The plethora of smart home devices available today deliver all manner of opportunities, but it’s fair to say that interfacing with them is more often done in the browser or an app than in the terminal. WattWise from [Naveen Kulandaivelu] is a tool which changes all that, it’s a command-line interface (CLI) for power monitoring smart plugs.

Written in Python, the tool can talk either directly to TP-Link branded smart plugs, or via Home Assistant. It tracks the power consumption with a simple graph, but the exciting part lies in how it can be used to throttle the CPU of a computer in order to use power at the points in the day when it is cheapest. You can find the code in a GitHub repository.

We like the idea of using smart plugs as instruments, even if they may not be the most accurate of measurement tools. It takes them even further beyond the simple functionality and walled-garden interfaces provided by their manufacturers, which in our view can only be a good thing.

Meanwhile, for further reading we’ve looked at smart plugs in detail in the past.

hackaday.com/2025/04/02/monito…

Somewhere in the universe, there’s a place that lists every x86 operating system from scratch. Not just some bootloaders, or just a kernel stub, but documentation to build a fully functional, interrupt-handling, multitasking-capable OS. [Erik Helin and Adam Renberg] did just that by documenting every step in The Little Book About OS Development.

This is not your typical dry academic textbook. It’s a hands-on, step-by-step guide aimed at hackers, tinkerers, and developers who want to demystify kernel programming. The book walks you through setting up your environment, bootstrapping your OS, handling interrupts, implementing virtual memory, and even tackling system calls and multitasking. It provides just enough detail to get you started but leaves room for exploration – because, let’s be honest, half the fun is in figuring things out yourself.

Completeness and structure are two things that make this book stand out. Other OS dev guides may give you snippets and leave you to assemble the puzzle yourself. This book documents the entire process, including common pitfalls. If you’ve ever been lost in the weeds of segmentation, paging, or serial I/O, this is the map you need. You can read it online or fetch it as a single 75-page long PDF.

Mockup photo source: Matthieu Dixte

hackaday.com/2025/04/02/one-bo…

Nel luglio 2024, i ricercatori di ESET hanno rilevato una nuova ondata di attività attribuita al gruppo APT FamousSparrow, noto per aver condotto campagne di cyberespionaggio contro obiettivi governativi e istituzionali di alto profilo. Dopo un apparente periodo di inattività durato dal 2022 al 2024, il gruppo è tornato alla ribalta con nuove varianti del backdoor SparrowDoor, miglioramenti tecnici significativi e un arsenale che ora include anche ShadowPad, impiegato per la prima volta.

Target strategici: USA e Messico nel mirino

L’analisi ESET ha rivelato che FamousSparrow ha compromesso una organizzazione del settore finanziario statunitense e un istituto di ricerca messicano. La scelta dei target non è casuale: entrambi rivestono ruoli strategici, rispettivamente nella geopolitica e nello sviluppo tecnologico della regione. Gli attacchi sono avvenuti tra il 11 e il 25 luglio 2024, sfruttando server vulnerabili e sistemi obsoleti, presumibilmente con versioni di Microsoft Exchange Server e Windows Server non aggiornate.

Evoluzione dello strumento: SparrowDoor 2.0

Due nuove versioni del malware SparrowDoor sono state scoperte durante l’analisi forense. La prima è una versione migliorata del backdoor classico, mentre la seconda è modulare e presenta caratteristiche di parallelizzazione dei comandi, una novità assoluta per il gruppo. Entrambe mostrano un salto di qualità a livello architetturale, riducendo l’uso di codice ridondante e migliorando la capacità di evasione.

Una delle due versioni mostra forti analogie con CrowDoor, un backdoor usato da Earth Estries, altro gruppo APT allineato alla Cina. Questo ha portato i ricercatori a ipotizzare una collaborazione o un framework condiviso all’interno di una più ampia infrastruttura offensiva cinese.

ShadowPad: il malware modulare che si evolve

Per la prima volta nella storia operativa del gruppo, FamousSparrow ha fatto uso di ShadowPad, backdoor modulare inizialmente scoperta nel 2017. ShadowPad è stato già collegato a diversi gruppi sponsorizzati dalla Cina ed è noto per le sue capacità di post-exploitation, grazie a un’architettura plugin-based.

Il suo utilizzo da parte di FamousSparrow rappresenta un cambio di passo e una professionalizzazione degli strumenti adottati, coerente con le recenti tendenze di convergenza tra gruppi APT cinesi.

