Can You Homebrew A Running Shoe?
Unless you spend all your time lounging on the sofa, you probably own at least one pair of shoes. But have you ever thought to make your own to improve some aspect of your life? YouTube channel Answer in Progress set out to do precisely that, but it didn’t quite work out.
When you (well, other people) get into running, it’s tempting to believe a lot of the shoe company hype and just drop hundreds of dollars on the latest ‘super shoe’ and hope that will help you break your target time. But do you actually need to buy into all this, or can you make something yourself? The project aimed to get the 5k time down significantly, at any cost, but primarily by cheating with technology. The team set out to look at the design
The plan was to make a ‘sock’ shoe style, with an upper in one piece and stretchy enough to slip on without laces. The process started by wrapping the foot in cling film and then a few layers of duct tape to fix the shape. This was split down the top to extract the foot, open out the pattern, and transfer it to some nylon fabric. The outer profile was transferred and cut out with simple hand tools in a fashion that would allow the shape to be reconstructed as it was glued to a sole. It sounds simple, but it’s pretty fiddly work.
The latest running shoes use specialised rubber materials for the midsole. The solid foam wedge between the outer rubber and the inner sole cushions the foot. Those materials are only a few per cent ‘better’ than much more accessible foams that can be 3D printed. After sculpting a sole shape by hand using Blender, a friend 3D printed it. After that, the upper part was glued and ready for a test run. Which didn’t last long. It turned out that the lack of a stable heel counter (the bit around the back) that helps lock the heel in place meant the foot was too loose in the shoe, causing potential issues such as an ankle roll. That would be not good. A follow-up session with a sports-focused chiropodist demonstrated that all this was rather pointless before the fundamental issues of strength and fitness were addressed. So, whilst it was fun to see an attempt to beat the big boys at their own game, it sure isn’t easy to pull it off, especially if you can’t get off the sofa.
The invention of flexible 3D printing filaments spurred the development of a wide range of 3D-printed footwear, like these low-poly beauties. While we’re 3D printing shoes, we also need some lace locks. Finally, with winter approaching for us Northerners, perhaps it’s time to run off a pair of 3D-printed strap-on cleats.
youtube.com/embed/AiG_yD0Jf8Y?…
Thanks to [fluffy] for the tip!
Podcast: How Politician Turned Advocate Susanna Gibson Battles Non-Consensual Imagery
The former candidate for Virginia House of Delegates Susanna Gibson on how she went from full-time nurse, to running for office, to being targeted by non-consensual intimate imagery and harassment—and how her new model legislation and nonprofit are f…Samantha Cole (404 Media)
‘Upgrading’ a Microwave Oven To 20 kW
Whilst microwave plasmas are nothing new around here, we were curious to see what happens at 20x the power, and since YouTuber [Styropyro] had put out a new video, we couldn’t resist seeing where this was going. Clearly, as your bog standard microwave oven can only handle at most one kilowatt; the ‘oven’ needed a bit of an upgrade.
Getting hold of bigger magnetrons is tricky, but as luck — or perhaps fate — would have it, a 16 kW, water-cooled beast became available on eBay thanks to a tip from a Discord user. It was odd but perhaps not surprising that this Hitatch H0915 magnetron was being sold as a ‘heat exchanger.’
[Styropyro] doesn’t go into much detail on how to supply the anode with its specified 16 kW at 9.5 kVDC, but the usual sketchy (well down-right terrifying) transformers in the background indicate that he had just what was needed kicking around the ‘shop. Obviously, since this is a [Styropyro] video, these sorts of practical things have been discussed before, so there is no need to waste precious time and get right on to blowing stuff up!
Some classic microwave tricks are shown, like boiling water in five seconds, cooking pickles (they really do scream at 20 kW) and the grape-induced plasma-in-a-jar. It was quite clear that at this power level, containing that angry-looking plasma was quite a challenge. If it was permitted to leak out for only a few seconds, it destroyed the mica waveguide cover and risked coupling into the magnetron and frying it. Many experiments followed, a lot of which seemed to involve the production of toxic brown-colored nitrogen dioxide fumes. It was definitely good to see him wearing a respirator for this reason alone!
The main star of the demonstration was the plasma-induced emissions of various metal elements, with the rare indigo and violet colors making an appearance once the right blend of materials was introduced into the glassware. Talking of glassware, we reckon he got through a whole kitchen’s worth. We lost count of the number of exploded beakers and smashed plates. Anyway, plasma science is fun science, but obviously, please don’t try any of this at home!
For those who didn’t take an ‘electron devices’ course at college, here’s a quick guide to how magnetrons work. Plasma physics is weird; here’s how the plasma grape experiment works. Finally, this old hack is a truly terrible idea. Really don’t do this.
youtube.com/embed/mg79n_ndR68?…
Una crociera/evento di dipendenti di Advance Cruise non attracca ad Amsterdam per una manifestazione di Extinction Rebellion.
Per "precauzione a causa di proteste previste per venerdì e sabato".
Ohhhhhhhhh. Che pericolosi questi Extinction Rebellion, che già in passato avevano bloccata la discesa di crocieristi incatenandosi a terra.
Pericolosissimi.
Da fermare con battaglioni di assalto? Forse meglio col lanciafiamme? Niente è abbastanza per questi terroristi!
/S
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we talk about going viral, what we're watching lately, and a trip to Best Buy.
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we talk about going viral, what wex27;re watching lately, and a trip to Best Buy.#BehindTheBlog
Behind the Blog: Perverse Virality
This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we talk about going viral, what we're watching lately, and a trip to Best Buy.Samantha Cole (404 Media)
Ham Radio in the Internet Age
Even if you are relatively young, you can probably think back on what TV was like when you were a kid and then realize that TV today is completely different. Most people watch on-demand. Saturday morning cartoons are gone, and high-definition digital signals are the norm. Many of those changes are a direct result of the Internet, which, of course, changed just about everything. Ham radio is no different. The ham radio of today has only a hazy resemblance to the ham radio of the past. I should know. I’ve been a ham for 47 years.
You know the meme about “what people think I do?” You could easily do that for ham radio operators. (Oh wait, of course, someone has done it.) The perception that hams are using antique equipment and talking about their health problems all day is a stereotype. There are many hams, and while some of them use old gear and some of them might be a little obsessed with their doctor visits, that’s true for any group. It turns out there is no “typical” ham, but modern tech, globalization, and the Internet have all changed the hobby no matter what part of it you enjoy.
Radios
One of the biggest changes in the hobby has been in the radio end. Hams tend to use two kinds of gear: HF and VHF/UHF (that’s high frequency, very high frequency, and ultra-high frequency). HF gear is made to talk over long distances, while VHF/UHF gear is for talking around town. It used to be that a new radio was a luxury that many hams couldn’t afford. You made do with surplus gear or used equipment.
Globalization has made radios much less expensive, while technological advances have made them vastly more capable. It wasn’t long ago that a handy-talkie (what normal folks would call a walkie-talkie) would be a large purchase and not have many features. Import radios are now sophisticated, often using SDR technology, and so cheap that they are practically disposable. They are so cheap now that many hams have multiples that they issue to other hams during public service events.
Because these cheap ($20-$40) radios often use SDR, they can even be hacked. These radios aren’t typically the highest quality if you are used to repurposed commercial gear, but when you can replace the radio for $20, it hardly matters.
HF radios are a different story. Thanks to software-defined radio, superpowerful computers, and FPGAs, even relatively inexpensive HF radios have features that would have seemed like magic when I first got my license.
While some hams like to build gear or use simple or older gear, modern transceivers, like the IC-7300 from Icom shown here, have incredible RF filtering done in software, spectrum analyzers, and scopes built in. The 7300, by the way, isn’t considered a “top of the line” radio by any means. But it has features that would have been a dream on a state of the art unit before the advent of DSP.
Having these kind of tools changes how you operate. In the old days, you’d tune around to see if you could hear anyone. Now, glancing at the screen will show you all the signals on a band and how strong they are. Touch one, and you tune it in immediately. Digital noise reduction is very helpful these days with so much interference, and, of course, you can control the whole thing from a PC if you want to.
