[quote]La due giorni di riunione tra i vertici della Difesa dell’Alleanza Atlantica, appena conclusasi, non ha costituito solo una delle prime occasioni per Mark Rutte, nuovo segretario generale della Nato subentrato a inizio mese, di rivolgersi agli Alleati ma anche un momento importante per ribadire il supporto
This week on the Podcast, Hackaday’s Elliot Williams and Kristina Panos joined forces to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week.
We love to see the add-ons people make for the badge every year, so this time around we’re really embracing the standard. The best SAOs will get a production run and they’ll be in the swag bag at Hackaday Europe 2025.
What’s That Sound pretty much totally stumped Kristina once again, although she kind of earned a half shirt. Can you get it? Can you figure it out? Can you guess what’s making that sound? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.
Then it’s on to the hacks, beginning with what actually causes warping in 3D prints, and a really cool display we’d never heard of. Then we’ll discuss the power of POKE when it comes to live coding music on the Commodore64, and the allure of CRTs when it comes to vintage gaming. Finally, we talk Hackaday comments and take a look at a couple of keyboards.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
The double-slit experiment, first performed by [Thomas Young] in 1801 provided the first definitive proof of the dual wave-particle nature of photons. A similar experiment can be performed that shows diffraction at optical frequencies by changing the reflectivity of a film of indium-tin-oxide (ITO), as demonstrated in an April 2024 paper (preprint) by [Romain Tirole] et al. as published in Nature Physics. The reflectivity of a 40 nm thick film of ITO deposited on a glass surface is altered with 225 femtosecond pulses from a 230.2 THz (1300 nm) laser, creating temporal ‘slits’. Interferogram of the time diffracted light as a function of slit separation (ps) and frequency (THz). (Credit: Tirole et al., Nature Physics, 2024) The diffraction in this case occurs in the temporal domain, creating frequencies in the frequency spectrum when a separate laser applies a brief probing pulse. The effect of this can be seen most clearly in an interferogram (see excerpt at the right). Perhaps the most interesting finding during the experiment was how quickly and easily the ITO layer’s reflectivity could be altered. With ITO being a very commonly used composition material that provides properties such as electrical conductivity and optical transparency which are incredibly useful for windows, displays and touch panels.
Although practical applications for temporal diffraction in the optical or other domains aren’t immediately obvious, much like [Young]’s original experiment the implications are likely to be felt (much) later.
Featured image: the conventional and temporal double-slit experiments, with experimental setup (G). (Credit: Tirole et al., Nature Physics, 2024)
Raccoon for Friendica (actually there is also a Raccon for Lemmy app) is an amazing app and, although it is still in “beta” version (the installation file can be downloaded here), it seems like a completely mature app, full of innovations and, surprisingly, it even manages to offer something completely new to Mastodon users! NB: This is an automatic translation from Italian.
Raccoon, the Friendica app that also has surprises for Mastodon users (automatic translation from Italian)
Oh yes! #RaccoonForFriendica is the most complete app ever seen for Friendica and, in addition to working with Mastodon, it might be the only app in the world capable of managing the potential of Mastodon Glitch-soc
@Politica interna, europea e internazionale «No alla grande finanza internazionale!», gridava Giorgia Meloni nel famoso discorso di Marbella, sul palco del partito franchista Vox. Era il 14 giugno 2022 e la leader di Fratelli d’Italia poteva ancora permettersi i toni aggressivi della «underdog»
ESET ha negato le accuse secondo cui i suoi sistemi sarebbero stati compromessi dopo che lo specialista della sicurezza Kevin Beaumont ha rivelato una campagna malevola che sembrava essere effettuata utilizzando l’infrastruttura ESET.