Persistenza e invisibilità

Uno degli aspetti più interessanti di questa campagna è l’evidenza che FamousSparrow non era inattivo, ma semplicemente sotto il radar. Dal 2022 al 2024, infatti, il gruppo ha continuato a sviluppare e perfezionare i propri tool, segno di una pianificazione strategica a lungo termine e di un’elevata OPSEC (Operational Security). L’attacco mostra inoltre un uso bilanciato di:

• Strumenti custom proprietari (SparrowDoor, HemiGate)
• Malware condivisi (ShadowPad)
• Strumenti open source
• Shell web distribuite su server IIS

Analisi Threat Intelligence

Questi aspetti sono ben rappresentati nella mappa relazionale elaborata dai ricercatori, dove FamousSparrow è posto al centro di un ecosistema che collega paesi colpiti (tra cui Stati Uniti, Messico e Honduras), settori strategici (governo e finanza), e una triade di strumenti offensivi: SparrowDoor, HemiGate e ShadowPad. Quest’ultimo è stato utilizzato dal gruppo per la prima volta, segnando un’evoluzione nella loro dotazione tecnica. ShadowPad, noto per essere un backdoor modulare ad alto potenziale, è già stato impiegato da altri gruppi APT cinesi come APT41, Winnti e Earth Lusca. Il suo impiego da parte di FamousSparrow rafforza l’ipotesi di convergenza tattica e tecnica tra più gruppi APT allineati alla Cina, e viene evidenziato nel grafo attraverso l’interconnessione di numerosi indicatori di compromissione condivisi, IP malevoli e tecniche MITRE ATT&CK.

L’immagine è eloquente anche nel mostrare le evidenze digitali che sostengono l’attribuzione: indirizzi IP, hash di file, e payloads tracciati nella rete. Da notare la presenza di tecniche come T1055 (Injection di codice), T1190 (exploit di servizi esposti), e T1543.003 (persistenza tramite servizi di sistema), tutti usati in combinazione per garantire accesso continuo e capacità di comando e controllo.rna difesa cibernetica.

Conclusioni

La rinnovata attività di FamousSparrow dimostra che i gruppi APT di alto profilo continuano a evolversi, raffinando le proprie tecniche in silenzio e colpendo con precisione chirurgica quando si presentano le condizioni favorevoli. L’integrazione di backdoor avanzati come ShadowPad, lo sviluppo modulare e l’uso di tecniche avanzate come la parallelizzazione dei comandi dimostrano un salto qualitativo nelle capacità offensive.

Per le aziende e le istituzioni, è un chiaro segnale: l’apparente silenzio di un attore APT non va mai scambiato per inattività. La minaccia spesso si cela sotto il livello di rilevamento e agisce con sofisticazione, attendendo il momento giusto per colpire.

L'articolo ShadowPad e SparrowDoor 2.0: la nuova minaccia APT che spia governi e istituzioni proviene da il blog della sicurezza informatica.

Macro pads are handy for opening up your favorite programs or executing commonly used keyboard shortcuts. But why stop there?

That’s what [Jeroen Brinkman] must have been thinking while creating the Programmer’s Macro Pad. Based on the Arduino Pro Micro, this hand-wired pad is unique in that a single press of any of its 16 keys can virtually “type” out multiple lines of text. In this case, it’s a capability that’s being used to prevent the user from having to manually enter in commonly used functions, declarations, and conditional statements.

For example, in the current firmware, pressing the “func” key will type out a boilerplate C function:
int () { //
;
return 0;
}; // f
It will also enter in the appropriate commands to put the cursor where it needs to be so you can actually enter in the function name. The other keys such as “array” and “if” work the same way, saving the user from having to enter (and potentially, even remember) the correct syntax.

The firmware is kept as simple as possible, meaning that the functionality of each key is currently hardcoded. Some kind of tool that would let you add or change macros without having to manually edit the source code and flash it back to the Arduino would be nice…but hey, it is a Programmers Macro Pad, after all.

Looking to speed up your own day-to-day computer usage? We’ve covered a lot of macro pads over the years, we’re confident at least a few of them should catch your eye.

hackaday.com/2025/04/02/progra…

This week, Jonathan Bennett chats with Bashonly about yt-dlp, the audio/video downloader that carries the torch from youtube-dl! Why is this a hard problem, and what does the future hold for this swiss-army knife of video downloading? Watch to find out!

• github.com/bashonly
• github.com/yt-dlp/yt-dlp
• discord.gg/H5MNcFW63r

youtube.com/embed/ed93yLiUqxM?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/04/02/floss-…

Tattoos. Body paint. Henna. All these are popular kinds of body art with varying histories and cultural connotations, many going back centuries or even longer. They all have something in common, though—they all change how the body reflects light back to the viewer. What if, instead, body art could shine a light of its very own?

