Germany Stack: solo il software libero permette la sovranità digitale
softwareliberoliguria.org/germ…
Segnalato dall'Associazione Software Libero Liguria di #Genova e pubblicato sulla comunità Lemmy @GNU/Linux Italia
#Firenze
E solo
GNU/Linux Italia reshared this.
Il nuovo video di Pasta Grannies: youtube.com/shorts/DlzS3DoR3nM
@Cucina e ricette
(HASHTAG)
Cucina e ricette reshared this.
#Israele, la tregua che uccide
Israele, la tregua che uccide
Il regime israeliano di Netanyahu ha alzato drammaticamente il numero e la qualità degli attacchi a Gaza e in Libano negli ultimi giorni, allungando la striscia di morti a partire dall’entrata in vigore delle rispettive tregue teoriche e confermando …www.altrenotizie.org
The 'psyops' revealed by X are entirely the fault of the perverse incentives created by social media monetization programs.
The x27;psyopsx27; revealed by X are entirely the fault of the perverse incentives created by social media monetization programs.#AI #AISlop
America’s Polarization Has Become the World's Side Hustle
A new feature on X is making people suddenly realize that some large portion of the divisive, hateful, and spammy content designed to inflame tensions or, at the very least, is designed to get lots of engagement on social media, is being published by accounts that are pretending to be based in the United States but are actually being run by people in countries like Bangladesh, Vietnam, India, Cambodia, Russia, and other countries. An account called “Ivanka News” is based in Nigeria, “RedPilledNurse” is from Europe, “MAGA Nadine” is in Morocco, “Native American Soul” is in Bangladesh, and “Barron Trump News” is based in Macedonia, among many, many of others.Inauthentic viral accounts on X are just the tip of the iceberg, though, as we have reported. A huge amount of the viral content about American politics and American news on social media is from sock puppet and bot accounts monetized by people in other countries. The rise of easy to use, free AI generative tools have supercharged this effort, and social media monetization programs have incentivized this effort and are almost entirely to blame. The current disinformation and slop phenomenon on the internet today makes the days of ‘Russian bot farms’ and ‘fake news pages from Cyprus’ seem quaint; the problem is now fully decentralized and distributed across the world and is almost entirely funded by social media companies themselves.
This will not be news to people who have been following 404 Media, because I have done multiple investigations about the perverse incentives that social media and AI companies have created to incentivize people to fill their platforms with slop. But what has happened on X is the same thing that has happened on Facebook, Instagram, YouTube, and other social media platforms (it is also happening to the internet as a whole, with AI slop websites laden with plagiarized content and SEO spam and monetized with Google ads). Each social media platform has either an ad revenue sharing program, a “creator bonus” program, or a monetization program that directly pays creators who go viral on their platforms.This has created an ecosystem of side hustlers trying to gain access to these programs and YouTube and Instagram creators teaching people how to gain access to them. It is possible to find these guide videos easily if you search for things like “monetized X account” on YouTube. Translating that phrase and searching in other languages (such as Hindi, Portuguese, Vietnamese, etc) will bring up guides in those languages. Within seconds, I was able to find a handful of YouTubers explaining in Hindi how to create monetized X accounts; other videos on the creators’ pages explain how to fill these accounts with AI-generated content. These guides also exist in English, and it is increasingly popular to sell guides to make “AI influencers,” and AI newsletters, Reels accounts, and TikTok accounts regardless of the country that you’re from.
youtube.com/embed/tagCqd_Ps1g?…
Examples include “AK Educate” (which is one of thousands), which posts every few days about how to monetize accounts on Facebook, YouTube, X, Instagram, TikTok, Etsy, and others. “How to create Twitter X Account for Monitization [sic] | Earn From Twitter in Pakistan,” is the name of a typical video in this genre. These channels are not just teaching people how to make and spam content, however. They are teaching people specifically how to make it seem like they are located in the United States, and how to create content that they believe will perform with American audiences on American social media. Sometimes they are advising the use of VPNs and other tactics to make it seem like the account is posting from the United States, but many of the accounts explain that doing this step doesn’t actually matter.
Americans are being targeted because advertisers pay higher ad rates to reach American internet users, who are among the wealthiest in the world. In turn, social media companies pay more money if the people engaging with the content are American. This has created a system where it makes financial sense for people from the entire world to specifically target Americans with highly engaging, divisive content. It pays more.For the most part, the only ‘psyop’ here is one being run on social media users by social media companies themselves in search of getting more ad revenue by any means necessary.
For example: AK Educate has a video called “7 USA Faceless Channel Ideas for 2025,” and another video called “USA YouTube Channel Kaise Banaye [how to].” The first of these videos is in Hindi but has English subtitles.
“Where you get $1 on 1,000 views on Pakistani content,” the video begins, “you get $5 to $7 on 1,000 views on USA content.”
