Marcus Myers, the school district’s chief academic officer, told KTVB that the problem with the poster is that it does not respect differing opinions.

That poster does not respect differing opinions?!?!

Is a school now supposed to respect the opinion that not all children are welcome there?

😳😳😳😳😳😳

comicsands.com/idaho-teacher-w…

The Amiga has a lot of fans, and rightly so. The machine broke a lot of ground. However, according to [Dave Farquhar], one of the most popular models today — the Amiga 600 — was reviled in 1992 by just about everyone. One of the last Amigas, it was supposed to be a low-cost home computer but was really just a repackaged Amiga 1000, a machine already seven years old which, at the time, might as well have been decades. The industry was moving at lightspeed back then.

[Dave] takes a look at how Commodore succeeded and then lost their way by the time the 600 rolled out. Keep in mind that low-cost was a relative term. A $500 price tag was higher than it seems today and even at that price, you had no monitor or hard drive. So at a $1,000 for a practical system you might as well go for a PC which was taking off at the same time.

By the time Commodore closed down, they had plenty of 600s left, but they also had refurbished 500s, and for many, that was the better deal. It was similar to the 500 but had more features, like an external port and easy memory expansion. Of course, both machines used the Motorola 68000. While that CPU has a lot of great features, by 1992, the writing was on the wall that the Intel silicon would win.

Perhaps the biggest issue, though, was the graphics system. The original Amiga outclassed nearly everything at the time. But, again, the industry was moving fast. The 600 wasn’t that impressive compared to a VGA. And, as [Dave] points out, it couldn’t run DOOM.

There’s more to the post. Be sure to check it out. It is a great look into the history of the last of a great line of machines. Maybe if Commodore had embraced PC interfaces, but we’ll never know. [Dave’s] take on the end of the Amiga echos others we’ve read. It wasn’t exactly Doom that killed the Amiga. It was more complicated than that. But Doom would have helped.

hackaday.com/2025/03/16/the-am…

If you think of old recording technology, you probably think of magnetic tape, either in some kind of cassette or, maybe, on reels. But there’s an even older technology that recorded voice on hair-thin stainless steel wire and [Mr. Carlson] happened upon a recorded reel of wire. Can he extract the audio from it? Of course! You can see and hear the results in the video below.

It didn’t hurt that he had several junk wire recorders handy, although he thought none were working. It was still a good place to start since the heads and the feed are unusual to wire recorders. Since the recorder needed a little work, we also got a nice teardown of that old device. The machine was missing belts, but some rubber bands filled in for a short-term fix.

The tape head has to move to keep the wire spooled properly, and even with no audio, it is fun to watch the mechanism spin both reels and move up and down. But after probing the internal pieces, it turns out there actually was some audio, it just wasn’t making it to the speakers.

The audio was noisy and not the best reproduction, but not bad for a broken recorder that is probably at least 80 years old. We hope he takes the time to fully fix the old beast later, but for now, he did manage to hear what was “on the wire,” even though that has a totally different meaning than it usually does.

It is difficult to recover wire recordings, just as it will be difficult to read modern media one day. If you want to dive deep into the technology, we can help with that, too.

youtube.com/embed/WJUOWRTBf0I?…

hackaday.com/2025/03/16/wire-r…

“The brickings will continue until the printer sales improve!” This whole printer-bricking thing seems to be getting out of hand with the news this week that a firmware update caused certain HP printers to go into permanent paper-saver mode. The update was sent to LaserJet MFP M232-M237 models (opens printer menu; checks print queue name; “Phew!) on March 4, and was listed as covering a few “general improvements and bug fixes,” none of which seem very critical. Still, some users reported not being able to print at all after the update, with an error message suggesting printing was being blocked thanks to non-OEM toner. This sounds somewhat similar to the bricked Brother printers we reported on last week (third paragraph).

The trouble is, some users are reporting the problem even if they had genuine HP toner installed. Disturbingly, HP support seems to be fine with this, saying that older HP toner “may no longer be recognized due to new security measures.” Well, there’s your problem, lady! The fix, of course, is to buy yet more genuine HP toner, even if your current cartridge still has plenty of life left in it. That’s a pretty deplorable attitude on HP’s part, and more than enough reason to disable automatic firmware updates, or better yet, just disconnect your printer from the Internet altogether.