This is the precise topic which [Katherine Connell] came to discuss at the 2024 Hackaday Supercon. Her talk concerns rethinking body art with the use of light emitting diodes—and is both thoroughly modern and aesthetically compelling. Beyond that, it’s an engineering development story with liquid metal and cutting-edge batteries that you simply don’t want to miss!

youtube.com/embed/nitjlnkYz0Q?…

[Katherine] wearing her stick-on LED body art, known as Sprite Lights. Credit: SpriteLights.comIn her quest to create self-glowing body art, [Katherine] invented Sprite Lights. In her own words, “these body safe light up temporary tattoos combine art, flex PCBs, screen printed batteries, and a body-safe adhesive tape.” Basically, you can place them on your skin, and they’ll shine and catch eyes for as long as there’s juice left in the sticker.

The inspiration behind this project was simple. [Katherine] grew up in the 80s, and being exposed to that neon-soaked era gave her a desire to glow-in-the-dark. However, she didn’t want to get into any hardcore body modification—hence, she pursued a non-invasive stick-on solution.

As you might imagine, creating these wasn’t trivial. They need to stick to the skin for long periods of time without causing irritation, while also being lightweight and slim enough to be practical to wear. Indeed, to that end, Sprite Lights are less than 1.5 mm thick—an impressive engineering feat.

Her first attempts involved creating a synthetic skin-like material using latex, with LEDs stuck underneath. However, this wasn’t a particularly desirable solution. Latex allergies are relatively common, and producing the designs took a lot of careful hand-soldering and manual work. It was also difficult to attach the latex to the skin, and to color match it with the wearer to make it look right.
Early experiments with latex had a few flaws.
From there, [Katherine] experimented with 3D-printing thin films with transparent PLA, with LEDs underneath. This was a much quicker way to work, but still didn’t attach well to the skin and had some aesthetic flaws. Another 3D-printing attempt saw [Katherine] create molds to produce transparent silicone films with LEDs embedded underneath, but this again proved very labor intensive and it’s difficult to get silicone to stick to anything, including humans. [Katherine] even tried experimenting with Galinstan, a very off-beat metallic alloy, to make circuits inside flexible silicone. She created viable stretchable circuits but they were not very robust, particularly since the Galinstan tends to melt at body temperature.

Undeterred from early hurdles, [Katherine] persevered with new techniques, using 3D-printing, silicone molds, and even strange gallium alloys to create real glowing body art.Later experiments with copper tape enabled [Katherine] to make flexible circuits a bit more easily. She used a Cricut to cut out traces in copper tape, and then stuck them on clear heat-resistant plastic. From there, she used a Walmart griddle to heat the assembly until solder paste liquified and her components were soldered in place. It required careful attention and speed to avoid melting everything, but it worked.

Having developed decent flexible circuits that could light up, power was next on the agenda. Desiring to create stick-on devices with an ultra-thin form factor, there was no room to include a traditional battery, so [Katherine] had to figure out how to power Sprite Lights effectively. She found flexible batteries from a company called Zinergy that could deliver 3V and 20 mAh. She was able to specify a custom flat round design, with the company able to make them just 0.7mm thick and 55 mm round. They use a compound similar to regular AA batteries, which is screen printed onto one layer of plastic and sealed with another layer on top. The batteries have the benefit of being safe to place on skin, with no risk of explosion or chemical exposure, even if they happen to be punctured or cut while worn. Perhaps the only drawback is that they’re non-rechargeable—they’re safe, but single-use.
Custom ultra-thin non-rechargeable batteries made Sprite Lights possible.
Armed with her new batteries, [Katherine] developed her concept further. She stepped up to using commercially-available flex PCBs produced by JLCPCB, in place of her homebrewed concepts used previously. She combined these with the flexible Zinergy batteries underneath, and custom-made die-cut stickers from MakeStickers on top. This gave her an art layer, an LED circuit layer, and a battery layer underneath, with a hypoallergenic medical tape used as the final layer to stick the assembly to the skin. An intermediate fabric tape layer is included to connect the battery’s contacts to the flex PCB, which is populated with LEDs. By leaving a paper layer on the fabric tape between the contacts, this allows the Sprite Light to remain off until it’s ready to be used. The combination comes in under 1.5 mm thick.

ED NOTE: Grabbed some pictures from the SpriteLights website.

[Katherine] has developed Sprite Lights into a super-clean final product. Credit: SpriteLights.com[Katherine] went through a great deal of iteration and development to get Sprite Lights to where they are today. She notes that you can learn anything online if you put in the work and connect to the right communities—it was through self-directed research that she taught herself the skills to get the project over the line. Beyond that, it’s also worth noting that technology might not be quite up to what you need right now—her project relies heavily on brand-new custom Zinergy batteries to be as thin as possible. Her next challenge is mass production—something she has pursued via a crowd-funding campaign.

