In days gone by, a common retail hack used by some of the less honorable of our peers was the price tag switcheroo. You’d find some item that you wanted from a store but couldn’t afford, search around a bit for another item with a more reasonable price, and carefully swap the little paper price tags. As long as you didn’t get greedy or have the bad luck of getting a cashier who knew the correct prices, you could get away with it — at least up until the storekeeper wised up and switched to anti-tamper price tags.
For better or for worse, those days are over. The retail point-of-sale (POS) experience has changed dramatically since the time when cashiers punched away at giant cash registers and clerks applied labels to the top of every can of lima beans in a box with a spiffy little gun. The growth and development of POS systems is the subject of [TanRu Nomad]’s expansive video history, and even if you remember the days when a cashier kerchunked your credit card through a machine to take an impression of your card in triplicate, you’ll probably learn something.
The history of POS automation stretches back to the 1870s, perhaps unsurprisingly thanks to the twin vices of alcohol and gambling. The “Incorruptible Cashier” was invented by a saloon keeper tired of his staff ripping him off, and that machine would go on to become the basis of the National Cash Register Corporation, or NCR. That technology would eventually morph into the “totalisator,” an early computer used to calculate bets and payout at horse tracks. In fact, it was Harry Strauss, the founder of American Totalisator, who believed strongly enough in the power of computers to invest $500,000 in a struggling company called EMCC, which went on to build UNIVAC and start the general-purpose computer revolution.
To us, this was one of the key takeaways from this history, and one that we never fully appreciated before. The degree to which the need of retailers to streamline their point-of-sale operations drove the computer industry is remarkable, and the video gives multiple examples of it. The Intel 4004, the world’s first microprocessor, was designed mainly for calculators but also found its way into POS terminals. Those in turn ended up being so successful that Intel came up with the more powerful 8008, the first eight-bit microprocessor. People, too, were important, such as a young Chuck Peddle, who cut his teeth on POS systems and the Motorola 6800 before unleashing the 6502 on the world.
So the next time you’re waving your phone or a chipped credit card at a terminal and getting a sterile “boop” as a reward, spare a thought for all those clunky, chunky systems that paved the way.
Paolo Zangara – In attesa del concerto milanese del 14 Febbraio allo Spazio Pontano freezonemagazine.com/articoli/… Paolo Zangara è un musicista e cantautore di origini palermitane, nato per caso a Varese. Comincia lo studio della chitarra classica all’età di 10 anni. A 16 anni, avendo ricevuto in regalo una chitarra elettrica, forma nel 1980 il suo primissimo gruppo la Shotgun Blues Band col quale
Australia ha introdotto il divieto di utilizzare l’app cinese di intelligenza artificialeDeepSeek su tutti i dispositivi governativi. Questa decisione è stata presa dopo aver analizzato le minacce alla sicurezza, correlato all’ampia raccolta di dati e alla possibilità del loro trasferimento in uno Stato estero eludendo le leggi australiane.
Secondo la direttiva PSPF 001-2025, le agenzie governative australiane sono tenute a rimuovere completamente DeepSeek dai loro sistemi e dispositivi e a impedirne l’installazione e l’utilizzo futuri. Sono possibili eccezioni solo nei casi legati alla sicurezza nazionale o a obiettivi di polizia e in presenza di rigorose misure di protezione.
L’Australia è diventata il secondo Paese, dopo Taiwan, a vietare ufficialmente DeepSeek. Nel frattempo, un disegno di legge simile è attualmente in corso è in fase di valutazione anche negli USA. Il divieto in Australia nasce dal timore che l’app cinese possa essere utilizzata per accedere a informazioni sensibili ed eseguire ordini extraterritoriali che violano la legge australiana.
Il governo locale sottolinea che la minaccia non deriva solo dall’applicazione stessa, ma anche dalle sue versioni web, dai servizi e da tutti i prodotti correlati a DeepSeek o alle sue affiliate. Inoltre, è stato stabilito l’obbligo di segnalare al Ministero degli Interni il rispetto del divieto.
Il documento specifica che i modelli DeepSeek open source distribuiti su server locali con misure di sicurezza adeguate possono essere utilizzati senza restrizioni. Tuttavia, qualsiasi interazione cloud con DeepSeek o i suoi derivati rimane vietata.
La mossa dell’Australia è in linea con la tendenza globale a un controllo più attento della tecnologia digitale cinese. In precedenza, divieti simili erano stati introdotti in relazione a TikTok, così come i dispositivi cinesi, tra cui Telecamere di sorveglianza E apparecchiature di rete. Questa tendenza evidenzia le persistenti preoccupazioni circa la possibile ingerenza della Cina nella sicurezza informatica dei paesi occidentali.
Le autorità australiane raccomandano che organizzazioni e individui valutino anche i potenziali rischi derivanti dall’utilizzo di DeepSeek. Sebbene il divieto si applichi attualmente solo alle agenzie governative, precauzioni simili potrebbero essere introdotte in seguito anche nel settore privato.
Non è ancora nota la reazione della Cina al divieto, ma è prevedibile che Pechino lo consideri un atto di pressione politica. Nel frattempo, le autorità di sicurezza australiane continuano a esaminare le minacce poste dalla tecnologia estera e potrebbero essere previste ulteriori restrizioni.
Conclusioni
Se la raccolta dati e il trasferimento di informazioni sensibili all’estero sono un problema quando si tratta di aziende cinesi come DeepSeek, perché non dovrebbero esserlo anche per le big tech americane come OpenAI, Google o Microsoft? OpenAI, ad esempio, raccoglie enormi quantità di dati dagli utenti di tutto il mondo, compresi quelli australiani ed europei, e li elabora principalmente negli Stati Uniti.
Dovremmo allora chiederci: la protezione della privacy è davvero una questione di sicurezza nazionale, oppure viene applicata in modo selettivo, colpendo solo chi non è “amico” o allineato geopoliticamente? Se la Cina è vista come una minaccia per la sovranità digitale dell’Australia, perché gli Stati Uniti no?
Alla fine, il concetto di privacy rischia di essere solo una chimera: un principio che vale solo quando fa comodo, mentre nella pratica le informazioni personali vengono concesse a chi è più vicino politicamente ed economicamente. Forse è arrivato il momento di guardare oltre i doppi standard e affrontare la questione in modo equo, indipendentemente dalla bandiera che sventola dietro una tecnologia.
Dopo tutto, visto che OpenAI elabora i dati negli USA, proprio negli USA esiste una legge chiamata Foreign Intelligence Surveillance Act (FISA) and Section 702. E a qualcuno dovrebbe dire qualcosa.
piuttosto scoraggiante stare qui non è intuitivo non riesco a capire come si maneggia a volte mi imbatto in istruzioni lunghe e confuse che non chiariscono nulla HELP!!! MA QUALCOSA DI PRATICO PER TROVARE CONTATTI, NON PROCLAMI DI INCLUSIVITÀ NON REALISTICA!!!
Il campo “Cerca” in alto a destra, seguendo i tuoi interessi… e man mano che trovi, “Segui”. Arredati piano piano la tua stanzetta virtuale. Per me è stato un buono sprone radiotarantula.wordpress.com/2… e, grazie a Friendica nel giro di giorni, forse ore, ho tutti i contenuti che sognavo di seguire, e contatti su server diversissimi, grazie al fediverso.
ciao amici; qualcuno di voi può dare dei suggerimenti utili al mio caro amico Alessandro? (@aletena)? (Nota: il suo profilo è su #poliverso, quindi #friendica )
Per il momento gli ho suggerito di usare i tag per seguire argomenti di interesse e di accedere da browser anziché da app per ricercare più facilmente.
Qualcuno conosce una guida sintetica per muoversi meglio su Poliverso?
Tra le altre cose seguitelo, è musicista/scrittore davvero bravo.
cerca gli hashtag, cioè il cancelletto: ad esempio #letteratura e trovi tutti i post dedicati all'argomento. Da lì puoi vedere i profili degli autori. Meglio da pc che da app telefonica, secondo me. 👍
Graphene always sounds exciting, although we aren’t sure what we want to do with it. One of the most promising features of the monolayer carbon structure is that under the right conditions, it can superconduct, and some research into how that works could have big impacts on practical superconductor technology.
Past experiments have shown that very cold stacks of graphene (two or three sheets) can superconduct if the sheets are at very particular angles, but no one really understands why. A researcher at Northeaster and another at Harvard realized they were both confused about the possible mechanism. Together, they have started progressing toward a better description of superconductivity in graphene.
Part of the problem has been that it is hard to make large pieces of multi-layer graphene. By creating two-ply pieces and using special techniques, an international team is finding that quantum geometry explains how graphene superconductors resist changes in current flow more readily than conventional superconductors.