Here’s a pro-tip for all you frustrated coders out there: no matter how hard the job gets, planting a logic bomb in your code is probably not the right way to go. That’s the lesson that one Davis Lu learned after being convicted of “causing intentional damage to protected computers” thanks to malicious code he planted in his employer’s system. Apparently not optimistic about his future prospects with Eaton Corp. back in 2018, Lu started adding code designed to run a series of infinite loops to delete user profiles. He also went for the nuclear option, adding code to shut the whole system down should it fail to find an Active Directory entry for him. That code was apparently triggered on the day he was fired in 2019, causing global problems for his former employer. Look, we’ve all been there; coding is often lonely work, and it’s easy to fantasize about coding up something like this and watching them squirm once they fire you. But if it gets that bad, you should probably put that effort into finding a new gig.

Then again, maybe the reason you’re dissatisfied with your coding job is that you know some smart-ass LLM is out there waiting to tell you that you don’t know how to code. That’s what happened to one newbie Cursor user who tried to get help writing some video game code from the AI code editor. The LLM spat back about 750 lines of code but refused to reveal the rest, and when he asked to explain why, it suggested that he should develop the logic himself so that he’d be able to understand and maintain the code, and that “Generating code for others can lead to dependency and reduced learning opportunities.” True enough, but do we really need our AI tools to cop an attitude?

And finally, if you’re anything like us, you’re really going to love this walking tour of a container ship’s mechanical spaces. The ship isn’t named, but a little sleuthing suggests it’s one of the Gülsün-class ships built for MSC in 2019, possibly the MSC Mina, but that’s just a guess. This 400-meter monster can carry 23,656 twenty-foot equivalent units, and everything about it is big. Mercifully, the tour isn’t narrated, not that it would have been possible, thanks to the screaming equipment in the engine room. There are captions, though, so you’ll at least have some idea of what you’re looking at in the immaculately clean and cavernously huge spaces. Seriously, the main engine room has to have at least a dozen floors; being on the engineering crew must mean getting your steps in every day. The most striking thing about the tour was that not a single other human being was visible during the entire hour. We suppose that’s just a testament to how automated modern vessels have become, but it still had a wonderfully creepy liminal feeling to it. Enjoy!

hackaday.com/2025/03/16/hackad…

Firefly’s Blue Ghost lander’s first look at the solar eclipse as it began to emerge from its Mare Crisium landing site on March 14 at 5:30 AM UTC. (Credit: Firefly Aerospace)
After recently landing at the Moon’s Mare Crisium, Firefly’s Blue Ghost lunar lander craft was treated to a spectacle that’s rarely observed: a total solar eclipse as seen from the surface of the Moon. This entire experience was detailed on the Blue Ghost Mission 1 live blog. As the company notes, this is the first time that a commercial entity has been able to observe this phenomenon.

During this event, the Earth gradually moved in front of the Sun, as observed from the lunar surface. During this time, the Blue Ghost lander had to rely on its batteries as it was capturing the solar eclipse with a wide-angle camera on its top deck.

Unlike the Blood Moon seen from the Earth, there was no such cool effect observed from the Lunar surface. The Sun simply vanished, leaving a narrow ring of light around the Earth. The reason for the Blood Moon becomes obvious, however, as the refracting of the sunlight through Earth’s atmosphere changes the normal white-ish light to shift to an ominous red.

The entire sequence of images captured can be observed in the video embedded on the live blog and below, giving a truly unique view of something that few humans (and robots) have so far been able to observe.

You can make your own lunar eclipse. Or, make your own solar eclipse, at least once a day.

youtube.com/embed/M2P-z_cXsOs?…

hackaday.com/2025/03/16/blue-g…

Current measurements are not as handy as voltage measurements. You typically need to either measure the voltage across something and do some math or break the circuit so a known resistor in your instrument develops a voltage your meter measures and converts for you. However, it is possible to get non-contact current probes. They are generally pricey, but [Kerry Wong] shows us one under $200 and, thus, budget compared to similar probes. Check out the review in the video below.

