questo tipo, utilizzate da governi di varie nazionalità, hanno colpito attivisti, avvocati, giornalisti e oppositori politici.
In un’epoca segnata da sorveglianza avanzata e censura mirata, l’apertura del sito .onion di Amnesty International si inserisce in una più ampia strategia di difesa della libertà digitale. Fornire accesso sicuro ai contenuti è un passo concreto per permettere alle persone di informarsi senza mettere a rischio la propria privacy o la propria sicurezza personale.
L'articolo Amnesty sbarca nel Dark Web: ecco perché ha aperto il suo sito .onion proviene da Red Hot Cyber.
reshared this
""Pensavo fossimo molto vicini ad un accordo con la Russia e pensavo fossimo vicini ad un accordo con l'Ucraina. Al di là del presidente Zelensky, la sua gente apprezza l'idea dell'accordo"
trump non sa neppure cosa pensa la parte politica non propria negli stati uniti (e pure su quella ci sarebbe da discutere) e non rappresenta tutti i cittadini usa. figurarsi se può sapere meglio di zelensky cosa pensano gli ucraini. è improbabile. al massimo saprà cosa pensa quell'1 su 100'000 che per legge dei grandi numeri sono già fascistoni...
Dati, reti e deterrenza. Cosa emerge dall’esercitazione Cyber eagle
@Notizie dall'Italia e dal mondo
Si è chiusa una delle principali esercitazioni italiane dedicate alla difesa digitale, un appuntamento che restituisce una fotografia concreta di come il dominio cibernetico sia ormai parte integrante della sicurezza nazionale. L’Aeronautica militare ha presentato i risultati di
BOLIVIA. Arrestato l’ex presidente Luis Arce, timori per Evo Morales
@Notizie dall'Italia e dal mondo
In Bolivia la procura ha arrestato l'ex presidente di centrosinistra Luis Arce per malversazione di fondi pubblici. I sostenitori di Evo Morales temono che il prossimo ad essere arrestato sia l'ex leader del Movimento al Socialismo
L'articolo BOLIVIA. Arrestato l’ex
This Week in Security: Hornet, Gogs, and Blinkenlights
Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at time of writing and that might surprise you. The reality is that Microsoft’s biggest source of revenue is their cloud offering, and Azure is over half Linux, so Microsoft really is incentivized to make Linux better.
The Hornet LSM is all about more secure eBPF programs, which requires another aside: What is eBPF? First implemented in the Berkeley Packet Filter, it’s a virtual machine in the kernel, that allows executing programs in kernel space. It was quickly realized that this ability to run a script in kernel space was useful for far more than just filtering packets, and the extended Berkeley Packet Filter was born. eBPF is now used for load balancing, system auditing, security and intrusion detection, and lots more.
This unique ability to load scripts from user space into kernel space has made eBPF useful for malware and spyware applications, too. There is already a signature scheme to restrict eBPF programs, but Hornet allows for stricter checks and auditing. The patch is considered a Request For Comments (RFC), and points out that this existing protection may be subject to Time Of Check / Time Of Use (TOCTOU) attacks. It remains to be seen whether Hornet passes muster and lands in the upstream kernel.
Patch Tuesday
Linux obviously isn’t the only ongoing concern for Microsoft, and it’s the time of month to talk about patch Tuesday. There are 57 fixes that are considered vulnerabilities, and additional changes that are just classified internally as bug fixes. There were three of those vulnerabilities that were publicly known before the fix, and one of those was known to be actively used in attacks in the wild.
CVE-2025-62221 was an escalation of privilege flaw in the Windows Cloud Files Mini Filter Driver. In Windows, a minifilter is a kernel driver that attach to the file system software, to monitor or modify file operations. This flaw was a use-after-free that allowed a lesser-privileged attacker to gain SYSTEM privileges.
Gogs
Researchers at Wiz found an active exploitation campaign that uses CVE-2025-8110, a previously unknown vulnerability in Gogs. The GO Git Service, hence the name, is a self-hosted GitHub/GitLab alternative written in Go. It’s reasonably popular, with 1,400 of them exposed to the Internet.
The vulnerability was a bypass of CVE-2024-55947, a path traversal vulnerability that allowed a malicious user to upload files to arbitrary locations. That was fixed with Gogs 0.13.1, but the fix failed to account for symbolic links (symlinks). Namely, as far as the git protocol is concerned, symlinks are completely legal. The path traversal checking doesn’t check for symlinks during normal git access, so a symlink pointing outside the repository can easily be created. And then the HTTPS file API can be used to upload a file to that symlink, again allowing for arbitrary writes.
The active exploitation on this vulnerability is particularly widespread. Of the 1400 Gogs instances on the Internet, over 700 show signs of compromise, in the form of new repositories with randomized names. It’s possible that even more instances have been compromised, and the signs have been covered. The attack added a symlink to .git/config, and then overwriting that file with a new config that defines the sshCommand setting. After exploitation, a Supershell malware was installed, establishing ongoing remote control.