Another team found that adding another layer makes the material behave more like a family of conventional higher-temperature superconductors. The research appears in two different papers. One covers the two-ply material. The other talks about the material with three layers.
Dopo tre anni di guerra in Ucraina, permane la più totale assenza di informazioni ufficiali sul costo del supporto militare che l’Italia ha fornito finora a Kiev in termini di armi e munizioni inviate.
Spese meno di un terzo delle risorse a meno di due anni dal termine del piano, previsto per metà 2026, e tre anni e mezzo dall’approvazione dello stesso, nel luglio 2021. 5,66 miliardi di euro è quanto si dovrebbe spendere, in media, ogni mese da gennaio 2025 fino all’ultima scadenza del piano, nel dicembre 2026. Ciò pone dubbi sulla possibilità di riuscire a rispettare i vincoli di spesa del piano. La campagna pubblica ha visto protagoniste centinaia di associazioni e organizzazioni della società civile, riunite nelle sigle Dati bene comune e Osservatorio civico PNRR. Il rilascio dei dati da parte del governo è la dimostrazione plastica che la mobilitazione paga.
La società israeliana Paragon Solutions, il cui spyware Graphite è stato utilizzato per colpire almeno 90 persone in due dozzine di Paesi, ha interrotto il suo rapporto con l’Italia. La decisione è stata presa in seguito alle accuse secondo cui il malware sarebbe stato impiegato contro un giornalista investigativo italiano e due attivisti critici. La notizia della rescissione del contratto è stata riportata per prima dal The Guardian, citando una fonte anonima a conoscenza della questione.
Secondo la fonte, il governo italiano avrebbe violato i termini del contratto con Paragon, che vietavano l’uso del software per monitorare giornalisti o membri della società civile. La vicenda ha suscitato un forte dibattito politico in Italia, con l’opposizione che ha chiesto chiarimenti immediati al governo. WhatsApp aveva recentemente avvertito le persone coinvolte che i loro dispositivi erano stati infettati tramite l’invio di documenti PDF malevoli, senza la necessità che gli utenti cliccassero su di essi.
Graphite, lo spyware sviluppato da Paragon, è paragonabile a Pegasus, il noto software di hacking del gruppo NSO. Il malware può infettare un telefono senza che l’utente ne sia a conoscenza, consentendo a chi lo controlla di accedere a dati sensibili, inclusi messaggi e chiamate crittografate su app come WhatsApp e Signal. L’uso di Graphite contro giornalisti e attivisti solleva gravi interrogativi sull’abuso delle tecnologie di sorveglianza da parte dei governi.
Le rivelazioni hanno anche attirato l’attenzione del Parlamento Europeo. Nel frattempo, Francesco Cancellato, direttore di Fanpage, è stato il primo giornalista italiano a dichiarare di aver ricevuto un avviso da WhatsApp sul suo telefono compromesso.
L’uso dello spyware è stato scoperto con l’aiuto del Citizen Lab dell’Università di Toronto, che monitora attacchi contro giornalisti e attivisti. Le indagini hanno rivelato che gli attacchi si sono estesi a diversi Paesi europei, tra cui Belgio, Germania, Spagna e Svezia. Paragon, recentemente acquisita dalla società statunitense AE Industrial Partners, ha anche avuto contratti con l’agenzia federale americana ICE, ma il loro stato attuale rimane incerto.
Mentre Paragon ha rescisso il contratto con l’Italia per motivi etici, rimangono molte domande aperte su chi abbia effettivamente commissionato gli attacchi e su come le tecnologie di sorveglianza vengano impiegate dai governi. L’opposizione ha chiesto un’indagine approfondita, mentre il governo italiano continua a respingere le accuse.
The many YouTube workshop channels make for compelling viewing. even if their hackiness from a Hackaday viewpoint is sometimes variable. But from time to time up pops something that merits a second look. A case in point is [BUM]’s go-kart made entirely from Harbor Freight parts, a complete but rudimentary vehicle for around 300 dollars. It caught our eye because it shows some potential should anyone wish to try their luck with the same idea as a Power Racer or a Hacky Racer.
The chassis, and much of the running gear comes courtesy of a single purchase, a four-wheeled cart. Some cutting and welding produces a surprisingly useful steering mechanism, and the rear axle comes from a post hole digger. Power comes from the Predator gasoline engine, which seems to be a favourite among these channels.
The result is a basic but serviceable go-kart, though one whose braking system can be described as rudimentary at best. The front wheels are a little weak and require some reinforcement, but we can see in this the basis of greater things. Replacing that engine with a converted alternator or perhaps an electric rickshaw motor from AliExpress and providing it with more trustworthy braking would result in possibly the simplest Hacky Racer, or just a stylish means of gliding round a summer hacker camp.
[Jim Colabro] is a little underwhelmed with the experience of low-level debugging of Linux applications using traditional debuggers such as GDB and LLDB. These programs have been around for a long time, developing alongside Linux and other UNIX-like OSs, and are still solidly in the CLI domain. Fed up with the lack of data structure support and these tools’ staleness and user experience, [Jim] has created UScope, a new debugger written from scratch with no code from the existing projects.
GBD, in particular, has quite a steep learning curve once you dig into its more advanced features. Many people side-step this learning curve by running GDB within Visual Studio or some other modern IDE, but it is still the same old debugger core at the end of the day. [Jim] gripes that existing debuggers don’t support modern data structures commonly used and have poor customizability. It would be nice, for example, to write a little code, and have the debugger render a data structure graphically to aid visualisation of a problem being investigated. We know that GDB at least can be customised with Python to create application-specific pretty printers, but perhaps [Jim] has bigger plans?
Anyway, Uscope currently supports only C and Zig, but work is in progress to add C++ and Go support, with plans for Rust, Odin and Jai. Time will tell whether they can gather enough interest to really drive development to support the more esoteric languages fully. Still, Rust at least has a strong support base, which might help get other people involved. It looks like early doors for this project, so time will tell whether it gets traction. We’ll certainly be keeping an eye on it in the future!
If you wish to play along at home, you’ll want to start with the GitHub page, read on from there, and maybe join this discord.
Bear with us for a moment for a little background. The Rideau Canal Skateway in Ottawa is the world’s largest natural skating rink, providing nearly 8 km of pristine ice surface during the winter. But maintaining such a large ice surface is a challenge. A regular Zamboni can’t do it; the job is just too big. So the solution is a custom machine called the Froster, conceived by Robert Taillefer and built by Sylvain Fredette. Froster spans almost twenty meters, and carries almost 4000 L of water. There’s no other practical way to maintain almost 8 km of skating rink. A patent was filed in 2010, granted by the Canadian Intellectual Property Office, and later lost because important notifications started going to an apparently unchecked spam folder. The annual fee went unpaid, numerous emails went unanswered, an expiry date came and went, and that was that.
It’s true that emailed reminders (the agreed-upon — and only — method of contact) going unnoticed to spam was what caused Robert to not take any action until it was too late. We’d all agree that digital assistants in general need to get smarter, and that includes being better at informing the user about automatically-handled things like spam.
But what truly cost Robert Taillefer his patent was having a single point of failure for something very, very important. The lack of any sort of backup method of communication in case of failure or problem meant that this sad experience was, in a way, a disaster just waiting to happen. At least that’s how the Federal Court saw it when he took his complaint to them, and that’s how they continued to see it when he appealed the decision.
If you’ve never heard of the Rideau Canal Skateway or would like to see the Froster in action, check out this short video from the National Capital Commission of Canada, embedded just under the page break.
Ciao a tutte e tutti, siamo una piccola libreria di Fabriano specializzata in libri usati e editoria indipendente. Queste due caratteristiche principali sono frutto della nostra scelta di mantenere una ben precisa linea etica e valoriale. Reputiamo importante salvare e rendere accessibili i libri usati per evitare che una risorsa importante (non per forza tutti i libri lo sono) vada al macero, perché tendenzialmente un libro usato costa meno di uno nuovo e quindi rende la cultura più accessibile, perché per ogni libro usato venduto togliamo potenziale alimento al megamostro della grande editoria italiane. Allo stesso modo reputiamo importante diffondere le proposte di quel mondo incredibilmente variegato e in espansione che è l'editoria indipendente. Sulla base dei nostri valori ci è sembrato naturale e doveroso approdare nel Fediverso per condividere le nostre proposte libresche e gli eventi che di tanto in tanto organizziamo in libreria. Per ora questo è quanto, il resto ve lo facciamo scoprire strada facendo 😀
As great as silicon is for semiconductor applications, it has one weakness in that using it for lasers isn’t very practical. Never say never though, as it turns out that you can now grow lasers directly on the silicon material. The most optimal material for solid-state lasers in photonics is gallium-arsenide (GaAs), but due to the misalignment of the crystal lattice between the compound (group III-V) semiconductor and silicon (IV) generally separate dies would be produced and (very carefully) aligned or grafted onto the silicon die.