The OWON unit has three ranges: 4 A, 40 A, and 400 A. It claims a resolution of 10 mA and a bandwidth of 200 kHz. It requires a 9 V battery, which [Kerry] suspects won’t last very long given the rated power consumption number, although the measured draw was not as high as claimed. The specs aren’t great — this seems to be little more than a current probe meter with a connector for an oscilloscope, but if it meets your needs, that could be acceptable.

Stay tuned for the end if you want to see the insides. There’s not much on the PCB’s top side. There’s a hall-effect sensor, some adjustment pots, and an op amp. The other side of the board has many more components, but the circuit is purely analog.

It made us wonder if we should nip down to the local cheap tool store and buy a $40 meter with similar specs. It seems like you could find a spot to tap a voltage from that and save quite a bit of money.

It is possible to create a probe that doesn’t break the bank and manages at least 2 MHz of bandwidth. Or, make your own for about $25, although we can’t vouch for the specs on that one.

youtube.com/embed/ieQ-yPHMdo8?…

hackaday.com/2025/03/16/inside…

La causa intentata da Apple contro il governo britannico ha iniziato a essere discussa a porte chiuse presso la Royal Courts of Justice di Londra. L’azienda non è d’accordo con la richiesta del Ministero degli Interni di accedere ai file degli utenti che hanno attivato Advanced Data Protection (ADP), uno strumento che impedisce a chiunque, tranne il proprietario, di leggere i dati protetti.

Giornalisti di importanti testate, tra cui BBC, Guardian, Telegraph, PA, Bloomberg e Computer Weekly, hanno partecipato all’udienza dell’Investigatory Powers Tribunal, ma non è stato loro consentito l’accesso in aula. Il governo è rappresentato da Sir James Eadie QC, che in precedenza aveva difeso il governo nel caso di alto profilo della revoca della cittadinanza di Shamima Begum.

Cinque politici americani hanno chiesto alla corte di smettere di nascondere i dettagli del processo, poiché ritengono che ciò sollevi questioni di sicurezza internazionale. Anche gli attivisti per i diritti umani si sono espressi contro le udienze tenute a porte chiuse. Ritengono che il divieto di stampa sia inaccettabile quando si tratta di questioni di sicurezza globale e privacy.

L’ADP di Apple utilizza la crittografia end-to-end basata su chiavi crittografiche create direttamente sul dispositivo dell’utente. Il sistema si basa sul principio di fiducia zero. Tutti i dati, inclusi i backup di iCloud, le foto, le note e i messaggi, vengono convertiti in codice crittografato utilizzando una chiave crittografica univoca. Questa chiave non lascia mai il dispositivo dell’utente e non viene trasmessa ai server dell’azienda. A proposito, lo stesso approccio viene utilizzato dai popolari servizi di messaggistica Signal, WhatsApp e iMessage.

A febbraio, il governo del Regno Unito ha tentato di utilizzare l’Investigatory Powers Act per ottenere l’accesso ai dati criptati degli utenti. Secondo il documento, le forze dell’ordine possono obbligare le aziende tecnologiche a fornire informazioni su richiesta.

Apple in risposta Chiudere ADP nel Regno Unito e ha fatto causa al governo. L’azienda è convinta che per soddisfare le richieste del governo sarà necessario creare una falla nel software che gli hacker potranno poi sfruttare.

Il Ministero degli Interni insiste sul fatto che è necessario proteggere i cittadini dai crimini gravi, come il terrorismo e la violenza contro i bambini. Allo stesso tempo, il dipartimento sottolinea che intende interferire nella vita privata solo in casi estremi e se sussistono gravi motivi per farlo. Più avanti sarà chiaro da che parte starà la legge.

L'articolo Apple contro il Governo del Regno Unito! La battaglia segreta sulla crittografia si è svolta a porte chiuse proviene da il blog della sicurezza informatica.

Oggi al rientro da una lunga passeggiata, mi sono fermata a curiosare nella #bibliocabina in piazza del mio paese. Fra i diversi libri, palesemente "svuota cantina" (tipo riviste di cucina degli anni 90, libri di giardinaggio in tedesco, calendari religiosi del 2018) ho trovato questo interessante volume:

"Il volume propone un insolito viaggio letterario tra le pagine di una settantina di scrittori italiani che negli ultimi due secoli hanno parlato della Svizzera e degli svizzeri.
Componimenti poetici, racconti o romanzi, note diaristiche o percorsi eterogenei di scritture.
#FabioSoldini
In co-edizione con Marsilio Editori, Venezia."