“As cricket is seen in Pakistan and India, boxing and MMA are widely seen in America,” he says. Channel ideas include “MMA,” “Who Died Today USA,” “How ships sink,” news from wars, motivational videos, and Reddit story voiceovers. To show you how pervasive this advice to make channels that target Americans is, look at this, which is a YouTube search for “USA Channel Kaise Banaye”:
0:00
/0:23
1×
Screengrabs from YouTube videos about how to target Americans
One of these videos, called “7 Secret USA-Based Faceless Channel Ideas for 2026 (High RPM Niches!)” starts with an explanation of “USA currency,” which details what a dollar is and what a cent is, and its value relative to the rupee, and goes on to explain how to generate English-language content about ancient history, rare cars, and tech news. Another video I watched showed, from scratch, how to create videos for a channel called “Voices of Auntie Mae,” which are supposed to be inspirational videos about Black history that are generated using a mix of ChatGPT, Google Translate, an AI voice tool called Speechma, Google’s AI image generator, CapCut, and YouTube. Another shows how to use Bing search, Google News Trends, Perplexity, and video generators to create “a USA Global News Channel Covering World Events,” which included making videos about the war in Ukraine and Chinese military parades. A video podcast about success stories included how a man made a baseball video called “baseball Tag of the year??? #mlb” in which 49 percent of viewers were in the USA: “People from the USA watch those types of videos, so my brother sitting at home in India easily takes his audience to an American audience,” one of the creators said in the video.I watched video after video being created by a channel called “Life in Rural Cambodia,” about how to create and spam AI-generated content using only your phone. Another video, presented by an AI-generated woman speaking Hindi, explains how it is possible to copy paste text from CNN to a Google Doc, run it through a program called “GravityWrite” to alter it slightly, have an AI voice read it, and post the resulting video to YouTube.
youtube.com/embed/WWuXtmLOnjk?…
A huge and growing amount of the content that we see on the internet is created explicitly because these monetization programs exist. People are making content specifically for Americans. They are not always, or even usually, creating it because they are trying to inflame tensions. They are making it because they can make money from it, and because content viewed by Americans pays the most and performs the best. The guides to making this sort of thing focus entirely on how to make content quickly, easily, and using automated tools. They focus on how to steal content from news outlets, source things from other websites, and generate scripts using AI tools. They do not focus on spreading disinformation or fucking up America, they focus on “making money.” This is a problem that AI has drastically exacerbated, but it is a problem that has wholly been created by social media platforms themselves, and which they seem to have little or no interest in solving.The new feature on X that exposes this fact is notable because people are actually talking about it, but Facebook and YouTube have had similar features for years, and it has changed nothing. Clicking any random horrific Facebook slop page, such as this one called “City USA” which exclusively posts photos of celebrities holding birthday cakes, shows that even though it lists its address as being in New York City, the page is being run by someone in Cambodia. This page called “Military Aviation” which lists its address as “Washington DC,” is actually based in Indonesia. This page called “Modern Guardian” and which exclusively posts positive, fake AI content about Elon Musk, lists itself as being in Los Angeles but Facebook’s transparency tools say it is based in Cambodia.
Besides journalists and people who feel like they are going crazy looking at this stuff, there are, realistically, no social media users who are going into the “transparency” pages of viral social media accounts to learn where they are based. The problem is not a lack of transparency, because being “transparent” doesn’t actually matter. The only thing revealed by this transparency is that social media companies do not give a fuck about this.
Where Facebook's AI Slop Comes From
Facebook itself is paying creators in India, Vietnam, and the Philippines for bizarre AI spam that they are learning to make from YouTube influencers and guides sold on Telegram.Jason Koebler (404 Media)
Testing the Survivability of Moss in Space
The cool part about science is that you can ask questions like what happens if you stick some moss spores on the outside of the International Space Station, and then get funding for answering said question. This was roughly the scope of the experiment that [Chang-hyun Maeng] and colleagues ran back in 2022, with their findings reported in iScience.
Used as moss specimen was Physcomitrium patens, a very common model organism. After previously finding during Earth-based experiments that the spores are the most resilient, these were subsequently transported to the ISS where they found themselves placed in the exposure unit of the Kibo module. Three different exposure scenarios were attempted for the spores, with all exposed to space, but one set kept in the dark, another protected from UV and a third set exposed to the healthy goodness of the all-natural UV that space in LEO has to offer.
After the nine month exposure period, the spores were transported back to Earth, where the spores were allowed to develop into mature P. patens moss. Here it was found that only the spores which had been exposed to significant UV radiation – including UV-C unfiltered by the Earth’s atmosphere – saw a significant reduction in viability. Yet even after nine months of basking in UV-C, these still had a germination rate of 86%, which provides fascinating follow-up questions regarding their survivability mechanisms when exposed to UV-C as well as a deep vacuum, freezing temperatures and so on.
Keebin’ with Kristina: the One with the Elegant Macro Pad
Some people are not merely satisfied with functionality, or even just good looks. These persnickety snoots (I am one of them) seek something elegant, a true marriage of form and function.
The main goal here was the perfect fusion of display and feel. I’m not sure that an FDM-printed, DIY macro pad can look any better than this one does. But looks are only half the story, of course. There’s also feel, and of course, functionality.
Yes those are (hot-swappable) mechanical key switches, and they are powered by an ESP32-S2. Drawn on the 3.5″ LCD are icons and text for each switch, which of course can be easily changed in the config app.
There’s a three-direction tact switch that’s used to switch between layout profiles, and I’m sure that even this is satisfying on the feel front. Does it get better than this? Besides maybe printing it in black. I ask Hackaday.