The receivers are exceptional compared to what even a high-end radio would offer a few decades ago. Specialized filters used to be expensive and limited in options. Now, you can design any filter you want on the fly and it will be nearly perfect.
Granted, these radios aren’t in the impulse buy category like the handheld radios. Still, you can find them new for around $1,000 and used for less. There are also other similar radios for much less. Just as you can buy imported handheld VHF and UHF radios, there are imported HF radios that put out a lower wattage (20 watts vs 100 watts is typical). These still have plenty of features, and you can get them for about half the cost of the name-brand 100W rigs. [K4OGO] has a video (see below) about several popular radios in that price range and you’ll notice that many of them have similar displays.
youtube.com/embed/1lVU1eN1X_g?…
Digital Modes
Paradoxically, you might not need as hot a receiver, or as big of an antenna, or as much power as you might think. Hams have long known that voice communication is inefficient. Morse code could be the earliest form of digital radio communication, allowing a proficient operator to copy signals that would never make a voice contact. However, hams have also long used other digital modes, including TeleType, which is more convenient but less reliable than a good Morse code operator.
That changed with computer soundcards. Your computer can pull signals out of a hash that you would swear was nothing but noise. Modern protocols incorporate error detection and correction, retries, and sophisticated digital signal processing techniques to pull information from what appears to be nowhere.
What kind of sound card do you need? Almost any modern card will do it, but if you have the Icom IC-7300 pictured above, you don’t need one. It turns out, it is a sound card itself. When you plug it into a PC, it offers audio in and out for ham radio programs. It can even send IQ signals directly to the PC for common SDR programs to work with.
Some digital modes are conversational. You can use them like you might a radio-based chat room to talk to people you know or people you’ve just met. However, some modes are more specialized and optimized to make and confirm contact.
Computer Logging
There was a time when every ham had a log book — a notebook to write down contacts — and a stack of QSL cards. Operators would exchange cards in the mail to confirm contact with each other. Many of the cards were interesting, and collecting enough cards could earn an award (for example, working all 50 US states or over 100 foreign countries).
Things are different now. Many people use a computer to track their contacts. While you could just use a spreadsheet, there are many ways to log and — more importantly — share logs online.
The advantage is that when you make a contact and enter into the system, it can match your entry up with your partner’s entry and immediately confirm the contact. This isn’t perfect, because there are several systems people use, but it is possible to interoperate between them. No more waiting for the mail.
DX and Propagation
I mentioned that having a display of the entire ham band changes how you operate. But there is even more help out there. Many people enjoy working rare foreign stations or special event stations held at parks or historical locations. These days, if you hear a station like that on the air, you can report it on the Internet so other people can find them. In some cases, the operator will report themselves, even.
Suppose you want to make contact with someone in Kenya because you haven’t done it, and you are working towards an award that counts how many countries you’ve contacted. Instead of searching endlessly, you can simply watch the Internet for when a station from that country appears. Then turn on your radio, use the digital tuning to go exactly to their frequency, and try your luck.
Of course, radio propagation isn’t foolproof. But you can use beacons to determine how propagation is near you. There are many tools to manipulate the beacon data to better understand radio conditions. In fact, if you use digital modes or Morse code, you can find out who’s hearing you on the Internet, which can be very useful.
Why Not You?
Some old hams say the Internet is ruining ham radio. I say it is changing ham radio just like it has changed virtually everything else. Some of those changes aren’t that drastic anyway. For years, people chasing awards, trying to work long distances, or participating in contests have very short contacts. You typically would exchange your name, location, and how strong your signal is and then make way for the next person to make contact. The digital mode FT8 automates all that. It is true that it isn’t very personal, but those kinds of contacts were never personal to start with.
What’s more is that you don’t have to use any of this if you don’t want to. I operate a lot of Morse code with no mechanical assistance. If I hear a big pileup, I might go look at the computer to see who has been spotted on that frequency. But I don’t have to. I could figure it out the old-fashioned way.
Hams work with advanced signal processing software, satellites, moon bounce, support communities, design antennas, foster school education, work during disasters, and push the envelope on microwave communication. No matter what your interests, there’s something you’ll enjoy doing. For many years now, you don’t even have to pass a test for Morse code, so if you didn’t want to learn the code, you don’t have to.
In many ways, hams were the original hackers, and you might be surprised by how many hackers you know who are hams already. I don’t know what ham radio will look like in the year 2100, but I know it will be pushing the limits of technology, somehow.
Hackaday Podcast Episode 294: SAO Badge Reveal, Precision on a Shoestring, and the Saga of Redbox
With the 2024 Hackaday Supercon looming large on the horizon, Editors Elliot Williams and Tom Nardi start this episode off by talking about this year’s badge and its focus on modular add-ons. From there they’ll go over the results of a particularly challenging installment of What’s that Sound?, discuss a promising DIY lathe that utilizes 3D printed parts filled with concrete, and ponder what the implosion of Redbox means for all of their disc-dispensing machines that are still out in the wild.
You’ll also hear about custom macropads, lifting SMD pins, and how one hacker is making music with vintage electronics learning kits. Finally, they’ll reassure listeners that the shifting geopolitical landscape probably won’t mean the end of Hackaday.io anytime soon, and how some strategically placed pin headers can completely change how you approach designing your own PCBs.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 294 Show Notes:
News:
What’s that Sound?
- Congrats to [I can see the sounds] for guessing the HAARP.
Interesting Hacks of the Week:
- A 3D Printed, Open Source Lathe?
- Redbox Is Dead, But The Machines Are Kind Of Hanging On
- Redbox hack reveals customer info. from 2K rentals – Ars Technica
- Foone
: “the unit I’ve got an image for has records going …” – digipres.club
- Libre Space Foundation Aims To Improve Satellite Tech
- Flying The First Open Source Satellite
- 32C3: So You Want To Build A Satellite?
- Open Source CubeSats Ease The Pain Of Building Your Own
- How To Build A CubeSat
- SatNOGS – Global Network of Ground Stations
- Keeping Tabs On An Undergraduate Projects Lab’s Door Status
- DIY Air Bearings, No Machining Required
- I2C The Hard Way
Quick Hacks:
- Elliot’s Picks:
- 3D Printed Tires, By The Numbers
- Zero To Custom MacroPad In 37 Easy Steps
- Make Your Own Remy The Rat This Halloween
- Tom’s Picks:
- Give Your SMD Components A Lift
- 75-In-One Music
- Figuring Out The Most Efficient Way To Reuse Bags Of Desiccant
Can’t-Miss Articles:
hackaday.com/2024/10/25/hackad…
Lezione di Storia della filosofia francese (Corso di laurea in Filosofia) del giorno 25 ottobre 2024
Oggi, 25 ottobre 2024, si sono tenute la tredicesima e la quattordicesima lezione del corso di Storia della filosofia francese (corso di laurea in Filosofia). Il corso, intitolato “Percorsi di meta…fabiosulpizioblog
Il DNA Come Un Hard Disk! 215.000 Terabyte Possono Essere Archiviati In Una Sola Molecola
Un gruppo di scienziati ha sviluppato un metodo per registrare informazioni digitali sulle molecole di DNA che è 350 volte più veloce della tecnologia esistente. Lo studio dimostra un nuovo modo di archiviare i dati utilizzando la modifica epigenetica del DNA. Gli esperti sono fiduciosi che questa tecnologia possa aprire la strada alla creazione di sistemi biomolecolari per l’archiviazione reale delle informazioni.
Sulla base della ricerca, gli scienziati affermano che una molecola di DNA umano può potenzialmente immagazzinare fino a 215.000 terabyte di informazioni, il che ha da tempo attirato l’attenzione della comunità scientifica sul DNA come promettente vettore di dati digitali.
Rimangono due ostacoli principali sulla strada verso il pieno utilizzo del DNA per immagazzinare informazioni. Innanzitutto il costo di produzione. Oggi l’unico modo possibile per registrare i dati è la sintesi del DNA nelle fabbriche, ma questo approccio è troppo costoso per un uso di massa. La seconda difficoltà è la bassa velocità dei processi di codifica delle informazioni nelle molecole.
