quotidiano.net/esteri/cosa-res…
dai miliziani fondamentalisti il 7 ottobre 2023, aveva provocato 1.195 morti (circa il 70% civili). La “risposta” israeliana ha causato ormai oltre 67.000 vittime nella Striscia. Ancora nelle ultime 24 ore tra il 9 e il 10 ottobre 2025 sono arrivati negli ospedali della Striscia 17 morti e 71 feriti, ha spiegato il ministero della Sanità: il bilancio complessivo delle vittime dall'inizio della guerra, dal 7 ottobre 2023, è di 67.211 morti e 169.961 feriti."
io non mi capacito del fatto che ci sia gente, tipo la meloni, e suoi fan, che considera "adeguata, legittima e necessaria la risposta i israele. come fa a no considerare questo un genocidio? a parte i 50 anni di storia e la cisgiordania occupata da coloni/soldati armati, ma anche solo la striscia di gaza,,, a qualcuno pare legittimo uccidere 67'000 persone per 1195? no dico... ma questi so sono montati la testa e pensano di valere 10 volte tanto e noi glielo permettiamo?
subito il riconoscimento della palestina e i disconoscimento di israele... per noi non deve neppure esistere israele come stato, il suo passaporto, i suoi atleti, niente. nessuna relazione. quelli sono dei barbari che occupano abusivamente la cisgiordania come minimo... quando torneranno nei propri confini se ne riparlerà. prima il ritorno però.
500'000 coloni devono tornare a israele. dove metterli? cazzi vostri. costriuite grattacieli a 1000 piani. impilateli. uccideteli. cazzi vostri. specie dopo quello che avete fatto. oppure beh... possono essere "ospiti" di uno stato palestinese alle condizioni plaestinesi. ma ripeto: ospiti.
Cosa resta di Gaza? Quante sono le vittime, quanti gli sfollati e quanti edifici sono stati distrutti
L’analisi dell’Ispi sulla condizione della Striscia: morti, feriti, sfollati, carestia alimentare, tutti i numeri di una “tragedia umanitaria gravissima”Redazione Esteri (Quotidiano Nazionale)
The Electret Preamp You Might Need
Electret capsules can be found in some of the highest quality microphones for studio use, as well as in some of the very cheapest microphone capsules on the market. More care and attention has gone into the high-end capsule and its associated circuitry than the cheap one, but is it still possible to get good quality from something costing under a dollar? [Mubarak Basha] thinks so, and has designed a preamp circuit to get the best from a cheap electret capsule.
These capsules may be cheap, but with the addition of a low voltage supply, a resistor, and a capacitor, their internal FET delivers a decent enough input to many a project. To improve on that will need a bit of effort, and in this the preamp delivers by taking care to match impedance, impose a carefully chosen frequency response, and just the right gain to derive a line level output from the electret’s level. It’s hardly a complex circuit, but that’s not always necessary.
As always in these situations, without appropriate test equipment it’s difficult to gauge quality. We’d say this though, if you make one of these and it falls short, you won’t have spent much. Meanwhile if you’re curious about electrets, here’s our guide.
Lombardia nel mirino! Attenzione ai messaggi di phishing averte la Polizia Postale
Un’ondata di messaggi di phishing sta colpendo in questi giorni numerosi cittadini lombardi. Le email, apparentemente inviate da una società di recupero crediti, fanno riferimento a presunti mancati pagamenti per prestazioni sanitarie realmente effettuate.
L’oggetto della comunicazione riporta la formula “Richiesta di saldo debito – [nome e cognome]”, un dettaglio che contribuisce a rendere il messaggio particolarmente credibile. All’interno del testo si trovano elenchi di ricette e prestazioni mediche che corrispondono a quelle effettivamente emesse dai medici curanti, inducendo così il destinatario a ritenere la richiesta autentica.
Il messaggio invita a “regolarizzare la propria posizione” effettuando un versamento di circa 40 euro su un conto corrente estero, con IBAN spagnolo. Tuttavia, si tratta di una truffa costruita per carpire denaro e dati personali.
La Polizia Postale raccomanda di non procedere ad alcun pagamento, di non cliccare sui link contenuti nel messaggio e di segnalare tempestivamente ogni tentativo sospetto attraverso il portale ufficiale www.commissariatodips.it oppure contattando direttamente gli uffici della Polizia di Stato.
La segnalazione di questa campagna fraudolenta è stata diffusa dalla Polizia Postale, che invita i cittadini della Lombardia a prestare la massima attenzione e a verificare sempre l’autenticità delle comunicazioni ricevute via email o SMS.
La vicenda evidenzia come i truffatori stiano sempre più affinando le tecniche di phishing, rendendo i messaggi estremamente realistici e difficili da distinguere da comunicazioni ufficiali.
È fondamentale che i cittadini mantengano un atteggiamento critico, verifichino sempre l’autenticità delle richieste di pagamento e seguano le indicazioni della Polizia Postale. La prudenza e la segnalazione tempestiva dei messaggi sospetti restano le migliori difese contro questo tipo di frodi.
L'articolo Lombardia nel mirino! Attenzione ai messaggi di phishing averte la Polizia Postale proviene da il blog della sicurezza informatica.
There are famously two hard problems in computer science: cache invalidation, naming things, and off by one errors.