KeebDeck Keyboard Gets Two Thumbs Up
Did you make it to Supercon this year? If so, you hold a badge with a special keyboard — a custom job by Hackaday superfriend [Arturo182], aka Solder Party. Were you wondering about its backstory?
This 69-key alphanumeric silicone number has all the keys a hacker needs, plus a rainbow of extras that can be used for macros. According to [Arturo182], the keyboard has a tactile feel thanks to a snap dome sheet underneath the keys, and this makes it more comfortable for long thumb-typing sessions.
Be sure to check out the teasers at the bottom of the KeebDeck page, because there is some really exciting stuff. If you want to build one, GitHub is your friend, pal.
Thanks for the tip, [Wim Van Gool]!
The Centerfold: Controlled Chaos
Here’s what I know: That’s a Nulea m512 mouse, the keyboard is a KBD Craft Sachiel LEGO number, and that there is a Cidoo macro pad. Best of all, [Tardigradium] hand-painted the speakers. Neat-o!
Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!
Historical Clackers: the Gerda Typewriter Was One of Accessibility
Some of us (okay, I) would have thought that most accessibility inventions are fairly recent, say, from the 1960s onward. But consider the Gerda typewriter, which was created in 1919 to enable blind and one-armed victims of WWI to become employable typists.
According to the Antikey Chop, it’s quite possible that the German government helped grease the wheels of this project so that these soldiers would have a usable typewriter with which to get on with life.
Three versions of this index typewriter were produced: a two-handed Gerda, one with a Braille index, and one with an English index. All entered the market the same year, and were produced for a total of three years.
The Gerda’s typewheel was quite like Blickensderfer, and some even had the DHIATENSOR layout. More expensive than last week’s Clacker (75 Marks), the Gerdas for blind and sighted people with two hands cost 195 Marks, and the one-handed edition was 205 Marks. Some of the two-handed models had rectangular, wooden key-tops, and others had round, glass-topped keys.
Finally, Module-Based Keyboard Is a Sensory Nightmare
I’ve been an early adopter of keyboards in the past. This is usually to bring them to your attention, either before they’re released, or just as they’ve come out. And never have I ever had this poor of an experience.
Games Radar recently reviewed a surprisingly not-failed Kickstarter keyboard that actually shipped, the Naya Create. It may not look like it, but the Create is supposed to be a gaming keyboard. What it does look like is mouse-focused, or at least mouse-forward. And that’s the point of it. Evidently.
Those big modules are interchangeable, and there are four of them so far: the Touch (a trackpad), Track (a trackball that falls out reliably), the Tune (a dial), and the Float, which is designed for space mousing around. They sound cool enough, and might actually be the best part of this whole setup.
To fully illustrate my poit I hvemt’t corrected any of the typos experieved typim this semtemve with the Naya Create while tryig to maintain my usual speed.
But according to Games Radar, the Naya Create is so not worth the $850 (!) asking price. It has ‘mushy, low-profile switches’ and clammy caps, and although the reviewer complains about the non-staggered keys, y’all know that those are my preference at this point.
And apparently, by default, Backspace is mapped to the left side. What? Of course, you can remap any key, whenever the software decides to work. Whenever the reviewer tried to save changes, the software would say that the keyboard is disconnected. Wonderful.
Despite these shortcomings, Games Radar says the keyboard is rock-solid aluminium with good hinges. So there’s that. Just, you know, swap out the switches and keycaps, and wait for software updates, I guess.
Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.
Digitaler Omnibus: Das EU-Parlament steuert auf den nächsten Konflikt zu
netzpolitik.org/2025/digitaler…
A group of immigrant rights organizers are helping people use Fortnite to practice what to do if they encounter ICE agents in the wild.#fortnite #ICE #Gaming
Inside an ICE Defense Training on Fortnite
In the deserted town square of the city of Springfield, three people huddle in an empty courthouse. Two of these people are civilians; one is a “vulnerable,” someone being pursued and targeted by government agents. They talk in hushed tones to one another, playing music to keep fear at bay. Above the door of the courthouse, a plaque reads, “Liberty and Justice for Most.”At the bottom of the courthouse stairs, two government agents step out of a purple golf cart. They approach the door. They’re carrying guns.
“Hey, is anyone inside?” one of them says. “Any vulnerables in here? We have a warrant. We have a warrant for any vulnerables in the area.”
One civilian opens the door, sees the agents, and immediately slams it shut. After more warrant calls, the civilian says, “Slip it under the door.”
“I would slip it under the door, but there’s no space under the door,” the agent says, stuttering.
The civilian pauses. “Well. Sounds like a personal problem.”
This was the scene in a Simpsons-themed Fortnite lobby on November 21, where members of a new 500-person gaming group gathered to practice what they would do if Immigration and Customs Enforcement (ICE) agents came knocking at their doors in real life. The group, New Save Collective, is an effort to organize people in the gaming world who have more progressive ideas but no place to discuss them.
“ Our hypothesis since we started this project has been that opposition forces like corporations and the military and the far right have done a really good job at weaponizing the social features of gaming,” said one of the organizers, who goes by PitaBreadFace online and spoke to 404 Media on condition of pseudonymity due to security concerns, as they said people claiming to be ICE agents have already infiltrated the group’s Discord server a few times. “ They’re building institutions in the gaming landscape, which is the biggest entertainment industry in the world, lest people forget.”
