Gli Hacker della Corea del Nord attaccano NPM con del Malware
Il 7 luglio di quest’anno un utente del repository per sviluppatori npm con il nickname “nagasiren978” ha pubblicato due pacchetti dannosi: “harthat-hash” e “harthat-api”, che contengono codice che installa ulteriore malware dal server C2 degli aggressori. Gli obiettivi principali di questi attacchi erano i sistemi basati su Windows.
I metodi e l’infrastruttura utilizzati nei pacchetti dannosi corrispondono alle tattiche di un gruppo di hacker legato alla RPDC, che Microsoft rintraccia con il nome MOONSTONE SLEET.
All’interno dell’azienda Datadog, che per prima ha scoperto i pacchetti dannosi sopra menzionati, questo cluster di minacce si chiama “Stressed Pungsan”. Questo nome è associato a una razza di cane allevata nella Corea del Nord.
L’obiettivo degli hacker era penetrare nelle catene di fornitura del software e negli ambienti degli sviluppatori. Dopo aver ottenuto l’accesso necessario, gli aggressori rubano informazioni personali, API e chiavi di accesso ai servizi cloud e si spostano anche attraverso altri sistemi delle vittime.
Per combattere tali minacce, il team di sicurezza di Datadog ha sviluppato un’infrastruttura di scansione dei pacchetti per PyPi e npm utilizzando il software GuardDog. Durante la scansione del 7 luglio gli specialisti hanno scoperto due pacchetti dal comportamento sospetto.
I pacchetti “harthat-hash” versione 1.3.3 e “harthat-api” versione 1.3.1 utilizzavano script preinstallati per eseguire e quindi eliminare i file “.js”. Tali script contenevano collegamenti a domini sospetti e caricavano file DLL dannose lanciate utilizzando “rundll32.exe”.
Entrambi i pacchetti si sono rivelati quasi identici nel contenuto, differendo solo per il valore del parametro id nei collegamenti al server C2. Il codice dannoso ha scaricato il file “Temp.b”, lo ha rinominato “package.db” e lo ha eseguito tramite “rundll32.exe”. Dopo l’esecuzione, lo script è stato eliminato e il file “package.json” è stato sostituito con “pk.json”, rendendo difficile il rilevamento di attività dannose.
Gli aggressori hanno utilizzato il codice del popolare repository “node-config” e hanno aggiunto alcune modifiche dannose. Vale la pena notare che i pacchetti sono stati rimossi da npm molto rapidamente, non dai moderatori, ma dall’autore stesso.
L'articolo Gli Hacker della Corea del Nord attaccano NPM con del Malware proviene da il blog della sicurezza informatica.
Banche e istituti finanziari continuano a investire nella fornitura di armi a Israele
@Notizie dall'Italia e dal mondo
Il nuovo articolo di @valori
Ci sono anche Unicredit e Intesa Sanpaolo tra le banche e le istituzioni finanziarie che guadagnano dalle armi a Israele
L'articolo Banche e istituti finanziari continuano a investire nella fornitura di armi a Israele proviene da Valori.
Notizie dall'Italia e dal mondo reshared this.
imolaoggi.it/2024/08/05/borsa-…
Local Digital Twins: tackling urban digitalisation gaps in Europe [Promoted content]
Digital technologies are transforming urban governance. European cities leverage Local Digital Twins and Platforms for smart transition, but face strategic, procurement, and implementation challenges. European Commission initiatives can help bridge the digital divide and promote inclusive and smarter urban environments.
UK examines foreign states’ role in sowing discord leading to riots
The British government said on Monday (5 August) officials were examining the role foreign states had played in amplifying disinformation online which had helped fuel violent protests, while warning social media firms they had to do more to stop it.
Joe Vinegar reshared this.
The 555 As A MOSFET Driver
To drive a MOSFET requires more than merely a logic level output, there’s a requirement to charge the device’s gate which necessitates a suitable buffer amplifier. A variety of different approaches can be taken, from a bunch of logic buffers in parallel to a specialised MOSFET driver, but [Mr. T’s Design Graveyard] is here with a surprising alternative. As it turns out, the ever-useful 555 timer chip does the job admirably.
It’s a simple enough circuit, the threshold pin is pulled high so the output goes high, and the PWM drive from an Arduino is hooked up to the reset pin. A bipolar 555 can dump a surprising amount of current, so it’s perfectly happy with a MOSFET. We’re warned that the CMOS variants don’t have this current feature, and he admits that the 555 takes a bit of current itself, but if you have the need and a 555 is in your parts bin, why not!
This will of course come as little surprise to anyone who played with robots back in the day, as a 555 or particularly the 556 dual version made a pretty good and very cheap driver for small motors. If you’ve ever wondered how these classic hips work, we recently featured an in-depth look.
Cisco Ball is the Tumbleweed Opposite of a Disco Ball
Inspiration can strike a maker at any moment. For [Laura Kampf], it happened in the desert when she saw a tumbleweed.
Tumbleweeds roll through the western United States, hitting cars on the interstate and providing some background motion for westerns. [Kampf] found the plant’s intricate, prickly structure mesmerizing, and decided to turn it into a piece of contemplative kinetic art.
[Kampf] attached the tumbleweed to a piece of wood using epoxy and mounted it to what appears to be a worm drive motor nestled inside an interestingly-shaped piece of wood. As the tumbleweed turns, a light shines through it to project a changing shadow on the wall to “create silence, it creates calmness, it takes away from the noise that surrounds it.” While [Kampf] has some work to do to get the sculpture to its finished state, we can get behind her mantra, “The most important thing about the phase of execution is to get started.”
Are you looking for some projects of your own to help you find calm? How about some ambient lighting, a sand drawing table, or a music player that keeps things simple?
A Two-Stroke Engine Made From Scratch Using Basic Hardware Store Parts
A working DIY two-stroke in all of its glory, with the flywheel removed. (Credit: Camden Bowen)
How hard could it to be to build a two-stroke internal combustion engine (ICE) from scratch? This is a challenge that [Camden Bowen] gladly set for himself, while foregoing such obvious wastes of time like first doing an in-depth literature study on the topic. That said, he did do some research and made the design in OnShape CAD before making his way over to the hardware store to make some purchases.
As it turns out, you can indeed build a two-stroke engine from scratch, using little more than some metal piping and other parts from the hardware store. You also need a welder and a lathe, with [Camden] using a Vevor mini-lathe that totally puts the ‘precision’ in ‘chatter’. As building an ICE requires a number of relatively basic parts that have to move with very little friction and with tight tolerances, this posed some challenges, but nothing that some DIY spirit can’t fix.