L’approccio proposto ci consente di risolvere entrambi i problemi utilizzando meccanismi naturali che accelerano notevolmente il processo. Il metodo si basa sulla metilazione delle basi azotate su uno stampo di DNA già esistente. Ciò elimina la necessità di sintesi e consente la registrazione dei dati ad alta velocità, che i ricercatori chiamano epi-bit, un analogo dei bit nei computer digitali convenzionali.
La metilazione, o la sua mancanza, consente di rappresentare le unità di dati come 1 e 0. I test hanno dimostrato che il nuovo metodo è in grado di registrare dati a una velocità di 350 bit per reazione, un miglioramento significativo rispetto agli approcci precedenti che fornivano solo un bit. per reazione.
Oltre ad aumentare la produttività, gli scienziati hanno anche migliorato l’usabilità delle unità DNA creando la piattaforma iDNAdrive. Circa 60 volontari provenienti da diversi campi scientifici hanno codificato con successo circa 5.000 bit di informazioni di testo sulla piattaforma.
Tuttavia, la tecnologia è ancora inferiore ai metodi di archiviazione tradizionali. Anche con l’uso di epi-bit e di una piattaforma automatizzata di elaborazione liquida, la velocità di scrittura dei dati raggiunge solo 40 bit al secondo (le unità SSD possono leggere e scrivere dati a velocità di 200-550 MB/s).
I ricercatori sollevano anche domande sulla durabilità delle etichette metiliche create dalla nuova tecnologia. Inoltre, c’è il problema di implementare un accesso casuale ai dati simile alla RAM: l’accesso selettivo ai file nel sistema epi-bit richiede la lettura dell’intero database, il che è inefficiente con il sequenziamento dei nanopori.
Il costo della tecnologia epi-bit supera finora il costo dei tradizionali sistemi di archiviazione basati sul DNA. Tuttavia, gli scienziati sperano che un’ulteriore automazione e ottimizzazione contribuiranno a ridurre i costi e ad avvicinare la commercializzazione.
L'articolo Il DNA Come Un Hard Disk! 215.000 Terabyte Possono Essere Archiviati In Una Sola Molecola proviene da il blog della sicurezza informatica.
Donated Atari Mega ST Gives a Peek at Game Development History
[Neil] from The Cave, a computer and console gaming museum in the UK, has a treat for vintage computing and computer gaming enthusiasts. They received an important piece of game dev history from [Richard Costello], who coded ports of Gauntlet 2, Mortal Kombat, and Primal Rage for Atari ST and Amiga home computers in the 80s. [Richard] brought them his non-functional Atari Mega ST in the hopes that they could get it working again, and demonstrate to visitors how game development was done back in the 80s — but sadly the hardware is not in the best shape.
That doesn’t stop [Neil], however. The real goal is seeing if it’s possible to re-create the development environment and access the game assets on the SCSI hard drive, and it’s not necessary to revive every part of the hardware to do that. The solution is to back up the drive using a BlueSCSI board which can act as a host, scan the SCSI bus, and dump any device it finds to an SD card. The drive didn’t spin up originally, but some light percussive maintenance solved that.
With the files pulled off the drive, it was time to boot it up using an emulator (which begins at the 16:12 mark). There are multiple partitions, but not a lot of files. There was one more trick up [Neil]’s sleeve. Suspecting that deleting everything was the last thing [Richard] did before turning the machine off decades ago, he fired up a file recovery utility. The Atari ST “deleted” files by marking them to be overwritten by replacing the first letter of the filename with a ‘bomb’ character but otherwise leaving contents intact. Lo and behold, directories and files were available to be undeleted!
[Neil] found some fascinating stuff such as mixed game and concept assets as well as what appears to be a copy of Ramrod, a never-released game. It’s an ongoing process, but with any luck, the tools and environment a game developer used in the 80s will be made available for visitors to experience.
Of course, modern retro gaming enthusiasts don’t need to create games the classic way; tools like GB Studio make development much easier. And speaking of hidden cleverness in old games, did you know the original DOOM actually had multi-monitor support hidden under the hood?
youtube.com/embed/kEYqpvXdpec?…
Twister was one of the first DVDs ever released. Now it's stuck in still-functioning Redbox machines.
Twister was one of the first DVDs ever released. Now itx27;s stuck in still-functioning Redbox machines.#Redbox #Twister
Redbox's Last DVD: 'Twister' Is Unrentable in Remaining Redbox Kiosks and No One Knows Why
Twister was one of the first DVDs ever released. Now it's stuck in still-functioning Redbox machines.Jason Koebler (404 Media)
This Week in Security: The Geopolitical Kernel, Roundcube, and The Archive
Leading off the week is the controversy around the Linux kernel and an unexpected change in maintainership. The exact change was that over a dozen developers with ties to or employment by Russian entities were removed as maintainers. The unfortunate thing about this patch was that it was merged without any discussion or real explanation, other than being “due to various compliance requirements”. We eventually got more answers, that this was due to US sanctions against certain Russian businesses, and that the Linux Foundation lawyers gave guidance that:
If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file.
So that’s that. One might observe that it’s unfortunate that a single government has that much control over the kernel’s development process. There were some questions about why Russian entities were targeted and not sanctioned Chinese companies like Huawei. [Ted Ts’o] spoke to that, explaining that in the US there are exemptions and different rules for each country and business. This was all fairly standard compliance stuff, up until a very surprising statement from [James Bottomley], a very core Kernel maintainer:
We are hoping that this action alone will be sufficient to satisfy the US Treasury department in charge of sanctions and we won’t also have to remove any existing patches.
I can only conclude from this that the US Treasury has in fact made this threat, that code would need to be removed. Now this is genuinely surprising, given the legal precedent that code is 1st Amendment protected speech. That precedent was established when dealing with encryption code that was being export restricted in the 90s. It seems particularly problematic that the US government believes it can specify what code does and does not belong in the Linux kernel.
SELinux
Since we’re in Kernel land, let’s talk SELinux. Many modern Linux systems, and Android in particular, use SELinux to provide an extra security layer. It’s not an uncommon troubleshooting step, to turn off SELinux to see if that helps with mysterious issues. What we have here in the klecko Blog is an intro to bypassing SELinux. The setup is that an exploit has achieved root, but is in a unprivileged context. What options does an attacker have to try to bypass SELinux?
The first, most obvious solution is to just disable SELinux altogether. If you can write to memory, the SELinux enabled bit can just be set to false. But that might not work, if you can’t write to memory, or have a hypervisor to wrestle with, like some Android systems. Another option is the set of permissive flags that can be overwritten, or the AVC cache that can be poisoned, both approaches resulting in every SELinux request being approved. It’s an interesting overview.
Printer Root
Xerox printers with the “Network Troubleshooting” feature have some unintended hidden functionality. The troubleshooting is done by calling tcpdump as root, and the configuration allows setting the IP address to use for the troubleshooting process. And as you might expect, that IP address was used to create a command line string, and it isn’t properly escaped. You can sneak a $(bash ...) in as part of the address, allowing code execution. The good news is that access to this troubleshooting function is locked behind the web admin account. Xerox has made fixed firmware available for this issue.
Fix Your Roundcube
The Roundcube email web client has a Cross-Site Scripting (XSS) vulnerability that is actively being exploited. The flaw is the processing of SVGs, and the addition of an extra space in an href tag, that the browser ignores. Sneaking this inside an SVG allows for arbitrary Javascript to run when opening this malicious email.
Roundcube has released 1.5.7 and 1.6.7 that address the issue. This is under active exploitation, currently being used against the Russian aligned CIS countries. It’s a simple exploit, so expect to see it more widely used soon.
The Archive
The Internet Archive continues to be under siege. The Distributed Denial of Service (DDoS) attacks were apparently done by SN-Blackmeta. But the hacker behind the data breach is still a mystery. But the news this week is that there is still someone with access to Internet Archive API keys. Specifically Zendesk, illustrated by the fact that when Mashable reached out via email, the hacker answered, “It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.”
It’s obviously been a terrible, horrible, no good, and very bad month for the Internet Archive. As it’s such an important resource, we’re hoping for some additional support, and getting the service back to 100%.