The most troubling element of this story is that the vulnerability was first discovered in the wild back in July and was reported to the Gogs project at that time. As of December 11, the vulnerability has not been fixed or acknowledged. After five months of exploitation without a patch, it seems time to acknowledge that Gogs is effectively unmaintained. There are a couple of active forks that don’t seem to be vulnerable to this attack; time to migrate.
Blinkenlights
There’s an old story I always considered apocryphal, that data could be extracted from the blinking lights of network equipment, leading to a few ISPs to boast that they covered all their LEDs with tape for security. While there may have been a bit of truth to that idea, it definitely served as inspiration for [Damien Cauquil] at Quarkslab, reverse engineering a very cheap smart watch.
The watches were €11.99 last Christmas, and a price point that cheap tickles the curiosity of nearly any hacker. What’s on the inside? What does the firmware look like? The micro-controller was by the JieLi brand, and it’s a bit obscure, with no good way to pull the firmware back off. With no leads there, [Damien] turned to the Android app and the Bluetooth Low Energy connection. One of the functions of the app is uploading custom watch dials. Which of course had to be tested by creating a custom watch face featuring a certain Rick Astley.
But those custom watch faces have a quirk. The format internally uses byte offsets, and the watch doesn’t check for that offset to be out of bounds. A ridiculous scheme was concocted to abuse this memory leak to push firmware bytes out as pixel data. It took a Raspberry Pi Pico sniffing the SPI bus to actually recover those bytes, but it worked! Quite the epic hack.
Bits and Bytes
Libpng has an out of bounds read vulnerability, that was just fixed in 1.6.52. What’s weird about this one is that the vulnerability is can be triggered by completely legitimate PNG images. The good news is that is vulnerability only effects the simplified API, so not every user of libpng is in the blast radius.
And finally, Google has pushed out an out-of-band update to Chrome, fixing a vulnerability that is being exploited in the wild. The Hacker News managed to connect the bug ID to a pull request in the LibANGLE library, a translation layer between OpenGL US calls into Direct3D, Vulkan, and Metal. The details there suggests the flaw is limited to the macOS platform, as the fix is in the metal renderer. Regardless, time to update!
Ministero dell'Istruzione
#ScuolaFutura, dal 12 al 15 dicembre, il campus itinerante sull’innovazione didattica promosso dal #MIM farà tappa a #Sanremo con i laboratori nazionali di orientamento dedicati alla musica e alle #STEM.Telegram
Science Channel reshared this.
Componenti cinesi nelle auto americane? L’allarme del Congresso per la sicurezza nazionale
@Notizie dall'Italia e dal mondo
La catena globale della produzione automobilistica è ormai diventata un fronte della competizione strategica tra Stati Uniti e Cina. E il messaggio è emerso con chiarezza durante un’audizione della House Select Committee on China, in cui i vertici della
FinTech und Datenschutz: PayPal sammelt die sexuellen Vorlieben von Kunden
netzpolitik.org/2025/fintech-u…
Boerps ☑️ reshared this.
56 anni fa, la strage di piazza Fontana a Milano. Strage fascista, dove morirono 17 persone e ne vennero ferite 88. Lo stato accusò gli anarchici, arrestarono il ferroviere Giuseppe Pinelli, che guarda caso morì cadendo dalla finestra della questura di Milano. Dissero che si era buttato... Una preghiera per le vittime della stage e per Pinelli, vittima innocente di un omicidio di stato.
La storia della strage di Piazza Fontana: perché cambiò l’Italia
geopop.it/strage-di-piazza-fon…
strage di Piazza Fontana, strage di Stato, strage fascista
12 dicembre, Piazza Fontana, strage di stato: non dimentichiamo
differx.noblogs.org/2025/12/12…
#piazzafontana #stragidistato #ordinenuovo #stragifasciste #stragedistato
reshared this
"La Banca di Russia farà causa alla Ue per l'uso degli asset russi"
dopo aver imbracciato le armi adesso vogliono fare causa? che ridicoli.
BENIN. Il golpe sventato grazie all’intervento della Francia e dell’Ecowas
@Notizie dall'Italia e dal mondo
Per sventare il tentato golpe in Benin sono intervenute le truppe dell'Ecowas, un'alleanza regionale fedele a Parigi. La Francia non vuole perdere la sua residua influenza in Africa dopo l'avvicinamento a Mosca di Burkina Faso, Mali e Niger
L'articolo BENIN. Il golpe sventato grazie
OSINT nell'Indagine sull'assalto al Campidoglio degli Stati Uniti
@Privacy Pride
Il post completo di Christian Bernieri è sul suo blog: garantepiracy.it/blog/osint-ca…
Dopo il grande pezzo sugli ecoceronti, Claudia torna a noi per regalarci una nuova perla dedicata all'OSINT. Non è roba da nerd, anzi, è qualcosa che ci appartiene culturalmente e che abbiamo imparato fin dai tempi dell'asilo.