PS: Friendica status editor does not seem to have a language selector; hopefully this post-scriptum will give the oversmart algoritm some hints about it but I'm disappointed, given UX is not in the "hard problems" set 😁
Velociraptor usato in attacchi attivi per distribuire il ransomware LockBit e Babuk
Gli hacker hanno iniziato a utilizzare Velociraptor, lo strumento di analisi forense e risposta agli incidenti digitali (DFIR), per sferrare attacchi con i ransomware LockBit e Babuk. I ricercatori di Cisco Talos attribuiscono queste campagne al gruppo Storm-2603, operativo in Cina.
Secondo gli analisti, gli aggressori hanno utilizzato una versione obsoleta di Velociraptor con una vulnerabilità di escalation dei privilegi (CVE-2025-6264 , punteggio CVSS 5,5) per ottenere il controllo completo sui sistemi infetti.
Velociraptor è stato creato da Mike Cohen come strumento DFIR open source e successivamente acquisito da Rapid7 che ne sta sviluppando la versione commerciale. A fine agosto, i ricercatori di Sophos hanno segnalato che gli aggressori stavano già utilizzando questo software per l’accesso remoto. Lo hanno utilizzato per scaricare ed eseguire Visual Studio Code su host infetti, creando un tunnel di comunicazione sicuro con i server C2.
Secondo Cisco Talos, l’attacco è iniziato con la creazione di account di amministratore locale sincronizzati con l’ID Entra. Utilizzando questi account, gli aggressori hanno effettuato l’accesso alla console VMware vSphere e hanno stabilito una presenza nell’infrastruttura virtuale.
Hanno quindi installato una versione precedente di Velociraptor, la 0.73.4.0, che conteneva la vulnerabilità CVE-2025-6264, consentendo loro di eseguire comandi arbitrari e assumere il controllo del sistema. Lo strumento è stato riutilizzato anche dopo l’isolamento dell’host, garantendo una presenza persistente sulla rete.
Gli aggressori hanno anche utilizzato comandi smbexec in stile Impacket per avviare programmi da remoto e creare attività pianificate con script batch. Per indebolire la sicurezza, hanno disabilitato i moduli di protezione di Microsoft Defender, incluso il monitoraggio delle attività di file e processi, tramite i criteri di gruppo di Active Directory.
Gli strumenti di rilevamento delle minacce hanno rilevato il ransomware LockBit in esecuzione su computer Windows, ma i file crittografati avevano l’estensione “.xlockxlock“, già riscontrata negli attacchi Warlock.
Sui server VMware ESXi, i ricercatori hanno trovato un binario Linux identificato come Babuk. Un ransomware PowerShell fileless è stato utilizzato per la crittografia di massa dei dati, generando nuove chiavi AES a ogni esecuzione. In precedenza, un altro script PowerShell scaricava documenti per una doppia estorsione, aggiungendo ritardi tra le operazioni per eludere sandbox e sistemi di analisi.
Halcyon ha osservato nella sua ricerca che Storm-2603 è probabilmente collegato ad agenzie governative cinesi ed era precedentemente noto come Warlock e CL-CRI-1040. Il gruppo ha agito come partner di LockBit, combinando i propri strumenti con quelli di ecosistemi di criminalità informatica consolidati.
Cisco Talos ha presentato una serie di indicatori di compromissione, inclusi file scaricati dagli aggressori e tracce di attività di Velociraptor rilevate sui sistemi infetti.
L'articolo Velociraptor usato in attacchi attivi per distribuire il ransomware LockBit e Babuk proviene da il blog della sicurezza informatica.
Blis likes this.
SonicWall conferma la violazione dei dati. A rischio i clienti del servizio backup cloud
SonicWall ha confermato che il mese scorso una violazione dei dati ha interessato tutti i clienti che utilizzavano il servizio di backup cloud dell’azienda. Di conseguenza, le configurazioni del firewall memorizzate in MySonicWall sono state compromesse.
MySonicWall è un portale per i clienti SonicWall che consente loro di gestire l’accesso ai prodotti, le licenze, la registrazione, gli aggiornamenti del firmware, le richieste di supporto e i backup cloud delle configurazioni del firewall (file .EXP).
Si consiglia agli utenti di seguire immediatamente i passaggi sottostanti:
- Accedere all’account MySonicWall.com e verifica se esistono backup cloud per i firewall registrati
- Se i campi sono vuoti, non c’è alcun impatto
- Se i campi contengono dettagli di backup, verificare se i numeri di serie interessati sono elencati nell’account
- Se vengono visualizzati i numeri di serie, gli utenti devono seguire le linee guida di contenimento e ripristino per i firewall elencati
A metà settembre 2025, SonicWall ha esortato i propri clienti a modificare le proprie credenziali di accesso il prima possibile, poiché un attacco informatico agli account MySonicWall aveva compromesso i file di backup della configurazione del firewall.
All’epoca, i dettagli dell’attacco non furono divulgati e SonicWall dichiarò di aver bloccato l’accesso degli aggressori ai sistemi dell’azienda e di aver già collaborato con le agenzie di sicurezza informatica e le forze dell’ordine.
L’azienda ha pubblicato raccomandazioni dettagliate pensate per aiutare gli amministratori a ridurre al minimo i rischi di sfruttamento di configurazioni rubate. In particolare, ha raccomandato di riconfigurare il prima possibile i segreti e le password potenzialmente compromessi e di monitorare le potenziali attività degli aggressori.