In the case of the very flexible boring bar on the lathe, improvising with some sturdy metal stock welded to a short boring bar resolved that, and precision was achieved. Together with an angle grinder, [Camden] was then able to manufacture the crank case, the cylinder and crank shaft and all the other pieces that make up an ICE. For the carburetor he used a unit off Amazon, which turned out to have the wrong throat size at 19 mm, but a 13 mm version worked. Ultimately, the first ICE constructed this way got destroyed mostly by running it dry and having the starter fluid acting as a solvent, but a full rebuild fixed all the issues.
This second attempt actually ran just fine the first time around, with oil in the crank case so that the poor engine wasn’t running dry any more. With a 40:1 fuel/oil mixture the little engine idles and runs as well as a two-stroke can, belching blue smoke and making a ruckus. This answers the question of whether you can build a two-stroke ICE with basic machining skills and tools, but of course the question that’s now on everyone’s lips is whether a four-stroke one would be nearly as ‘easy’. We wait with bated breath.
BANGLADESH. Esercito annuncia un governo ad interim dopo la fuga di Sheikh Hasina
@Notizie dall'Italia e dal mondo
Le dimissioni della premier sembrano aver disinnescato la forte tensione a Dhaka. Centinaia di morti nelle proteste
L'articolo pagineesteri.it/2024/08/05/asi…
Notizie dall'Italia e dal mondo reshared this.
Asteroids: Kessler Syndrome Edition
Asteroids, the late-70s arcade hit, was an immensely popular game. Often those with the simplest premise, while maintaining a fun, lighthearted gameplay have the most cultural impact and longest legacy. But, although it was popular, it doesn’t really meet the high bar of scientific fidelity that some gamers are looking for. That’s why [Attoparsec] built the Kessler Syndrome Edition of this classic arcade game.
The Kessler Syndrome is a condition where so much man-made debris piles up in low-Earth orbit that nothing can occupy this orbit without getting damaged or destroyed by the debris, and thus turning into more debris itself in a terrible positive feedback loop. [Attoparsec] brings this idea to Asteroids by reprogramming the game so that asteroids can be shot into smaller and smaller pieces but which never disappear, quickly turning the game into a runaway Kessler Syndrome where the chance of survival is extremely limited, and even a destroyed player’s ship turns into space junk as well.
To further the scientific accuracy and improve playability, though, he’s added a repulsor beam mechanism which can push the debris a bit and prolong the player’s life, and also added mass effect reactions so that even shooting bullets repels the player’s ship a bit. The build doesn’t stop with software, either. He also built a custom 70s-style arcade cabinet from the ground to host the game.
Asteroids is still a popular platform for unique builds like this. Take a look at a light-vector game using lasers to create the graphics, or this tiny version of the game that uses a real CRT.
Thanks to [smellsofbikes] for the tip!
Alimenti senza lattosio per tutti o solo per gli intolleranti?
Prosegue la rubrica della dietista Abril González Campos…
L'articolo Alimenti senza lattosio per tutti o solo per gli intolleranti? proviene da Il Fatto Alimentare.
Mozzarella e fior di latte: differenze, aspetti nutrizionali e prezzi dei protagonisti dell’estate
La mozzarella, protagonista della pizza, dell’insalata caprese e…
L'articolo Mozzarella e fior di latte: differenze, aspetti nutrizionali e prezzi dei protagonisti dell’estate proviene da Il Fatto Alimentare.
Embedded Python: MicroPython Toolkits
Last time, I talked about how MicroPython is powerful and deserving of a place in your toolkit, and it made for a lively discussion. I’m glad to see that overall, MicroPython has indeed been getting the recognition it deserves – I’ve built a large number of wonderful projects with it, and so have people I’ve shown it to!
Sometimes I see newcomers dissatisfied with MicroPython, because the helper tools they initially pick don’t suit it well. For instance, they try and start out with a regular serial terminal application that doesn’t fit the MicroPython constraints, or a general IDE that requires a fair bit of clicking around every time you need to run your code. In particular, I’d make sure that you know your options no matter whether you prefer GUI or commandline – both have seriously nice tools for MicroPython use!
The main problem to be solved with MicroPython is that you have a single serial port that everything happens through – both file upload and also debugging. For ESP8266/32-based boards, it’s a physical serial port, and for chips like RP2040 and ESP32-S* where a hardware USB peripheral is available, it’s a virtual one – which makes things harder because the virtual port might get re-enumerated every now and then, possibly surprising your terminal application. If you want to upload a program of yours, you need to free up the serial port, and to see the program’s output, you will need to reopen that port immediately after – not a convenient thing to do if you’re using something like PuTTy.
So, using MicroPython-friendly software is a must for a comfortable hacking experience. What are your options?
Power Of Thonny And Friends
Whether you’re primarily a GUI user, or you’re teaching someone that is, Thonny is undoubtedly number one in MicroPython world – it’s an IDE developed with Python in mind, and it has seriously impressive MicroPython integrations. Your board’s terminal is being managed as if effortlessly in the background – just open your files in different tabs as you normally do, and press the Run button sometimes.
Expecting more? There is more – basically anything MicroPython adjacent you’d do from commandline, is present in Thonny in a comfortable way. For instance, are you working with an ESP32 board that doesn’t yet have a MicroPython image in its flash? Lucky you, there’s an esptool integration that lets you flash an image into your MCU through a dialog box. Want debugging? There’s single-step debugging that works in an intuitive user-friendly way – you’d find this pretty hard to happen from console apart from specially engineered print statements, but Thonny delivers.
youtube.com/embed/EMAye6AlHFc?…
Not looking to pick a new IDE? There are VSCode extensions. Arduino IDE more your jam? Yeah, well, remember how Arduino has a MicroPython IDE now? It’s decently usable, so if you got used to the Arduino keybindings, you might like it. More of a commandline user? You’ve got a good few options, then, and they are similarly powerful.
Mpremote And Ampy
Rather use the terminal? Maybe IDEs are too clunky for you and the terminal window’s cleanliness provides for a distraction-free environment you can only dream about, maybe it’s just the thing you’ve used your entire life, or maybe you’re even debugging a MicroPython device over an SSH connection? mpremote
is the tool to save you.
mpremote
is part of the MicroPython project, it’s developed alongside the project, and it’s got plenty of killer features to show for it. It includes an “inline” terminal emulator that lets you access REPL effortlessly to see your code’s results and interact with the variables afterwards, correctly managing things like Ctrl+C so you can interrupt your code if needed and still poke at its variables in the REPL. You can also explore the MicroPython filesystem Linux-style with ease, and, most importantly, you can mount your current directory up to it with mpremote mount
, and mpremote
will send files to your board as the on-MCU interpreter requests them.