freezonemagazine.com/articoli/…
Quando il talento incontra lo studio e la passione, allora nascono percorsi artistici dall’alto potenziale di sviluppo. Questo è il caso di Sara Gioielli, pianista e diplomata in canto jazz in quel Sancta Sanctorum che è il conservatorio di San Pietro a Majella di Napoli, straordinaria fucina di artisti e compositori fin dalla sua fondazione […]
L'articolo Sara Gioielli – Gioielli neri proviene da
STATI UNITI. L’ICE perseguita i lavoratori. Datori di lavoro e sindacati reagiscono
@Notizie dall'Italia e dal mondo
Quali sono le tattiche che aziende agricole, fabbriche, ristoranti e altri luoghi di lavoro utilizzano per proteggere i dipendenti immigrati dalle incursioni dell'ICE?
L'articolo STATI UNITI. L’ICE perseguita i lavoratori. Datori di lavoro e
Ministero dell'Istruzione
Ieri, al #MIM, con l’accensione dell’albero di #Natale, alla presenza del Ministro Giuseppe Valditara e del Sottosegretario Paola Frassinetti, si sono conclusi i laboratori di #NextGenArt.Telegram
Digital Fights: Digital Lights: Wir kämpfen gegen Handydurchsuchungen bei Geflüchteten
netzpolitik.org/2025/digital-f…
Ma com'è sta storia che il petrolio scende di prezzo e i carburanti aumentano? 🤨🧐😠
Il petrolio chiude in calo a New York a 57,60 dollari al barile - Ultima ora - Ansa.it
ansa.it/sito/notizie/topnews/2…
Journalists warn of silenced sources
From national outlets to college newspapers, reporters are running into the same troubling trend: sources who are afraid to speak to journalists because they worry about retaliation from the federal government.
This fear, and how journalists can respond to it, was the focus of a recent panel discussion hosted by Freedom of the Press Foundation (FPF), the Association of Health Care Journalists, and the Society of Environmental Journalists. Reporters from a range of beats described how the second Trump administration has changed the way people talk to the press, and what journalists do to reassure sources and keep them safe.
youtube.com/embed/rIyRDQFEl4k?…
For journalist Grace Hussain, a solutions correspondent at Sentient Media, this shift became unmistakable when sources who relied on federal funding suddenly backed out of participating in her reporting. “Their concerns were very legitimate,” Hussain said, “It was possible that their funding could get retracted or withdrawn” for speaking to the press.
When Hussain reached out to other reporters, she found that sources’ reluctance to speak to the press for fear of federal retaliation is an increasingly widespread issue that’s already harming news coverage. “There are a lot of stories that are under-covered, and it’s just getting more difficult at this point to do that sort of coverage with the climate that we’re in,” she said.
Lizzy Lawrence, who covers the Food and Drug Administration for Stat, has seen a different but equally unsettling pattern. Lawrence has found that more government sources want to talk about what’s happening in their agencies, but often only if they’re not named. Since Trump returned to office, she said, many sources “would request only to speak on the condition of anonymity, because of fears of being fired.” As a result, her newsroom is relying more on confidential sources, with strict guardrails, like requiring multiple sources to corroborate information.
For ProPublica reporter Sharon Lerner, who’s covered health and the environment across multiple administrations, the heightened fear is impossible to miss. Some longtime sources have cut off communication with her, including one who told her they were falsely suspected of leaking.
And yet, she added, speaking to the press may be one of the last options left for employees trying to expose wrongdoing. “So many of the avenues for federal employees to seek justice or address retaliation have been shut down,” Lerner said.
This chilling effect extends beyond federal agencies. Emily Spatz, editor-in-chief of Northeastern’s independent student newspaper The Huntington News, described how fear spread among international students after federal agents detained Mahmoud Kahlil and Rümeysa Öztürk. Visa revocations of students at Northeastern only deepened the concern.
Students started asking the newspaper to take down previously published op-eds they worried could put them at risk, a step Spatz took after careful consideration. The newsroom ultimately removed six op-eds but posted a public website documenting each removal to preserve transparency.
Even as the paper worked hard to protect sources, many became reluctant to participate in their reporting. One student, for instance, insisted the newspaper remove a photo showing the back of their head, a method the paper had used specifically to avoid identifying sources.
Harlo Holmes, the chief information security officer and director of digital security at FPF, said these patterns mirror what journalists usually experience under authoritarian regimes, but — until now — have not been seen in the United States. Whistleblowing is a “humongously heroic act,” Holmes said, “and it is not always without its repercussions.”