All’epoca, il fornitore aveva riferito che circa il 5% dei suoi clienti totali utilizzava il servizio di backup su cloud, ma l’attacco aveva colpito solo “alcuni account”.
In un aggiornamento pubblicato questa settimana, SonicWall ha avvisato che l’incidente ha interessato tutti i clienti che utilizzavano un portale cloud per archiviare i file di configurazione del firewall.
“SonicWall ha completato l’indagine, condotta in collaborazione con Mandiant, azienda leader nella gestione delle relazioni con i clienti, sulla portata di un recente incidente di sicurezza relativo al backup su cloud. L’indagine ha confermato che una parte non autorizzata ha avuto accesso ai file di backup della configurazione del firewall di tutti i clienti che hanno utilizzato il servizio di backup su cloud di SonicWall. I file contengono credenziali e dati di configurazione crittografati; sebbene la crittografia rimanga attiva, il possesso di questi file potrebbe aumentare il rischio di attacchi mirati. Stiamo lavorando per informare tutti i partner e i clienti interessati e abbiamo rilasciato strumenti per supportare la valutazione e la risoluzione dei problemi dei dispositivi. Gli elenchi finali aggiornati e completi dei dispositivi interessati sono ora disponibili sul portale MySonicWall (accedere a Gestione Prodotti > Elenco Problemi).”
Si sottolinea che i file compromessi contengono credenziali e dati di configurazione crittografati con AES-256.
Gli utenti possono verificare se i loro dispositivi sono interessati accedendo a MySonicWall e andando su Gestione Prodotti -> Elenco Problemi. In caso di problemi in sospeso, gli utenti devono seguire i passaggi indicati nella guida Essential Credential Reset, dando priorità ai firewall attivi con accesso a Internet.
L'articolo SonicWall conferma la violazione dei dati. A rischio i clienti del servizio backup cloud proviene da il blog della sicurezza informatica.
Scoperta la botnet RondoDox: migliaia di dispositivi a rischio
È stata scoperta una grande botnet chiamata RondoDox che sfrutta 56 vulnerabilità in più di 30 dispositivi diversi, tra cui bug dimostrati per la prima volta durante la competizione di hacking Pwn2Own.
Gli aggressori prendono di mira un’ampia gamma di dispositivi accessibili tramite Internet, tra cui videoregistratori digitali (DVR), videoregistratori di rete (NVR), sistemi di videosorveglianza e server web.
RondoDox utilizza una strategia che i ricercatori di Trend Micro chiamano “exploit shotgun”: il malware utilizza più exploit contemporaneamente per massimizzare il numero di infezioni, nonostante la natura di alto profilo di tale attività.
I ricercatori segnalano che, tra le altre vulnerabilità, RondoDox attacca CVE-2023-1389, un bug nel router Wi-Fi TP-Link Archer AX21, inizialmente dimostrato al Pwn2Own Toronto 2022. Si sottolinea che gli sviluppatori della botnet monitorano attentamente gli exploit dimostrati al Pwn2Own e poi iniziano a utilizzarli nella pratica.
Tra le vulnerabilità n-day che RondoDox ha già aggiunto al suo arsenale ci sono:
- Digiever – CVE-2023-52163;
- Qnap – CVE-2023-47565;
- LB-LINK – CVE-2023-26801;
- TRENDnet – CVE-2023-51833;
- D-Link – CVE-2024-10914;
- TBK – CVE-2024-3721;
- Netgear – CVE-2024-12847;
- AVTECH – CVE-2024-7029;
- TOTOLINK – CVE-2024-1781;
- Tenda – CVE-2025-7414;
- TOTOLINK – CVE-2025-1829;
- Meteobridge – CVE-2025-4008;
- Edimax – CVE-2025-22905;
- Linksys – CVE-2025-34037;
- TOTOLINK – CVE-2025-5504;
- TP-Link – CVE-2023-1389.
Gli esperti scrivono che le vecchie vulnerabilità, soprattutto nei dispositivi che hanno superato il periodo di supporto, rappresentano un problema serio, poiché è meno probabile che ricevano patch. I problemi più recenti nell’hardware supportato non sono meno pericolosi, poiché molti utenti semplicemente ignorano gli aggiornamenti del firmware dopo la configurazione iniziale del dispositivo.
Gli analisti di Trend Micro segnalano che RondoDox utilizza exploit per 18 vulnerabilità di command injection a cui non è ancora stato assegnato un identificatore CVE. Queste vulnerabilità interessano i dispositivi NAS D-Link, i DVR TVT e LILIN, i router Fiberhome, ASMAX e Linksys, le telecamere Brickcom e altri dispositivi non specificati.
Come precedentemente riportato da FortiGuard Labs, RondoDox è in grado di lanciare attacchi DDoS utilizzando HTTP, UDP e TCP. Per evitare di essere rilevata, la botnet maschera il suo traffico dannoso sotto forma di giochi e piattaforme popolari, tra cui Minecraft, Dark and Darker, Roblox, DayZ, Fortnite e GTA di Valve, oltre a strumenti come Discord, OpenVPN, WireGuard e RakNet.