Quantum Errata
You may remember last week, that we talked about a Quantum Annealing machine making progress on solving RSA cryptography. In the comments, it was pointed out that some coverage on this talks about RSA, and some talks about AES, a cryptography thought to be quantum-resistant. At least one source is claiming that this confusion is because there were actually two papers from the same team, one discussing RSA, and the other techniques that could be used against AES. This isn’t confirmed yet, and there are outstanding questions about both papers.
Bits and Bytes
SQL injection attacks are old hat by this point. [NastyStereo] has an interesting idea: Polyglot SQL injection attacks. The idea is simple. A SQL query might be escapable with a single quote or a double quote. To test it, just include both: OR 1#"OR"'OR''='"="'OR''='. There are more examples and some analysis at the link.
Kaspersky researchers found a Chrome exploit, that was being delivered in the form of an online tank battle game. In reality, the game was stolen from its original developers, and the web site was a crypto stealing scam, making use of the browser 0-day. This campaign has been pinned on Lazarus, the APT from North Korea.
And yet another example of fake software, researchers at kandji discovered a fake Cloudflare Authenticator campaign. This one is a MacOS malware dropper that does a reasonably good job of looking like it’s an official Cloudflare app. It’s malware, and places itself in the system crontab, to get launched on every boot. Follow the link for Indicators of Compromise if you need them.
Il World Media Summit Si è Concluso in Cina: Il Vertice dei Media, Tra AI, Ombre e Diritti Umani
Questa settimana, la Cina ha ospitato il sesto World Media Summit a Urumqi, capitale dello Xinjiang, con oltre 500 partecipanti da 208 importanti organizzazioni mediatiche. L’evento, organizzato in collaborazione con l’agenzia di stampa statale Xinhua e il governo locale, ha avuto come tema centrale “Intelligenza Artificiale e Trasformazione dei Media“. Tuttavia, la scelta dello Xinjiang come sede ha suscitato ampie critiche a causa delle preoccupazioni internazionali per le presunte violazioni dei diritti umani nella regione.
Adrian Zenz, direttore degli studi sulla Cina presso la Victims of Communism Memorial Foundation, ha messo in discussione le vere intenzioni del vertice, suggerendo che l’evento potrebbe servire a distrarre l’attenzione globale dalle questioni legate ai diritti umani nello Xinjiang. Ha evidenziato come la Cina stia cercando di normalizzare la situazione nella regione, presentandola come un centro per la discussione su tecnologia e sviluppo.
Le accuse di violazioni dei diritti umani nello Xinjiang continuano a essere gravi, con oltre 1 milione di uiguri e altre minoranze turche detenuti in campi di rieducazione. Gli Stati Uniti hanno descritto queste azioni come un “genocidio”, imponendo sanzioni a funzionari e aziende coinvolte. La Cina ha negato tali accuse, definendo i campi come centri di formazione professionale.
All’evento, alcuni partecipanti hanno difeso la Cina, rifiutando le accuse di violazioni dei diritti umani come “fake news”. Waref Komaiha, del Silk Road Research Institute, ha descritto lo sviluppo nello Xinjiang come sorprendente e contraddittorio rispetto alle notizie false diffuse sui media. Ling Sze Gan di Reuters ha enfatizzato il potenziale dell’intelligenza artificiale generativa per migliorare il lavoro dei giornalisti.
Gli attivisti uiguri hanno condannato il vertice, vedendolo come un tentativo di legittimare le politiche cinesi nella regione. Mamtimin Ala, presidente del governo del Turkestan orientale a Washington, ha espresso delusione per la partecipazione di organizzazioni mediatiche rispettate, ritenendola una legittimazione delle politiche coloniali cinesi.
In sintesi, il World Media Summit ha sollevato interrogativi sulla reale intenzione della Cina di affrontare le questioni legate ai diritti umani, mentre le accuse di violazioni rimangono al centro dell’attenzione internazionale. La legittimazione delle politiche cinesi attraverso la partecipazione di media internazionali ha generato forti reazioni da parte degli attivisti uiguri e preoccupazioni per la manipolazione dell’informazione.
La situazione nello Xinjiang continua a essere un tema delicato e controverso, con tensioni crescenti tra la narrativa cinese e le accuse di violazioni sistematiche dei diritti umani.
L'articolo Il World Media Summit Si è Concluso in Cina: Il Vertice dei Media, Tra AI, Ombre e Diritti Umani proviene da il blog della sicurezza informatica.
Francesco Spano: “Quel contratto a mio marito non c’entra con le mie dimissioni, hanno fatto di me una macchietta”
@Politica interna, europea e internazionale
“C’è stato un attacco alla mia vita privata e alle mie scelte”. Così Francesco Spano motiva la sua decisione di dimettersi da capo di gabinetto del ministro della Cultura Alessandro Giuli. Spano ne parla oggi, venerdì 25 ottobre, in due interviste
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 likes this.
reshared this
Il PKK rivendica l’attacco all’agenzia spaziale turca
@Notizie dall'Italia e dal mondo
Proprio mentre si apre uno spiraglio di trattativa, il PKK curdo rivendica l'assalto all'agenzia spaziale turca che produce i droni e i caccia usati per bombardare le basi della guerriglia
L'articolo Il PKK rivendica l’attacco pagineesteri.it/2024/10/25/asi…
Notizie dall'Italia e dal mondo reshared this.
La mostra sul futurismo e il curatore che si paragona a Boccia: ecco cos’altro rivelerà Report sul Ministero della Cultura
@Politica interna, europea e internazionale
Ci sarebbe la mostra sul futurismo in programma alla Gnam, la Galleria nazionale d’arte moderna di Roma, al centro del “secondo caso Boccia” che il programma tv Report – come annunciato dal conduttore Sigfrido
reshared this
Recensione : THURSTON MOORE – FLOW CRITICAL LUCIDITY
THURSTON MOORE - FLOW CRITICAL LUCIDITY
THURSTON MOORE - FLOW CRITICAL LUCIDITY - Thurston Moore - Flow critical lucidity: il 20 settembre ha pubblicato il suo nuovo (e, complessivamente, nono) album, "Flow critical lucidity" attraverso la Daydream Library Series, house label della communi…Reverend Shit-Man (In Your Eyes ezine)
Musica Agorà reshared this.
A Birthday Cake for a Retrocomputer Designer
When making a birthday cake a bit more personal, one can create a novelty themed confection appropriate for the lucky recipient. In the case of [Spencer Owen], who you may know as the creator of the RC2014 retrocomputing ecosystem, it was appropriate to have one of the little machines at work somewhere, so [peahen] did just that. The result is a cake in the shape of an IMSAI 8080 microcomputer, but it does more than just look the part. This is a working replica of the classic machine, powered as you might expect by an RC2014 sitting next to it.
The lights are a set of addressable LEDs, and the switches are made from appropriately colored sweets. Sadly the plan to make these capacitive touch switched failed as the wiring became buried in the icing, but the LEDs deserve a second look. They’re encased in translucent heatshrink sleeving which is embedded under a layer of white icing, which is translucent enough, but on top for the classic panel light look are a set of edible cake-maker’s jewels. Best of all while all except the electronics is edible, the front panel is robust enough to have been removed from the cake in one and thus will live on.
We rather like the idea of electronics meeting sugarcraft, because fondant is a surprisingly versatile medium that deserves attention much further than just confectionery. We remember it being a popular cheap way to experiment with 3D printing back at the dawn of open source printers, and it still has some potential. Meanwhile if you’ve not seen the RC2014 we reviewed its original version back in 2016, and since then it’s evolved to become an ecosystem in its own right.
Dual use, Fincantieri guida l’innovazione con una nuova struttura negli Usa
@Notizie dall'Italia e dal mondo
[quote]Mai come oggi l’innovazione rappresenta un asset indispensabile per lo sviluppo di soluzioni tecnologiche. In un contesto caratterizzato da una sempre maggiore complessità, la collaborazione tra partner rende possibile accelerare lo sviluppo di tecnologie allo
Notizie dall'Italia e dal mondo reshared this.
STATI UNITI. Elezioni: perché Kamala Harris e Donald Trump non parlano di armi nucleari?