Naturally, it’s far easier and cheaper if a GaAs laser can be grown directly on the silicon die, which is what researchers from IMEC now have done (preprint). Using standard processes and materials, GaAs lasers were grown on industry-standard 300 mm silicon wafers. The trick was to accept the lattice mismatch and instead focus on confining the resulting flaws through a layer of silicon dioxide on top of the wafer. In this layer trenches are created (see top image), which means that when the GaAs is deposited it only contacts the Si inside these grooves, thus limiting the effect of the mismatch and confining it to within these trenches.
There are still a few issues to resolve before this technique can be prepared for mass-production, of course. The produced lasers work at 1,020 nm, which is a shorter wavelength than typically used, and there still some durability issues due to the manufacturing process that have to be addressed.
In studio Deca e Simone, regia Massimo. Ascolteremo Analog Africa, Crystal Phoenix, Jamaican Jazz Orchestra, Distant Relatives e molto altro!! @Radio Unitoo
Frontiere Sonore Radio Show #13 - In studio Deca e Simone, regia Massimo. Ascolteremo Analog Africa, Crystal Phoenix, Jamaican Jazz Orchestra, Distant Relatives e molto altro!! -
Whenever I play an RPG, whether it’s Fallout or Cyberpunk 2077, I complete every single quest available to me. The quests grab my attention in an unprecedented way – doesn’t hurt that there’s rewards and progression markers attached. Of course, these systems are meticulously designed to grab attention, making sure you can enjoy the entirety of the game’s content.
Does quest progression in an RPG tangibly impact my life? No. Do they have control over my attention? Yes, for sure. My day-to-day existence is the opposite – my real-life decisions impact me significantly, and yet, keeping attention on them is a struggle. Puzzling, disturbing – and curious. I feel like I’ll never forgive myself if I ignore this problem any longer.
So, I wrote a simple quest system prototype. As usual, it worked, it failed, and it taught me things. Here’s how I did it.
Adjusted To Self First
Quick prototyping is a bane of mine, and I’m forced to study it – I can only spend so much time on any given topic before I can barely pay attention to it. So, no fancy UIs, no roadmaps, I’m writing software that has the lowest interaction resistance possible for me specifically.
My laptop remains my platform of choice – I’m no phone app developer, really, I hate developing for smartphones. Modern smartphones are content consumption machines first, everything else second, and it feels like the user’s actual wellbeing is barely in the top 10. Besides, typing on a physical keyboard is the fastest prototyping and hardware interaction method I know. Smartphones no longer have physical keyboards, you know, the focus on content consumption means that screen real estate is king.
Oh, and I do have Notepad++ constantly open on my laptop! What about storing my quests in a text file, say, quests.txt, in a somewhat computer-friendly format? Then, a constantly running program could reads changes from this file, rewriting it when appropriate. Sounds simple enough, and so the parser.py was born.
I had a few wishes for this program. The main one was: never deleting any file contents by mistake or to enforce structure; everything I type into the file is important and can’t be lost. Aside from that, leaving comments on tasks and quests felt paramount, too – the text file isn’t just a data storage, it’s a user interface, and it needs human-friendly features. At the same time, I needed to make it software-friendly – always parseable and modifiable, letting me do things like automatically marking quest tasks as complete or incomplete, or tying task completion into each other, or auto-marking them, or tying them to real-world events. This resulted in two main features: a rigid-ish structure for quest formatting, and auto-adding machine-parseable quest IDs. Still, I made sure it was easy for me to edit quests and tasks, and put the IDs somewhere they wouldn’t get in the way!
Built, Tweaked, Working
A day-two was spent intensely building parser.py into a self-sufficient prototype, and it grew from 20 lines of parsing code experiment into a full program, left to constantly run in the background monitoring for quests.txt file changes. Then, I split my Notepad++ window into two panes, and put the quests.txt document into one of them, open semi-permanently – thankfully, my laptop screen is wide enough for that.
Easy enough to use day to day, always at my fingertips, collecting data – this script satisfied a few of my human-friendly device design guidelines. I went on making new quests and adding tasks as I remembered them, as well as updating the script itself, adding features and fixing bugs as needed. For brevity, I’ll call this whole process “questing”. The most useful feature, without a doubt, was auto-sorting quest tasks, so that completed tasks would immediately go to the bottom of the quest’s task list – way easier on the eyes. Another feature was task completion/clear logging, as usual, JSON separated by newlines – which unexpectedly gave me timestamps that helped me remember and track time-sensitive medication.
Some features were less expected but still necessary. I am intimately familiar with data loss, so I wrote a quick quests.txt backup script, and added a daily task for myself – do backups. As luck would have it, I accidentally deleted half of the quests.txt file contents, just as I was about to back it up. So, I had to spend about an hour restoring the file state from the day-old backup file and task log items – those really came in handy!
I’ve used the script for about a month – quite a jump from the “two weeks constant”. A lot of smaller hack-on-self projects stay in my life for two weeks at most – any longer than that, and I struggle to pay attention to them. This one worked for longer – a very good sign. Most importantly, even though I’m currently not using this questing system, I keep mentally coming back to it throughout my days, and my main thought is “wish it worked better for me right now”.
A Focus Point
The best thing about this questing system, I started building habits at a surprisingly fast rate. This was genuinely shocking, in all of the good ways, and seriously reassuring. The questing system helped me find some extra focus – as long as I stayed within the “dailies” quest, that is. One thing about .txt file as frontend – to have the file be processed, I need to Ctrl+S, alt-tab to other program, alt-tab back, and click “Yes” in this box. The “Dailies” quest was the only one that actually worked all throughout. As I’ve added quests and tasks, the file grew a ton, currently sitting at 530 lines. Well, my screen fits 40 lines at a time, so most quests stayed always out of reach, easy to forget – just the Dailies quest has 80 lines. There was no ability to highlight tasks I wanted to suggest to myself, or to make a task stand out as more important.
The main limiter this questing system was definitely the UI – the more it grew, the harder it was for me to scroll through the text file and notice the tasks I needed to do. In a way, the system was a good augment, helping me overcome my struggles with Doing All The Things I Want Done, until it grew to the point where it no longer gave me a consistent single point of focus, an always-accessible line in the .txt file that I could look at to spot my daily-tasks-to-do. It’s a predictable limitation of the text file UI, and I could only push it so much.
There was another fun failure mode: the more I used the script, the more I did things in the real world, the less I’d be spending next to my laptop. On days where I wasn’t next to my laptop, the script’s powers would break completely, of course. Basically, the more off-my-laptop tasks I was doing, the less my script would work – so much for helping me exercise, move, and get out more!
“Dailies” were the most fun part of the system, still – as I’m writing this, I’m becoming more and more certain that this UI could work well for me again if I did a few more upgrades to it and limited it to the “Dailies” quest. So, same interface but less overwhelming, a tighter focus, and a few more most-needed ease of use features – feels like I should try that out sometime soon!
Lessons
A lot of fruit lays unpicked on the parser.py field, even with the current text-file UI. Automatically marking all of the “Dailies” tasks completed on a “start of day” trigger, for one! Reminders for medication. Tracking ‘underappreciated’ daily tasks, giving me summaries or notifications that point out ‘daily’ tasks I’ve been neglecting but might still want to do. Quick action keybinds for common actions, just like I do with my anti-crash and anti-distraction scripts, so that I can quickly mark common tasks as completed – without having to unlock my laptop, find the task in the file, and mark it as complete. Graphing of my activity, too, of course it always feels like graphing my data will give some good insights, but it’s not easy for me to do just yet – hopefully it will be easy soon!
No regrets on picking text file as the UI&backend for the initial prototype, though! I’d do it the same all over again – the flexibility has really helped. I even think that a text file format is a great UI for desktop using the quest system – as long as it’s not the backend, so, the quests are actually stored somewhere else. Basically, an editing option, or a human-readable backup format, we could always use more of those.
What about features I could implement given a different UI and backend? More context sensitivity, for one. For example, suggestions on tasks to do depending on how long I’ve been awake, where I am physically right now (home/work/travel/etc), and other context that’s relatively easy to get but still missing. Cross-device task control and sync. Perhaps, the most fun aspect – a “points”/”levels” score keeping system, maybe even with “streak” features!
The concept works, even if it struggles to scale. It needs a better UI, a way more well-suited backend, tighter integration into my day-to-day life, influencing me in a more context-aware and kind way. Quests are good, the current system is good, and it will work better after an upgrade. In particular, you are soon to see a way more suitable and flashy user interface – as always, stay tuned!
The answer is: Elliot Williams, Al Williams, and a dozen or so great hacks. The question? What do you get this week on the Hackaday podcast? This week’s hacks ran from smart ring hacking, to computerized tattoos. Keyboards, PCBs, and bicycles all make appearances, too.