Overall, mpremote
offers a seriously comfortable environment for iterating on MicroPython code lightning quick. Without it, you would need to reopen the serial port each time you need to upload a new file – here, you can just chain a bunch of commands together and mpremote
will dutifully do the serial port juggling needed to get you there.
In addition to that, you can see that mpremote
is designed to help you with awkward-to-do things you didn’t know you needed to do. Need to sync your board’s RTC time with your computer’s time? That’s a mpremote rtc
command away. Want to access the MicroPython package manager? That’s mpremote mip
. Your board needs to switch into bootloader mode? No need to fiddle with buttons, just use mpremote bootloader
. In short, mpremote
is a MicroPython powerhouse for everyone who’s most comfortable in a terminal window.
youtube.com/embed/sc6ND-1QZH0?…
There is an alternative here, too: ampy
, a personal choice of mine, which I use combined with screen
. Ampy
is a tool initially designed by Adafruit, and it’s more barebones – I like it because I have control of what’s happening when I issue a command to a software, keeping my MicroPython devices in a known state at all times. On the other hand, it does require jugging the serial port on your own, so when I need to update my code, I exit screen
, run the ampy
command, then re-enter screen
again. I regularly work with large MicroPython files that also import static library files that don’t change for months, however, so having control of the upload process seems to save me a fair bit of time.
There are caveats, of course – the major one is, when using screen
in serial terminal mode, you need to press `Ctrl+A k y` (kill window) instead of `Ctrl+A d` to detach the screen session. If you do the detach instead, as you might be used to with screen
, the serial port will remain open until you unplug the device or kill the screen process, and ampy
will fail mysteriously.
Summary
I hope this toolkit overview helps you make sure you’re using exactly the kind of MicroPython environment that works for you – while compiling it, I’ve learned some nuances myself! Next time, we shall talk about CircuitPython – a MicroPython fork that has grown into a contender in the educational Python space, and how it is different from MicroPython in a number of crucial ways you deserve to know about.
X slammed with data privacy complaint over AI training
Consumer organisations allege X's artificial intelligence (AI) tool is in violation of the General Data Protection Regulation (GDPR) in a complaint filed with the Irish Data Protection Commission (DPC) on Monday (5 August).
Einaudi: il pensiero e l’azione – “Via il Prefetto” con Claudio Cresatti
Lo storico scritto di Einaudi in cui propone l’abolizione dei prefetti e critica il centralismo napoleonico. Rubrica “Einaudi: il pensiero e l’azione”
L'articolo Einaudi: il pensiero e l’azione – “Via il Prefetto” con Claudio Cresatti proviene da Fondazione Luigi Einaudi.
di Edi Arnaud, Paolo Cacciari, Marinella Correggia, Marino Ruzzenenti -
Il ricordo
Giovanna Ricoveri se ne è andata, a Genova, nella notte fra il 3 e il 4 agosto. Cinque anni dopo Giorgio Nebbia, con il quale aveva collaborato fin dal 1991, anno di nascita dell’edizione italiana di Cns-Capitalismo Natura Socialismo. La rivista di ecologia politica, diretta da Giovanna e da Valentino Parlato, faceva parte di una rete internazionale creata due anni prima in California da James O’Connor, il teorico della seconda contraddizione: quella fra capitale e natura.
Nata a Rosignano, sulla costa livornese, Giovanna Ricoveri aveva iniziato a collaborare stabilmente con la Cgil nei primi anni 1970, un impegno durato fino ai primi anni 1990. In seguito, dirigendo Cns, diventata poi Cns-Ecologia politica, si dedicò ad analizzare tre grandi questioni a lungo trascurate o negate dalle forze politiche della sinistra: la crisi ecologica come causa importante di crisi economica e sociale; lavoro e natura come due contraddizioni speculari che nel capitalismo maturo vanno affrontate insieme, due facce della stessa medaglia; l’importanza dei movimenti sociali nel superamento della crisi. Negli anni 1990, forse solo su Cns si potevano leggere saggi guidati dalle interconnessioni che cromaticamente potremmo riassumere nella definizione “rosso-verde”.
Giovanna fu anche straordinaria curatrice di diversi libri. Sviluppò l’idea della centralità della natura anche grazie ai rapporti con l’eco-femminismo a livello internazionale. Approfondì con passione l’antica eppure attualissima tematica dei beni comuni e si inserì, lei proveniente dal sindacato, nel dibattito internazionale sulla decrescita. Le tante persone che – come noi – hanno avuto Giovanna come compagna di pensiero e attività, e come amica, sono approdate a lei per vie diverse.
Chi partendo dal mondo del lavoro, chi da quello dell’ecologia. Giovanna era profondamente legata all’idea che per affrontare la crisi ecologica fosse indispensabile il contributo del movimento dei lavoratori, di chi agiva direttamente all’interno del sistema produttivo. E d’altro canto, per un vero ambientalismo che intendesse cambiare la società, era indispensabile il contributo dei lavoratori. Questione sociale e questione ecologica come inscindibilmente unite, una convergenza necessaria, ecco il messaggio centrale di Giovanna.
Un contributo che ci mancherà, in un mondo pervaso dalla convinzione che il neoliberismo si possa in qualche modo governare, e che la questione ecologica si possa risolvere con la green economy, mantenendo intanto il sistema capitalistico. Tanti i ricordi personali. Gli incontri con lei nella sua casa-ufficio erano sempre densi, a volte agitati, mai noiosi. Prima di passare all’enorme tavolo da lavoro, bianco e un po’ traballante sotto il peso di libri e fascicoli, l’accoglienza avveniva in cucina con il caffè e i biscotti.
E come dimenticare i piatti toscani che cucinava anche per i vegetariani. Negli ultimi due mesi aveva avuto un’emorragia cerebrale dalla quale purtroppo non si era più ripresa. Nel libro collettivo pubblicato dalla Fondazione Luigi Micheletti nel 2016 per festeggiare i 90 anni di Giorgio Nebbia, Giovanna si esprimeva così: “Giorgio è uno scienziato che ha cuore e intelligenza”. Giovanna, valeva anche per te. Un abbraccio alla famiglia e in particolare alle nipoti Eleonora e Luisa.