@Notizie dall'Italia e dal mondo
Perché Kamal Harris e Donald Trump non parlano di armi atomiche e disarmo nucleare? Le armi di distruzione di massa hanno causato danni gravi agli americani, specie ai Nativi. La loro manutenzione costerà 756 miliardi di dollari nel
Notizie dall'Italia e dal mondo reshared this.
Putting the New CryoGrip Build Plate to the Test
Bambu Lab has released a new line of low-temperature build plates that look to be the next step in 3D printing’s iteration—or so YouTuber Printing Perspective thinks after reviewing one. The Cryogrip Pro is designed for the Bambu X1, P1, and A1 series of printers but could easily be adapted for other magnetic-bed machines.
The idea of the new material is to reduce the need for high bed temperatures, keeping enclosure temperatures low. As some enclosed printer owners may know, trying to print PLA and even PETG with the door closed can be troublesome due to how slowly these materials cool. Too high an ambient temperature can wreak havoc with this cooling process, even leading to nozzle-clogging.
The new build plate purports to enable low, even ambient bed temperatures, still with maximum adhesion. Two versions are available, with the ‘frostbite’ version intended for only PLA and PETG but having the best adhesion properties. A more general-purpose version, the ‘glacier’ sacrifices a little bed adhesion but gains the ability to handle a much wider range of materials.
An initial test with a decent-sized print showed that the bed adhesion was excellent, but after removing the print, it still looked warped. The theory was that it was due to how consistently the magnetic build plate was attached to the printer bed plate, which was now the limiting factor. Switching to a different printer seemed to ‘fix’ that issue, but that was really only needed to continue the build plate review.
They demonstrated a common issue with high-grip build plates: what happens when you try to remove the print. Obviously, magnetic build plates are designed to be removed and flexed to pop off the print, and this one is no different. The extreme adhesion, even at ambient temperature, does mean it’s even more essential to flex that plate, and thin prints will be troublesome. We guess that if these plates allow the door to be kept closed, then there are quite a few advantages, namely lower operating noise and improved filtration to keep those nasty nanoparticles in check. And low bed temperatures mean lower energy consumption, which is got to be a good thing. Don’t underestimate how much power that beefy bed heater needs!
Ever wondered what mini QR-code-like tags are on the high-end build plates? We’ve got the answer. And now that you’ve got a pile of different build plates, how do you store them and keep them clean? With this neat gadget!
youtube.com/embed/PnEVPNdFouQ?…
Deceptive Delight: l’AI nuovamente ingannata da una tecnica di hacking con il 65% di Successo
Gli esperti di Palo Alto Networks hanno sviluppato una tecnica innovativa chiamata “Deceptive Delight” per bypassare i meccanismi di difesa dei modelli di intelligenza artificiale (AI) linguistica. Questa tecnica, che unisce contenuti sicuri e non sicuri in un contesto apparentemente innocuo, inganna i modelli spingendoli a generare risposte potenzialmente dannose. Lo studio ha coinvolto circa 8.000 test su otto modelli diversi, evidenziando una vulnerabilità diffusa a questo tipo di attacchi.
“Deceptive Delight” sfrutta una strategia multi-pass, dove richieste non sicure vengono inserite tra due richieste sicure. In questo modo, il modello AI non percepisce il contenuto come una minaccia, continuando a generare risposte senza attivare i filtri di sicurezza.
L’attacco ha un tasso di successo del 65% in sole tre iterazioni, dimostrando la sua elevata efficacia nel bypassare i filtri standard.
Il processo di attacco si suddivide in tre fasi: preparazione, query iniziale, e approfondimento degli argomenti. In particolare, la terza fase, in cui si richiede un’ulteriore espansione del contenuto, è quella in cui i modelli iniziano a generare dettagli non sicuri in maniera più specifica, confermando l’efficacia della tecnica multi-percorso. Con questa metodologia, il tasso di successo aumenta sensibilmente rispetto agli attacchi diretti.
Gli attacchi hanno avuto successo variabile a seconda della categoria del contenuto non sicuro. I modelli sono risultati più vulnerabili a richieste legate alla violenza e agli atti pericolosi, mentre le risposte relative a contenuti sessuali e incitazioni all’odio sono state gestite con maggiore attenzione. Questa differenza suggerisce una maggiore sensibilità dei modelli verso alcune categorie di contenuti.
Palo Alto Networks ha inoltre sottolineato l’importanza di una progettazione delle query più strutturata e di soluzioni multi-livello per il filtraggio dei contenuti. Tra le raccomandazioni rientrano l’adozione di servizi come OpenAI Moderation e Meta Llama-Guard, insieme a test regolari sui modelli per rafforzare i sistemi di difesa e ridurre le vulnerabilità.
I risultati di questa ricerca sono stati condivisi con la Cyber Threat Alliance (CTA) per una rapida implementazione di misure preventive. Palo Alto sottolinea che il problema, pur evidenziando punti deboli nell’attuale tecnologia AI, non mina la sicurezza dei modelli in generale, ma sottolinea la necessità di miglioramenti continui per affrontare nuove minacce.
L'articolo Deceptive Delight: l’AI nuovamente ingannata da una tecnica di hacking con il 65% di Successo proviene da il blog della sicurezza informatica.
Lazarus Colpisce Ancora! Sfruttato uno 0day di Chrome Attirando le Vittime con un gioco Online
Gli esperti di Kaspersky Lab hanno parlato di una complessa campagna del gruppo di hacker nordcoreano Lazarus. Per attaccare gli utenti di tutto il mondo, gli aggressori hanno creato un sito Web dannoso per un gioco di carri armati DeFi, in cui sarebbe stato possibile ricevere premi in criptovaluta. Con il suo aiuto gli hacker hanno sfruttato una vulnerabilità zero-day del browser Google Chrome (CVE-2024-4947).
I ricercatori affermano di aver scoperto nel maggio 2024 una nuova variante della backdoor Manuscrypt sulla macchina di uno dei clienti in Russia. L’azienda ricorda che Manuscrypt è una backdoor perfettamente funzionante che Lazarus utilizza almeno dal 2013. È stato utilizzato in più di 50 campagne uniche rivolte ad agenzie governative, dipartimenti diplomatici, istituzioni finanziarie, appaltatori della difesa, industria delle criptovalute, società IT e di telecomunicazioni, sviluppatori di giochi, media, casinò, università, ricercatori sulla sicurezza informatica e così via.
Poiché Lazarus attacca raramente le persone, ciò ha suscitato l’interesse degli specialisti e hanno deciso di studiare questo caso più da vicino. Si è scoperto che l’infezione è stata preceduta da un attacco a una vulnerabilità 0 day nel browser Chrome.
Dall’indagine è emerso che lo sfruttamento della vulnerabilità aveva origine nel sito detankzone[.]com (attualmente bloccato), che pubblicizzava un gioco MOBA di carri armati basato su NFT chiamato DeTankZone.
Il sito offriva agli utenti di scaricare una versione di prova del gioco, basata sul modello Play-To-Earn. L’essenza del gioco era combattere su carri armati NFT virtuali con rivali in tutto il mondo, per i quali si supponeva si potessero ricevere ricompense in criptovaluta. Va notato che il gioco poteva effettivamente essere avviato, ma non funzionava nulla dopo la schermata di accesso/registrazione, poiché l’infrastruttura interna era disabilitata.
È interessante notare che i ricercatori alla fine hanno trovato un gioco reale (DeFiTankLand), che apparentemente serviva da prototipo per la versione dannosa. Gli hacker ne hanno ripetuto quasi completamente il design: le uniche differenze erano la posizione del logo e la qualità inferiore del design visivo. Si presume che come base sia stato utilizzato il codice sorgente rubato e che gli aggressori si siano limitati a sostituire i loghi e a rimuovere tutti i riferimenti al gioco reale.
Inoltre, subito dopo che gli hacker hanno lanciato una campagna per promuovere il loro gioco, gli sviluppatori del prototipo reale hanno annunciato che dal loro portafoglio erano stati rubati 20.000 dollari in criptovaluta. E sebbene gli sviluppatori abbiano incolpato un insider per l’incidente, i ricercatori ritengono che l’attacco potrebbe essere stato opera di Lazarus. E prima di rubare la criptovaluta, gli hacker hanno rubato il codice sorgente del gioco.