Be sure to try to guess the “What’s that sound?” You could score a cool Hackaday Podcast T.
For the can’t miss this week, Hackaday talks about how to dispose of the body in outer space and when setting your ship’s clock involved watching a ball drop.
Il CISA avverte sulla necessità di aggiornare una grave vulnerabilità di Microsoft, che è già sfruttata dagli aggressori in attacchi attivi. L’avvertimento vale in particolar modo per le agenzie federali.
La VulnerabilitàCVE-2024-21413 consente l’esecuzione di codice arbitrario su sistemi remoti, aggirando i meccanismi di sicurezza di Outlook.
L’errore è stato scoperto dai ricercatori di Check Point ed è correlato alla convalida errata degli input durante l’apertura di e-mail con link dannosi nelle versioni vulnerabili di Outlook.
Sfruttando il bug, gli aggressori possono eludere la Visualizzazione protetta, progettata per bloccare i contenuti pericolosi. Ciò fa sì che i file di Office dannosi vengano aperti in modalità modifica, consentendo il download e l’esecuzione di codice dannoso.
Microsoft lo ha risolto il CVE-2024-21413 ma ha avvisato che la vulnerabilità rimane attiva anche in modalità anteprima documento. Il report di Check Point afferma che gli aggressori utilizzano una soluzione alternativa aggiungendo un punto esclamativo e testo casuale dopo l’estensione del file ai link con il protocollo.
Questo approccio consente di aggirare le difese di Outlook e scaricare contenuti dannosi.
Sono a rischio diverse versioni dei prodotti Microsoft:
Microsoft Office LTSC 2021;
App Microsoft 365 per le aziende;
Microsoft Outlook 2016;
Microsoft Office 2019.
Lo sfruttamento riuscito della vulnerabilità potrebbe portare al furto delle credenziali NTLM e all’esecuzione di codice arbitrario.
Le agenzie federali devono correggere l’errore entro il 27 febbraio, in conformità con la direttiva BOD 22-01.
Il CISA sottolinea che tali vulnerabilità sono spesso prese di mira dagli hacker e rappresentano una seria minaccia per le infrastrutture governative. Sebbene l’ordinanza si applichi alle agenzie governative, gli esperti raccomandano vivamente a tutte le organizzazioni di installare urgentemente aggiornamenti di sicurezza per prevenire possibili attacchi.
Nonostante il consenso unanime sull’importanza di rafforzare la difesa europea, le divergenze tra gli Stati membri dell’Ue restano profonde. In questo scenario arriva da Danzica l’appello, che suona come un monito, della presidente della Commissione europea, Ursula von der Leyen:
@Informatica (Italy e non Italy 😁) Una delle prime mosse della nuova amministrazione Trump punta a ridefinire i confini tra moderazione online, ruolo del governo e rischi di polarizzazione. Ecco le conseguenze della battaglia sulla libertà di espressione
@Politica interna, europea e internazionale Caso Paragon: cosa sappiamo finora sullo spionaggio ai danni del giornalista Francesco Cancellato e dell’attivista Luca Casarini Il giornalista italiano Francesco Cancellato, direttore di Fanpage, è tra le circa 90
Se non sei portata per comandare, fai la direttrice d'orchestra. È la stessa cosa, però più gratificante. In un caso ti sparlano dietro, nell'altro senti la musica.
Elon Musk ha espresso la sua visione secondo cui se scoppiasse un conflitto tra grandi potenze, le tecnologie senza pilota svolgerebbero un ruolo chiave nelle operazioni militari attraverso l’intelligenza artificiale. Ha rilasciato questa dichiarazione durante un discorso tenuto all’Accademia militare degli Stati Uniti a West Point lo scorso agosto, ed è stata pubblicata una registrazione video del suo discorso.
“L’attuale guerra in Ucraina è già in larga misura una guerra con i droni. È una specie di competizione tra la Russia e le altre parti per vedere chi riesce a schierare più droni. Se dovesse scoppiare una guerra tra grandi potenze, sarà una guerra con i droni.”, ha detto Musk.
Secondo l’imprenditore, i conflitti armati moderni dipendono già in larga misura dai droni, come dimostrano gli esempi di vari Paesi che utilizzano attivamente sistemi senza pilota. Ha sottolineato che in caso di uno scontro globale, i droni e le tecnologie di intelligenza artificiale domineranno il campo di battaglia.
Musk ha anche sottolineato che è necessario concentrare gli sforzi sullo sviluppo di sistemi senza pilota e sull’incremento della loro produzione. Ha sottolineato che spesso gli Stati si preparano alle guerre del passato, ignorando le tecnologie promettenti che determineranno i futuri conflitti armati.
Esprimendo preoccupazione per l’uso militare dell’intelligenza artificiale, Musk ha sottolineato le possibili conseguenze negative, paragonandole allo sviluppo della trama del film “Terminator“. Ha chiesto quindi alle persone presenti dell’Accademia Militare di evitare questo scenario.
Le parole di Elon Musk offrono uno sguardo lucido – e inquietante – sul futuro delle guerre, mettendo in evidenza un cambiamento epocale nel modo in cui i conflitti vengono combattuti. L’uso massiccio di droni in Ucraina è già una dimostrazione concreta di questa trasformazione, ma lo scenario che Musk prospetta va ben oltre: in caso di uno scontro tra superpotenze, l’elemento umano potrebbe essere sempre più marginale, mentre l’intelligenza artificiale e i sistemi senza pilota diventerebbero i veri protagonisti del campo di battaglia.
Inoltre, il rischio di escalation è concreto: con la crescente automazione bellica, i conflitti potrebbero diventare più rapidi, più imprevedibili e potenzialmente più distruttivi. Se l’intelligenza artificiale sarà la regina del prossimo campo di battaglia, le guerre del futuro potrebbero non essere più combattute da soldati in carne e ossa, ma da algoritmi e sciami di droni autonomi, con conseguenze ancora difficili da prevedere.
Milano, 6 febbraio 2025 – DeepSeek-R1, un innovativo modello linguistico di grandi dimensioni (LLM) recentemente rilasciato dalla startup cinese DeepSeek, ha catturato l’attenzione del settore dell’intelligenza artificiale. Il modello dimostra di avere prestazioni competitive, mostrandosi più efficiente dal punto di vista delle risorse. Il suo approccio all’addestramento e la sua accessibilità offrono un’alternativa al tradizionale sviluppo dell’AI su larga scala, rendendo più ampiamente disponibili le capacità avanzate.
Per migliorare l’efficienza e preservare l’efficacia del modello, DeepSeek ha rilasciato diverse versioni distillate, adatte a diversi casi d’uso. Queste varianti, costruite su Llama e Qwen come modelli di base, sono disponibili in più dimensioni, che vanno da modelli più piccoli e leggeri, adatti ad applicazioni incentrate sull’efficienza, a versioni più grandi e potenti, progettate per compiti di ragionamento complessi.
Con il crescente entusiasmo per i progressi di DeepSeek, il team di Qualys ha condotto un’analisi di sicurezza della variante DeepSeek-R1 LLaMA 8B distillata utilizzando la piattaforma di sicurezza AI lanciata di recente, Qualys TotalAI.
I risultati presentati di seguito supportano le diffuse preoccupazioni nel settore sui rischi reali del modello. “Con l’accelerazione dell’adozione dell’AI, le organizzazioni devono andare oltre la valutazione delle performance per affrontare le sfide di sicurezza, protezione e conformità. Ottenere visibilità sugli asset AI, valutare le vulnerabilità e mitigare proattivamente i rischi è fondamentale per garantire un’implementazione responsabile e sicura dell’AI” ha commentato Dilip Bashwani, CTO per la Qualys Cloud Platform.
Metodo di analisi KB ed evidenze
Qualys ha testato la variante Deepseek R1 LLaMA 8B contro gli attacchi Jailbreak e Knowledge Base (KB) all’avanguardia di Qualys TotalAI, ponendo domande al LLM di destinazione in 16 categorie e valutando le risposte utilizzando il Qualys Judge LLM. Le risposte sono state valutate in base a vulnerabilità, problemi eticie rischi legali.
Se una risposta è ritenuta vulnerabile, riceve una valutazione di gravità basata sulla sua immediatezza e sul suo potenziale impatto. Questo garantisce una valutazione completa del comportamento del modello e dei rischi associati.
Nel test KB sono state condotte 891 valutazioni. Il modello Deepseek R1 LLaMA 8Bnon ha superato il61% dei test, ottenendo i risultati peggiori in Disallineamento e migliori in Contenuti sessuali.