Giovanna Ricoveri, l’ ambientalismo per cambiare la società
di Edi Arnaud, Paolo Cacciari, Marinella Correggia, Marino Ruzzenenti - Il ricordo Giovanna Ricoveri se ne è andata, a Genova, nella notte fra il 3 e ilRifondazione Comunista
rag. Gustavino Bevilacqua reshared this.
Serve Your Next Website with QuickBasic
You can only imagine that when they made Star Trek back in the 1960s, they would have laughed if anyone suggested they’d still be making the show nearly six decades later. If you told [John Kemeny] at Dartmouth back in 1964 that people would be serving websites in Basic in the year 2024, he’d probably be amazed after you explained what a website was. But that’s what [Jamonholmgren] is doing.
[Jamon] wrote his first Basic program when he was 12, which was a common thing to do. Recently, he decided to build and deploy a website using Basic, and so this project, qub (pronounced like cube), was born. The web server is modified from an existing source but adds features and many new features are planned.
The main program essentially creates a starter set of HTML and related files for the server. Honestly, we don’t recommend a server in Basic, but it is fun to see Basic — granted a modern version of QuickBasic — being up to the task.
It would probably be smarter to dedicate an old phone to the task. Or you could stand up an old DOS computer, but that’s probably not any better.
Radio Apocalypse: HFGCS, The Backup Plan for Doomsday
To the extent that you have an opinion on something like high-frequency (HF) radio, you probably associate it with amateur radio operators, hunched over their gear late at night as they try to make contact with a random stranger across the globe to talk about the fact that they’re both doing the same thing at the same time. In a world where you can reach out to almost anyone else in an instant using flashy apps on the Internet, HF radio’s reputation as somewhat old and fuddy is well-earned.
Like the general population, modern militaries have largely switched to digital networks and satellite links, using them to coordinate and command their strategic forces on a global level. But while military nets are designed to be resilient to attack, there’s only so much damage they can absorb before becoming degraded to the point of uselessness. A backup plan makes good military sense, and the properties of radio waves between 3 MHz and 30 MHz, especially the ability to bounce off the ionosphere, make HF radio a perfect fit.
The United States Strategic Forces Command, essentially the people who “push the button” that starts a Very Bad Day, built their backup plan around the unique properties of HF radio. Its current incarnation is called the High-Frequency Global Communications System, or HFGCS. As the hams like to say, “When all else fails, there’s radio,” and HFGCS takes advantage of that to make sure the end of the world can be conducted in an orderly fashion.
Bombs Away LeMay
The US Air Force has a long history radio, dating back to when airplanes were little more than wood and canvas contraptions. Radio, especially HF radio, played a huge role in prosecuting World War II, changing the face of warfare forever. As the Cold War years set in and strategic forces became increasingly important, HF radio systems continued to play a role. One of the biggest boosters of HF radio for coordinating strategic air forces was none other than General Curtis LeMay, who as an enthusiastic amateur radio operator well knew the power of HF radio to communicate long distances, particularly using single-sideband (SSB) modulation.
Despite this history, HFGCS itself is relatively new. It only came onto the scene in 1992, when post-Cold War military restructuring combined two earlier Air Force HF networks into the Global High-Frequency System. GHFS would undergo equipment upgrades in 2002 and get an extra letter in its rearranged acronym, becoming HFGCS. While HFGCS may have started out as the Air Force’s baby, its design is open and flexible enough that it can be used by Air Force, Army, and Navy assets anywhere in the world around the clock.
The primary fixed infrastructure of HFGCS is a network of thirteen ground stations scattered across the United States and its territories as well as allied countries around the world. The HFGCS ground stations are linked together through a combination of landlines and satellite stations to act as a unified network. Almost all of the stations on the network are “lights out” stations that are controlled remotely. The primary control point for the entire system is located at Andrews Air Force Base outside of Washington, DC, with a backup location deep in the interior of the continent at Offutt AFB in Omaha, Nebraska. Each of these two stations is manned around the clock and can control the entire network.
It’s obviously difficult to get a lot of technical detail on what sort of gear is being used at each HFGCS station, but there’s one aspect of the system that’s hard to keep from public scrutiny: the antennas. The Offutt AFB transmitter station provides a pretty good look at things, sitting as it does in the middle of a cornfield off a public road in Elkhorn, Nebraska. There sprouts a sprawling farm of directional and omnidirectional antennas, including a collection of massive AS-3482/GRC log periodic arrays. These giants have twin towers that support a rotating platform with three support booms for the radiation array. A balun at the base matches the antenna to the feedline, which is a 50-ohm hardline coax measuring a whopping 3-1/8″ (80 mm) diameter. HFGCS stations also have receive capability, of course, but given the 25,000-watt power rating on these antennas, the receivers are generally not located with the transmitters. In the case of the Offutt AFB station, the receivers are located 28 miles (45 km) away outside of Scribner, Nebraska.Interesting crop. One of the many AS-3482/GRC log-periodic antennas at the HFGCS transmit antenna farm outside Offut AFB in Nebraska. Source: Google
Fine Business, Old Minuteman
The ability of HF radio to make contacts across the globe with no fixed infrastructure between contact points is what makes it perfect for backup communications with strategic forces. That’s not to say that it’s foolproof, of course; there certainly are ways to interfere with the ionospheric skip that it depends on, which probably plays a large part in why HFGCS is only a backup, but things have to have gone badly wrong for that to be the case.Built to last. Blast cover for HFGCS transmit antenna silo at a Minuteman LCC. The white cone in the background is a hardened radome for the UHF satellite link. Source: Library of Congress.
Ironically, one of the ways for things to go wrong enough to bump HFGCS up from backup status is an all-out nuclear exchange, which would no doubt involve the 450-odd Minuteman III ICBMs that comprise one of the legs of the United States’ nuclear triad. The Minuteman missiles are kept at the ready in 45 missile alert facilities (MAFs) scattered across the American prairie. Each MAF is comprised of ten launch facilities, each storing one LGM-30 missile in an underground silo, and a separate launch control center, or LCC. The LCC is the underground bunker crewed by two Air Force officers who bear the responsibility of turning the keys that launch their flight of missiles, should it be so ordered.
But to perform that final official act of their careers, those officers have to get the coded order from US Strategic Command, typically over one of the primary secure networks. Should those links fail, though, each LCC is equipped with an HFGCS link. The fact that each LCC is no doubt slated to receive a nasty package on the appointed day means that standard HF antennas, which tend to be quite large, are far too exposed to survive and perform their backup duties. So the LCCs sport hidden HFGCS antennas that can be deployed on command.