Sarà interessante anche per l'altra breve formazione che sto seguendo, dove si parla di #migrazione e #interculturalità 🙃

Proof-of-concept of the inductive coupling transmitter with the 12V version of the circuitry (Credit: Hyperspace Pirate, YouTube)
Everyone loves wireless power these days, almost vindicating [Tesla’s] push for wireless power. One reason why transmitting electricity this way is a terrible idea is the massive losses involved once you increase the distance between transmitter and receiver. That said, there are ways to optimize wireless power transfer using inductive coupling, as [Hyperspace Pirate] demonstrates in a recent video.

Starting with small-scale proof of concept coils, the final version of the transmitter is powered off 120 VAC. The system has 10 kV on the coil and uses a half-bridge driver to oscillate at 145 kHz. The receiver matches this frequency precisely for optimal efficiency. The transmitting antenna is a 4.6-meter hexagon with eight turns of 14 AWG wire. During tests, a receiver of similar size could light an LED at a distance of 40 meters with an open circuit voltage of 2.6 V.

Although it’s also an excellent example of why air core transformers like this are lousy for efficient remote power transfer, a fascinating finding is that intermediate (unpowered) coils between the transmitter and receiver can help to boost the range due to coupling effects. Even if it’s not a practical technology (sorry, [Tesla]), it’s undeniable that it makes for a great science demonstration.

Of course, people do charge phones wirelessly. It works, but it trades efficiency for convenience. Modern attempts at beaming power around seem to focus more on microwaves or lasers.

youtube.com/embed/adTKHcrOzMU?…

hackaday.com/2025/03/16/transm…

MSX computers were not very common in the United States, and we didn’t know what we were missing when they were popular. [Re:Enthused] shows us what would have been a fine machine in its day: a Panasonic FS-A1FM. Have a look at the video below to see the like-new machine.

The machine isn’t just an ordinary MSX computer. The keyboard is certainly unique, and it has an integrated floppy drive and a 1200-baud modem. The case proudly proclaims that the floppy is both double-sided and double-density. Like most MSX computers, it had a plethora of ports and, of course, a cartridge slot. Unfortunately, the machine looks great but has some problems that have not been repaired yet, so we didn’t get to see it running properly.

He was able to get to the MSX-DOS prompt to show along with the BIOS menu. We hope he manages to get the keyboard working, and we were glad to see another computer from that era we had not seen before.

We don’t think anyone made one at the time, but we’ve seen a modern take on a luggable MSX. Of course, you can emulate the whole thing on a Pi and focus on the aesthetics.

youtube.com/embed/80TtLHtVheI?…

hackaday.com/2025/03/16/a-look…

When your homebrew Yagi antenna only sort-of works, or when your WiFi cantenna seems moody on rainy days, we can assure you: it is not only you. You can stop doubting yourself once and for all after you’ve watched the Tech 101: Antennas webinar by [Dr. Jonathan Chisum].

[Jonathan] breaks it all down in a way that makes you want to rip out your old antenna and start fresh. It goes further than textbook theory; it’s the kind of knowledge defense techs use for real electronic warfare. And since it’s out there in bite-sized chunks, we hackers can easily put it to good use.

The key takeaway is that antenna size matters. Basically, it’s all about wavelength, and [Jonathan] hammers home how tuning antenna dimensions to your target frequency makes or breaks your signal. Whether you’re into omnis (for example, for 360-degree drone control) or laser-focused directional antennas for secret backyard links, this is juicy stuff.

If you’re serious about getting into RF hacking, watch this webinar. Then dig up that Yagi build, and be sure to send us your best antenna hacks.

youtube.com/embed/EFLLjtZUjuc?…

hackaday.com/2025/03/16/a-hack…

Photo-printing kiosks are about as common as payphones these days. However, there was a time when they were everywhere. The idea was that if you didn’t have a good printer at home, you could take your digital files to a kiosk, pay your money, and run off some high-quality images. [Snappiness] snagged one, and if you’ve ever wondered what was inside of one, here’s your chance.