She urged reporters to adopt rigorous threat-modeling practices and to be transparent with sources about the tools and techniques they use to keep them safe. Whether using SecureDrop, Signal, or other encrypted channels, she said journalists should make it easy for sources to find out how to contact them securely. “A little bit of education goes a long way,” she said.
For more on how journalists are working harder than ever to protect vulnerable sources, watch the full event recording here.
Covering immigration in a climate of fear
As the federal government ramps up immigration enforcement, sweeping through cities, detaining citizens and noncitizens, separating families, and carrying out deportations, journalists covering immigration have had to step up their work, too.
Journalists on the immigration beat today are tasked with everything from uncovering government falsehoods to figuring out what their communities need to know and protecting their sources. Recently, Freedom of the Press Foundation (FPF) hosted a conversation with journalists Maritza Félix, the founder and director of Conecta Arizona; Arelis Hernández, a reporter for The Washington Post; and Lam Thuy Vo, an investigative reporter with Documented. They discussed the challenges they face and shared how they report on immigration with humanity and accuracy, while keeping their sources and themselves safe.
youtube.com/embed/OPPo0YzKfnA?…
Immigration reporting has grown a lot more difficult, explained Hernández, as sources increasingly fear retaliation from the government. “I spend a lot of time at the front end explaining, ‘Where will this go? What will it look like?’” Hernández said, describing her process of working with sources to ensure they participate in reporting knowingly and safely. She also outlined her own precautions, from using encrypted devices to carrying protective gear, highlighting just how unsafe conditions have become, even for U.S.-born reporters.
Like Hernández, Félix also emphasized the intense fear and uncertainty many immigrant sources experience. Other sources, however, may be unaware of the possible consequences of speaking to reporters and need to be protected as well. “I think when we’re talking about sources, particularly with immigration, we’re talking about people who are sharing their most vulnerable moments in their life, and I think the way that we treat it is going to be very decisive on their future,” she said.
Journalists who are themselves immigrants must also manage personal risk, Félix said, “but the risk is always going to be there just because of who we are and what we represent in this country.” She pointed to the arrest and deportation of journalist Mario Guevara in Georgia, saying it “made me think that could have been me” before she became a U.S. citizen. She recommended that newsrooms provide security training, mental health resources, and operational protocols for both staff and freelancers.
Both Félix and Vo, who work in newsrooms by and for immigrant communities, emphasized the need for journalists to actively listen to the people they cover. “If you’re trying to serve immigrants, build a listening mechanism, some kind of way of continuing to listen to both leaders in the community, service providers, but also community members,” Vo advised. She also recommended that journalists use risk assessments and threat modeling to plan how to protect themselves and their sources.
Watch the full discussion here.
Tempesta e freddo su 850mila sfollati vittime dello stato genocida di israele.
Rahaf, bimba di otto mesi, morta di freddo a Kahn Younis
differx.noblogs.org/2025/12/11…
reshared this
gli USA intendono passare ai raggi x i social di chiunque entri nel loro territorio
differx.noblogs.org/2025/12/11…
reshared this
un'opera di Leonora Carrington
March Sunday / Leonora Carrington. 1990
differx.noblogs.org/2025/12/10…
reshared this
‘Architects of AI’ Wins Time Person of the Year, Sends Gambling Markets Into a Meltdown#TimePersonoftheYear
‘Architects of AI’ Wins Time Person of the Year, Sends Gambling Markets Into a Meltdown
The degenerate gamblers of Polymarket and Kalshi who bet that “AI” would win the Time Person of the Year are upset because the magazine has named the “Architects of AI” the person of the year. The people who make AI tools and AI infrastructure are, notably, not “AI” themselves, and thus both Kalshi and Polymarket have decided that people who bet “AI” do not win the bet. On Polymarket alone, people spent more than $6 million betting on AI gracing the cover of Time.As writer Parker Molloy pointed out, people who bet on AI are pissed. “ITS THE ARCHITECTS OF AI THISNIS [sic] LITERALLY THE BET FUCK KALSHI,” one Kalshi better said.
“This pretty clearly should’ve resolved to yes. If you bought AI, reach out to Kalshi support because ‘AI’ is literally on the cover and in the title ‘Architects of AI.’ They’re not going to change anything unless they hear from people,” said another.
“ThE aRcHiTeCtS oF AI fuck you pay me,” said a third.
“Another misleading bet by Kalshi,” said another gambler. “Polymarket had fair rules and Kalshi did not. They need to fix this.”
But bag holders on Polymarket are also pissed. “This is a scam. It should be resolved to a cancellation and a full refund to everyone,” said a gambler who’d put money down on Jensen Huang and lost. Notably, on Kalshi, anyone who bet on any of the “Architects of AI,” won the bet (meaning Sam Altman, Elon Musk, Jensen Huang, Dario Amodei, Mark Zuckerberg, Lisa Su, and Demis Hassabis), while anyone who bet their products—“ChatGPT” and “OpenAI” did not win. On Polymarket, the rules were even more strict, i.e. people who bet “Jensen Huang” lost but people who bet “Other” won.