I membri di Lazarus hanno trascorso diversi mesi pubblicizzando DeTankZone sui social network, incluso X, tramite e-mail di phishing e da account LinkedIn premium, utilizzati per attaccare direttamente utenti specifici. Gli aggressori hanno anche cercato di attirare influencer di criptovalute per pubblicizzare il gioco, per poi tentare di attaccare anche i loro account.
Ma il gioco era solo una copertura e non era di per sé dannoso. Infatti, il sito web di DeTankZone conteneva uno script nascosto (index.tsx) che permetteva di scaricare ed eseguire l’exploit di Chrome. L’exploit conteneva codice per due vulnerabilità: la prima viene utilizzata per leggere e scrivere nella memoria del processo Chrome utilizzando JavaScript e la seconda viene utilizzata per bypassare la sandbox V8.
Gli esperti scrivono che una delle vulnerabilità era 0-day CVE-2024-4947, che è un errore di mancata corrispondenza tra i tipi di dati utilizzati nel motore V8 di Google basato su JavaScript e WebAssembly open source. Tale falla ha permesso di ottenere il controllo sul dispositivo della vittima: eseguire codice arbitrario, aggirare le funzioni di sicurezza e svolgere attività dannose.
Dopo che Kaspersky Lab ha segnalato la vulnerabilità ai rappresentanti di Google, il problema è stato risolto nel maggio 2024.
Va notato che per infettare un dispositivo era sufficiente accedere al sito Web, non era necessario avviare e lanciare il gioco stesso; Gli aggressori hanno utilizzato un’altra vulnerabilità per aggirare la sandbox V8 in Google Chrome. Secondo i ricercatori, questo problema ( 330404819 ) è stato scoperto e risolto nel marzo 2024.
Lo shellcode, utilizzato poi da Lazarus, fungeva da strumento di ricognizione, aiutando gli hacker a determinare il valore della macchina hackerata e a decidere se continuare ulteriormente l’attacco. Il codice raccoglieva informazioni su processore, BIOS e sistema operativo, eseguiva controlli antivirus e anti-debug e inviava i dati raccolti al server di controllo degli aggressori. Non è stato possibile studiare le prossime mosse degli hacker, poiché al momento dell’analisi Lazarus aveva già rimosso l’exploit dal sito esca.
L'articolo Lazarus Colpisce Ancora! Sfruttato uno 0day di Chrome Attirando le Vittime con un gioco Online proviene da il blog della sicurezza informatica.
GAZA. Strage a Jabaliya. Più di 100 morti e feriti. Israele uccide 3 giornalisti in Libano
@Notizie dall'Italia e dal mondo
Israele ha bombardato nel nord di Gaza 11 edifici residenziali, compiendo quella che dalla Striscia è stata definita una "grande strage". Ieri è stato colpito anche l'ospedale Kamal Adwan, causando la morte di diversi bambini.
Notizie dall'Italia e dal mondo reshared this.
GAZA. Strage a Jabaliya. Più di 100 morti e feriti per i raid aerei israeliani
@Notizie dall'Italia e dal mondo
Israele ha bombardato circa 11 edifici residenziali, riferiscono dalla Striscia dove oggi è stato colpito anche l'ospedale Kamal Adwan
pagineesteri.it/2024/10/24/var…
Notizie dall'Italia e dal mondo reshared this.
Ogni tanto (raramente) esce una celebrity news che mi fa dire "no way!".
Ecco. Ieri sera (con notevole ritardo, visto che la news è vecchia di luglio) ho scoperto le accuse di molestia sessuale rivolte da 5 donne a Neil Gaiman. Neil Gaiman!
Ci sono rimasta male, nonostante non possa dire di essere una sua fan. Le uniche cose che ho letto di suo sono i suoi post su Tumblr, ma quello che scriveva in generale mi piaceva.
Forse a sproposito mi partono riflessioni sul bisogno umano di avere archetipi, figure che incarnino il bene e il male assoluti, come una bussola ha bisogno dei poli per funzionare.
Finché l'archetipo è un personaggio fittizio va tutto bene: nel suo essere assolutamente buono o cattivo non è umano, non ha sfaccettature. Per questo le Storie funzionano e appassionano.
Ma se il tuo eroe, il tuo archetipo è una persona reale... Beh, prima o poi qualcosa di negativo e deludente salterà fuori.
Il tuo cantante preferito che si lascia sfuggire una frase razzista.
Il tuo attore preferito che si scopre essere un violento.
La tua band del cuore che, la prima volta che vai a vederli live, suona mbriaca, di merda e chiude il concerto in anticipo.
Nessuno degli idoli che scegliamo è un amico, ma lo percepiamo come tale. Quando fanno cose brutte e inaspettate, ci si sente traditi.
Eppure sono persone, non eroi di un romanzo. Non sono monolitici, fanno cazzate (o peggio), esattamente come chiunque altro.
Seguo la faccenda con dispiacere, per le vittime, per i fan e, in qualche modo, anche per Neil.
Guerra Fredda nei Fondali Marini: la Competizione sui Cavi Sottomarini tra USA e Cina
Secondo un rapporto del Nihon Keizai Shimbun, citato dall’Agenzia di Stampa Centrale, la Cina, che un tempo veniva promossa come fulcro delle future reti di trasmissione sottomarina, sta perdendo terreno in questo settore. Queste reti, cruciali per le comunicazioni internazionali, sono considerate la spina dorsale dell’infrastruttura digitale globale. Tuttavia, entro la fine di quest’anno, la Cina avrà posato solo tre cavi sottomarini, meno della metà di quelli previsti per Singapore. Questa riduzione potrebbe influenzare negativamente anche lo sviluppo di data center sul territorio cinese.
I cavi sottomarini, infatti, supportano il 99% delle comunicazioni dati mondiali, rendendoli essenziali per l’economia digitale. Secondo i dati di TeleGeography, società di ricerca statunitense, nel 2024 verranno posati circa 140.000 chilometri di cavi sottomarini, un aumento significativo rispetto ai 5 anni precedenti. Questo riflette la crescente domanda per lo streaming audio e video, i servizi cloud e la necessità di una maggiore capacità di trasmissione dati.
Il gigante tecnologico Google, ad esempio, ha annunciato ad aprile un investimento da 1 miliardo di dollari per la costruzione di due cavi sottomarini che collegheranno Giappone, Guam e Hawaii. L’annuncio è stato fatto durante un incontro a Washington tra il primo ministro giapponese Fumio Kishida e il presidente degli Stati Uniti Joe Biden. I due leader hanno rilasciato una dichiarazione congiunta, accogliendo con favore l’investimento, volto a migliorare le infrastrutture digitali tra Stati Uniti, Giappone e i paesi insulari del Pacifico.
Dietro questo piano di investimenti, apparentemente solo economico, si cela quella che molti esperti definiscono una vera e propria “guerra fredda sottomarina” tra Stati Uniti e Cina.
Già nel 2020, l’allora presidente Donald Trump lanciò l’iniziativa “Clean Network”, volta a escludere le aziende cinesi dalle infrastrutture globali di telecomunicazioni, con l’obiettivo dichiarato di garantire la sicurezza dei dati. In quello stesso anno, il Dipartimento di Giustizia statunitense chiese a Meta (all’epoca Facebook) e Google di rivedere i loro piani per la posa di un cavo sottomarino di 13.000 chilometri tra Los Angeles e Hong Kong. Alla fine, entrambe le aziende decisero di escludere la Cina e di limitare il progetto a Taiwan e alle Filippine.
Anche la Banca Mondiale, in linea con le politiche statunitensi, ha escluso le aziende cinesi dal suo progetto di cavi sottomarini per i paesi insulari del Pacifico meridionale.
Con l’allontanamento della Cina da queste reti strategiche, si prevede che nel prossimo anno saranno posati solo tre cavi internazionali collegati a Hong Kong, mentre per il futuro non ci sono piani per ulteriori collegamenti sottomarini diretti alla Cina.