On the transmit side, each squadron LCC has a 50′ (15 meter) deep reinforced concrete silo topped by an extremely sturdy blast door that’s flush to the ground, for maximum resistance to nearby blast waves. Upon command, the door opens to allow a telescopic HF antenna to extend up to 120′ (36 meters) above the ground. The reality, though, is that the need to transmit on HFGCS is far less important than being able to receive. That’s why the receiving antenna arrangement is a bit more complicated.The Bravo-01 LCC for the 319th Missile Squadron. It’s not entirely clear if Minuteman LCCs still have the deployable antennas activated, but the silo for the receive antenna is clearly visible in the northeast corner below the freestanding red-on-white tower. The telescoping transmit antenna silo is the ominous bullseye in the southwest section of the facility. Source: Google Maps
To make sure the LCC is always ready to receive and act on an Emergency Alert Message (EAM), each facility has a hardened HFGCS receive antenna array. Like the transmitting antenna, these are housed in underground silos. Each silo has six monopole steel antennas, one of which is always deployed. The five others are kept in reserve; should the main antenna get knocked down, an explosive charge at the bottom of the antenna’s tube detonates, extending a fresh antenna above the ground.
Mainsail, Mainsail
Given the highly sensitive nature of the traffic on a radio network charged in part with ending the world, you’d think that messages would be digitally encrypted and completely useless to try snooping in on. And while it’s true that there are encrypted digital modes that use HFGCS, a surprising amount of traffic is just plain old voice messages transmitted in the open. While it remains true that nothing punches through like good old Morse code on continuous wave (CW), SSB voice is far more efficient. The video below shows British ham M0SZT monitoring HFGCS from an adorable shepherd’s camp somewhere in the Peak’s District, not far from the RAF Croughton HFGCS site:
youtube.com/embed/ytqLbWRBQy4?…
That’s not to say that you’d be able to understand the messages, the bulk of which is a block of 30 numbers and letters, with the former stated as the standard NATO phonetic alphabet. Unless you have the decryption code, the message will read as gibberish. In fact, you can’t even derive any useful information from the length of the message, since it’s always 30 characters long. About the only metadata you could potentially glean would be the station code names embedded in the message, but since those are randomly changed every day, there’s not much point.
Still, there’s plenty to be gained from monitoring HFGCS, especially in times of geopolitical tumult. If the balloon goes up, so to speak, then traffic on HFGCS will undoubtedly increase markedly, as it will on its Russian counterpart, colloquially known as Bear Net to the US military. It’ll make for interesting listening — at least for a few minutes.
Manuel D'Orso reshared this.
KozSec rivendica un attacco informatico a Vodafone Ukraine: Un’Analisi Tecnica
Vodafone Ukraine è stata recentemente vittima di un attacco cibernetico di grande portata, rivendicato da un gruppo noto come #KozSec. Questo articolo tecnico fornisce un’analisi dettagliata dell’incidente, delle tecniche utilizzate dagli aggressori e delle implicazioni geopolitiche ed economiche dell’attacco.
Dettagli dell’Attacco
L’attacco ha colpito Vodafone Ukraine, causando disservizi significativi. In particolare, sono stati compromessi 65.536 indirizzi IP e diversi domini sono risultati non funzionanti. Questi dati sono stati raccolti e riportati dagli specialisti, sebbene si tratti di valori approssimativi. Il gruppo responsabile ha dichiarato che l’operazione è stata un’azione dimostrativa della loro capacità di partecipare attivamente a un conflitto cibernetico. L’attacco ha mostrato una chiara competenza tecnica, coinvolgendo probabilmente un mix di tecniche avanzate di Distributed Denial of Service (DDoS) e possibili exploit di vulnerabilità nei sistemi di Vodafone Ukraine. L’azione è durata un’ora, ma il gruppo ha avvertito che il loro obiettivo finale è la totale distruzione delle infrastrutture colpite. L’attacco è stato pianificato per durare un’ora, ma il gruppo ha avvertito che future operazioni potrebbero essere più estese e devastanti. Questo primo attacco potrebbe quindi essere stato un test o una dimostrazione delle loro capacità tecniche e della loro determinazione. L’attacco ha causato disservizi significativi, interrompendo i servizi di comunicazione per numerosi utenti. La vasta compromissione degli indirizzi IP e dei domini ha avuto ripercussioni su vari settori economici, evidenziando la vulnerabilità delle infrastrutture critiche.
Contesto Geopolitico
Il gruppo #KozSec ha dichiarato di operare a favore della Russia, in un contesto di tensioni geopolitiche elevate. Questo attacco si inserisce in un quadro più ampio di cyber conflitti che vedono coinvolte diverse nazioni e organizzazioni in azioni di hacking offensive.
Il gruppo ha descritto l’attacco come un gesto simbolico di opposizione all’oppressione e di sostegno alla trasparenza e responsabilità globali. Questo messaggio suggerisce che gli attacchi futuri potrebbero essere diretti non solo a infrastrutture critiche, ma anche a entità percepite come oppressive o non trasparenti.
Conseguenze Tecniche ed Economiche
L’attacco ha causato significativi disservizi per gli utenti di Vodafone Ukraine, potenzialmente interrompendo servizi essenziali di comunicazione. La compromissione di 65.536 indirizzi IP e di diversi domini indica un attacco su larga scala, con possibili ripercussioni su molteplici settori economici.
Vodafone Ukraine dovrà intraprendere immediate azioni di recupero per ripristinare i servizi interrotti e rafforzare la sicurezza delle proprie infrastrutture. Saranno necessari interventi di aggiornamento dei sistemi di difesa cibernetica e un’analisi approfondita delle vulnerabilità sfruttate durante l’attacco.
Conclusioni
L’attacco a Vodafone Ukraine rappresenta un chiaro esempio delle attuali minacce cibernetiche legate a tensioni geopolitiche. Il gruppo #KozSec ha dimostrato capacità tecniche avanzate e una determinazione ideologica che potrebbero portare a ulteriori attacchi in futuro. È essenziale che le organizzazioni potenzialmente a rischio adottino misure preventive e rafforzino le loro difese per proteggere le infrastrutture critiche e i servizi essenziali.
Raccomandazioni
- Monitoraggio Continuo: Implementare sistemi di monitoraggio in tempo reale per rilevare e rispondere rapidamente a possibili attacchi.
- Aggiornamento della Sicurezza: Eseguire regolarmente aggiornamenti di sicurezza per mitigare le vulnerabilità conosciute.
- Piani di Risposta agli Incidenti: Sviluppare e testare piani di risposta agli incidenti per garantire una reazione rapida ed efficace in caso di attacco.