Ultimately, Sprite Lights are a super-cool piece of body art. But beyond that, [Katherine] told us the great engineering story behind these astounding self-glowing stickers. As her fine example demonstrates, you can do really cool things if you just keep working at it and teach yourself the right skills along the way!

hackaday.com/2025/04/02/superc…

If you want to dip your toes into the deep, deep water of synth DIY but don’t know where to start, [Atarity] has just the resource for you. He’s compiled a list of 70 wonderful DIY synth and noise-making projects and put them all in one place. And as connoisseurs of the bleepy-bloopy ourselves, we can vouch for his choices here.

The collection runs that gamut from [Ray Wilson]’s “Music From Outer Space” analog oddities, through faithful recreations like Adafruit’s XOXBOX, and on to more modern synths powered by simple microcontrollers or even entire embedded Linux devices. Alongside the links to the original projects, there is also an estimate of the difficulty level, and a handy demo video for every example we tried out.

Our only self-serving complaint is that it’s a little bit light on the Logic Noise / CMOS-abuse side of synth hacking, but there are tons of other non-traditional noisemakers, sound manglers, and a good dose of musically useful devices here. Pick one, and get to work!

hackaday.com/2025/04/02/70-diy…

The list of countries to achieve their own successful orbital space launch is a short one, almost as small as the exclusive club of states that possess nuclear weapons. The Soviet Union was first off the rank in 1957, with the United States close behind in 1958, and a gaggle of other aerospace-adept states followed in the 1960s, 1970s, and 1980s. Italy, Iran, North Korea and South Korea have all joined the list since the dawn of the new millennium.

Absent from the list stands Australia. The proud island nation has never stood out as a player in the field of space exploration, despite offering ground station assistance to many missions from other nations over the years. However, the country has continued to inch its way to the top of the atmosphere, establishing its own space agency in 2018. Since then, development has continued apace, and the country’s first orbital launch appears to be just around the corner.

Space, Down Under

The Australian Space Agency has played an important role in supporting domestic space projects, like the ELO2 lunar rover (also known as “Roo-ver”). Credit: ASA
The establishment of the Australian Space Agency (ASA) took place relatively recently. The matter was seen to be long overdue from an OECD member country; by 2008, Australia was the only one left without a national space agency since previous state authorities had been disbanded in 1996. This was despite many facilities across the country contributing to international missions, providing critical radio downlink services and even welcoming JAXA’s Hayabusa2 spacecraft back to Earth.

Eventually, a groundswell grew, pressuring the government to put Australia on the right footing to seize growing opportunities in the space arena. Things came to a head in 2018, when the government established ASA to “support the growth and transformation of Australia’s space industry.”

ASA would serve a somewhat different role compared to organizations like NASA (USA) and ESA (EU). Many space agencies in other nations focus on developing launch vehicles and missions in-house, collaborating with international partners and aerospace companies in turn to do so. However, for ASA, the agency is more focused on supporting and developing the local space industry rather than doing the engineering work of getting to space itself.

Orbital Upstarts

Just because the government isn’t building its own rockets, doesn’t mean that Australia isn’t trying to get to orbit. That goal is the diehard mission of Gilmour Space Technologies. The space startup was founded in 2013, and established its rocketry program in 2015, and has been marching towards orbit ever since. As is often the way, the journey has been challenging, but the payoff of genuine space flight is growing ever closer.

Gilmour Space moved fast, launching its first hybrid rocket back in 2016. The successful suborbital launch proved to be a useful demonstration of the company’s efforts to produce a rocket that used 3D-printed fuel. This early milestone aided the company to secure investment that would support its push to grander launches at greater scale. The company’s next major launch was planned for 2019, but frustration struck—when the larger One Vision rocket suffered a failure just 7 seconds prior to liftoff. Undeterred, the company continued development of a larger rocket, taking on further investment and signing contracts to launch payloads to orbit in the ensuing years.

youtube.com/embed/5vyhef00ebY?…

Gilmour Space has worked hard to develop its hybrid rocket engines in-house.

With orbital launches and commercial payload deliveries the ultimate goal, it wasn’t enough to just develop a rocket. Working with the Australian government, Gilmour Space established the Bowen Orbital Spaceport in early 2024—a launchpad suitable for the scale of its intended space missions. Located on Queensland’s Gold Coast, it’s just 20 degrees south of the equator—closer than Cape Canaveral, and useful for accessing low- to mid-inclination equatorial orbits. The hope was to gain approval to launch later that year, but thus far, no test flights have taken place. Licensing issues around the launch have meant the company has had to hold back on shooting for orbit.