“Gaming wasn’t kind of a random genre that we chose,” Shauna Siggelkow of the organization Define American, which partnered with New Save Collective, told Wired ahead of the Friday event last week. “We’ve been tracking anti-immigrant myths and disinformation digitally for years.”
Some examples of those weaponizations include the U.S. Navy playing e-sports to recruit teens and kids being roped into neo-Nazi propaganda groups in online shooter games. ICE is also using games, like the sci-fi first-person shooter Halo and the all-time favorite Pokémon, in its recruitment ads. “More pro-social forces have really lacked,” PitaBreadFace said. “We have not been as effective at creating institutions. So we’ve seen the hunger for those kinds of spaces for gamers.”
PitaBreadFace and other grassroots organizers have been working on the Collective for the past three years, more recently in partnership with formal non-profit advocacy groups like Define American and Immigrants Belong. The Fortnite event was run by the Collective, but is part of a larger campaign titled “Play Your Role,” which is intended to teach people about their rights and “counter fear-based misinformation about immigrants,” according to a statement written by the non-profits. The Play Your Role campaign also included a live-streamed Grand Theft Auto event last Thursday, in which gamers roleplayed with people dressed as real ICE agents during traffic stops or outside apparent detention centers. Earlier this year, Roblox players conducted similar roleplaying events to simulate ICE raids and protests.
Scenes from the Nov. 21 Fortnite event. Redacted to remove players' usernames and other identifying information.
Organizers asked 404 Media not to join the official Fortnite lobby in real time; they said having reporters in the same space as Collective members might have exerted media pressure or kept them from getting the full experience. “ We’re not going to stream it for security reasons, and no reporters inside of it,” PitaBreadFace said on the morning ahead of the event. “Our main goal tonight is to really build and organize with the folks who are coming, and because I’m an organizer, that’s obviously the priority.”
However, they shared a number of clips from matches and discussions after the event had concluded.
After some scuffling, the agents agree to “abandon the vehicle” and run off. As they are chased off, one person calls after them, “Yeah, I threw a pizza at you! I threw a pizza at you with extra bacon.”
In another clip, the two gamers role-playing as ICE agents—portrayed by Fortnite’s Airhead character—are standing on their golf cart, surrounded by civilians in the middle of their pursuit of a “vulnerable,” the event’s chosen term for people being targeted by government agents.“This does not concern you,” one of the agents says to the civilians, encouraging them to leave.
“We’re allowed to record,” one person responds. Another asks, “Who does it concern?”
“We’re looking for two vulnerables,” the agent says, as the civilian group closes in on the golf cart. “Excuse us, you’re interfering. We have a court order.”
After some scuffling, the agents agree to “abandon the vehicle” and run off. As they are chased off, one person calls after them, “Yeah, I threw a pizza at you! I threw a pizza at you with extra bacon.”
The agents were played by the organizers behind the Collective, and they were noticeably less persistent than ICE agents in real life. That’s evidenced by them saying things like, “Excuse us,” but it’s also evident in their behavior. In the first clip, they don’t bust down the door of the courthouse; when a civilian briefly opens it, they don’t barge inside. At the end of that encounter, one agent says to the other, “This home is too protected; let’s go see if we can find a vulnerable somewhere else.” Given their reputation for violence in raids, IRL ICE agents are unlikely to give up as easily.
But that kind of environment allows the training session to be a reasonable intensity for a gamer’s first round of practice responding to ICE, and still be a fun, safe place for people to hang out. According to PitaBreadFace, the main goal of the space wasn’t necessarily to be a specifically anti-ICE training facility, but more so to organize a community and build trust. And this tactical frivolity is a proven method of protest—ask anyone who wore a frog costume to a Portland protest earlier this year.
“ A situation, even though it’s virtual, where you can clearly overwhelm ICE’s numbers and do silly stupid things and work together easily and be connected to each other—it just felt like actually winning,” one gamer said in a clip provided to 404 Media. “It felt like a way to kind of heal some of the burnout.”
A virtual situation also allows players to fire back at ICE in ways that likely wouldn’t be practical in real life. In one clip, for example, two agents are chasing after a vulnerable, yelling, “Hey, stop right there!”
When they get close enough, the vulnerable drops a Boogie Bomb, an item which forces another player to dance under a disco ball for about three seconds.
“Oh,” the Boogie-Bombed agent exclaims, before the gamers start laughing.
The event also had another component. Before the practice ICE raids, gamers went around to practice finding one another, creating groups and building connections. PitaBreadFace described this segment as learning how to “meet your neighbors, know those around you, and establish contact.” A lot of that, according to clips provided to 404 Media, involves doing dance emotes together; in one case, it was a team of about 10 people destroying an in-map mansion and yelling, “Pay your taxes!”
But it also involved discussions about what community means. In the middle of a “Shout!” dance circle, one gamer said that they first learned the importance of community organizing when protesting the 2017 Muslim ban.
“ I feel like community taught me that like if enough people came together and there was enough will, anything could happen,” they said. “I remember the first Muslim ban, and just hella people went to the airport, and we were able to petition for people to get released. And they were. It was cool to see that organically happen.”
New Save Collective plans to run more events similar to this one through the end of this year, at which point Fortnite is slated to get rid of the proximity chat mode it uses. PitaBreadFace said the response had been so far overwhelmingly positive.