While later models used a Windows PC inside, this one is old enough to have a Sun computer. That also means that it had things like PCMCIA slots and a film scanner. Unfortunately, it wasn’t working because of a bad touch screen. The box was looking for a network on boot, which required some parameter changes. The onboard battery is dead, too, so you have to change the parameters on every boot. However, the real killer was the touchscreen, which the software insists on finding before it will start.

The monitor is an old device branded as a Kodak monitor and, of course, is unavailable. [Snappiness] found pictures of another kiosk online and noted that the monitor was from Elo, a common provider of point-of-sale screens. Could the “Kodak” monitor just be an Elo with a new badge? It turns out it probably was because a new Elo monitor did the trick.

Of course, what excited us was that if we found one of these in a scrap pile, it might have a Sun workstation inside. Of course, you can just boot Solaris on your virtual PC today. You might be surprised that Kodak invented the digital camera. But they failed to understand what it would mean to the future of photography.

youtube.com/embed/BTkx8CamFbI?…

hackaday.com/2025/03/15/repair…

I ricercatori di Tenable hanno studiato la capacità del chatbot cinese DeepSeek di sviluppare malware (keylogger e ransomware). Il chatbot DeepSeek R1 è apparso a gennaio di quest’anno e da allora è riuscito a far molto rumore, anche a causa delle possibilità di jailbreaking.

Come tutti i principali LLM, DeepSeek è dotato di meccanismi di sicurezza per impedire che venga utilizzato per scopi dannosi, come la creazione di malware. Tuttavia, queste restrizioni possono essere aggirate abbastanza facilmente.

Quando gli viene chiesto direttamente di scrivere codice per un keylogger o un ransomware, DeepSeek si rifiuta di farlo, sostenendo di non poter aiutare con qualcosa che potrebbe essere dannoso o illegale.

Tuttavia, Tenable ha utilizzato un jailbreak per indurre il chatbot a scrivere codice dannoso e ha sfruttato le funzionalità CoT (chain-of-thought) di DeepSeek per migliorare i risultati.

La CoT imita il pensiero umano quando risolve problemi complessi, scomponendoli in passaggi sequenziali da seguire per raggiungere un obiettivo. Con il CoT, l’intelligenza artificiale “pensa ad alta voce” fornendo una descrizione dettagliata del suo processo di ragionamento.

Quando i ricercatori hanno utilizzato DeepSeek per creare un keylogger, l’intelligenza artificiale ha elaborato un piano per completare l’attività e poi ha preparato il codice C++. Il codice risultante era scritto con degli errori e il chatbot non è stato in grado di correggerne alcuni per creare un malware completamente funzionante senza l’intervento umano.

Tuttavia, dopo piccole modifiche, il codice keylogger generato da DeepSeek ha funzionato, intercettando i tasti premuti dall’utente. I ricercatori hanno poi utilizzato DeepSeek per migliorare ulteriormente il malware risultante, in particolare per ottenere una maggiore furtività e crittografarne i registri.

Per quanto riguarda lo sviluppo del ransomware, DeepSeek ha prima descritto l’intero processo e poi è riuscito a generare diversi campioni di malware per la crittografia dei file, ma nessuno di essi è stato compilato senza modificare manualmente il codice.

Grazie a ciò, i ricercatori sono riusciti a far funzionare alcuni campioni di ransomware. Il malware era dotato di meccanismi per elencare i file e mantenerli persistenti nel sistema, e visualizzava anche una finestra di dialogo che informava la vittima di essere sotto attacco ransomware.

“In pratica, DeepSeek è in grado di creare la struttura di base per il malware. Tuttavia, non è possibile farlo senza un’ulteriore progettazione e modifica manuale del codice per ottenere funzionalità più avanzate. Ad esempio, DeepSeek non è riuscito a implementare l’offuscamento dei processi. Siamo riusciti a far funzionare il codice di iniezione DLL generato, ma ha richiesto molto lavoro manuale, Tuttavia, DeepSeek fornisce una raccolta utile di tecniche e termini di ricerca che possono aiutare chi non ha esperienza nella scrittura di malware a familiarizzare rapidamente con i concetti coinvolti”, conclude Tenable.

L'articolo Chatbot cinese DeepSeek usato per sviluppare keylogger e ransomware con poca review proviene da il blog della sicurezza informatica.