Per proteggersi dagli attacchi RondoDox, i ricercatori raccomandano di installare gli ultimi aggiornamenti firmware disponibili e di sostituire tempestivamente l’hardware scaduto. Inoltre, si raccomanda di segmentare la rete, isolando i dati critici dai dispositivi IoT accessibili tramite Internet e dalle connessioni guest, nonché di modificare le credenziali predefinite e utilizzare password complesse.
L'articolo Scoperta la botnet RondoDox: migliaia di dispositivi a rischio proviene da il blog della sicurezza informatica.
Programming Space Game for x86 in Assembly Without an Operating System
In this video our hacker [Inkbox] shows us how to create a computer game that runs directly on computer hardware, without an operating system!
[Inkbox] briefly explains what BIOS is, then covers how UEFI replaces it. He talks about the genesis of UEFI from Intel in the late 90s. After Intel’s implementation of UEFI was made open source it got picked up by the TianoCore community who make tools such as the TianoCore EDK II.
[Inkbox] explains that the UEFI implementation provides boot services and runtime services. Boot services include things such as loading memory management facilities or running other UEFI applications, and runtime services include things like system clock access and system reset. In addition to these services there are many more UEFI protocols that are available.
[Inkbox] tells us that when an x64 CPU boots it jumps to memory address 0xfffffff0 that contains the initialization instructions which will enter protected mode, verify the firmware, initialize the memory, load the storage and graphics drivers, then run the UEFI Boot Manager. The UEFI Boot Manager will in turn load the appropriate EFI application, such as the firmware settings manager application (the “BIOS settings”), Windows Boot Manager, or GRUB. In this video we make our very own EFI application that the UEFI Boot Manager can be configured to load and run.
The system used for development and testing has a AMD Ryzen AI 9 HX 370 CPU and 32GB DDR5 RAM.
Having explained how everything gets started [Inkbox] goes on to explain how to write and deploy the assembly language program which will load and play the game. [Inkbox] shows how to read and write to the console and mentions that he did his testing on QEMU with an image on an external USB thumbdrive. He goes on to show how to use the system time and date facilities to get the current month. When trying to read nanoseconds from the system clock he ended up needing to refer to the UEFI Specification Release 2.10 (2.11 is latest as of this writing).
In the rest of the video [Inkbox] does some arithmetic for timing, uses LocateProtocol to load the graphics output provider, configures an appropriate video mode, writes to the screen using BLT operations, and makes the program run on multiple CPU cores (the CPU used has 24). At last, with some simple graphics programming and mouse input, [Inkbox] manages to get Space Game for x86 to run.
If you’re interested in knowing more about UEFI a good place to start is What’s The Deal With UEFI?
youtube.com/embed/ZFHnbozz7b4?…
Your LLM Won’t Stop Lying Any Time Soon
Researchers call it “hallucination”; you might more accurately refer to it as confabulation, hornswaggle, hogwash, or just plain BS. Anyone who has used an LLM has encountered it; some people seem to find it behind every prompt, while others dismiss it as an occasional annoyance, but nobody claims it doesn’t happen. A recent paper by researchers at OpenAI (PDF) tries to drill down a bit deeper into just why that happens, and if anything can be done.
Spoiler alert: not really. Not unless we completely re-think the way we’re training these models, anyway. The analogy used in the conclusion is to an undergraduate in an exam room. Every right answer is going to get a point, but wrong answers aren’t penalized– so why the heck not guess? You might not pass an exam that way going in blind, but if you have studied (i.e., sucked up the entire internet without permission for training data) then you might get a few extra points. For an LLM’s training, like a student’s final grade, every point scored on the exam is a good point.
The problem is that if you reward “I don’t know” in training, you may eventually produce a degenerate model that responds to every prompt with “IDK”. Technically, that’s true– the model is a stochastic mechanism; it doesn’t “know” anything. It’s also completely useless. Unlike some other studies, however, the authors do not conclude that so-called hallucinations are an inevitable result of the stochastic nature of LLMs.
While that may be true, they point out it’s only the case for “base models”– pure LLMs. If you wrap the LLM with a “dumb” program able to parse information into a calculator, for example, suddenly the blasted thing can pretend to count. (That’s how undergrads do it these days, too.) You can also provide the LLM with a cheat-sheet of facts to reference instead of hallucinating; it sounds like what’s being proposed is a hybrid between an LLM and the sort of expert system you used to use Wolfram Alpha to access. (A combo we’ve covered before.)
In that case, however, some skeptics might wonder why bother with the LLM at all, if the knowledge in the expert system is “good enough.” (Having seen one AI boom before, we can say with the judgement of history that the knowledge in an expert system isn’t good enough often enough to make many viable products.)
Unfortunately, that “easy” solution runs back into the issue of grading: if you want your model to do well on the scoreboards and beat ChatGPT or DeepSeek at popular benchmarks, there’s a certain amount of “teaching to the test” involved, and a model that occasionally makes stuff up will apparently do better on the benchmarks than one that refuses to guess. The obvious solution, as the authors propose, is changing the benchmarks.
If you’re interested in AI (and who isn’t, these days?), the paper makes an interesting, read. Interesting if, perhaps disheartening if you were hoping the LLMs would graduate from their eternal internship any time soon.
Via ComputerWorld, by way of whereisyouredat.