“FUCK YOU FUCKING FUCK Shayne Coplan [CEO of Polymarket],” said someone who lost about $50 betting on AI to make the cover.
Polymarket made its reasoning clear in a note of “additional context” on the market.
“This market is about the person/thing named as TIME's Person of the Year for 2025, not what is depicted on the cover. Per the rules, “If the Person of the Year is ‘Donald Trump and the MAGA movement,’ this would qualify to resolve this market to ‘Trump.’ However if the Person of the Year is ‘The MAGA movement,’ this would not qualify to resolve this market to ‘Trump’ regardless of whether Trump is depicted on the cover,” it said.
“Accordingly, a Time cover which lists ‘Architects of AI’ as the person of the year will not qualify for ‘AI’ even if the letters ‘AI’ are depicted on the cover, as AI itself is not specifically named.”
It should be noted how incredibly stupid all of this is, which is perhaps appropriate for the year 2025, in which most of the economy consists of reckless gambling on AI. People spent more than $55 million betting on the Time Person of the Year on Polymarket, and more than $19 million betting on the Time Person of the Year on Kalshi. It also presents one of the many downsides of spending money to bet on random things that happen in the world. One of the most common and dumbest things that people continue to do to this day despite much urging otherwise is anthropomorphize AI, which is distinctly not a person and is not sentient.
Time almost always actually picks a “person” for its Person of the Year cover, but it does sometimes get conceptual with it, at times selecting groups of people (“The Silence Breakers” of the #MeToo movement, the “Whistleblowers,” the “Good Samaritans,” “You,” and the “Ebola Fighters,” for example). In 1982 it selected “The Computer” as its “Machine of the Year,” and in 1988 it selected “The Endangered Earth” as “Planet of the Year.”
Polymarket’s users have been upset several times over the resolution of bets in the past few weeks and their concerns highlight how easy it is to manipulate the system. In November, an unauthorized edit of a live map of the Ukraine War allowed gamblers to cash in on a battle that hadn’t happened. Earlier this month, a trader made $1 million in 24 hours betting on the results of Google’s 2025 Year In Search Rankings and other users accused him of having inside knowledge of the process. Over the summer, Polymarket fought a war over whether or not President Zelenskyy had worn a suit. Surely all of this will continue to go well and be totally normal moving forward, especially as these prediction markets begin to integrate themselves with places such as CNN.
Kalshi to become CNN’s official prediction market partner
Kalshi’s data will serve as a powerful complement to CNN’s reporting.Kalshi
With OpenAI investment, Disney will officially begin putting AI slop into its flagship streaming product.#AIPorn #OpenAI #Disney
Disney Invests $1 Billion in the AI Slopification of Its Brand
The first thing I saw this morning when I opened X was an AI-generated trailer for Avengers: Doomsday. Robert Downey Jr’s Doctor Doom stood in a shapeless void alongside Captain America and Reed Richards. It was obvious slop but it was also close in tone and feel of the last five years of Disney’s Marvel movies. As media empires consolidate, nostalgia intensifies, and AI tools spread, Disney’s blockbusters feel more like an excuse to slam recognizable characters together in a contextless morass.So of course Disney has announced it signed a deal with OpenAI today that will soon allow fans to make their own officially licensed Disney slop using Sora 2. The house that mouse built, and which has been notoriously protective of its intellectual property, opened up the video generator, saw the videos featuring Nazi Spongebob and criminal Pikachu, and decided: We want in.
According to a press release, the deal is a 3 year licensing agreement that will allow the AI company’s short form video platform Sora to generate slop videos using characters like Mickey Mouse and Iron Man. As part of the agreement, Disney is investing $1 billion of equity into OpenAI, said it will become a major customer of the company, and promised that fan and corporate AI-generated content would soon come to Disney+, meaning that Disney will officially begin putting AI slop into its flagship streaming product.
The deal extends to ChatGPT as well and, starting in early 2026, users will be able to crank out officially approved Disney slop on multiple platforms. When Sora 2 launched in October, it had little to no content moderation or copyright guidelines and videos of famous franchise characters doing horrible things flooded the platform. Pikachu stole diapers from a CVS, Rick and Morty pushed crypto currencies, and Disney characters shouted slurs in the aisles of Wal-Mart.
It is worth mentioning that, although Disney has traditionally been extremely protective of its intellectual property, the company’s princesses have become one of the most common fictional subjects of AI porn on the internet; 404 Media has found at least three different large subreddits dedicated to making AI porn of characters like Elsa, Snow White, Rapunzel, and Tinkerbell. In this case, Disney is fundamentally throwing its clout behind a technology that has thus far most commonly been used to make porn of its iconic characters.