Gli utenti hanno accusato HP di aver rilasciato un firmware che ha reso inutilizzabili alcuni modelli di stampanti laser. I dispositivi non funzionano anche se riempiti con toner HP. Come altri produttori di stampanti, HP è nota per il rilascio di aggiornamenti firmware che bloccano le stampanti esistenti se i proprietari provano a utilizzare inchiostro di terze parti.

All’inizio di marzo 2025, uno di questi aggiornamenti è andato storto. Il 4 marzo, HP ha rilasciato un aggiornamento del firmware (20250209) per i modelli LaserJet MFP M232-M237. Secondo HP, il nuovo firmware include aggiornamenti di sicurezza, aggiornamenti normativi, miglioramenti generali e correzioni di bug, nonché patch per IPP Everywhere. Vale a dire che non viene menzionato che le modifiche influiscono sull’uso o sulla definizione di toner.

Tuttavia, gli utenti hanno iniziato a segnalare problemi inaspettati con il toner HP nelle stampanti della serie M232-M237 dopo aver aggiornato i dispositivi alla versione 20250209. Sul forum di supporto HP, le vittime scrivono che quando provano a stampare, vedono il codice di errore 11 e un indicatore di sostituzione del toner lampeggiante. Alcune persone notano che, nonostante abbiano pulito i contatti e sostituito il toner, i dispositivi continuano a non stampare.

“È incredibilmente frustrante perché è la mia piccola stampante aziendale e all’improvviso ha smesso di funzionare. Ho persino sostituito il toner, che mi è costato 60 dollari”, scrive una delle vittime. I rappresentanti di HP hanno dichiarato ai media di essere già a conoscenza del problema che riguarda i dispositivi HP LaserJet serie 200:

“Siamo a conoscenza di un problema di firmware che riguarda un numero limitato di dispositivi HP LaserJet serie 200 e il nostro team sta lavorando attivamente per risolverlo. Per ricevere assistenza, i clienti interessati possono contattare il nostro team di supporto all’indirizzo support.hp.com”. L’azienda non ha specificato quanto siano diffusi tali problemi o quanti utenti siano stati interessati dal mancato aggiornamento del firmware.

Vale la pena notare che non è la prima volta che le stampanti HP si guastano a causa di un aggiornamento non riuscito. Ad esempio, nel maggio 2023, un aggiornamento del firmware ha causato l’interruzione della stampa in diversi modelli di stampanti HP OfficeJet e ha mostrato ai proprietari una schermata blu per diverse settimane.

L'articolo Aggiornamento Killer! Stampanti Laser HP bloccate dopo le patch del firmware : utenti infuriati! proviene da il blog della sicurezza informatica.

Gli sviluppatori di GitLab hanno rilasciato aggiornamenti per Community Edition (CE) ed Enterprise Edition (EE) che risolvono nove vulnerabilità. Tra i problemi risolti ci sono due bug critici di bypass dell’autenticazione nella libreria ruby-saml.

Tutti i problemi sono stati risolti nelle versioni 1.12.4 e 1.18.0 di ruby-saml e in GitLab CE/EE 17.7.7, 17.8.5 e 17.9.2; tutte le versioni precedenti sono considerate vulnerabili.

GitLab.com ha già ricevuto le patch e i clienti GitLab Dedicated riceveranno automaticamente gli aggiornamenti. Si consiglia agli utenti che supportano installazioni autogestite sulla propria infrastruttura di applicare manualmente gli aggiornamenti il ​​prima possibile.

Le vulnerabilità critiche sono state identificate come CVE-2025-25291 e CVE-2025-25292. Entrambi i bug sono stati riscontrati nella libreria ruby-saml, utilizzata per l’autenticazione SAML Single Sign-On (SSO) a livello di istanza o di gruppo.

Entrambe le carenze sono dovute al fatto che REXML e Nokogiri utilizzano metodi diversi per l’analisi XML, con il risultato che entrambi i parser generano strutture di documenti completamente diverse a partire dallo stesso input XML. Questa differenza consente a un aggressore di eseguire un attacco Signature Wrapping, che comporta l’aggiramento dell’autenticazione.