Al contrario, la domanda di trasmissione dati tra gli Stati Uniti e l’Asia continua a crescere. Entro la fine dell’anno, sono previsti 11 nuovi cavi sottomarini, di cui quattro collegheranno il Giappone e sette Singapore. Inoltre, nove cavi verranno posati verso Guam, che funge da nodo strategico tra il continente americano e il sud-est asiatico.
L'articolo Guerra Fredda nei Fondali Marini: la Competizione sui Cavi Sottomarini tra USA e Cina proviene da il blog della sicurezza informatica.
Shock nel mondo Pokémon: Violato Game Freak, 1TB di informazioni rubate!
Questo 13 Ottobre l’azienda Giapponese Game Freak, nota per lo sviluppo dei videogiochi della serie Pokémon, è stata vittima di un pesante attaco hacker che ha lasciato di stucco per la mole di dati trafugati, oltre 1 terabyte (da qui il nome TeraLeak).
Tra le innumerevoli informazioni esfiltrate sono presenti documenti, codici sorgente e materiale artistico sui videogiochi sviluppati dall’azienda, sia già rilasciati che in fase di lavorazione. Se questo non fosse già di per sé grave, sono stati divulgati inoltre i dati personali di oltre 2600 dipendenti come nomi, indirizzi e numeri di telefono.
L’azienda, in un suo recente comunicato, ha confermato l’attacco ed al contempo si è scusata con i diretti interessati dalla fuga di dati.
Gli screenshot diffusi in rete suggeriscono che l’attacco possa essere stato perperato tramite la tecnica dello spear-phishing, ovvero una variante mirata del classico phishing al quale siamo purtroppo tutti abituati. La violazione delle credenziali utente di un dipendente avrebbe consentito all’hacker di accedere ad un portale interno per gli sviluppatori di Nintendo, azienda storicamente partner di Game Freak.
Inoltre secondo alcune indiscrezioni circolanti sui canali utilizzati per diffondere parte del contenuto del leak, è stato rivelato come l’hacker sia riuscito a muoversi lateralmente all’interno dell’infrastruttura dopo la violazione iniziale.
Nello specifico sembrerebbe che, all’interno di un runner CI/CD, sia stato inavvertitamente lasciata una copia di un file di configurazione dell’istanza GitLab aziendale, presumibilmente il file GitLab.rb (dettagli tecnici: docs.gitlab.com/ee/administrat…), contenente le credenziali di un account con privilegi di amministratore di dominio utilizzato per l’autenticazione LDAP. A peggiorare la situazione, il file sarebbe stato salvato con permessi di accesso 777, che in ambiente Linux equivale a consentire l’accesso a chiunque.
Questa violazione ha danneggiato pesantemente l’azienda, compromettendo lo sviluppo di progetti già in cantiere con sicure pesanti conseguenze economiche.
Per evitare eventi di questo tipo è bene ricordare come i soli sistemi di sicurezza automatici, come firewall o applicativi anti-phishing, non sono assolutamente sufficienti se non accompagnati da una cultura aziendale incentrata sulla prevenzione.
In questo caso un incidente di sicurezza moderato, ovvero il furto delle credenziali di un singolo utente, si è unito ad un grave errore umano sulla gestione dei permessi di un file di configurazione, con conseguenze catastrofiche per Game Freak.
L'articolo Shock nel mondo Pokémon: Violato Game Freak, 1TB di informazioni rubate! proviene da il blog della sicurezza informatica.
Custom Drone Software Searches, Rescues
When a new technology first arrives in people’s hands, it often takes a bit of time before the full capabilities of that technology are realized. In much the same way that many early Internet users simply used it to replace snail mail, or early smartphones were used as more convenient methods for messaging and calling than their flip-phone cousins, autonomous drones also took a little bit of time before their capabilities became fully realized. While some initially used them as a drop-in replacement for things like aerial photography, a group of mountain rescue volunteers in the United Kingdom realized that they could be put to work in more efficient ways suited to their unique abilities and have been behind a bit of a revolution in the search-and-rescue community.
The first search-and-rescue groups using drones to help in their efforts generally used them to search in the same way a helicopter would have been used in the past, only with less expense. But the effort involved is still the same; a human still needed to do the searching themselves. The group in the UK devised an improved system to take the human effort out of the equation by sending a drone to fly autonomously over piece of mountainous terrain and take images of the ground in such a way that any one thing would be present in many individual images. From there, the drone would fly back to its base station where an operator could download the images and run them through a computer program which would analyse the images and look for outliers in the colors of the individual pixels. Generally, humans tend to stand out against their backgrounds in ways that computers are good at spotting while humans themselves might not notice at all, and in the group’s first efforts to locate a missing person they were able to locate them almost immediately using this technology.
Although the system is built on a mapping system somewhat unique to the UK, the group has not attempted to commercialize the system. MR Maps, the software underpinning this new feature, has been free to use for anyone who wants to use it. And for those just starting out in this field, it’s also worth pointing out that location services offered by modern technologies in rugged terrain like this can often be misleading, and won’t be as straightforward of a solution to the problem as one might think.
Using an OLED Display’s Light for Embedded Sensors
These days displays are increasingly expected to be bidirectional devices, accepting not only touch inputs, but also to integrate fingerprint sensing and even somehow combine a camera with a display without punching a hole through said display. Used primarily on smartphone displays, these attempts have been met with varying degrees of success, but a recently demonstrated version in Nature Communications which combines an OLED with photosensors in the same structure might provide a way to make such features much more effective.
The article by [Chul Kim] and colleagues of the Samsung Display Research Center in South Korea the construction of these bidirectional OLED displays is described, featuring the standard OLED pixels as well as an organic photodiode (OPD) placed side-by-side. Focusing on the OLED’s green light for its absorption characteristics with the human skin, the researchers were able to use the produced OLED/OPD hybrid display for fingerprint recognition, as well as a range of cardiovascular markers, including heart rate, blood pressure, etc.
The basic principle behind these measurements involves photoplethysmography, which is commonly used in commercially available pulse oximeters. Before these hybrid displays can make their way into commercial devices, there are still a few technical challenges to deal with, in particular electrical and optical leakage. The sample demonstrated appears to work well in this regard, but the proof is always in the transition from the lab to mass-production. We have to admit that it would be rather cool to have a display that can also handle touch, fingerprints and record PPG data without any special layers or sensor chips.
Mini Robotic Arm Lets You Start Your Own Mini Assembly Line
Automating tasks with a robot sounds appealing, but not everyone has the budget for an Aismo or Kuka. [FABRI Creator] has a great tutorial on how to build your own mini robotic arm for small, repeatable tasks.
Walking us through the entire build, step-by-step, [FABRI Creator] shows us how to populate the custom-designed PCB and where to put every servo motor and potentiometer to bring the creation to life. This seems like a great project to start with if you haven’t branched out into motion systems before since it’s a useful build without anything too complicated to trip up the beginner.
Beyond the usual ability to use the arm to perform tasks, this particular device uses an Arduino Nano to allow you to record a set of positions as you move the arm and to replay it over and over. The video shows the arm putting rings on a stand, but we can think of all kinds of small tasks that it could accomplish for us, letting us get back to writing or hacking.
If controlling a robot arm with potentiometers sounds familiar, maybe you remember this robot arm with an arm-shaped controller.
youtube.com/embed/cWuJPlkmxCE?…
informapirata ⁂ reshared this.
GAZA. Strage a Jabaliya. Più di 100 morti e feriti per i raid aerei israeliani
@Notizie dall'Italia e dal mondo
Israele ha bombardato circa 11 edifici residenziali, riferiscono dalla Striscia dove oggi è stato colpito anche l'ospedale Kamal Adwan
L'articolo GAZA. Strage a Jabaliya. Più di 100 morti e feriti per i raid aerei israeliani proviene da Pagine Esteri.
Notizie dall'Italia e dal mondo reshared this.
Simple PCB Repairs Keep Old Vehicle Out of the Crusher
For those of us devoted to keeping an older vehicle on the road, the struggle is real. We know that at some point, a part will go bad and we’ll learn that it’s no longer available from the dealer or in the aftermarket, at least at a reasonable cost. We might get lucky and find a replacement at the boneyard, but if not — well, it was nice knowing ya, faithful chariot.