Punti di contatto tra DMA e GDPR: ecco le linee guida congiunte di EDPB e Commissione UE
@Informatica (Italy e non Italy 😁)
L’European Data Protection Board e la Commissione europea hanno approvato, lo scorso 9 ottobre, un documento che esprime gli orientamenti comuni tra le due normative sui dati: il Digital Market Act e il GDPR. Il tutto al fine di
Gazzetta del Cadavere reshared this.
PLA Gears Fail To Fail In 3D Printed Bicycle Drivetrain
Anyone who has ever snapped a chain or a crank knows how much torque a bicycle’s power train has to absorb on a daily basis; it’s really more than one might naively expect. For that reason, [Well Done Tips]’s idea of 3D printing a gear chain from PLA did not seem like the most promising of hacks to us.
Contrary to expectations, though, it actually worked; at the end of the video (at about 13:25), he’s on camera going 20 km/h, which while not speedy, is faster than we thought the fixed gearing would hold up. The gears themselves, as you can see, are simple spurs, and were modeled in Fusion360 using a handy auto-magical gear tool. The idler gears are held in place by a steel bar he welded to the frame, and are rolling on good old-fashioned skateboard bearings–two each. (Steel ones, not 3D printed bearings.) The healthy width of the spur gears probably goes a long way to explaining how this contraption is able to survive the test ride.
The drive gear at the wheel is steel-reinforced by part of the donor bike’s cassette, as [Well Done Tips] recognized that the shallow splines on the freewheel hub were not exactly an ideal fit for PLA. He does complain of a squeaking noise during the test ride, and we can’t help but wonder if switching to helical gears might help with that. That or perhaps a bit of lubricant, as he’s currently riding the gears dry. (Given that he, too, expected them to break the moment his foot hit the pedal, we can’t hardly blame him not wanting to bother with grease.)
We’ve seen studies suggesting PLA might not be the best choice of plastic for this application; if this wasn’t just a fun hack for a YouTube video, we’d expect nylon would be his best bet. Even then, it’d still be a hack, not a reliable form of transportation. Good thing this isn’t reliable-transportation-a-day!
youtube.com/embed/PHHgMWuk23o?…
GL-Como - Linux Day 2025
gl-como.it/v2015/linux-day-202…
Segnalato da Linux Italia e pubblicato sulla comunità Lemmy @GNU/Linux Italia
Anche quest'anno il GL-Como partecipa al Linux Day!
L'appuntamento annuale organizzato da ILS è nato nel 2001 per promuovere le idee del software libero e dell'open source, con un occhio di riguardo verso Linux. L'evento è
reshared this
Possibly the Newest ISA Card
Back when the IBM PC was new, laying out an ISA board was a daunting task. You probably didn’t have a very fast ‘scope, if you had one at all. Board layout was almost certainly done on a drafting table with big pieces of tape. It was hard for small companies, much less hobbyists, to make a new card. You could buy a prototype board and wirewrap or otherwise put together something, but that was also not for the faint of heart. But with modern tools, something like that is a very doable project and [profdc9] has, in fact, done it. The card uses an ATMega328P and provides two SD cards for use as mass storage on an old computer.
The design tries to use parts that won’t be hard to get in the future. At least for a while, yet. There’s capacity for expansion, too, as there is an interface for a Wiznet 5500 Ethernet adapter.
Can you imagine if you could transport this card back to the days when the ISA bus was what you had? Just having a computer fast enough to manipulate the bus would have been sorcery in those days.
We don’t know if you need an ISA mass storage card, but if you do, [profdc9] has you covered. Then again, you do have options. Or, if you’d rather take a deep dive into the technology, we can help there, too.
Donald Trump’s “20-Point Plan” could provide a path to end the Gaza genocide, but it is limited by a lack of details and the uncertainty of whether the U.S. is willing to enforce it on Israel.mondoweiss.net/2025/10/now-tha…
Fight for press freedom as ICE attacks Chicago
Press freedom wins in Chicago court, but fight continues
Chicago journalists won a big First Amendment victory Oct. 9, when a federal court temporarily curbed federal officers’ abuses at protests. But the fight isn’t over.
The order still allows officers to potentially remove journalists along with protesters, a serious threat to press freedom that must be fixed.
We also can’t rely on courts alone. Local officials must step up, especially to protect independent journalists, who’ve been the main targets of these violations.
That’s why Freedom of the Press Foundation (FPF) led a coalition letter urging the Broadview, Illinois, Police Department and Illinois State Police to investigate attacks on independent journalists covering protests.
Read more about the order here.
Strengthen presidential library transparency
A segment on “Last Week Tonight with John Oliver” about corruption and secrecy surrounding presidential libraries cited FPF’s Lauren Harper, who has been warning about Trump’s purported library since before his inauguration.
Oliver is right. Secret donations to presidential libraries enable bribery, while public access to presidential records is at an all-time low. Use our action center tool to tell Congress to close the secrecy loopholes and increase transparency.
Army lawyer thinks journalists are stenographers
The Pentagon attempted to walk back its policy restricting reporters from publishing news the government doesn’t authorize. But the revised policy is still a nonstarter to which no journalist should agree.
Meanwhile, a nominee for general counsel for the Department of the Army, Charles L. Young III, effectively endorsed the unconstitutional restrictions during a Senate hearing this week, opining that the First Amendment authorizes the government to punish journalists for publishing information that it did not approve for public release.