After the hype of the launch, OpenAI added an “opt-in” policy to Sora that was meant to prevent users from violating the rights of copyright holders. It’s trivial to break this policy however, and circumvent the guardrails preventing a user from making a lewd Mickey Mouse cartoon or episode of The Simpsons. The original sin of Sora and other AI systems is that the training data is full of copyrighted material and the models cannot be retrained without great cost, if at all.
If you can’t beat the slop, become the slop.
“The rapid advancement of artificial intelligence marks an important moment for our industry, and through this collaboration with OpenAI we will thoughtfully and responsibly extend the reach of our storytelling through generative AI, while respecting and protecting creators and their works,” Bob Iger, CEO of Disney, said in the press release about the agreement.
The press release explained that Sora users will soon have “official” access to 200 characters in the Disney stable, including Loki, Thanos, Darth Vader, and Minnie Mouse. In exchange, Disney will begin to use OpenAI’s APIs to “build new products” and it will deploy “ChatGPT for its employees.”
I’m imagining a future where AI-generated fan trailers of famous characters standing next to each other in banal liminal spaces is the norm. People have used Sora 2 to generate some truly horrifying videos, but the guardrails have become more aggressive. As Disney enters the picture, I imagine the platform will become even more anodyne. Persistent people will slip through and generate videos of Goofy and Iron Man sucking and fucking, sure, but the vast majority of what’s coming will be safe corporate gruel that resembles a Marvel movie.
OpenAI’s Sora 2 Copyright Infringement Machine Features Nazi SpongeBobs and Criminal Pikachus
The main use of Sora appears to generate brainrot of major beloved copyrighted characters, to say nothing of the millions of articles, images, and videos OpenAI has scraped.Jason Koebler (404 Media)
Il Portogallo paralizzato dal primo sciopero generale dopo 12 anni
@Notizie dall'Italia e dal mondo
I sindacati portoghesi hanno proclamato lo sciopero contro un piano del governo che faciliterà i licenziamenti ed estenderà la precarietà nel mondo del lavoro
L'articolohttps://pagineesteri.it/2025/12/11/europa/il-portogallo-paralizzato-dal-primo-sciopero-generale-dopo-12-anni/
Presentazione del libro “E sceglierai la vita. Guerra e pace lungo le strade di Yitzhak Rabin” di Adam Smulevich
@Politica interna, europea e internazionale
11 dicembre 2025, ore 18:00 – Aula Malagodi della Fondazione Luigi Einaudi, roma Oltre all’autore interverranno Piero Fassino, Deputato della Repubblica Fiamma Nirenstein, giornalista
Gelosia 2.0
noblogo.org/lalchimistadigital…
tempo iperdenso e linee di fuga
noblogo.org/differx/e-un-perio…
è un periodo in cui le scadenze di consegna di lavori (non pagati o pagati...
& slowforward (entropia gratis) + ko-fi (help, support!)...differxdiario
reshared this
Dozens of government websites have fallen victim to a PDF-based SEO scam, while others have been hijacked to sell sex toys.#AI
Porn Is Being Injected Into Government Websites Via Malicious PDFs
Dozens of government and university websites belonging to cities, towns, and public agencies across the country are hosting PDFs promoting AI porn apps, porn sites, and cryptocurrency scams; dozens more have been hit with a website redirection attacks which lead to animal vagina sex toy ecommerce pages, penis enlargement treatments, automatically-downloading Windows program files, and porn.“Sex xxx video sexy Xvideo bf porn XXX xnxx Sex XXX porn XXX blue film Sex Video xxx sex videos Porn Hub XVideos XXX sexy bf videos blue film Videos Oficial on Instagram New Viral Video The latest original video has taken the internet by storm and left viewers in on various social media platforms ex Videos Hot Sex Video Hot Porn viral video,” reads the beginning of a three-page PDF uploaded to the website of the Irvington, New Jersey city government’s website.
The PDF, called “XnXX Video teachers fucking students Video porn Videos free XXX Hamster XnXX com” is unlike many of the other PDFs hosted on the city’s website, which include things like “2025-10-14 Council Minutes,” “Proposed Agenda 9-22-25,” and “Landlord Registration Form (1 & 2 unit dwelling).”
It is similar, however, to another PDF called “30 Best question here’s,” which looks like this:
Irvington, which is just west of Newark and has a population of 61,000 people, has fallen victim to an SEO spam attack that has afflicted local and state governments and universities around the United States.💡
Do you know anything else about whatever is going on here? I would love to hear from you. Using a non-work device, you can message me securely on Signal at jason.404. Otherwise, send me an email at jason@404media.co.