“ I think gamers represent this constituency of people who are really common-sense,” PitaBreadFace said. “It’s not like they’re even super pro-immigrant. They’re just like, ‘No, this doesn’t make sense. This community member who’s been part of a community for 25 years is being ripped out of his home in the middle of the night. That doesn’t make sense, and we should do something about it.’ We have a lot of people who joined the [Discord] server who are like, ‘I actually don’t know, but I know this is wrong and I’m here to learn and participate.’”
Shout!
Shout! is an Icon Series Emote in Fortnite, that can be purchased in the Item Shop for 400 V-Bucks. Shout! was first released in Chapter 4: Season 1. Shout! is one of 1,185 emotes that can be used within LEGO Fortnite.Contributors to Fortnite Wiki (Fandom, Inc.)
Build Yourself a Medium-Format Camera
Medium format cameras have always been a step up from those built in the 35 mm format. By virtue of using a much larger film, they offer improved resolution and performance. If you want a medium format film camera, you can always hunt for some nice vintage gear. Or, you could build one from scratch — like the MRF2 from [IDENTIDEM.design.]
The MRF2 might be a film camera, but in every other way, it’s a thoroughly modern machine. It’s a rangefinder design, relying on a DTS6012M LIDAR time-of-flight sensor to help ensure your shots are always in sharp focus. An ESP32 is responsible for running the show, and it’s hooked up to OLED displays in the viewfinder and on the body to show status info. The lens is coupled with a linear position sensor for capturing accurate shots, there’s a horizon indicator in the viewfinder, and there’s also a nice little frame counter using a rotary encoder to track the film.
Shots from a prototype on Instagram show that this camera can certainly pull off some beautiful shots. We love a good camera build around these parts. You can even make one out of a mouse if you’re so inclined.
youtube.com/embed/_sIWXoqOFIU?…
The Unexpected Joys Of Hacking an Old Kindle
In the closing hours of JawnCon 0x2, I was making a final pass of the “Free Stuff for Nerds” table when I noticed a forlorn Kindle that had a piece of paper taped to it. The hand-written note explained that the device was in shambles — not only was its e-ink display visibly broken, but the reader was stuck in some kind of endless boot loop. I might have left it there if it wasn’t for the closing remark: “Have Fun!”
The following isn’t really a story about fixing a Kindle, although it might seem like it on the surface. It’s more about the experience of working on the device, and the incredible hacking potential of these unassuming gadgets. Whether you’ve got a clear goal in mind, or just want to get your hands dirty in the world of hardware hacking, you could do far worse than picking a couple of busted Kindles up for cheap on eBay.
If there’s a singular takeaway, it’s that the world’s most popular e-reader just so happens to double as a cheap and impressively capable embedded Linux development environment for anyone who’s willing to crack open the case.
Getting Connected
We start with what’s essentially Hardware Hacking 101: the hidden serial debug port. It’s the sort of thing you learn to look for when taking apart a new gadget, and unsurprisingly, it’s also at the heart of Kindle hacking. While there’s plenty of software modifications you can do depending on the age and version of your particular Kindle, opening up the case and tapping into the serial port is always the most direct way to gain access to the system.
From my research, every Kindle (with the possible exception of the very latest models from the 2020s) have an unpopulated serial port on the board. In the case of this Kindle Paperwhite 2 from 2013, it’s even labeled. I simply soldered on some jumper wires and ran them out to a pin header to make connecting to it a little less fiddly. The only thing to watch out for is the voltage; it seems that the serial port on the majority of Kindles is 1.8 V, and connecting up a higher voltage USB-serial adapter without a level shifter could release the Magic Smoke.
With the hardware connected and my favorite serial communications tool running, it was easy to see what ailed this particular Kindle. As evidenced by the final few lines of the kernel messages, a failure of one of the voltage regulators in the MAX77696 — a power management IC designed specifically for e-ink readers — was preventing the driver module from loading fully. This in turn was triggering a reboot, presumably because some sort of watchdog routine was in place to bail out if any critical hardware issues were detected.
On the Hunt
Coming from the “normal” Linux world, the solution seemed easy enough. Since the screen was toast anyway, all I needed to do to get the Kindle booting was to prevent the kernel module from loading. That way I could at least use it for something, perhaps an energy efficient minimalist server.
But according to the MAX77696 datasheet, the chip was responsible for quite a bit more than simply driving the e-ink panel. If I pulled the kernel module entirely, there was a good chance I’d also lose features like the real-time clock and the ability to read the battery voltage as well. So I decided to change tactics: rather than keeping the driver from loading, I’d take out the watchdog that was forcing the system to reboot. But where was it?
Amazon makes it easy to manually download the latest firmware for each member of the Kindle family, and the aptly named KindleTool lets you manipulate them. In this case I used the extract function to pull out the root filesystem image, which I could then locally mount as a basic EXT3 volume.
That was refreshingly straightforward, but unfortunately didn’t get me where I needed to go. Using grep to search all the files within the filesystem for the string “failed to load eink driver” showed no hits. If the watchdog wasn’t in the root filesystem, then where was it?
Unpacking the firmware update with KindleTool also got me the kernel image, and running Binwalk against it showed there was a compressed filesystem at 0x466C. I reasoned this must be an initramfs — essentially a minimal Linux system that lives in RAM and gives the kernel a place to work as it brings up the rest of the system. If the system has some self-check capability, it’s reasonable to assume that’s where it lives.