In sostanza, le vulnerabilità consentono a un aggressore autenticato di impersonare un altro utente in un ambiente Identity Provider (IdP). E se un aggressore ottiene l’accesso non autorizzato all’account di un altro utente, potrebbe verificarsi una fuga di dati, un’escalation dei privilegi e altri rischi.

Entrambi i bug sono stati scoperti dagli esperti di GitHub, che hanno già pubblicato la propria analisi tecnica. Si noti che GitHub non è stato interessato da queste vulnerabilità, poiché l’uso della libreria ruby-saml è stato interrotto nel 2014.

Vale anche la pena notare che questa settimana gli sviluppatori di GitLab hanno corretto un’altra pericolosa vulnerabilità legata all’esecuzione remota di codice arbitrario: CVE-2025-27407. Questo bug consente a un aggressore che controlla un utente autenticato di utilizzare la funzionalità di trasferimento diretto, disabilitata per impostazione predefinita, per eseguire codice in remoto.

L'articolo 9 Patch delle quali 2 urgenti per GitLab! Due bug critici mettono a rischio milioni di utenti proviene da il blog della sicurezza informatica.

È uscito il nuovo numero di Domenike Famelike!
pdfhost.io/v/VRKseXPWu2_Basili…
Tra arte, cultura e storie da vivere, questo numero ti porterà in un viaggio dove ogni pagina è un’ispirazione.

👉 Segui i nostri social per anteprime e contenuti extra!
#DomenikeFamelike #CulturaCheRespira

Leggi, condividi, sogna. 🌟

Ever wanted to produce nitrogen fertilizer like they did in the 1900s? In that case, you’re probably looking at the Birkeland-Eyde process, which was the first industrial-scale atmospheric nitrogen fixation process. It was eventually replaced by the Haber-Bosch and Ostwald processes. [Markus Bindhammer] covers the construction of a hobbyist-sized, fully automated reactor in this video.

It uses tungsten electrodes to produce the requisite arc, with a copper rod brazed onto both. The frame is made of aluminium profiles mounted on a polypropylene board, supporting the reaction vessel. Powering the whole contraption is a 24 VDC, 20 A power supply, which powers the flyback transformer for the high-voltage arc, as well as an air pump and smaller electronics, including the Arduino Uno board controlling the system.

The air is dried by silica gel before entering the reactor, with the airflow measured by a mass air flow sensor and the reaction temperature by a temperature sensor. This should give the MCU a full picture of the state of the reaction, with the airflow having to be sufficiently high relative to the arc to extract the maximum yield for this already very low-yield (single-digit %) process.

Usually, we are more interested in getting our nitrogen in liquid form. We’ve also looked at the Haber-Bosch method in the past.

youtube.com/embed/L9KpFKQ7brY?…

hackaday.com/2025/03/15/buildi…

RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, GitHub)
The WebUSB standard is certainly controversial. Many consider it a security risk, and, to date, only Chromium-based browsers support it. But there is a workaround that is, ironically, supposed to increase security. The adjacent Universal 2nd Factor (U2F) standard also adds (limited) USB support to browsers. Sure, this is meant solely to support U2F USB dongles for two-factor authentication purposes, but as [ArcaneNibble] demonstrates using U2F-compatible firmware on a Raspberry Pi RP2040, by hijacking the U2F payload, this API can be used to provide WebUSB-like functionality.

The provided demo involves flashing an RP2040 (e.g., Pico board) with the u2f-hax.u2f firmware and loading the index.html page from localhost or a similar secure context. After this, the buttons on the browser page can be used to toggle an LED on the Pico board on or off. You can also read an input back from the RP2040.

This feat is made possible by the opaque nature of the U2F key handle, which means that anything can be put in this blob. This makes it a snap to pass data from the U2F dongle to the host. For the inverse, things get a bit trickier. Here the ECDSA signature is manipulated inside the ASN.1 that is returned to the dongle. Since Firefox performs no signature validation (and Chrome only does a range check), this works. The MCU also auto-confirms user presence by having the key handle start with oxfeedface, so the device works without user interaction. However, you do seem to get an annoying popup that immediately goes away.

Of course, this only works if you create a special USB device for this purpose. That means your normal USB devices are still secure. While we know it could be a security risk, you can do some cool things with WebUSB. We’ve seen a few projects that use it.

hackaday.com/2025/03/15/add-we…