Researcher Brian Penny has identified dozens of government and university websites that hosted PDF guides for how to make AI porn, PDFs linking to porn videos, bizarre crypto spam, sex toys, and more.Reginfo.gov, a regulatory affairs compliance website under the federal government’s General Services Administration, is currently hosting a 12 page PDF called “Nudify AI Free, No Sign-Up Needed!,” which is an ad and link to an abusive AI app designed to remove a person’s clothes. The Kansas Attorney General’s office and the Mojave Desert Air Quality Management District Office in California hosted PDFs called “DeepNude AI Best Deepnude AI APP 2025.” Penny found similar PDFs on the websites for the Washington Department of Fish and Wildlife, the Washington Fire Commissioners Association, the Florida Department of Agriculture, the cities of Jackson, Mississippi and Massillon, Ohio, various universities throughout the country, and dozens of others. Penny has caught the attention of local news throughout the United States, who have reported on the problem.
The issue appears to be stemming from websites that allow people to upload their own PDFs, which then sit on these government websites. Because they are loaded with keywords for widely searched terms and exist on government and university sites with high search authority, Google and other search engines begin to surface them. In the last week or so, many (but not all) of the PDFs Penny has discovered have been deleted by local governments and universities.But cities seem like they are having more trouble cleaning up another attack, which is redirecting traffic from government URLs to porn, e-commerce, and spam sites. In an attack that seems similar to what we reported in June, various government websites are somehow being used to maliciously send traffic elsewhere. For example, the New York State Museum’s online exhibit for something called “The Family Room” now has at least 11 links to different types of “realistic” animal vagina pocket masturbators, which include “Zebra Animal Vagina Pussy Male Masturbation Cup — Pocket Realistic Silicone Penis Sex Toy ($27.99),” and “Must-have Horse Pussy Torso Buttocks Male Masturbator — Fantasy Realistic Animal Pussie Sex Doll.”
Links Penny found on Knoxville, Tennessee’s site for permitting inspections first go to a page that looks like a government site for hosting files then redirects to a page selling penis growth supplements that features erect penises (human penises, mercifully), blowjobs, men masturbating, and Dr. Oz’s face.Another Knoxville link I found, which purports to be a pirated version of the 2002 Vin Diesel film XXX simply downloaded a .exe file to my computer.
Penny believes that what he has found is basically the tip of the iceberg, because he is largely finding these by typing things like “nudify site:.gov” “xxx site:.gov” into Google and clicking around. Sometimes, malicious pages surface only on image searches or video searches: “Basically the craziest things you can think of will show up as long as you’re on image search,” Penny told 404 Media. “I’ll be doing this all week.”
The Nevada Department of Transportation told 404 Media that “This incident was not related to NDOT infrastructure or information systems, and the material was not hosted on NDOT servers.This unfortunate incident was a result of malicious use of a legitimate form created using the third-party platform on which NDOT’s website is hosted. NDOT expeditiously worked with our web hosting vendor to ensure the inappropriate content was removed.” It added that the third-party is Granicus, a massive government services company that provides website backend infrastructure for many cities and states around the country, as well as helps them stream and archive city council meetings, among other services. Several of the affected local governments use Granicus, but not all of them do; Granicus did not respond to two requests for comment from 404 Media.
The California Secretary of State’s Office told 404 Media: “A bad actor uploaded non-business documents to the bizfile Online system (a portal for business filings and information). The files were then used in external links allowing public access to only those uploaded files. No data was compromised. SOS staff took immediate action to remove the ability to use the system for non-SOS business purposes and are removing the unauthorized files from the system.” The Washington Department of Fish and Wildlife said “WDFW is aware of this issue and is actively working with our partners at WaTech to address it.” The other government agencies mentioned in this article did not respond to our requests for comment.
AI porn on state websites
Mainland whistleblower warns of malicious webpages being hosted on government websites nationwide, including in Hawaiʻi.Michael Brestovansky (Aloha State Daily)
The discovery of fire-cracked handaxes and sparking tools in southern Britain pushes the timeline of controlled fires back 350,000 years.#TheAbstract
Scientists Discover the Earliest Human-Made Fire, Rewriting Evolutionary History
🌘
Subscribe to 404 Media to get The Abstract, our newsletter about the most exciting and mind-boggling science news and studies of the week.Humans made fires as early as 400,000 years ago, pushing the timeline of this crucial human innovation back a staggering 350,000 years, reports a study published on Wednesday in Nature.
Mastery of fire is one of the most significant milestones in our evolutionary history, enabling early humans to cook nutritious food, seek protection from predators, and establish comfortable spaces for social gatherings. The ability to make fires is completely unique to the Homo genus that includes modern humans (Homo sapiens) and extinct humans, including Neanderthals.
Early humans may have opportunistically exploited wildfires more than one million years ago, but the oldest known controlled fires, which were intentionally lit with specialized tools, were previously dated back to about 50,000 years ago at Neanderthal sites in France.
Now, archaeologists have unearthed the remains of campfires ignited by an unidentified group of humans 400,000 years ago at Barnham, a village near the southern coast of the United Kingdom.