That’s disqualifying. A journalist’s job isn’t to keep the government’s secrets. It’s to report news the government does not want reported.
Tell Congress to reject Young’s nomination.
State Department must stand up for journalists detained on flotillas
Israel continues to hold American journalists captured in international waters aboard aid flotillas. The latest are Jewish Currents reporter Emily Wilder and Drop Site News reporter Noa Avishag Schnall. Previously, Israel detained Drop Site News reporter Alex Colston, who has said he and other detainees were abused and denied medical care.
But the State Department is doing little if anything about these detainments, presumably because the journalists in question don’t agree with the administration’s policies. Lawmakers need to raise their voices and pressure the administration to do more.
Write to your member of Congress here.
Student journalists fight Trump’s anti-speech deportations
It’s not every day a student newspaper takes on the federal government. But that’s exactly what The Stanford Daily is doing.
The Daily sued Secretary of State Marco Rubio and Secretary of Homeland Security Kristi Noem in August over the Trump administration’s push to deport foreign students for exercising free speech, like writing op-eds and attending protests.
We spoke at the start of Stanford University’s fall term with Editor-in-Chief Greta Reich about why the Daily is fighting back. Read more here.
It’s time to end the SEC gag rule
We’ve written before about the unconstitutionality of the Securities and Exchange Commission’s “gag rule,” which bars those who settle with the SEC from talking to reporters, to protect the SEC’s reputation.
We shouldn’t need to say this, but the government doesn’t get to censor its critics to make itself look good. Last week, we filed a legal brief explaining to a federal appellate court why the ridiculous rule must be struck down. Read the brief here.
What we’re reading
ICE goes masked for a single reason (The New York Times). FPF’s Adam Rose tells the Times that immigration officers “seem to feel they can just willy-nilly shoot tear gas canisters at people and shoot them with foam rounds that can permanently maim people.”
The New York Times wins right to obtain info Musk wanted kept private (The New Republic). A court ruled that the public’s interest in knowing if Elon Musk has a security clearance and access to classified information outweighs any potential privacy interests.
Press Freedom Partnership newsletter (The Washington Post). “Journalists who are considering covering the story are going to think twice about it and stay home because they don’t want to be jailed and shot. It’s a major problem,” we told the Post about law enforcement targeting journalists covering anti-deportation protests in and around Chicago.
Journalism has become more challenging, for reporters and sources (Sentient). Sources have backed out of news stories — even seemingly uncontroversial ones — out of fear of being targeted by the Trump administration.
MAGA slams ‘fake news’ but embraces ‘The Benny Show’s’ misinformation (Straight Arrow News). “Plenty of past presidents would have loved to exclude serious journalists … and bring in the Benny Johnsons of their time. They just were under the impression that the public wouldn’t tolerate that,” we told Straight Arrow News. Now it’s up to the public to prove those past presidents right and the current one wrong.
A Function Generator From The Past
It’s always a pleasure to find a hardware hacker who you haven’t seen before, and page back through their work. [Bettina Neumryr]’s niche comes in building projects from old electronics magazines, and her latest, a function generator from the British Everyday Electronics magazine in April 1983, is a typical build.
The project uses the XR2206 function generator chip, a favourite of the time. It contains a current controlled oscillator and waveform shaper, and can easily produce square, triangle, and sine waves. It was always a puzzle back in the day why this chip existed as surely the global market for function generators can’t have been that large, however a little bit of background reading for this write-up reveals that its intended application was for producing frequency-shift-keyed sinusoidal tones.
The EE project pairs the XR2206 with an op-amp current generator to control the frequency, and another op-amp as an amplifier and signal conditioner. The power supply is typical of the time too, a mains transformer, rectifier, and linear regulators. There are a pair of very period PCBs supplied as print-outs in the magazine for home etching. This she duly does, though with toner transfer which would have been unheard of in 1983. After a few issues with faulty pots and a miswired switch, she has a working function generator which she puts in a very period project box.
It’s interesting to look at this and muse on what’s changed in electronic construction at our level in the last four decades. The PCB is single sided and has that characteristic yellow of ferric chloride etching, it takes up several times the space achievable with the same parts on the professionally-made dual-sided board designed using a modern PCB CAD package we’d use today. A modern take on the same project would probably use a microcontroller and a DAC, and a small switch-mode supply for less money than that transformer would provide the power. But we like the 1983 approach, and we commend [Bettina] for taking it on. The full video is below the break.
youtube.com/embed/CIuWX-6ER_8?…
Microsoft Defender segnala erroneamente SQL Server 2019 in End Of Life
Sappiamo bene che la fine del supporto dei prodotti (End of Life) comporta rischi di sicurezza e l’accumulo di vulnerabilità, poiché i produttori smettono di rilasciare patch correttive. Tuttavia, avviare un replatforming con cinque anni di anticipo appare una scelta forse eccessiva.
Microsoft sta lavorando per correggere un bug nella sua piattaforma di sicurezza aziendale Defender for Endpoint che causava la segnalazione errata da parte del software di sicurezza di SQL Server 2017 e 2019 come “obsoleti”.