- Formazione del Personale: Formare il personale per riconoscere le minacce cibernetiche e rispondere adeguatamente.
L’importanza di un approccio proattivo alla sicurezza cibernetica non può essere sottovalutata, specialmente in un contesto di crescenti tensioni geopolitiche e di sofisticate capacità di attacco.
L'articolo KozSec rivendica un attacco informatico a Vodafone Ukraine: Un’Analisi Tecnica proviene da il blog della sicurezza informatica.
reshared this
Fuga di Dati FBI: Pubblicato il Database degli Agenti su Breached Forum
Una presunta fuga di dati senza precedenti ha travolto l’FBI: un massiccio data breach che ha esposto online i dati personali di oltre 22.000 agenti, mettendo a rischio la sicurezza nazionale.
Un utente di Breached Forum ha pubblicato un database contenente nomi, ruoli e altre informazioni sensibili degli agenti, scatenando l’allarme nella comunità dell’intelligence.
Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence’.
Dettagli del Data Breach
Il post, pubblicato dall’utente “rpk” il 3 agosto 2024 alle 03:23 AM, presenta un file contenente i dettagli di numerosi agenti dell’FBI. Il file, di 1.9MB, include presumibilmente nomi, ruoli e altre informazioni personali degli agenti.
Secondo il post, il database è descritto come un file di testo (.txt) con un totale di 22.175 righe. Il post include anche alcune informazioni generali sull’FBI, enfatizzando il ruolo dell’agenzia come principale braccio investigativo del Dipartimento di Giustizia degli Stati Uniti e membro a pieno titolo della comunità dell’intelligence statunitense.
Un aspetto rilevante di questa pubblicazione è la totale assenza di esempi di dati (sample) che dimostrino la veridicità delle informazioni contenute nel database. Inoltre, non è stato previsto alcun meccanismo di escrow, un intermediario fidato che possa garantire l’autenticità e la sicurezza della transazione dei dati. Queste assenze sollevano dubbi sulla credibilità del database e sull’intenzione dell’utente “rpk”.
Conclusione
La divulgazione di informazioni personali degli agenti dell’FBI rappresenta un rischio significativo. Gli agenti potrebbero diventare bersagli di attacchi fisici o digitali, e le loro famiglie potrebbero essere minacciate. Inoltre, la fuga di dati potrebbe compromettere operazioni investigative in corso.
Non è chiaro come l’FBI abbia risposto al data breach, è probabile che l’agenzia stia conducendo un’indagine interna per determinare come si sia verificata la fuga di dati e per prevenire ulteriori incidenti.
Questa fuga di dati sottolinea l’importanza critica della cyber security e della protezione delle informazioni sensibili. Mentre l’FBI lavora per mitigare i danni e prevenire future violazioni, questo incidente serve come promemoria della necessità di rafforzare continuamente le misure di sicurezza a tutti i livelli delle agenzie governative.
L'articolo Fuga di Dati FBI: Pubblicato il Database degli Agenti su Breached Forum proviene da il blog della sicurezza informatica.
reshared this
TikTok Lite to permanently suspend Rewards Program in EU, closing Commission investigation over addictive effects
TikTok can no longer launch rewards programmes for its EU users, following binding measures that the European Commission announced on Monday (5 August).
Come prosegue il braccio di ferro tra Delta Air e CrowdStrike
@Informatica (Italy e non Italy 😁)
La società di cybersicurezza il cui software ha causato un’interruzione globale dei computer il 19 luglio che ha paralizzato settori tra cui le compagnie aeree sostiene che Delta ha rifiutato l'assistenza in loco e che la causa legale proposta dal vettore contribuisce a una
reshared this
Truppe Usa fuori anche dall’ultima base in Niger. Gli effetti sulla regione
[quote]Gli Stati Uniti abbandonano oggi la seconda e ultima base aerea 201 in Niger, marcando il ritiro delle loro forze da un Paese assolutamente strategico nel continente africano. Questa decisione arriva dopo che, nel mese di marzo, un portavoce militare nigerino ha annunciato la fine dell’accordo di controterrorismo con gli Stati
Mulé a TPI: “Forza Italia non deve chiudersi in cerchi magici, è ora di aprirsi come nel 1994”
@Politica interna, europea e internazionale
Presidente Mulè, proprio non riusciamo a uscire dagli anni di piombo? Anche gli anniversari delle stragi di Bologna e dell’Italicus sono una ragione per l’ennesima contrapposizione sul ventennio mai passato. “Il nostro problema, il
Politica interna, europea e internazionale reshared this.
Proof that find + mkdir are Turing-Complete
Data manipulation is at the heart of computation, and a system is said to be Turing-complete if it can be configured to manipulate data in a way that makes implementing arbitrary computation possible. [Keigo Oka] shared a proof that find
and mkdir
together are Turing-complete, which is to say, a system with only GNU’s find
and mkdir
has access to enough functionality to satisfy the requirements of Turing completeness, which ignores questions of efficiency or speed.
[Keigo Oka]’s first attempt at a proof worked to implement Rule 110, an elementary cellular automata configuration that has been shown to be Turing-complete, or ‘universal’, but has been updated to implement a tag system as it’s proof, and you can see it in action for yourself.
Seeing basic utilities leveraged in such a way illustrates how computation is all around us, and not always in expected places. We’ve also seen Turing-complete origami and computation in cellular automata.
Esempio di come inserire un testo alternativo nelle immagini
Il post è stato utilizzato qui come esempio per la guida di Friendica
Immagine senza #AltText:
Immagine con link alla fonte dell'immagine e testo alternativo:
Il futuro della guerra è qui. Cosa deve fare il Pentagono secondo Foreign Affairs
[quote]“L’America non è pronta per le guerre del futuro. E sono già qui”. Un titolo (con annesso sottotitolo) che potrebbe risultare allarmistico e volutamente esagerato, come già altri lo sono stati nei mesi e negli anni precedenti. Ma se a prendere questa posizione piuttosto
Cyber caos, CrowdStrike contro le accuse di Delta Airlines: “L’azienda ha rifiutato il nostro aiuto”
@Informatica (Italy e non Italy 😁)
Continuano le polemiche dopo il cyber caos informatico dello scorso 19 luglio che ha provato un blackout informatico in tutto il mondo. Ieri, in una risposta a Delta Airlines, CrowdStrike ha affermato che la società di
Informatica (Italy e non Italy 😁) reshared this.
reshared this
#NotiziePerLaScuola
È disponibile il nuovo numero della newsletter del Ministero dell’Istruzione e del Merito.
🔶 Istruzione tecnica e professionale, la riforma è legge.