The rocket with which Gilmour Space intends to get there is called Eris. In Block 1 configuration, it stands 25 meters tall, and is intended to launch payloads up to 300 kg into low-Earth orbits. It’s a three-stage design. It uses four of Gilmour’s Sirius hybrid rocket motors in the first stage, and just one in the second stage. The third stage has a smaller liquid rocket engine of Gilmour’s design, named Phoenix. The rocket was first staged vertically on the launch pad in early 2024, and a later “dress rehearsal” for launch was performed in September, with the rocket fully fueled. However, flight did not take place, as launch permits were still pending from Australia’s Civil Aviation Safety Authority (CASA).

youtube.com/embed/-h8g1CfXopo?…

The Eris rocket was first vertically erected on the launchpad in 2024, but progress towards launch has been slow since then.

After a number of regulatory issues, the company’s first launch of Eris was slated for March 15, 2025. However, that day came and passed, even with CASA approval, as the required approvals were still not available from the Australian Space Agency. Delays have hurt the company’s finances, hampering its ability to raise further funds. As for the rocket itself, hopes for Eris’s performance at this stage remain limited, even if you ask those at Gilmour Space. Earlier this month, founder Adam Gilmour spoke to the Sydney Morning Heraldon his expectations for the initial launch. Realistic about the proposition of hitting orbit on the company first attempt, he expects it to take several launches to achieve, with some teething problems to come. “It’s very hard to test an orbital rocket without just flying it,” he told the Herald. “We don’t have high expectations we’ll get to orbit… I’d personally be happy to get off the pad.”

Despite the trepidation, Eris stands as Australia’s closest shot at hitting the bigtime outside the atmosphere. Government approvals and technical hurdles will still need to be overcome, with the Australian Space Agency noting that the company still has licence conditions to meet before a full launch is approved. Still, before the year is out, Australia might join that vaunted list of nations that have leapt beyond the ground to circle the Earth from above. It will be a proud day when that comes to pass.

hackaday.com/2025/04/02/austra…

Gli analisti di Sucuri hanno scoperto che gli hacker utilizzano la directory MU-plugins (Must-Use Plugins) di WordPress per nascondere codice dannoso ed eseguirlo senza essere rilevati. La tecnica è stata individuata per la prima volta nel febbraio 2025, ma la sua adozione è in crescita: gli aggressori stanno attualmente sfruttando i plugin MU per lanciare tre diversi tipi di codice dannoso.

Questo genere di plugin sono un tipo speciale di plugin di WordPress che vengono eseguiti a ogni caricamento di pagina e non richiedono l’attivazione nel pannello di amministrazione. Si tratta di file PHP memorizzati nella directory wp-content/mu-plugins/ che vengono eseguiti automaticamente quando la pagina viene caricata e non vengono visualizzati nel pannello di amministrazione nella pagina Plugin, a meno che non venga selezionato il filtro Must-Use.

Tali plugin vengono utilizzati, ad esempio, per applicare regole di sicurezza personalizzate su scala dell’intero sito, migliorare le prestazioni, modificare dinamicamente le variabili e così via. Poiché i plugin MU vengono eseguiti a ogni caricamento di pagina e non compaiono nell’elenco dei plugin standard, possono essere utilizzati per eseguire segretamente un’ampia gamma di attività dannose, tra cui il furto di credenziali, l’iniezione di codice dannoso o la modifica dell’output HTML.

Gli specialisti di Sucuri hanno scoperto tre payload che gli aggressori inseriscono nella directory MU-plugins:

• redirect.php : reindirizza i visitatori (esclusi i bot e gli amministratori registrati) a un sito dannoso (updatesnow[.]net) che visualizza una falsa richiesta di aggiornamento del browser per indurre la vittima a scaricare malware;
• index.php : una web shell che funge da backdoor, recuperando ed eseguendo codice PHP da un repository GitHub;
• custom-js-loader.php : carica JavaScript che sostituisce tutte le immagini sul sito con contenuti espliciti e intercetta tutti i link esterni, aprendo invece pop-up fraudolenti.

I ricercatori ritengono che la web shell sia il più pericoloso tra questi esempi, poiché consente agli aggressori di eseguire comandi da remoto sul server, rubare dati e condurre successivi attacchi agli utenti e ai visitatori della risorsa.

Gli altri due tipi di malware hanno maggiori probabilità di danneggiare la reputazione e la SEO di un sito attraverso reindirizzamenti sospetti e tentativi di installare malware sui computer dei visitatori.