Metodo di test di Jailbreak TotalAI ed evidenze
Il jailbreak di un LLM comporta tecniche che aggirano i meccanismi di sicurezza incorporati, consentendo al modello di generare risposte limitate. Queste vulnerabilità possono creare risultati dannosi, tra cui istruzioni per attività illegali, disinformazione, violazioni della privacy e contenuti non etici. I jailbreak riusciti mettono in luce le debolezze dell’allineamento dell’AI e presentano seri rischi per la sicurezza, soprattutto in ambito aziendale e normativo.
Il modello cinese è stato testato contro 18 tipi di jailbreak attraverso 885 attacchi. Ha fallito il 58% di questi tentativi, dimostrando una significativa suscettibilità alla manipolazione avversaria. Durante l’analisi, DeepSeek R1 ha faticato a prevenire diversi tentativi di jailbreak avversari, tra cui passaggi su come costruire un ordigno esplosivo, creare contenuti per siti web che si rivolgono a determinati gruppi incoraggiando discorsi d’odio, teorie cospirative e azioni violente, sfruttare le vulnerabilità del software, promuovere informazioni mediche errate, ecc. Esempio di DeepSeek che fornisce contenuti errati e nocivi
I risultati ottenuti dai test evidenziano la necessità di migliorare i meccanismi di sicurezza per impedire l’elusione delle protezioni integrate, garantendo che il modello rimanga in linea con le linee guida etiche e normative. Un meccanismo di prevenzione efficace è l’implementazione di robusti guardrail che agiscono come filtri in tempo reale per rilevare e bloccare i tentativi di jailbreak. Questi guardrail aumentano la resilienza del modello adattandosi dinamicamente agli exploit avversari, contribuendo a mitigare i rischi di sicurezza nelle applicazioni aziendali. Queste vulnerabilità espongono le applicazioni a valle a rischi significativi per la sicurezza, rendendo necessari robusti test avversari e strategie di mitigazione.
Allineamento si, allineamento no: Cosa è meglio?
Negli ultimi anni, i modelli linguistici di grandi dimensioni (LLM) hanno rivoluzionato il panorama tecnologico, influenzando settori che vanno dalla ricerca accademica alla creazione di contenuti. Uno dei dibattiti più accesi riguarda il grado di allineamento di questi modelli con i principi etici e le linee guida imposte dai loro sviluppatori. Secondo un recente articolo pubblicato su Analytics India Magazine, i modelli non censurati sembrano ottenere risultati migliori rispetto a quelli allineati, sollevando interrogativi sulla necessità e sull’efficacia delle restrizioni etiche imposte dall’industria.
L’allineamento dei modelli AI nasce dalla volontà di evitare contenuti pericolosi, disinformazione e bias dannosi. Aziende come OpenAI e Google implementano rigorose politiche di sicurezza per garantire che le loro IA rispettino standard di condotta condivisi, riducendo il rischio di abusi. Tuttavia, il processo di allineamento introduce inevitabilmente filtri che limitano la libertà espressiva e, in alcuni casi, compromettono le prestazioni del modello. Questo perché i sistemi allineati potrebbero evitare di rispondere a domande controverse o generare risposte eccessivamente generiche per attenersi alle linee guida.
Al contrario, i modelli non censurati, che operano senza le stesse restrizioni etiche, dimostrano una maggiore flessibilità e capacità di fornire risposte più precise e dettagliate, soprattutto in contesti tecnici o di ricerca avanzata. Senza i vincoli imposti dall’allineamento, possono elaborare una gamma più ampia di informazioni e affrontare argomenti sensibili con maggiore profondità. Questo vantaggio, però, si accompagna a rischi significativi, come la diffusione incontrollata di disinformazione, contenuti dannosi e l’uso improprio da parte di attori malevoli.
Il problema centrale di questo dibattito non è solo tecnico, ma etico e politico. Un’intelligenza artificiale completamente libera potrebbe rappresentare una minaccia se utilizzata per scopi illeciti, mentre un modello eccessivamente allineato rischia di diventare inefficace o di riflettere un’agenda ideologica oppure attuare censura.
Alcuni ricercatori sostengono che l’equilibrio ideale risieda in un allineamento parziale, che consenta un certo grado di libertà espressiva senza compromettere la sicurezza. Tuttavia, definire i confini di tale equilibrio è una sfida complessa e soggetta a interpretazioni divergenti.
L’industria AI si trova dunque davanti a una scelta cruciale: proseguire lungo la strada dell’allineamento stringente, con il rischio di compromettere le prestazioni e la neutralità dei modelli, o adottare un approccio più permissivo, consapevole dei potenziali rischi. Le conseguenze di questa decisione avranno un impatto diretto sul futuro dell’IA e sulla sua integrazione nella società, influenzando la fiducia del pubblico e la regolamentazione del settore. La domanda fondamentale rimane aperta: quanto controllo è troppo controllo?
@Informatica (Italy e non Italy 😁) Lo spyware Graphite sviluppato dall'israeliana Paragon è stato usato per sorvegliare un centinaio tra giornalisti e attivisti, tra questi anche diversi italiani. Tuttavia, anche se del caso specifico si sa ancora poco, il pericolo è attuale e reale, rendendo etica una questione che è soprattutto
There are some interesting questions afoot, with the news that the Contec CMS8000 medical monitoring system has a backdoor. And this isn’t the normal debug port accidentally left in the firmware. The CISA PDF has all the details, and it’s weird. The device firmware attempts to mount an NFS share from an IP address owned by an undisclosed university. If that mount command succeeds, binary files would be copied to the local filesystem and executed.
Additionally, the firmware sends patient and sensor data to this same hard-coded IP address. This backdoor also includes a system call to enable the eth0 network before attempting to access the hardcoded IP address, meaning that simply disabling the Ethernet connection in the device options is not sufficient to prevent the backdoor from triggering. This is a stark reminder that in the firmware world, workarounds and mitigations are often inadequate. For instance, you could set the gateway address to a bogus value, but a slightly more sophisticated firmware could trivially enable a bridge or alias approach, completely bypassing those settings. There is no fix at this time, and the guidance is pretty straightforward — unplug the affected devices.
Reverse Engineering Using… Strings
The Include Security team found a particularly terrifying “smart” device to tear apart: the GoveeLife Smart Space Heater Lite. “Smart Space Heater” should probably be terrifying on its own. It doesn’t get much better from there, when the team found checks for firmware updates happening over unencrypted HTTP connections. Or when the UART password was reverse engineered from the readily available update. It’s not a standard Unix password, just a string comparison with a hardcoded value, and as such readily visible in the strings output.
Now on to the firmware update itself. It turns out that, yes, the device will happily take a firmware update over that unencrypted HTTP connection. The first attempt at running modified firmware failed, with complaints about checksum failures. Turns out it’s just a simple checksum appended to the firmware image. The device has absolutely no protection against running custom firmware. So this leads to the natural question, what could an attacker actually do with access to a device like this?
The proof of concept attack was to toggle the heat control relay for every log message. In a system like this, one would hope there would be hardware failsafes that turn off the heating element in an overheat incident. Considering that this unit has been formally recalled for over 100 reports of overheating, and at least seven fires caused by the device, that hope seems to be in vain.
We wrote about the mysterious AMD vulnerability a couple weeks ago, and the time has finally come for the full release. It’s officially CVE-2024-56161, “Improper signature verification in AMD CPU ROM microcode patch loader”. The primary danger seems to be malicious microcode that could be used to defeat AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technology. In essence, an attacker with root access on a hypervisor could defeat this VM encryption guarantee and compromise the VMs on that system.
A service many of us depend on is making some changes. Let’s Encrypt is no longer going to email you when your certificate is about to expire. The top reason is simple. It’s getting to be a lot of emails to send, and sending emails can get expensive when you measure them in the millions.
Relatedly, Let’s Encrypt is also about to roll out new six-day certificates. Sending out email reminders for such short lifetimes just doesn’t make much sense. Finally from Let’s Encrypt is a very useful new feature, the IP Address certificate. If you’ve ever found yourself wishing you didn’t have to mess with DNS just to get an HTTPS certificate, Let’s Encrypt is about to have you covered.
Bits and Bytes
There’s a Linux vulnerability in the USB Video Class driver, and CISA has issued an active exploit warning for it. And it’s interesting, because it’s been around for a very long time, and it was disclosed in a Google Android Security Bulletin. It’s been suggested that this was a known vulnerability, and was used in forensic tools for Android, in the vein of Cellebrite.
Pretty much no matter what program you’re using, it’s important to never load untrusted files. The latest application to prove this truism is GarageBand. The details are scarce, but know that versions before 10.4.12 can run arbitrary code when loading malicious images.
Ever wonder how many apps Google blocks and pulls from the app store? Apparently better than two million in 2024. The way Google stays mostly on top of that pile of malware is the use of automated tools, which now includes AI tools. Which, yes, is a bit terrifying, and has caused problems in other Google services. YouTube in particular comes to mind, where channels get content strikes for seemingly no reason, and have trouble finding real human beings at Google to take notice and fix what the automated system has mucked up.