After drilling down a few times with Binwalk’s extract function, I was able to get to the contents of the initramfs. Sure enough, another search for the error message revealed our sentinel: /bin/recovery-util.
New Kernel, Who Dis?
I had considered trying to simply remove the recovery-util program from the kernel image, but since I wasn’t 100% sure how the whole watchdog system functioned, there was no guarantee that would have worked without more trial and error. So, emboldened by how well this was all going for me so far, I took the nuclear option and decided to rebuild the kernel with my own initramfs.
It’s here that the Kindle software environment, and the community around it, really started to shine. Once again, Amazon made it ridiculously easy to get the source code for the exact firmware I was working with, and the community provided an actively maintained toolchain to build it with. A little more searching even pulled up some pre-compiled builds that were ready to use.
Actually building the kernel for the Kindle was essentially the same process as doing it on my desktop computer, with the notable addition of supplying the location of the cross compiler into each make command. But if I ever got off track, there were plenty of write-ups online to reference. I even found one that went over building a custom initramfs with BusyBox that doesn’t include any of Amazon’s programs.
But perhaps the best part was that, once I had compiled Amazon’s modified kernel and built my initramfs, installing it on the Kindle was as simple as using a modified version of Android’s fastboot command. There were no cryptographic hoops to jump through, you just give it the new kernel and away it went. It’s my understanding that newer Kindles might not be so understanding, but with at least the hardware of this vintage, there’s nothing stopping you from doing whatever you want.
Pocket Penguin Playground
With the source code, tools, and knowledge floating around out there, I was able to build my own kernel and initramfs that lets me boot into a full Linux environment on what was previously a non-functional Kindle. There are a few things I haven’t gotten to work yet, but I believe that’s largely because I’m still using the root filesystem provided by Amazon.
Make no mistake, I’m greatly appreciative of the fact that we now have mature single-board computers like the Raspberry Pi available for a reasonable cost. But taking what’s essentially consumer e-waste and turning it into a useful platform for learning and experimentation is the true hacker way. So whether you’ve got a Kindle collecting dust somewhere at home, or end up grabbing a few off of eBay for a song, I invite you to bust out the USB-serial adapter and start exploring.
La Sorveglianza Digitale sui Lavoratori sta Arrivando: Muovi il Mouse più Veloce!
Il lavoro da remoto ha dato libertà ai dipendenti, ma con essa è arrivata anche la sorveglianza digitale.
Ne abbiamo parlato qualche tempo fa in un articolo riportando che tali strumenti di monitoraggio stanno arrivando anche all’interno di Microsoft teams. Pertanto, al posto dello sguardo fisso del capo, questo ruolo verrà sempre più svolto dagli “algoritmi” che monitoreranno per quanto tempo le applicazioni rimangono aperte, quali siti web vengono visitati e con quanta attività viene mosso il mouse e premuto i tasti.
Sistemi avanzati analizzano persino le espressioni facciali e il modo in cui i dipendenti camminano davanti a una webcam. Ma questi strumenti sottolineando al tempo stesso i limiti intrinseci della raccolta di dati personali.
Tuttavia, per molti lavoratori, tale monitoraggio non è visto come una preoccupazione, ma come una sfiducia e una violazione della privacy. Sondaggi e dati dell’American Psychological Association collegano la sorveglianza costante a un aumento dello stress, a un peggioramento del benessere psico-emotivo e al desiderio di lasciare il lavoro.
La necessità di trasmettere immagini da webcam o informazioni mediche sensibili è particolarmente pressante. Le persone chiedono spiegazioni chiare sul motivo per cui i dati vengono raccolti e con chi possono essere condivisi.
Lo sguardo gelido degli algoritmi non è meno pericoloso. I programmi mancano di contesto e scambiano facilmente telefonate o documenti per inattività. Questo porta i dipendenti a fingere un’attività frenetica per il bene degli indicatori di performance, e gli esperti del National Employment Law Project degli Stati Uniti hanno documentato casi di sanzioni ingiustificate e difficili da contestare quando la decisione viene effettivamente presa dal sistema.
Nei magazzini e nella logistica, dove ogni movimento è digitalizzato, la pressione è particolarmente intensa: la fretta di rispettare gli standard si traduce in dolore fisico, affaticamento e burnout. Secondo NELP, la sorveglianza digitale ha anche un impatto sui diritti dei lavoratori, ostacolando l’organizzazione dei lavoratori e fornendo alle aziende uno strumento per la rilevazione precoce dell’attività sindacale, con il pretesto di analizzare altri parametri.
Le regole del gioco stanno cambiando lentamente. Negli Stati Uniti, i datori di lavoro sono tenuti a fornire un avviso sulla raccolta dei dati, ma questi requisiti sono limitati, quindi gli stati stanno cercando di introdurre misure di salvaguardia proprie. La California sta discutendo di vietare i sistemi che riconoscono emozioni, andatura o espressioni facciali e trasmettono dati a terzi.