BleepingComputer segnala che l’interruzione ha interessato i clienti di Defender XDR già mercoledì mattina. Microsoft stessa conferma che SQL Server 2019 sarà supportato fino a gennaio 2030 e SQL Server 2017 fino a ottobre 2027.
L’errore si è verificato a causa di un recente aggiornamento del codice relativo al sistema di rilevamento dei programmi “di fine supporto” (EoL), ovvero programmi il cui periodo di supporto è scaduto.
Di conseguenza, Defender ha contrassegnato erroneamente le versioni correnti di SQL Server come obsolete. “Gli utenti con SQL Server 2019 e 2017 installati potrebbero visualizzare etichette errate nella sezione Gestione minacce e vulnerabilità. Abbiamo già iniziato a distribuire una correzione che annullerà le modifiche errate”, ha riferito Microsoft.
L’azienda ha chiarito che il problema potrebbe riguardare tutti i clienti che utilizzano SQL Server 2017 e 2019, ma che si tratta di un incidente di portata limitata. Microsoft ha promesso di pubblicare un programma per l’implementazione completa della correzione non appena sarà pronta. Non è la prima volta che Defender for Endpoint risponde erroneamente agli aggiornamenti.
Una settimana prima, il prodotto aveva identificato erroneamente il BIOS di alcuni dispositivi Dell come obsoleto, richiedendo un aggiornamento inesistente.
All’inizio di settembre, l’azienda ha affrontato un altro problema: i falsi positivi del suo servizio antispam, che impedivano agli utenti di Exchange Online e Microsoft Teams di aprire i link nelle e-mail e nelle chat. Sembra che gli ingegneri Microsoft abbiano avuto un autunno particolarmente caldo.
L'articolo Microsoft Defender segnala erroneamente SQL Server 2019 in End Of Life proviene da il blog della sicurezza informatica.
Court backs Chicago reporters, but leaves door open for dispersals
A federal judge just reminded the government that the First Amendment still applies in Chicago.
On Oct. 9, Chicago journalists and protesters scored a major legal win, when Judge Sara Ellis issued a temporary restraining order reigning in federal officers’ repeated First Amendment violations at protests.
It’s a big victory for press freedom. The order prohibits arrests and use of physical force against journalists and restricts the use of dangerous crowd-control munitions. It defines “journalists” broadly, in a way that includes independent, freelance, and student reporters. It also enhances transparency by requiring federal officers to wear “visible identification,” like a unique serial number.
This order and similar rulings in Los Angeles last month are powerful reminders that journalists working together can vindicate their rights in the courts. They also highlight the crucial role that independent journalists and smaller news organizations play in defending press freedom. In both Chicago and Los Angeles, it’s been freelancers, community news outlets, local press clubs, and unions who’ve taken the lead, teaming up with protesters, legal observers, and clergy to take the government to court.
Unconstitutional dispersals of press still possible
But the fight isn’t over. The Chicago order unfortunately leaves open the possibility that, at least in some instances, federal officers may order journalists to leave areas where protests are being broken up or officers are attacking protesters.
Although the order prohibits dispersal of journalists from protests as a general matter, it also states that officers can “order” journalists to “change location to avoid disrupting law enforcement,” as long as they have “an objectively reasonable time to comply and an objectively reasonable opportunity to report and observe.” (In contrast, a similar order in Los Angeles states only that federal officers may “ask” journalists to change location.)
Federal officers are likely to use this as a loophole to continue to violently remove the press from protests, on the pretext that it’s necessary to avoid disruption. The order’s requirement that press must be able to continue to report and observe is also too lax; far better would have been an order specifically requiring that press be able to continue to see and hear the protest and law enforcement response.
Even when police can disperse protesters who break the law, the First Amendment doesn’t allow them to disperse journalists, too.
The weaker language around dispersals of journalists in the court’s order is a shame, especially for the public’s right to know. In recent days, Chicago journalists have been reporting about the violent tactics used by federal agents to disperse protests. If journalists can be ordered to leave alongside protesters, they can’t observe what’s happening or capture the images they need to keep the public informed.
It also makes dispersals more dangerous for protesters. As Unraveled Press noted, “Again and again, we’ve seen cops are most likely to get more violent with demonstrators when out of public view.” (Unraveled Press co-founder Raven Geary is a plaintiff in the Chicago lawsuit.) And while the court’s order prohibits dispersal orders aimed at peaceful protesters, if federal officers violate that order and also disperse the press to avoid a “disruption,” it will be much harder for the public to learn about it.
By declining to simply prohibit federal officers from dispersing the press, except when necessary to serve an essential government need such as public safety, the court also got the law wrong. Even when police can disperse protesters who break the law, the First Amendment doesn’t allow them to disperse journalists, too.
We’re not the only ones who say so. Just last year, the Department of Justice issued guidance stating as much:
“In the case of mass demonstrations, there may be situations—such as dispersal orders or curfews—where the police may reasonably limit public access. In these circumstances, to ensure that these limitations are narrowly tailored, the police may need to exempt reporters from these restrictions. …”
The DOJ also said so in a previous report, reprimanding the Minneapolis Police Department for its suppression of protesters and the press following George Floyd’s murder:
“The First Amendment requires that any restrictions on when, where, and how reporters gather information ‘leave open ample alternative channels’ for gathering the news. Blanket enforcement of dispersal orders and curfews against press violates this principle because they foreclose the press from reporting about what happens after the dispersal or curfew is issued, including how police enforce those orders.”