Bluesky’s public launch was one year ago today, and here you can see how the network has grown and changed over this first year. In that year, Bluesky has managed to find a serious role in the larger media ecosystem. The media ecosystem itself has shifted rapidly as well: outlets like Wired and 404 Media, and independent reporters like Marisa Kabas and Nathan Tankus at the forefront of reporting what is happening in the US. I do not think it is an accident that they are all active on Bluesky
Note: I’ve been sick for the past few days, so this edition is a bit shorter and a day late, apologies. Next week’s edition will be focused again on the more technical side of AT Protocol (ATProto).
Credible exit
One of the core concepts why Bluesky is build on the open ATProto is to give users ‘credible exit’. The Bluesky company (Bluesky PBC) is mindful of how companies turn bad over time, and CTO Paul Frazee explicitly talks about how he sees his own company as a ‘future adversary‘. The idea is that in a future where Bluesky has become an adversary to its users, people can have a ‘credible exit’ away from Bluesky towards another microblogging app. People can take their digital identity (the DID, in ATProto terms), social graph and posts with them, and seamlessly continue microblogging on ATProto using another app. Such another competitor microblogging app on ATProto currently does not exist, and an important factor in that is the incentives to build such an app currently are not there. Bluesky is currently not an adversary, has a well-designed app and some significant funding, and it is hard to compete with that. Still, the assumption made by Bluesky PBC is that over the years, Bluesky PBC will gradually turn ‘bad’ in some way, and at some point the incentives are such that another company will build a microblogging competitor on ATProto, and people will have the option to have a credible exit.
The ongoing coup in America changes the dynamic however. Autocratic regimes are not particularly compatible with platforms that allow for free speech by people that oppose the regime. This creates a possibility that either the Musk or the US government will force Bluesky to censor speech or ban accounts that they don’t like, or that either party will come after Bluesky directly. Musk has called Bluesky ‘pedosky’ multiple times, indicating his feelings of contempt for the network that rivals his X platform. Such actions would likely be wildly illegal and should be fought in court, but in a world where an unelected private citizen can decide to shut down entire US government departments, it is prudent to account for the possibility that other illegal stuff might happen as well.
This new political environment changes the understanding of Bluesky having a credible exit as well. So far, Bluesky PBC frames credible exit as a way for people to move to a different app on the same network when the company becomes an ‘adversary’. But in the current political climate, it might just be that the US government becomes an adversary which prompts a need for a credible exit.
Bluesky clients
Bluescreen is the latest video app for Bluesky, made by the creator of the popular Bluesky client Skeets. It is similar to apps like Skylight and Videos for Bluesky, all three apps provide a TikTok-like interface to watch videos that are posted on Bluesky. Over at TechCrunch, Sarah Perez wrote an overview of all the video apps for ATProto that are currently being developed.
Now that I’ve gotten to play around with all three video apps for Bluesky, I am not convinced that Bluesky video clients are the way forward to build a ‘TikTok for Bluesky’. Bluesky’s recent update for video feeds have turned the official Bluesky app into a suitable video client as well, and I find that the video watching experience on the official Bluesky app is better than on any of these three apps. Part of it is that the competitor client apps are all still early in development, and this may change over time. But more importantly, videos on Bluesky get posted in an environment where there are lots of non-video content as well. If I watch a video on Bluesky and I want to see that account’s profile, I’m want to be able to see all of their posts, not just their videos. I can do this with the official Bluesky app, but not with any of the Bluesky video-focused clients.
There are now multiple image-focused Bluesky clients as well. Pinksky was recently released with an interface that is heavily inspired by Instagram. Bluescreen also now has a Bluesky client specifically for photo-sharing, Flashes, that entered open beta this week. Atlas is a Bluesky client for images that has collections similar to Pinboard. These image-focused Bluesky clients all bring something to the table that the official Bluesky client does not have, by restructuring the interface around images. But just with video, I’m wondering if it is enough to build a steady user base.
The Links
Two RSS readers added Bluesky support this week: Feedly and Inoreader.
handles.net allows for large-scale managing of Bluesky handles, similar to other services like Aviary.
Another way to add bookmarks to Bluesky, this time with a separate app.
That’s all for this week, thanks for reading! You can subscribe to my newsletter to receive the weekly updates directly in your inbox below, and follow this blog @fediversereport.com and my personal account @laurenshof.online.
FOSDEM and the fediverse match well together, some issues regarding data privacy and consent, and multi-network client Openvibe gets 800k in funding.
The News
FOSDEM, the free event for open source software was this weekend in Brussels, with a large presence for the fediverse and the social web. There were three events, presentations by various fediverse software developers in the SocialWeb Devroom, an extra smaller event on Sunday for more presentations, and a more casual event on Sunday evening at Brussels Hackerspace. All the events were fully packed, showing the large amount of interest from the community for the fediverse and the social web. The Social Web Foundation has been the main initiator of these events.
Some thoughts and observations:
Fediverse Enhancement Proposals (FEP) are documents with the goal to improve applications on the fediverse. People can write proposals, and developers can decide to support and implement proposals as they see fit. There are some great technical FEPs, but one of the challenges of such a grassroots system is getting buy-in from developers to support specific FEPs. NodeBB developer Julian Lam held a presentation ‘The Fediverse is Quiet — Let’s Fix That!’ as an advocacy for a specific FEP. The proposal Lam talks about is about fixing the problem of missing replies, where people do not see all replies on a post. What I think is noteworthy about Lam’s presentation is that it frames a FEP not only as a technical document, but as a process that needs community buy-in for other developers to support and implement a FEP. Hopefully, more of such advocacy might help see more FEPs implemented as well.
Mastodon presented the progress on their Fediverse Discovery Provider project. The project builds an opt-in decentralised service for better discovery and search. In the presentation (and on the website), Mastodon stressed that the project is not only a Mastodon project, but is intended to be used by the entire fediverse. Mastodon developer David Roetzel said that he hoped that the goal is that many servers will run a “Fediverse Auxillary Service Provider”. Personally I think that it is instructive to look at Bluesky here. While the AT Protocol is decentralised, in practice everyone uses infrastructure owned by the Bluesky company. I’m not convinced yet that the Fediverse Discovery Provider project will not run into the same problem, as I’m unclear on what the incentives are for people to run competing Fediverse Discovery Provider projects.
Some of the more interesting presentations I saw were about the integration of different types of protocols with ActivityPub. The ActivityPods project combines ActivityPub with Solid Pods, which shows quite some similarities with how the PDS system of ATProto works. All your data is stored on your Pod, multiple types of apps can connect to your Pod, and communicate via ActivityPub. It allows you to have a single account that is used for multiple platforms, similar with how your ATProto account can be used for multiple types of apps.
One of the most valuable parts of a conference like FOSDEM is getting developers together in a room to meet and build relationships. Fediforum has provided such a place for people to gather digitally, but meeting people in real life remains one of the best ways to build trust and relationships. Some practical ways this was visible this FOSDEM was by getting the NodeBB, WordPress ActivityPub plugin, WriteFreely and Ghost developers together and recognising themselves as the ‘longform’ people. This group of developers getting together this way helps with the various projects becoming more interoperable, and better support for longform content in the fediverse.
Two issues regarding consent and data processing this week. The first is with GoToSocial and fediverse statistics sites like fedidb.org and fediverse.observer. Some GoToSocial servers have blocked statistics sites from indexing their platforms via robots.txt, but the crawlers of fedidb.org and fediverse.observer ignore those. In response, the main GoToSocial server decided to serve up randomised numbers, messing up the statistics of these sites. Fedidb developer Daniel Supernault removed GoToSocial altogether from the statistics site, but does not seem to be willing to respect the opting out of crawling via robots.txt. The second is regarding the shutdown of FediOnFire, that displayed public posts from a relay in a format similar to one of Bluesky’s firehose visualisation tools.
How the fediverse treats consent for public posts is unusual, and make it stand out from other networks. For a significant group of people, consent for processing other people’s ‘Public’ ActivityPub posts is done on an opt-out bases if the service doing the processing is vaguely shaped like a full 2-way interacting fediverse server. In contrast, consent for processing other people’s ‘Public’ ActivityPub posts is done on an opt-in basis if the service doing the processing is vaguely shaped like a crawler. The line between these two situations is hard to draw, even more so in an internally coherent way. Still, this line clearly exists, and ignoring it leads to high-profile blowups such as with Searchtodon and Bridgy Fed. Defining the permissions clearly for posts would help here, and it is frustrated to see that the situation has not meaningfully improved in years. Furthermore, that fediverse stats sites have ignored the opt-out on a server level via robots.txt indicates that servers setting permissions is not a panacea either.