Ministero dell'Istruzione
#NotiziePerLaScuola È disponibile il nuovo numero della newsletter del Ministero dell’Istruzione e del Merito. 🔶 Istruzione tecnica e professionale, la riforma è legge.Telegram
Poliverso & Poliversity reshared this.
LianSpy: new Android spyware targeting Russian users
In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Technical details
Initially, LianSpy determines if it is running as a system app, which automatically receives the permissions it needs. Otherwise, it requests permissions for screen overlay, notifications, background activity, contacts, call logs, etc. Once authorized, the spyware verifies it’s not running in a debugging environment. If the environment is free from debugger artifacts, LianSpy sets up its configuration with predefined values and stores this data as a collection of key-value pairs locally using SharedPreferences, an app data storage mechanism generally used for storing application settings. This configuration persists across device reboots and uses integer keys linked to specific spyware settings in SharedPreferences. A detailed list of configuration parameters, including descriptions and default values, is provided below.
ID (key) | Description | Default value |
100 | Is first launch | false |
110 | Allow to run if connected to Wi-Fi | true |
111 | Allow to run if connected to mobile network | true |
113 | Threat actor’s Yandex ID | REDACTED |
115 | Threat actor’s Yandex Disk OAuth token | REDACTED |
121 | Collect list of installed applications on target device | true |
123 | Collect call logs | true |
124 | Collect contact list | true |
128 | Take screenshots as root with screencap binary | false |
136 | Capture screen via media projection API | true |
302 | Time interval between screenshots in milliseconds | 5000 (5s) |
308 | Time interval between data exfiltration tasks in milliseconds | 1200000 (20min) |
400 | Comma-separated list of apps (package name substrings) for screen capture via media projection API or taking screenshots with screencap binary | whatsapp, viber, skype, chrome, vkontakte, telegram, android.gm, gallery, thoughtcrime.securesms, facebook, tencent.mm, snapchat, icq, tencent.mobileqq, imoim, mailapp, instagram, kakao.talk, discord, chrome, internet, browser, dolphin, firefox, opera, safari, uc browser, maxthon, baidu, yandex |
420 | Unused | – |
450 | User ID | – |
Once activated, the spyware hides its icon and registers a built-in broadcast receiver to receive intents from the system. This receiver triggers various malicious activities, such as screen capturing via the media projection API, taking screenshots as root, exfiltrating data, and updating its configuration.
LianSpy registers a malicious broadcast receiver
To update the spyware configuration, LianSpy searches for a file matching the regular expression
"^frame_.+\\.png$" on a threat actor’s Yandex Disk every 30 seconds. If found, the file is downloaded to the application’s internal data directory. The spyware then decrypts the overlay (data written after the end of the payload) in the downloaded file with a hardcoded AES key. Finally, the configuration updater searches the decrypted payload for a set of substrings, each substring modifying LianSpy’s configuration. A comprehensive list of available options can be found below.
Substring (command name) | Description |
*con+ | Enable contact list collection |
*con- | Disable contact list collection |
*clg+ | Enable call log collection |
*clg- | Disable call log collection |
*app+ | Enable collection of installed app list |
*app- | Disable collection of installed app list |
*rsr+ | Schedule taking screenshots |
*rsr- | Stop taking screenshots |
*nrs+ | Enable screen recording |
*nrs- | Disable screen recording |
*swl | Set new app list, stored right after command string, for screen recording |
*wif+ | Allow to run if device is connected to Wi-Fi |
*wif- | Prohibit from running if device is connected to Wi-Fi only |
*mob+ | Allow to run if device is connected to mobile network |
*mob- | Prohibit from running if device is connected to mobile network only |
*sci | Set screen capture interval in milliseconds |
*sbi | Set interval between data exfiltration tasks in milliseconds |
The collected victim’s data is stored encrypted in the SQL table
Con001, which also contains the type of record (device information, contact list, call logs, etc.) and its SHA-256 hash. The data is encrypted using the following scheme:
- An AES key for data encryption is generated using secure pseudorandom number generator (PRNG). This approach thwarts timing-based attacks that could potentially be exploited by unauthorized parties.
- A hardcoded public RSA key embedded within the spyware encrypts the AES key.
This robust encryption scheme ensures that only a threat actor owning the corresponding private RSA key can decrypt stolen data.
Stealth features
LianSpy employs unconventional sophisticated evasion techniques to remain undetected.
- To blend in with legitimate applications, its variants masquerade as the Alipay app or a system service.
- Android 12 introduced the privacy indicators feature, which displays a status bar icon if sensitive data is being accessed, for example when the screen is being recorded. However, LianSpy developers have managed to bypass this protection by appending a cast value to the Android secure setting parameter icon_blacklist, which prevents notification icons from appearing in the status bar.
- To further conceal its activities, LianSpy hides notifications from background services it calls by leveraging the NotificationListenerService that processes status bar notifications and is able to suppress them. A list of key phrases used for removing a notification from the status bar can be found below.running in the background
using battery
в фоновом режиме
использует батарею
используют батарею
- LianSpy can take screenshots using the screencap system command, typically employed for debugging, but accessible with root permissions. This command leaves no trace of screenshot capture, which allows attackers to stealthily capture screen content.
- It leverages legitimate cloud and pastebin services extensively, making malicious web activity from a compromised device virtually undetectable.
- It encrypts exfiltrated data using a robust encryption scheme. Victim identification remains impossible even if Yandex Disk credentials are compromised during APK analysis.
- LianSpy uses su binary with a modified name to gain root access. The malware samples we analyzed attempt to locate a mu binary in the default su directories. This indicates an effort to evade root detection on the victim’s device. Acquiring superuser rights with such a strong reliance on a modified binary suggests that the spyware was likely delivered through a previously unknown exploit or physical device access.
Infrastructure
LianSpy has no private infrastructure whatsoever. Instead, the threat actor leverages Yandex Disk for both exfiltrating stolen data and storing configuration commands. Victim data is uploaded into a separate Yandex Disk folder.
Other than configuration update job, LianSpy’s communication with its command-and-control (C2) server is unidirectional, with no incoming commands. The malware autonomously conducts update checks and data exfiltration based on its current configuration.
Yandex Disk credentials can be updated from a hardcoded pastebin URL, which may vary across different malware variants. A comprehensive list of these pastebin pages is provided in the IoC section.
Victims
Given that key phrases used to filter notifications are partially in Russian, and some of the default configurations of LianSpy variants include package names for messaging apps popular in Russia, we assume that this spyware targets users in that country. Our KSN telemetry corroborates this, indicating that Russian users have been victims of LianSpy attacks.