And in an important decision from 2020, the federal court of appeals in the 9th Circuit also disapproved of blanket dispersal orders being enforced against the press. That case arose from very similar circumstances to those today: federal authorities abusing the First Amendment while policing federal property during Black Lives Matter protests in Portland, Oregon.
In the 2020 case, the 9th Circuit affirmed a legal order that exempted journalists from general dispersal orders issued by the federal government. Journalists, it wrote, “cannot be punished for the violent acts of others.”
These authorities make it clear: Journalists cannot be ordered to move simply because it would be more convenient for officers. Journalists can only be dispersed if it’s essential to a compelling government interest, and only if they continue to have another vantage point from which they can see and hear what’s going on in order to report.
It’s frustrating that the court’s order leaves the door open for the government to evade this well-established principle. But the fight isn’t over. The court’s temporary restraining order is just a first step. When it issues a more permanent ruling, it will have another opportunity to get the prohibition on dispersing the press right.
La convenienza di limitare il pensiero
@Giornalismo e disordine informativo
articolo21.org/2025/10/la-conv…
Leggiamo ciò che siamo e leggiamo sempre meno. A dilrlo, già nel maggio scorso durante il Salone del libro di Torino l’Associazione Italiana Editori (AIE) che aveva rilevato come l’andamento dell’editoria stesse subendo un calo importante delle vendite,
Hackaday Podcast Episode 341: Qualcomm Owns Arduino, Steppers Still Dominate 3D Printing, and Google Controls Your Apps
The nights are drawing in for Europeans, and Elliot Williams is joined this week by Jenny List for an evening podcast looking at the past week in all things Hackaday. After reminding listeners of the upcoming Hackaday Supercon and Jawncon events, we take a moment to mark the sad passing of the prolific YouTuber, Robert Murray-Smith.
Before diving into the real hacks, there are a couple of more general news stories with an effect on our community. First, the takeover of Arduino by Qualcomm, and what its effect is likely to be. We try to speculate as to where the Arduino platform might go from here, and even whether it remains the player it once was, in 2025. Then there’s the decision by Google to restrict Android sideloading to only approved-developer APKs unless over ADB. It’s an assault on a user’s rights over their own hardware, as well as something of a blow to the open-source Android ecosystem. What will be our community’s response?
On more familiar territory we have custom LCDs, algorithmic art, and a discussion of non-stepper motors in 3D printing. Even the MakerBot Cupcake makes an appearance. Then there’s a tiny RV, new creative use of an ESP32 peripheral, and the DVD logo screensaver, in hardware. We end the show with a look at why logic circuits use the voltages they do. It’s a smorgasbord of hacks for your listening enjoyment.
html5-player.libsyn.com/embed/…
Download yourself an MP3 even without a Hackaday Listeners’ License.
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 341 Show Notes:
News:
- 2025 Hackaday Supercon: More Wonderful Speakers
- JawnCon Returns This Weekend
- Honoring The Legacy Of Robert Murray-Smith
What’s that Sound?
- Fill in the form with your best guess to be entered to win next week.
Interesting Hacks of the Week:
- Qualcomm Introduces The Arduino Uno Q Linux-Capable SBC
- Google Confirms Non-ADB APK Installs Will Require Developer Registration
- Mesmerizing Patterns From Simple Rules
- How To Design Custom LCDs For Your Own Projects
- Why Stepper Motors Still Dominate 3D Printing
- How Your SID May Not Be As Tuneful As You’d Like
Quick Hacks:
- Elliot’s Picks:
- A Childhood Dream, Created And Open Sourced
- Tips For C Programming From Nic Barker
- Finding Simpler Schlieren Imaging Systems
- Jenny’s Picks:
- Building The DVD Logo Screensaver With LEGO
- ESP32 Decodes S/PDIF Like A Boss (Or Any Regular Piece Of Hi-Fi Equipment)
- Kei Truck Becomes Tiny RV
Can’t-Miss Articles:
hackaday.com/2025/10/10/hackad…
QUIC! Jump to User Space!
Everyone knows that Weird Al lampooned computers in a famous parody song (It’s All About the Pentiums). But if you want more hardcore (including more hardcore language, so if you are offended by rap music-style explicit lyrics, maybe don’t look this up), you probably want “Kill Dash 9” by Monzy. There’s a line in that song about “You thought the seven-layer model referred to a burrito.” In fact, it refers to how networking applications operate, and it is so ingrained that you don’t even hear about it much these days. But as [Codemia] points out, QUIC aims to disrupt the model, and for good reason.
Historically, your application (at layer 7) interacts with the network through other layers like the presentation layer and session layer. At layer 4, though, there is the transport layer where two names come into play: TCP and UDP. Generally, UDP is useful where you want to send data and you don’t expect the system to do much. Data might show up at its destination. Or not. Or it might show up multiple times. It might show up in the wrong order. TCP solves all that, but you have little control over how it does that.
When things are congested, there are different strategies TCP can use, but changing them can be difficult. That’s where QUIC comes in. It is like a user-space TCP layer built over a UDP transport. There are a lot of advantages to that, and if you want to know more, or even just want a good overview of network congestion control mitigations, check the post out.
If you want to know more about congestion control, catch a wave.