Nel frattempo, il Massachusetts sta promuovendo una legislazione che proteggerebbe i lavoratori dall’abuso della sorveglianza digitale. Nel frattempo, le autorità federali stanno cercando un approccio unificato alla regolamentazione dell’intelligenza artificiale, il che potrebbe indebolire le iniziative locali. Pertanto, l’interesse per la contrattazione collettiva come mezzo valido per combattere la sorveglianza eccessiva sta crescendo.
I sostenitori di un approccio più cauto insistono sul fatto che tali strumenti siano significativi solo quando aiutano a identificare le tendenze generali e a migliorare i processi, piuttosto che trasformare le persone in parametri. Dove rispetto, autonomia e condizioni di lavoro sicure permangono, la produttività emerge in modo naturale, senza una telecamera onnipresente che controlla ogni mossa.
L'articolo La Sorveglianza Digitale sui Lavoratori sta Arrivando: Muovi il Mouse più Veloce! proviene da Red Hot Cyber.
reshared this
Attacchi globali a quota 24 trilioni di dollari: come difendersi nell’era dell’Agentic AI
@Informatica (Italy e non Italy 😁)
Gartner ha identificato l'Agentic AI aziendale come la principale tendenza tecnologica strategica per il 2025, con una crescita prevista del 46,2% dal 2025 al 2030. Ma le sfide sono numerose. Ecco cosa prevede la Microsoft
Informatica (Italy e non Italy 😁) reshared this.
Microsoft corregge il bug su WSUS, ma gli hacker Cinesi arrivano prima
Una vulnerabilità recentemente corretta nei servizi di aggiornamento di Windows Server di Microsoft ha portato a una serie di attacchi utilizzando uno degli strumenti di spionaggio più noti degli ultimi anni.
Gli incidenti dimostrano la rapidità con cui gli aggressori possono passare dallo studio di un exploit pubblicato allo sfruttamento attivo della vulnerabilità per penetrare nell’infrastruttura.
Secondo l’azienda sudcoreana AhnLab, un gruppo sconosciuto ha ottenuto l’accesso ai server Windows che eseguivano WSUS sfruttando la vulnerabilità CVE-2025-59287. Questa vulnerabilità è stata sfruttata per eseguire utilità di sistema standard, consentendo agli aggressori di contattare un server esterno e scaricare codice dannoso.
Prima di installare lo strumento principale, è stata utilizzata l’utilità PowerCat, che ha fornito agli aggressori un prompt dei comandi remoto. Quindi, utilizzando certutil e curl, è stato installato ShadowPad sul sistema.
Questo programma è considerato uno sviluppo di PlugX ed è da tempo utilizzato da entità collegate alla Cina. La sua architettura è modulare e viene avviato tramite sostituzione di libreria.
Un file DLL, situato in memoria e responsabile dell’esecuzione del contenuto principale, viene caricato nel file legittimo ETDCtrlHelper.exe. Al suo interno viene implementato un modulo che carica componenti aggiuntivi e utilizza meccanismi stealth e di persistenza.
Microsoft ha corretto CVE-2025-59287 un mese fa. Il bug è classificato come critico perché consente l’esecuzione di codice arbitrario con privilegi di sistema. Dopo il rilascio di un exploit dimostrativo, molti gruppi hanno iniziato a scansionare in massa i server WSUS accessibili, ottenendo l’accesso iniziale, effettuando ricognizioni e scaricando sia file dannosi che strumenti di amministrazione legittimi. Secondo AhnLab, è in questo modo che ShadowPad è stato distribuito sui server.
L’incidente ha chiaramente dimostrato che ogni vulnerabilità diventa una minaccia reale se la sua risoluzione viene ritardata. Quanto più rapidamente vengono affrontati i problemi identificati, tanto minore è la probabilità che gli aggressori riescano a infiltrarsi nell’infrastruttura e a trasformare un guasto in una crisi conclamata.
L'articolo Microsoft corregge il bug su WSUS, ma gli hacker Cinesi arrivano prima proviene da Red Hot Cyber.
Gazzetta del Cadavere reshared this.
ShinyHunters cerca impiegati infedeli mentre il caso Gainsight Salesforce si estende
La crescente fuga di dati dall’ecosistema Salesforce ha preso una nuova piega dopo che il gruppo ShinyHuntersha annunciato il suo coinvolgimento nell’incidente. Gli eventi sono in corso da diversi mesi, interessando diversi servizi correlati alle piattaforme CRM, e la portata dell’impatto continua a crescere.
ShinyHunters afferma di aver ottenuto l’accesso a Gainsight diversi mesi fa, sfruttando le funzionalità acquisite tramite un hack dell’integrazione di Salesloft Drift. All’epoca, individui sconosciuti si erano infiltrati nell’account GitHub di Salesloft ed estraevano i token OAuth utilizzati dal servizio di terze parti Drift con Salesforce. Questi token hanno permesso loro di accedere furtivamente ai dati di un gran numero di clienti aziendali.
Secondo quanto riferito, la stessa campagna ha compromesso anche Gainsight. Questo servizio opera come piattaforma di gestione dei processi dei clienti ed è connesso a Salesforce, HubSpot e sistemi di supporto come Zendesk.
L’incidente ha spinto l’azienda a contattare gli specialisti di Google Mandiant per indagare sulla natura dell’attività e sull’origine del problema. Gainsight sostiene che l’attività indesiderata si sia verificata tramite connessioni ad applicazioni esterne, non a causa di un bug nella piattaforma Salesforce stessa.