“This is a 400,000-year-old site where we have the earliest evidence of making fire—not just in Britain or Europe, but in fact, anywhere else in the world,” said Nick Ashton, an archaeologist at the British Museum who co-authored the study, in a press briefing held on Tuesday.
“Many of the great turning points in human development, and the development of our civilization, depended on fire,” added co-author Rob Davis, also an archaeologist at the British Museum. “We're a species who have used fire to really shape the world around us—in belief systems, as well. It's a very prominent part of belief systems across the world.”
Artifacts have been recovered from Barnham for more than a century, but the remnants of this ancient hearth were identified within the past decade. The researchers were initially tipped off by the remains of heated clay sediments, hydrocarbons associated with fire, and fire-cracked flint handaxes.
But the real smoking gun was the discovery of two small fragments of iron pyrite, a mineral commonly used to strike flint to produce sparks at later prehistoric campfires such as the French Neanderthal sites.
Discovery of the first fragment of iron pyrite in 2017 at Barnham, Suffolk Image: Jordan Mansfield, Pathways to Ancient Britain Project.
“Iron pyrite is a naturally occurring mineral, but through geological work in the area over the last 36 years, looking at 26 sites, we argue that pyrite is incredibly rare in the area,” said Ashton. “We think humans brought pyrite to the site with the intention of making fire.”The fire-starters were probably Neanderthals, who were known to be present in the region at the time thanks to a skull found in Swanscombe, about 80 miles northeast of Barnham. But it’s possible that the fires were made by another human lineage such as Homo heidelbergensis, which also left bones in the U.K. around the same period. It was not Homo sapiens as our lineage emerged in Africa later, about 300,000 years ago.
Regardless of this group’s identity, its ability to make fire would have been a major advantage, especially in the relatively cold environment of southern Britain at the time. It also hints that the ability to make fire extends far deeper into the past than previously known.
“We assume that the people who made the fire at Barnham brought the knowledge with them from continental Europe,” said co-author Chris Stringer, a physical anthropologist at the Natural History Museum. “There was a land bridge there. There had been a major cold stage about 450,000 years ago, which had probably wiped out everyone in Britain. Britain had to be repopulated all over again.”
“Having that use of fire, which they must have brought with them when they came into Britain, would have helped them colonize this new area and move a bit further north to places where the winters are going to be colder,” he continued. “You can keep warm. You can keep wild animals away. You get more nutrition from your food.”
Excavation of the ancient campfire, removing diagonally opposed quadrants. The reddened sediment between band B’ is heated clay. Image: Jordan Mansfield, Pathways to Ancient Britain Project.
Although these humans likely had brains close in size to our own, the innovation of controlled fire would have amplified their cognitive development, social bonds, and symbolic capacities. In the flickering light of ancient campfires, these humans shared food, protection, and company, passing on a tradition that fundamentally reshaped our evolutionary trajectory.“People were sitting around the fires, sharing information, having extra time beyond pure daylight to make things, to teach things, to communicate with each other, to tell stories,” Stringer said. “Maybe it may have even fueled the development of language.”
“We've got this crucial aspect in human evolution, and we can put a marker down that it was there 400,000 years ago,” he concluded.
Earliest evidence of making fire - Nature
Baked sediment, heat-shattered artefacts and introduced pyrite in a 400,000-year-old Palaeolithic occupation site in Suffolk, UK provide evidence of intentional fire-making, marking a pivotal moment in human development.Nature
Siccome siamo già all'11 e non l'ho ancora sentita, percepisco che questo potrebbe essere il mio anno e quindi ho deciso di gareggiare nell'epica sfida del #Whamageddon 😁
Stasera però vado a Pilates, lì c'è musica e sebbene l'istruttore sia un Grinch il rischio è alto...
Poliversity - Università ricerca e giornalismo reshared this.
DNS-Massenüberwachung: „Das war dringend notwendig, diese neue Idee einer Schleppnetzfahndung im Internet abzuwenden“
netzpolitik.org/2025/dns-masse…
Gaza in ginocchio: freddo, pioggia e nuovi bombardamenti israeliani devastano il territorio
@Notizie dall'Italia e dal mondo
Sommersi i campi degli sfollati. A Khan Younis una neonata di otto mesi è morta per il freddo. L’Unrwa chiede aiuti urgenti per affrontare l’inverno
L'articolo Gaza in ginocchio: freddo, pioggia e nuovi bombardamenti
We don't need AI. AI needs us.
in reply to Max - Poliverso 🇪🇺🇮🇹 • • •Per mia fortuna l'ho sentita solo una volta finora, ai primi del mese. Poi il silenzio. Spero.
#Whamageddon
Max - Poliverso 🇪🇺🇮🇹
in reply to Max - Poliverso 🇪🇺🇮🇹 • •Niente. Sono stato eliminato subito, come una nazionale italiana di calcio qualsiasi.
😢
Daniele Scaglione
in reply to Max - Poliverso 🇪🇺🇮🇹 • • •