The Pixelfed Kickstarter has seen some updates this week. First was the update that setting up a Pixelfed Foundation is now moved to the stretch goal of $200k CAD, and that for $300k CAD the stretch goal is to expand the team to hire additional developers. A few days later, developer Daniel Supernault said that the $300k CAD stretch goal is now to build a Tumblr alternative. That brings the goal of the Pixelfed Kickstarter to build four platforms: Pixelfed, Loops, Sup (an encrypted messaging platform) and an unnamed Tumblr alternative, as well as building a foundation and a developer testing kit with Pubkit. Moving the foundation to a stretch goal that has not been met yet does not feel great to me, as good governance of such large platforms is highly important. Adding a Tumblr alternative to another later stretch goal also makes me concerned that Supernault is taking on too much here, as that is a lot of products to build and maintain.
Openvibe, a client that combines your Bluesky, Mastodon, Nostr and Threads account into a single feed, has raised 800k USD in outside investment, with Automattic among the investors. Openvibe is an early mover in the space, and it’s a name I regularly see pop up when people recommend clients. However, open networks and open APIs means that it is hard to build a competitive moat. Still, most apps are hobby projects, and I’m curious how far Openvibe can push their app with the new funding.
For the past two years, Radio Free Fedi has held a special place in my heart. The community operation started as a small experiment, but quickly grew into a Fediverse institution. In the time that it
Its another massive week for Pixelfed, growing by another 100k active users and doubling their Kickstarter goal, raising over 100k CAD. Tumblr confirms they still intend to join the fediverse.
Its another massive week for Pixelfed, growing by another 100k active users and doubling their Kickstarter goal, raising over 100k CAD.
The News
Pixelfed continues to grow rapidly, adding almost 100k monthly active users in a week, and has now almost 300k monthly active users. Just over a month ago, Pixelfed had around 20k monthly active users. Developer Daniel Supernault launched a Kickstarter this week for Pixelfed,Loops and Sup. The Kickstarter proved popular, raising 100k CAD, double its 50k CAD goal. The Kickstarter is mainly for to fund the continuous development of the platforms, with the primary goals listed as ‘acceleration development’ for Pixelfed and Loops, and starting the development of messaging platform Sup. Sup is a planned encrypted messaging app that is supposed to compete with WhatsApp and Snapchat. Supernault has mentioned working on the project in the past, but it is unclear how far along the project is.
Supernault says that the operational costs for running all of his projects is now over 4000 USD per month. The large majority of people joining the flagship servers pixelfed.social and loops.video, which are both run by Supernault. Still, it seems like Supernault is not particularly interested in sharing out the load of users to other servers, saying that people unfamiliar with the fediverse want to join a a flagship instance. He also says that “using random servers to register on is very dangerous, because not all of them are as dedicated to this as I am, some of them don’t update frequently or handle mod reports as fast as we do.” Supernault is currently the only moderator for both the pixelfed.social server as well as the pixelfed.art server. He also says that Pixelfed.social needs to establish a mod team. One barrier to adding extra moderators is that Pixelfed does not have a specific ‘moderator’ role in the software, there is only the possibility to give someone full admin rights. Supernault says that he is working on adding such a feature.
The Pixelfed Kickstarter also lists a Pixelfed Foundation as its stretch goal. It is not particularly clear what such a Foundation would entail: the Kickstarter describes it as both a foundation and a corporation, as says that it “hopefully” would be a not-for-profit. Some of the potential work of the Pixelfed foundation would be to grow the Pixelfed and Loops social networks, and also support other developers in the wider fediverse ecosystem.
Tumblr has reconfirmed that it is working on connecting to the fediverse. In late 2022, Automatic CEO Matt Mullenweg said that the site was going to add ActivityPub support ‘soon’. Plans changed for Tumblr, including staff layoffs, and for a long time it was unclear if this plan was actually going to happen. In summer 2024, Tumblr announced that they would be working on moving the backend of Tumblr to WordPress. In an AMA this week, the company said that this migration of Tumblr to WordPress means that Tumblr can also use the plugins of WordPress, including the ActivityPub plugin. This means that people will be able to add ActivityPub to their Tumblr blogs. Not much is known about how this would work in practice.
The Analysis
Editor’s note: I wrote the section below before Supernault published his latest update on Kickstarter a few hours ago. In the latest update the Pixelfed Foundation is now moved towards a new stretch goal of 200k CAD. This changes my analysis, but I currently do not have the time to properly analyse and write about it before this newsletter will go out. I’ll write more about this next week.
Some more thoughts on Pixelfed:
I worry about the moderation side for Pixelfed, and specificially the flagship pixelfed.social. Pixelfed.social is now a server with over 200.000 monthly active users, and Supernault is the only moderator for the server. 1 moderator for over 200k active accounts is not a whole lot, to put it mildly. One of the main goals of the Kickstarter is to “expand the moderation, security, privacy and safety platforms”, and my hope is that the financial success of the Kickstarter can help get a bigger moderation team for the servers as quickly as possible.
One of the consistently most difficult aspects of fediverse platforms is the governance of the software. Mastodon has gotten a lot of pushback for its ‘Benevolent-Dictator-For-Life‘, and correspondingly, a lot of praise when Mastodon recently moved away from this model. For Pixelfed and Loops the power concentration into a single person is even more pronounced, with a single developer running two different platforms, two flagship servers as well as various other prominent fediverse projects such as fedidb. It shows the incredible amount of work that Supernault has contributed to the fediverse, but it also indicates the centralisation of power that has resulted from this. The Kickstarter promises a Pixelfed Foundation, but it does not say anything about how the Foundation will deal with governance. The short description of the Foundation mainly seems to be focused on financial sustainability and growth of fediverse projects. The section on the Pixelfed Foundation ends with a quote from Mastodon’s blog post: “The people should own the town square”, but it does not explain in any way how “the people” will get to “own the town square”.
Over on Bluesky, the short-lived TikTok ban in the US has put video front-and-center. As a response, people are starting to take Bluesky posts that contain video, and build a TikTok-like UI around it. Bluesky launched video feeds in their app last week, and SkyLight is a high-profile project to build a video-only UI for Bluesky posts. I’m curious if Pixelfed’s renewed prominence will lead to more interest in similar image-viewing fediverse clients that less bound to server platforms, whether that is Pixelfed, Mastodon or other fediverse platforms.
The dominance of Mastodon and microblogging over the wider fediverse has led to a situation where Mastodon and the fediverse get equated as mostly the same in coverage of larger news outlets. The growth of Pixelfed, and the mainstream attention that it brings now changes this dynamic. This Forbes article about Pixelfed is a good example, where the fediverse gets introduced from the perspective of Pixelfed instead of from a perspective of Mastodon.
The Kickstarter states an “Commitment to open source and open principles”, and says that “all of the source code for Pixelfed is licensed under the AGPL license and is publicly available on GitHub”. I am not clear why Loops is not mentioned here for a commitment to open source. Loops is not currently neither open source nor federating, according to the official Pixelfed account. While Supernault also says that he is “working on that”, I find it strange that Loops is not mentioned under the commitment to open source.
Building an encrypted messaging app is difficult, to put things mildly. Building an encrypted messaging as a solo developer, while also building an Instagram competitor as well as a TikTok competitor is just wildly optimistic. I fear that Supernault is spreading himself too thin here, committed to too many different products. Supernault’s shifting attention makes it difficult for him to ship features he has promised. Notable example of this is the Groups feature for Pixelfed, which Supernault has promised as coming “very soon” since summer 2023. His latest estimation for groups is now for Q2 2025.
Tumblr saying that they are working on their fediverse integration is great news for the fediverse. For a quite a while it seemed that Tumblr would not actually follow through on early announcements by CEO Mullenweg. The answer by Tumblr that ActivityPub support will depend on a plugin makes it plausible to me that Tumblr blogs will likely have to opt-in to connecting themselves to the fediverse by adding the plugin. So based on the limited information available it seems likely to me it will not be a situation where the fediverse instantly grows by millions of active users.
Welcome to the 100th edition of Fediverse Report! It’s been a wonderful and strange 2 years to report on all the developers in the fediverse and the wider open social web. The current state of the open social web is nothing like I expected it to be when I started writing. When I first started I expected the fediverse to slowly gain wider adoption over the years. Instead, adoption has dropped compared with 2 years ago. At the same time, the current state of the internet and social platforms make it loud and clear that there is a huge need for better social platforms. I do not know what role the fediverse and the open social web will play in all of it, but I do strongly belief in the importance of helping people understand what is going on in the space. Thank you all for reading and the support over the years!