It doesn’t have to be that way, though, at least if the wonky part is one of the many computer modules found in most cars made in the last few decades. Sometimes they can be repaired, as with this engine control module from a Ford F350 pickup. Admittedly, [jeffescortlx] got pretty lucky with this module, which with its trio of obviously defective electrolytics practically diagnosed itself. He also had the advantage of the module’s mid-90s technology, which still relied heavily on through-hole parts, making the repair easier.
Unfortunately, his luck stopped there, as the caps had released the schmoo and corroded quite a few traces on the PCB. Complicating the repair was the conformal coating on everything, a common problem on any electronics used in rough environments. It took a bit of probing and poking to locate all the open traces, which included a mystery trace far away from any of the leaky caps. Magnet wire was used to repair the damaged traces, the caps were replaced with new ones, and everything got a fresh coat of brush-on conformal coating.
Simple though they may be, we really enjoy these successful vehicle module repairs because they give us hope that when the day eventually comes, we’ll stand a chance of being able to perform some repair heroics. And it’s nice to know that something as simple as fixing a dead dashboard cluster can keep a car out of the crusher.
youtube.com/embed/wCSN0tkegLQ?…
Vecchia dentro, giovane fuori l MEDIA INAF
"Scoperta la più antica evidenza della modalità di crescita dall’interno verso l’esterno ("inside-out growth") in una galassia settecento milioni di anni dopo il Big Bang. A differenza delle zone centrali, caratterizzate da stelle più antiche, le regioni esterne della galassia sono ricche di stelle giovani e ospitano un’intensa attività di formazione stellare. La scoperta è stata realizzata con Webb dall’Università di Cambridge."
media.inaf.it/2024/10/24/vecch…
Artificial Intelligence Runs on Arduino
Fundamentally, an artificial intelligence (AI) is nothing more than a system that takes a series of inputs, makes some prediction, and then outputs that information. Of course, the types of AI in the news right now can handle a huge number of inputs and need server farms’ worth of compute to generate outputs of various forms, but at a basic level, there’s no reason a purpose-built AI can’t run on much less powerful hardware. As a demonstration, and to win a bet with a friend, [mondal3011] got an artificial intelligence up and running on an Arduino.
This AI isn’t going to do anything as complex as generate images or write clunky preambles to every recipe on the Internet, but it is still a functional and useful piece of software. This one specifically handles the brightness of a single lamp, taking user input on acceptable brightness ranges in the room and outputting what it thinks the brightness of the lamp should be to match the user’s preferences. [mondal3011] also builds a set of training data for the AI to learn from, taking the lamp to various places around the house and letting it figure out where to set the brightness on its own. The training data is run through a linear regression model in Python which generates the function that the Arduino needs to automatically operate the lamp.
Although this isn’t the most complex model, it does go a long way to demonstrating the basic principles of using artificial intelligence to build a useful and working model, and then taking that model into the real world. Note also that the model is generated on a more powerful computer before being ported over to the microcontroller platform. But that’s all par for the course in AI and machine learning. If you’re looking to take a step up from here, we’d recommend this robot that uses neural networks to learn how to walk.
L’industria si prepara alla sfida del Gcap. La chiave è fare sistema
@Notizie dall'Italia e dal mondo
[quote]Un salto generazionale, letteralmente, attende l’industria della Difesa italiana. È quello che vedrà il nostro Paese contribuire, con Regno Unito e Giappone, allo sviluppo del caccia di sesta generazione Global combat air programme (Gcap). Un sistema di sistemi all’avanguardia
Notizie dall'Italia e dal mondo reshared this.
Supercon 2023: Building a Portable Vectrex, The Right Way
The Vectrex was a unique console from the early 1980s. Developed by a company you’ve probably never heard of—Smith Engineering—it was put into production by General Consumer Electronics, and later sold by Milton Bradley. It was an outright commercial failure, but it’s remembered for its sharp vector display and oddball form factor.
The Vectrex was intended for tabletop use in a home environment. However, [Jeroen Domburg], also known as [Sprite_tm], decided to set about building a portable version. This wasn’t easy, but that just makes the development process a more interesting story. Thankfully for us, [Sprite_tm] was kind enough to tell the tale at the 2023 Hackaday Supercon.
Vectorlicious
youtube.com/embed/zBVmCFS2sYs?…
[Sprite] starts by introducing the audience to the Vectrex, just to make sure everyone understands what was special about this thing. For comaprison’s sake, he lines it up against its contemporaries. Back in the early 1980s, the Atari 2600 and the Intellivision had incredibly low resolution video output with big ugly pixels. In contrast, the Vectrex could draw clean, sharp lines with its inbuilt vector-style display.
Basically, instead of coloring in individual pixels, the Vectrex instead drew lines from point to point on the screen. It was an entirely different way of doing graphics—fast, tidy, and effective—and it was popular in early video arcade games, too. Some Vectrex games even came with plastic overlays to create the impression of color on the screen. Unlike pixel displays, though, this technology didn’t really scale well to prettier, more lifelike graphics. Thus after the Vectrex, no other mainstream consoles adopted this technique.
From there, [Sprite_tm] walks the audience through the hardware of the Vectrex. The architecture is fairly simple, based around a 68A09 CPU, which is a Motorola CPU with some improvements over the earlier 6502. It’s paired with some ROM, RAM, and I/O glue logic, and it loads its games off cartridges. Then there’s the audio hardware, a digital-to-analog converter for video output, and all the subsequent analog electronics for driving the vector CRT display.
Unlike a modern console, what’s inside the box is no secret. Datasheets and full schematics are publicly available that lay out exactly how the whole thing works. This is hugely valuable for anyone looking to repair a Vectrex—or make a portable one. You don’t need to reverse engineer much, since it’s all laid out for you. Indeed, as [Sprite_tm] notes, a replica motherboard already exists that lets you play Vectrex games on an oscilloscope’s XY input.
Building the Portable
Some people have built small Vectrexes before, by going the emulator route with a Raspberry Pi and a small LCD display. [Sprite] wasn’t a fan of this route, as modern pixel LCDs make for jagged diagonal lines because they’re not proper vector displays like the original Vectrex CRT. Thus, to build a more authentic portable Vectrex, [Sprite_tm]’s build needed certain parts. On top of replicating the CPU and logic of the Vectrex, he needed to find a small CRT that operate as a proper vector display. Plus, he wanted to build something properly portable—”I wanna sit on the bus and then whip it out and play it,” he explains.
Obviously, finding a suitable CRT was the first big hurdle to clear. [Sprite_tm] mused over using a tube from a Sony Watchman handheld portable TV, but decided against it. He notes that these are fairly rare and valuable, and he didn’t want to destroy one for his project. But he still needed a small CRT in a practical form factor, and he found the perfect donor. In the 90s, LCDs were pretty crap and expensive, so apartment video intercoms relied on CRTs instead. Now, these systems are all largely defunct, and he notes you can find old examples of these answerphones for a few dollars online.
Of course, these answerphone CRTs weren’t designed for vector operation. However, [Sprite_tm] teaches us how you can convert one to draw straight lines on command instead of scanning like a TV. You can get legit vector operation just by squirting the right voltages into the deflection coils. Of course, getting it to work in practice is a lot harder than you might think, but perseverance got the job done in the end. Understanding the physics involved is useful, too, and [Sprite_tm] explains the theory with an apt comparison between coils and a pig.
From there, the talk explains how the rest of the hardware came together. [Sprite_tm] elected to stuff all the Vectrex magic into an FPGA, which felt cooler than software emulation but was more compact than using all-original chips on a replica mainboard. It lives on a custom PCB that also carries all the necessary electronics to drive the CRT in the desired vector mode.
The build also has a cartridge port for playing original Vectrex games. However, for ease of use, [Sprite] also fitted a RISC V CPU, some RAM, and a microSD card for loading ROMs for games that he doesn’t own in physical format. Everything was then wrapped up in a custom 3D-printed case that’s roughly twice as large as the Nintendo Game Boy Color in length and width—and about four times thicker.