Finora i ricercatori di Sucuri non sono riusciti a determinare il metodo esatto con cui sono stati infettati i siti web interessati. Si ritiene che gli aggressori sfruttino vulnerabilità note nei plugin e nei temi di WordPress oppure credenziali di amministratore deboli.

L'articolo Attacco invisibile su WordPress: gli hacker stanno sfruttando i MU-Plugins per colpire i siti web proviene da il blog della sicurezza informatica.

SUPPORTED BY

HELO, GWLEIDYDDIAETH DDIGIDOL YW HYN. For those who don't speak Welsh (like me), that's 'Hello, this is Digital Politics." I'm Mark Scott, and this edition comes to you from an unseasonably warm (well, for the United Kingdom) Welsh coastal village. Normal transmission will resume next week.

— The digital world is increasingly divided between Great Powers. That has left a lot of room for so-called 'middle powers' to exert outsized influence.

— The world of trust and safety is wading through treacherous political waters that will leave many caught between rival national governments.

— Ahead of pending US tariffs to be announced on April 2, it's worth remembering global digital exports have doubled over the last 10 years.

Let's get started.

How to make your mark in digital policymaking

THE UNITED STATES. CHINA. THE EUROPEAN UNION. When it comes to digital, those three make up the trifecta of global powers — for different reasons. The US is home to the world's biggest and most vibrant tech sector — but with few checks for citizens. China's authoritarian control of the internet has fast-tracked new services (and repression) like no other. The EU's world-leading digital regulation offers a third way between outright capitalism and state rule — with a lack of homegrown tech.

Yet in the Digital Great Gate that has engulfed this year, let's take a minute to think about middle powers. Those are the countries like Japan, the UK and Brazil that have sizable domestic markets, exert regional clout due to their size/national expertise and often chart a different path on tech that may be more useful to others caught between the vying interests of China, the US and EU.

It's unrealistic that, say, a Philippines (despite its 100m+ population) is ever going to sit side-by-side next to China to export its own vision of digital across Asia. Ditto goes for Argentina in Latin America. Wouldn't it be better to learn lessons from such middle powers that have created their own way (often with mixed reasons) rather than falling into one of the camps led by the world's three largest digital powers?

If you want to know what that looks like, spend some time in Tokyo. Yes, the world's fourth-largest global economy isn't a slouch when it comes to economic prowess. But its aging population, limited linguistic prowess (sorry to all my Japanese-speaking readers!) and positioning close to China have forced Japan to take some bold swings on digital policymaking that are worth a second look.

**A message from Microsoft** Each day, millions of people use generative AI. Abusive AI-generated content, however, can present risks to vulnerable groups such as women, children, and older adults. In a new white paper, developed in consultation with civil society, we present actionable policy recommendations to promote a safer digital environment.**

The country's recently-announced AI proposals (overview here) are anything but a copy-paste of the EU's AI Act — unlike, ahem, what South Korea tabled. Some may not think Tokyo has gone far enough by only requiring AI companies to cooperate with government AI efforts. But the title of the legislation — "Bill on the Promotion of Research, Development and Utilization of Artificial Intelligence-Related Technologies" — makes clear the proposed rules are more about enabling the emerging technology within the economy, and not about curtailing its use due to concerns AI will undermine society.

The proposals also require Japan to align with "international standards." What those AI standards will be is currently unclear. But it's a hat tip to the wider global (read: Western) policymaking conversation around AI where Japan has continued to punch above its weight. That goes for everything from Tokyo's work around the so-called Hiroshima Process on generative AI to its closed-door leadership via the Organization for Economic Cooperation and Development on global data governance standards (crucial for the ongoing sharing of data internationally).

There are a couple of lessons from Japan's digital policymaking that apply to other countries seeking to make their mark.

First, don't try to do everything at once. Tokyo doesn't want to convince everyone to follow its lead. Instead, it often takes a pragmatic view on a small number of issues where it believes it can make a difference and that will benefit its local businesses/citizens.

Second, a willingness to play host to the bigger powers, which is what Japan did with the Hiroshima Process, can buy you international political capital, on both digital and non-digital issues, that you can tap into further down the line. Recognizing where a country can add value — as a convener, for instance — allows local officials to navigate the inherent difficulties when trying to balance the interests of the Great Digital Powers.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in March:
— Claims that online safety rules are censorship have gone global; Europe's digital rules are not seen to help its citizens; Global data flows are not slowing down. More here.
— A readout on Trump 2.0's approach to digital policy; Why Canada worries about US interference in its election; A debrief on the EU's AI 'gigafactories.' More here.
— Four ways that social media can be made more transparent and accountable via supporting how outsiders access platform data. More here.
— Why we need to come up with a better version of 'tech sovereignty;' Apple's antitrust loss in Brussels is good for (most) Big Tech; AI models' lack of regional diversity. More here.