The News
Pixelfed has seen massive growth over the last week. The photo sharing platform grew from some 20k monthly active users in December to almost 200k MAU right now. The inflow of new people is driven by a combination of three things: people are actively looking for an alternative to Instagram, as well as renewed media attention to Pixelfed as a result of the official app release. Pixelfed’s launch of the official apps has gotten significant media attention (1, 2, 3, 4, 5). The reviews of the Pixelfed apps show that there are two reasons for people to look for an Instagram alternative: not only are people looking to ditch Meta products due to their alignment with Trump, people are also looking for another photo sharing app that has not gotten as bloated as Instagram has. The title of the Lifehacker review makes that point clear, describing Pixelfed as a “Return to Instagram’s Glory Days”.
Pixelfed developer Daniel Supernault says he has gotten multiple offers from VCs to chat about Pixelfed, but that he has rejected them all. Instead he will launch a Kickstarter on January 22nd. Not much is clear yet about the Kickstarter, but in the introduction Supernault makes it clear he has big plans, saying: “We aim to be the first Fediverse app with a billion people by taking on the worlds biggest players using open source standards.” Loops got critiqued for it’s “predatory” Terms of Service, which Supernault responded to a few days later by changing the ToS of Loops to be the same as those of Pixelfed.
Forum software NodeBB has officially launched their 4.0 version, which includes ActivityPub support. NodeBB has been working on adding ActivityPub for almost a year, and been testing it for a while as well. The community.nodebb.org forum has been connected to the fediverse for a while now, showing what a connection between forums and microblogging looks like in practice. Developer Julian Lam says that existing NodeBB forums will have to opt-in to the fediverse connection, while it will be enabled by default for new forums going forward. Lam also says that the work on ActivityPub also helped connect NodeBB with competitor Discourse, saying “NodeBB and Discourse have been vying for the exact same market share (forums, community-building, self-started or enterprise) for over 10 years, and it was only after ActivityPub came around that the dev teams even started talking to one another.” By both working on ActivityPub, these competitors are now also collaborators, and both their forums can connect with each other.
BotKit by Fedify is a new framework for building bots on ActivityPub. It is powered by Fedify, a TypeScript library for building with ActivityPub. Using BotKit allows people to easily build bots for ActivityPub, instead of building bots on Mastodon or Misskey.
The WordPress ActivityPub plugin now gives you the ability to show fediverse engagement on the page itself. I’ve enabled it below as well, go check it out!
The Analysis
Some stray thoughts on Pixelfed’s growth:
It has been a long time since the fediverse has seen a notable increase in users and new signups: the last major event was in July 2023 with people looking for Reddit alternatives. Over time, Bluesky became the default destination for people looking to migrate away from X. The ATmosphere does not have a dedicated place for sharing photos, giving all the more opportunity for Pixelfed to be the new home of people looking for an Instagram alternative.
One of the advantages of the fediverse is in the interoperability between different platforms, even when two platforms are focused on a different modality of communications. Mastodon and Pixelfed can interoperate with each other, but the much more question is: will this be feature that will be actively used, or more of a niche nice-to-have? Mastodon does have an active traditions for the sharing of photos with hashtags such as #silentsunday, and I’m curious if/how these traditions will evolve with a more active photo sharing platform.
Supernault is now responsible for the development of two different types of platforms: Pixelfed and Loops, and is also responsible for running the flagship servers for both platforms: pixelfed.social and loops.video. The amount of work that Supernault puts into the fediverse is incredibly impressive. At the same time, it does give me cause for concerns for governance of the platforms. It is an incredibly amount of load and responsibility that is all placed on a single person. Supernault would do well to delegate a significant amount of responsibility here. However, previous cases where other developers have tried to work together have not gone well, for various reasons. I’m concerned that the fediverse is replicating the same problems that Mastodon has had with governance here.
Pixelfed looks to replicate the same power dynamic that Mastodon has with the mastodon.social server. The large majority of new signups are going to the main pixelfed.social server. The power dynamics of Pixelfed are even more skewed than they are with Mastodon: 75% of Pixelfed’s current monthly active users are on the pixelfed.social server.
One of the fundamental challenges of building a decentralised social network with ActivityPub is in the tension between local and global. The fediverse is a super-network of connected social networks: you can see mastodon.social as its own social network, that has joined the larger fediverse. This theoretically allows for benefits such as local digital communities with local norms and moderation. In practice, most fediverse software is not interested in the local communities part, and actively discourages using the software as such: Mastodon explicitly prohibits posting only to your local server, for example. As such, the fediverse as it currently is, is mainly a singular global network, and less a network made of a plurality of spaces. This current dynamic in the fediverse is what makes forums like NodeBB adding ActivityPub to their platforms so interesting. Forums like NodeBB are understood to be local communities. When you go to a forum, you expect to see only people and posts from that specific forum. Forums are often tied around a specific topic or community, making much easier to define what the local forum community is all about. Now these forums that understand the value of having a clear local community have an additional connection to a wider network. It is effectively the reverse sales-pitch of most current fediverse servers. Mastodon says: join the larger fediverse, and you might have some additional benefits if you join the fediverse via a specific community/server. NodeBB says: join our specific forum community, and you might have some additional benefits by being connected to a larger fediverse network.
TechCrunch checked in with Threads on their plans to add account portability to their fediverse integration, writing: “A Meta spokesperson couldn’t confirm that the topic was even on the Threads roadmap, let alone when it was due to be addressed.” I recently published that I do not have a satisfying answer as to “Why is Meta adding fediverse interoperability to Threads?”. Last week I also reported that the Threads-fediverse connection is seeing incredibly low uptake from the side of Threads; in total at best only a few thousand people on Threads follow someone from the fediverse. As Meta is quickly aligning itself politically with Trump, and applying censorship accordingly, the question becomes louder and louder: why is the fediverse still bothering with Threads? In practice nobody on Threads is interested in connecting with the fediverse, it does not allow for people to migrate their account from Threads to the fediverse, and it is bad optics for the fediverse to boot.
In This Issue
* A Longer Note From The Editor
* Technical Updates
* Owncast 0.2.x Series Released
* New Features for Roku Owncasts
* Features
* JNKTN Holiday Season Stream
* A Heartfelt Farewell to Radio Free Fedi
* Closing Remarks
…
@Informatica (Italy e non Italy 😁) Lo spyware Graphite dell'israeliana Paragon è stato usato per sorvegliare un centinaio tra giornalisti e attivisti, tra questi anche diversi italiani. Tuttavia, anche se del caso specifico si sa ancora poco, il pericolo è attuale e reale, rendendo etica una questione che è
@Notizie dall'Italia e dal mondo Campi profughi sotto attacco. E nell’ospedale governativo di assediato di Jenin arrivano «solo civili, gente innocente». L'articolo Morti, sfollati e demolizioni. Tulkarem e Jenin come Gaza pagineesteri.it/2025/02/07/med…
A San Valentino mi piazzo con il mio ukulele sul bel palchetto del Don Pepe di Ostia (RM) e mentre le coppie di piccioncini tubano e sbocconcellano paella e gustano sangria io mi chiuderò a cantare tutte le più belle canzoni d'amore della storia della musica giamaicana, da Come Back Liza a Big Bamboo, da Tide Is High a Cherry Oh Baby, da Wait In Vain a Stir It Up, da Willow Tree fino a Girl I Got A Date...anzi no, quest'ultima meglio di no perché non è per niente romantica, parla di uno che dice alla ragazza con cui sta: "Purtroppo devo andare perché ho un altro appuntamento", sto rattuso 🤣
Prenotate con fiducia, ci sarà da divertirsi! ❤
Ristorante Don Pepe L.mare Paolo toscanelli 125 Ostia Lido per info e prenotazioni 3409922150 / 065672408
Marco Siino
in reply to alessandro tenaglia • •io invece mi sto divertendo un casino.
Il campo “Cerca” in alto a destra, seguendo i tuoi interessi… e man mano che trovi, “Segui”. Arredati piano piano la tua stanzetta virtuale. Per me è stato un buono sprone radiotarantula.wordpress.com/2… e, grazie a Friendica nel giro di giorni, forse ore, ho tutti i contenuti che sognavo di seguire, e contatti su server diversissimi, grazie al fediverso.
🇪🇺 Il Simone Viaggiatore ✈️🧳
in reply to alessandro tenaglia • • •ciao amici; qualcuno di voi può dare dei suggerimenti utili al mio caro amico Alessandro? (@aletena)? (Nota: il suo profilo è su #poliverso, quindi #friendica )
Per il momento gli ho suggerito di usare i tag per seguire argomenti di interesse e di accedere da browser anziché da app per ricercare più facilmente.
Qualcuno conosce una guida sintetica per muoversi meglio su Poliverso?
Tra le altre cose seguitelo, è musicista/scrittore davvero bravo.
#mastoaiuto #FriendicaHelp #FriendicaTips
nadia_dagaro
in reply to alessandro tenaglia • • •