In risposta, Salesforce ha revocato tutte le chiavi di accesso attive per le app Gainsight e le ha temporaneamente rimosse da AppExchange. Zendesk e HubSpot hanno adottato misure simili, limitando la funzionalità dei rispettivi connettori in attesa di una revisione interna. I rappresentanti di Salesforce hanno rifiutato di commentare nei dettagli, ma hanno sottolineato che le misure sono state adottate immediatamente.
Secondo il Google Threat Intelligence Group, l’attacco è collegato al gruppo UNC6240, noto anche come ShinyHunters. L’azienda ha identificato oltre duecento istanze Salesforce interessate. Si ritiene che la fonte della compromissione siano i token OAuth rubati, che hanno consentito agli aggressori di accedere a servizi di terze parti e alle relative integrazioni.
I membri di ShinyHunters affermano di aver verificato il livello di monitoraggio nei sistemi di Gainsight e che l’attività illegale è stata rilevata circa una o due settimane dopo l’inizio delle intrusioni. Il gruppo afferma inoltre di cercare complici all’interno di grandi aziende. Salesforce aveva precedentemente dichiarato che non avrebbe acconsentito alle richieste degli estorsori e non avrebbe negoziato.
L'articolo ShinyHunters cerca impiegati infedeli mentre il caso Gainsight Salesforce si estende proviene da Red Hot Cyber.
Novelle des Polizeigesetzes: Sachsen will anlasslos mit Drohnen in fahrende Autos filmen
netzpolitik.org/2025/novelle-d…
L’Europa guarda a Monfalcone per la nuova rotta dell’industria marittima
@Notizie dall'Italia e dal mondo
Nel pieno della ridefinizione delle politiche industriali europee, la tappa del commissario ai Trasporti sostenibili e al Turismo Apostolos Tzitzikostas allo stabilimento Fincantieri di Monfalcone ha assunto il valore di un segnale politico preciso. Il sito friulano, da anni
Notizie dall'Italia e dal mondo reshared this.
Se la geopolitica supera gli strumenti della Prima Repubblica. Il commento di Camporini
@Notizie dall'Italia e dal mondo
La scorsa settimana si è riunito il Consiglio Supremo di Difesa, organo di rilevanza costituzionale, (art. 87 Cost.), “costituito secondo la legge”, legge che venne varata il 28 luglio del 1950, con formulazioni che non fanno piena chiarezza
Notizie dall'Italia e dal mondo reshared this.
Sarajevo e il business dell’assedio: storia di un turismo disumano
@Notizie dall'Italia e dal mondo
Il ruolo di mercenari, estremisti europei e visitatori paganti nell’equilibrio economico e politico dell’assedio di Sarajevo.
L'articolo Sarajevo e il business dell’assedio: pagineesteri.it/2025/11/24/mon…
Notizie dall'Italia e dal mondo reshared this.
Santopadre: “Vincere la Davis non era scontato. Berrettini ha ritrovato l’energia giusta e ora non si ferma più”
[quote]ROMA – L’Italia ha vinto per la terza edizione di fila la Coppa Davis. Vincenzo Santopadre, ex allenatore di Matteo Berrettini e nuovo allenatore di Lorenzo Sonego, racconta a Lumsanews…
L'articolo Santopadre:
Sarajevo e il business dell’assedio: storia di un turismo disumano
@Notizie dall'Italia e dal mondo
Il ruolo di mercenari, estremisti europei e visitatori paganti nell’equilibrio economico e politico dell’assedio di Sarajevo.
L'articolo Sarajevo e il business dell’assedio: pagineesteri.it/2025/11/24/mon…
Notizie dall'Italia e dal mondo reshared this.
Santopadre: “Vincere la Davis non era scontato. Berrettini ha ritrovato l’energia giusta e ora non si ferma più”
[quote]ROMA – L’Italia ha vinto per la terza edizione di fila la Coppa Davis. Vincenzo Santopadre, ex allenatore di Matteo Berrettini e nuovo allenatore di Lorenzo Sonego, racconta a Lumsanews…
L'articolo Santopadre:
Ucraina, svolta possibile. Trump: “Succederà qualcosa di buono”. Allarme droni a Mosca: chiusi tre aeroporti
[quote]BRUXELLES – Dall’uso degli asset russi congelati per finanziare il processo di ricostruzione dell’Ucraina alle garanzie di sicurezza per Kiev simili a quelle contenute nell’articolo 5 della Nato. Sono solo…
L'articolo Ucraina,
Ucraina, continuano a Ginevra i colloqui di pace (Il Fatto del giorno)
A cura di Alessio Garzina
L'articolo Ucraina, continuano a Ginevra i colloqui di pace (Il Fatto del giorno) su Lumsanews.
Universitaly: università & universitari reshared this.
Ustica, il centrosinistra si mobilita per dire no all’archiviazione (Il Fatto del Giorno)
[quote]A cura di Lorenzo Giovanardi
L'articolo Ustica, il centrosinistra si mobilita per dire no all’archiviazione (Il Fatto del Giorno) su lumsanews.it/ustica-il-centros…
Perché l’economia spagnola va fortissimo
Più del doppio della media europea: e una delle ragioni è che sull'immigrazione fanno il contrario di quello che fanno gli altriIl Post