That's where middle powers can truly come into their own. By outlining a nimble digital policy agenda that centers on a small number of targeted objectives — versus trying to boil the ocean with an overly-complex and broad agenda — countries beyond the EU, China and the US can find niche tech issues that benefit their local constituencies.

That's the positive view. Now for the negative: the UK.

I've already expressed my reservations for London's quixotic approach to digital policy. In short: the only thing that matters, really, is boosting foreign direct investment into the country's region-leading tech sector. And, to be clear, there's nothing wrong with that.

But that hasn't stopped British politicians and policymakers from trying to bite off more than they can chew on everything from online safety to artificial intelligence to digital competition. In recent years, the UK has swung for the fences on all three of those areas, promoting itself as a world-leading center of digital regulation and tech-related industry. You can have the Online Safety Act AND be home to scores of global platform workers. You can pass sophisticated digital antitrust rules AND support the acquisition of local startups by Big Tech giants.

Frankly, I just don't buy it. Unlike Japan, the UK tries to play in the same realm as the US, China and the EU, but doesn't have the economic firepower or the regulatory muscle to do that well. Instead, London finds itself in the worst of all worlds. A middle power (with a lot of strong attributes upon which to call) that is too small to play in the Big Leagues but is unable — or unwilling? — to relegate itself to the second tier where it could really make a difference.

That should be a warning to other countries seeking to find their own path on digital policymaking. Don't pretend you can go head-to-head with global powers when you'll only end up on the worse side of that encounter.

More importantly — and this is especially true for London and its longstanding desire to remain in lockstep with the US — don't change your own digital agenda to fit into the ever-changing policies of longstanding allies.

London's decision, at the last minute, not to sign the communiqué at the recent Paris AI Action Summit because the US had decided not to hurt that country's global reputation with not much upside gained with Washington. The UK's "will they, or won't they" approach to pulling back on exiting digital regulation equally has not positioned the Brits as a safe pair of hands in the ever complex world of global tech policy.

In short, when it comes to navigating a country's own path on digital policy, be more like Japan, and less like the UK.

Chart of the Week

DONALD TRUMP'S ADMINISTRATION WILL UNVEIL a cavalcade of global tariffs on April 2 which some in the White House are calling "Liberation Day."

Thankfully, much of the digital world has escaped these threats as negotiations via the World Trade Organization mostly exempted so-called "electronic transmissions" (read: online purchases) from such duties.

It's a good thing, too. At least for global trade. Over the last decade, trade via so-called "digitally-delivered services" has roughly doubled, based on global exports (see left chart) and imports (see right chart.)

Source: World Trade Organization

Geopolitics is coming for Trust & Safety Inc

LAST WEEK WAS THE SECOND INSTALLMENTof my (London-based) tech policy meet-up series known as "Marked as Urgent." I run it alongside Ben Whitelaw (and his Everything in Moderation newsletter) and Georgia Iacovou (and her Horrific/Terrific newsletter.) Photos here — and let me know if you're down for us bringing the roadshow to your city. We're game.

The topic of the night was: "What next for Trust & Safety?" Disclaimer: I can be a little like a one-trick pony. But I spoke about how the world of (international) politics is almost certainly going to hit the T&S industry like a ton of bricks in the coming months. I'm not sure many in the sector either know or are prepared for what is coming down the pike.

Let's walk through this.

First, there is a growing divide, in the democratic world, between the US and everyone else. No, I'm not talking about Washington's overall shift in policy. Instead, the likes of Australia, Canada and South Korea are quickly moving to impose rules on online platforms to moderate illegal speech — and force companies to explain exactly how they are doing that.

In the US, Trump's position on any form of content moderation — that it is a form of illegal censorship — is well known. It's now getting implemented via Congressional hearings, White House directives and efforts by US federal agencies. That comes despite a growing sophistication in the US-based trust and safety sector that remains arguably the largest, globally, despite the recent shift in political winds.

Second, this split between the US and everyone else on content moderation will force companies to pick sides. Some will do it happily (looking at you, Meta.) Others will shift gears out of either regulatory necessity or political calculation to keep them on the right side of specific world leaders. Yet there will be inherent conflicts when rank-and-file trust and safety experts continue the daily work of complying with national online safety rules, while companies' top executives make public statements about why they believe such work should be stopped.