Conclusion
The newly discovered Android spyware we dubbed LianSpy exhibits several noteworthy capabilities. Beyond standard espionage tactics like harvesting call logs and app lists, it leverages root privileges for covert screen recording and evasion. Its reliance on a renamed
su binary strongly suggests secondary infection following an initial compromise. Unlike financially motivated spyware, LianSpy’s focus on capturing instant message content indicates a targeted data-gathering operation.
By exclusively leveraging legitimate platforms like Yandex Disk and pastebin services for data exfiltration and C2 communication, the threat actor has complicated attribution. This novel Android threat exhibits no overlap with ongoing malware campaigns targeting Russian users, and we will maintain vigilant monitoring for related activities.
Indicators of Compromise
APK file hashes
084206ec8e6e5684a5acdcbd264d1a41
09088db5640381951e1b4449e930ff11
15222c61978f9133aa34b5972ce84e7e
1ccf5b723c38e30107d55040f10ce32a
22b013cfb95df6b4ba0d2d40dc4bddf4
23b9e5d4ab90506c6e9a42fa47164b84
36bc97ce040ada7142e4add4eb8cd3dd
38149658e5aba1942a6147b387f79d3f
3a4f780820043a8f855979d2c59f36f2
4c3e81bb8e972eef3c9511782f47bdea
5b16eb23a2f5a41063f3f09bc4ca47dd
69581e8113eaed791c2b90f13be0981a
707a593863d5ba9b2d87f0c8a6083f70
7de18a7dac0725d74c215330b8febd4e
842d600d5e5adb6ca425387f1616d6c4
86ea1be200219aca0dc985113747d5ea
86f7c39313500abfb12771e0a4f6d47a
8f47283f19514178ceb39e592324695a
966824d8c24f6f9d0f63b8db41f723b6
99d980a71a58c8ad631d0b229602bbe2
9f22d6bffda3e6def82bf08d0a03b880
a7142ad1b70581c8b232dc6cf934bda4
c449003de06ba5f092ee9a74a3c67e26
d46c5d134a4f9d3cd77b076eb8af28b3
d9e9655013d79c692269aeadcef35e68
da97092289b2a692789f7e322d7d5112
ec74283d40fd69c8efea8570aadd56dc
f13419565896c00f5e632346e5782be4
f37213a7ef3dc51683eec6c9a89e45af
f78eaca29e7e5b035dbcbabac29eb18d
fa3fecca077f0797e9223676d8a48391
fbc2c4226744c363e62fcfeaec1a47f1
Yandex Disk encrypted credential sources
hxxps://pastebin[.]com:443/raw/X4CuaV5L
hxxps://pastebin[.]com:443/raw/0t2c1Djz
hxxps://pastebin[.]com:443/raw/8YXyQtp9
hxxps://pastebin[.]com:443/raw/hm78BGe9
hxxps://pastebin[.]com:443/raw/R509SydV
hxxps://pastebin[.]com:443/raw/dXXcZDF7
hxxps://pastebin[.]com:443/raw/81GhQUjK
hxxps://pastebin[.]com:443/raw/2PmX7Bgd
hxxps://pastebin[.]com:443/raw/zsY6tZLb
hxxps://pastebin[.]com:443/raw/rzMhGiFp
hxxps://pastebin[.]com:443/raw/85DMiWdE
hxxps://pastebin[.]com:443/raw/nSZaB3hw
hxxps://pastebin[.]com:443/raw/Wppem8U5
hxxps://pastebin[.]com:443/raw/KRqNqNrT
hxxps://pastebin[.]com:443/raw/47uLyg6q
hxxps://pastebin[.]com:443/raw/tUQFWtVY
hxxps://pastebin[.]com:443/raw/AgBMX16r
hxxps://pastebin[.]com:443/raw/wSzsbXpg
hxxps://pastebin[.]com:443/raw/e0SqYu41
hxxps://pastebin[.]com:443/raw/ZBFe2b4z
hxxps://pastebin[.]com:443/raw/cbLWwCbR
hxxps://pastebin[.]com:443/raw/fxqART5r
hxxps://pastebin[.]com:443/raw/hiAYisG8
hxxps://pastebin[.]com:443/raw/459bbu4H
hxxps://pastebin[.]com:443/raw/7kxADNLm
hxxps://pastebin[.]com:443/raw/417svXuD
hxxps://pastebin[.]com:443/raw/w4j6jNBV
hxxps://pastebin[.]com:443/raw/9eQJ8uUd
hxxps://pastebin[.]com:443/raw/zy8BKYyg
hxxps://pastebin[.]com:443/raw/uc5Ft4z6
At Last, Chumby is Ready
It has been two years, but the slow and steady progress that [Doug Brown] has been making towards bringing a modern Linux kernel to the Chumby has approached the point that it could be called done. In his final blog post of the series, [Doug] walks through the highs and lows of the whole process.
Many of the changes [Doug] and others have made are already upstream in the Linux mainline. However, some will likely remain in private branches for a few reasons that [Doug] gets into. The blog post covers every commit needed to turn a Chumby or other Marvell ARMADA-powered widget into a working device. At the end of the day, what does [Doug] have to show? He can turn it on, see a boot logo, and then see an indefinite white screen. While underwhelming to most of the world, an X server is coming up, Wi-fi is online, the time syncs from an NTP server, and the touchscreen is ready to be tapped. A white screen, yes, but a white screen of potential. [Doug] has to decide what to launch after boot.
However, the future of the Chumby and other older devices is still on the chopping block of progress. Compiler writers want to drop support for platforms that nobody uses anymore, and the Chumby is ARMv5. With many changes destined to languish, [Doug] still considers it a huge success, and we do too. The whole series represents a journey with beautiful lessons about the power of the Linux device tree, making the dark and scary world of Linux kernel drivers seem a little more approachable.
We’ve covered the first post and when graphics started coming along. We salute the mighty Chumby and the idea it stood for. Of course, the idea of a handy screen displaying information is still alive and well. This handy e-paper HomeAssistant display is just one of many examples.
Tutti i dettagli sul nuovo pattugliatore di Fincantieri/Leonardo per la Marina
[quote]La Marina Militare Italiana ha ufficialmente incaricato Orizzonte sistemi navali (Osn) di costruire il quarto pattugliatore di nuova generazione nell’ambito del programma Opv (Offshore patrol vessel). Osn, una joint venture tra Fincantieri e Leonardo, con rispettive quote del 51% e 49%, ha ricevuto la notifica