**A message from Microsoft** New technologies like AI supercharge creativity, business, and more. At the same time, we must take steps to ensure AI is resistant to abuse. Our latest white paper, "Protecting the Public from Abusive AI-Generated Content across the EU," highlights the weaponization of women’s nonconsensual imagery, AI-powered scams and financial fraud targeting older adults, and the proliferation of synthetic child sexual abuse.

The paper outlines steps Microsoft is taking to combat these risks and provides recommendations as to how the EU's existing regulatory framework can be used to combat the abuse of AI-generated content by bad actors. We thank Women Political Leaders, the MenABLE project, the Internet Watch Foundation, the WeProtect Global Alliance, and the European Senior’s Union for their important work and support. Click here to read more.**

I don't envy those inside the platforms who will be stuck between those public statements and the day-to-day requirements of regulatory compliance.

Yet for those outside of the US, don't expect the political world to leave you alone, either.

Now that we are a couple of years into mandatory online safety regimes (well, almost a decade if you're in Australia), there are few lawmakers who are making the case, publicly, about why such rules are good for voters. Sure, national leaders make statements about online kids safety, digital terrorism or (Russian) foreign interference whenever a big news event happens. But there's no elected official really explaining to people why trust and safety is crucial to both creating a more inclusive online environment and (important for any politician) why it's in the country's national interest.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

That's a problem. It's a problem because, at some point, the White House is likely to impose retaliatory tariffs on a country that announces some form of fine and/or remedy on an American social media giant. The Trump 2.0 administration specifically called out the UK and EU online safety regimes for undermining freedom of speech. At this point, we should take Washington at its word about taking such future action.

If/when those tariffs start, which politician in those targeted countries is going to stand up for these regimes? Which leader will be willing to go to the mattresses to defend a national online safety regime so that it doesn't become a bargaining chip in wider trade negotiations with the US?

Currently, I don't see clear support from non-US politicians on those points. It should concern anyone working in the trust and safety industry that there is no mainstream politically buy-in for the work that they do. Especially, as stated above, when there's also growing internal apathy in many of these companies for that work, too.

In the coming months, I'm still unclear how this will play out. Both inside social media giants and within countries' political establishments. But what I do know is that all forms of platform governance will become increasingly intertwined with geopolitics in the months ahead.

Thanks for getting this far. If you're interested in sponsoring future editions of Digital Politics, please get in touch on digitalpolitics@protonmail.com

What I'm reading

— The European Commission announced $1.4 billion in financial support for artificial intelligence, cybersecurity and digital skills across the 27-country bloc. More here.

— The Carnegie Endowment for International Peace goes deep into how decentralized versions of social media platforms represent a new way to govern online spaces. More here.

— The US Office of the Director of National Intelligence published its annual threat assessment, including areas associated with tech. More here.

— Researchers from the University of Münster in Germany delved into how TikTok audio clips were used in disinformation campaigns related to the war in Ukraine. More here.

— British regulators explained why they believed the country's existing rules would foster the development of next-generation AI models. More here.

— The International Association of Privacy Professionals and Harvard's Berkman Klein Center for Internet & Society are organizing a two-day retreat for digital policy leaders in June. They've just opened up registrations here.

digitalpolitics.co/newsletter0…

Getting a look at the internals of a garden variety “wall wart” isn’t the sort of thing that’s likely to excite the average Hackaday reader. You’ve probably cracked one open yourself, and even if you haven’t, you’ve likely got a pretty good idea of what’s inside that sealed up brick of plastic. But sometimes a teardown can be just as much about the journey as it is the end result.

Truth be told, we’re not 100% sure if this teardown from [Brian Dipert] over at EDN was meant as an April Fool’s joke or not. Certainly it was posted on the right day, but the style is close enough to some of his previous work that it’s hard to say. In any event, he’s created a visual feast — never in history has an AC/DC adapter been photographed so completely and tastefully.
An Ode to the Diode
[Brian] even goes so far as to include images of the 2.5 lb sledgehammer and paint scraper that he uses to brutally break open the ultrasonic-welded enclosure. The dichotomy between the thoughtful imagery and the savage way [Brian] breaks the device open only adds to the surreal nature of the piece. Truly, the whole thing seems like it should be part of some avant garde installation in SoHo.

After he’s presented more than 20 images of the exterior of the broken wall wart, [Brian] finally gets to looking at the internals. There’s really not much to look at, there’s a few circuit diagrams and an explanation of the theory behind these unregulated power supplies, and then the write-up comes to a close as abruptly as it started.

So does it raise the simple teardown to an art form? We’re not sure, but we know that we’ll never look at a power adapter in quite the same way again.

hackaday.com/2025/04/02/the-lo…