Secondo il blog di Beaumont, uno dei dipendenti dell’azienda israeliana è rimasto vittima del malware dopo aver aperto un collegamento in un’e-mail presumibilmente inviata dal team ESET Advanced Threat Defense in Israele. L’email ha superato con successo i controlli DKIM e SPF per il dominio ESET, ma Google Workspace l’ha contrassegnata come pericolosa. L’attacco è stato registrato l’8 ottobre ed era mirato a specialisti della sicurezza informatica in Israele. Il file dannoso è stato distribuito attraverso i server di ESET, con i destinatari che venivano avvertiti che l’attacco era stato effettuato da un aggressore “sostenuto dallo Stato”. Le vittime sono state inoltre incoraggiate a prendere parte al programma ESET Unleashed, che in realtà non esiste come iniziativa separata, sebbene sia menzionato nel marchio dell’azienda.
Il ricercatore ha trovato diverse DLL ESET e un file setup.exe dannoso nel file scaricato. Beaumont ha descritto il programma come un falso virusransomware che imita il lavoro del famoso malware Yanluowang. Beaumont ha inoltre notato che i file sui dispositivi non possono essere recuperati perché si tratta di un Viper .
Durante l’esecuzione, il malware ha contattato anche un’organizzazione legata all’Iron Swords War Day, dedicato alla memoria delle vittime dell’attacco del 7 ottobre 2023. I fatti suggeriscono il possibile coinvolgimento di hacktivisti.
ESET ha negato la versione di Beaumont sull’hacking dell’ufficio israeliano dell’azienda. L’azienda ha sottolineato che l’incidente ha colpito un’organizzazione partner in Israele e che la campagna dannosa è stata bloccata in 10 minuti. ESET ha assicurato di aver bloccato con successo la minaccia e che i clienti sono al sicuro. La società ha inoltre confermato che sta collaborando con il proprio partner alle indagini e continua a monitorare la situazione. La fonte dell’attività dannosa non è stata ancora identificata, ma i metodi utilizzati nell’attacco sono simili alle tattiche del gruppo filo-palestinese Handala. I ricercatori di Trellix hanno precedentemente riferito che Handala sta utilizzando attivamente dei dropper per attaccare le organizzazioni israeliane, rilevando centinaia di incidenti nell’arco di diverse settimane nel mese di luglio.
Raccoon for Friendica (in effetti c’è anche un’app Raccon for Lemmy) è un’app sorprendente e, benché sia ancora in versione “beta” (il file di installazione può essere scaricato qui), sembra un’app completamente matura, ricca di innovazioni e, sorprendentemente, riesce addirittura a offrire qualcosa di completamente nuovo agli utenti Mastodon! Abbiamo deciso perciò di scrivere questo…
Raccoon, l’app Friendica che riserva sorprese anche per gli utenti Mastodon
#RaccoonForFriendica è l’app più completa mai vista finora per Friendica e, oltre a funzionare anche con Mastodon, potrebbe essere l’unica app al mondo in grado di gestire le potenzialità di Mastodon Glitch-soc
#RaccoonForFriendica è l'app più completa mai vista finora per Friendica e, oltre a funzionare anche con Mastodon, potrebbe essere l'unica app al mondo…
[quote]Le cronache recenti che giungono a noi soprattutto dall’Ucraina e dal Medio Oriente hanno permesso di delineare meglio il ruolo reale e concreto che lo spazio cibernetico assume nei moderni conflitti. In tal senso, appare evidente come emerga con chiarezza dall’ombra delle approssimazioni e degli hashtag sui social
Depending on who you ask, the big news this week is that quantum computing researchers out of China have broken RSA. And that’s true… sort of. There are multiple caveats, like the fact that this proof of concept is only factoring a 22-bit key. The minimum RSA size in use these days is 1024 bits. The other important note is that this wasn’t done on a general purpose quantum computer, but on a D-Wave quantum annealing machine.
First off, what is the difference between a general purpose and annealing quantum computer? Practically speaking, a quantum annealer can’t run Shor’s algorithm, the quantum algorithm that can factory large prime numbers in much sorter time than classical computers. While it’s pretty certain that this algorithm works from a mathematical perspective, it’s not at all clear that it will ever be possible to build effective quantum computers that can actually run it for the large numbers that are used in cryptography.
We’re going to vastly oversimplify the problem, and say that the challenge with general purpose quantum computing is that each q-bit is error prone, and the more q-bits a system has, the more errors it has. This error rate has proved to be a hard problem. The D-wave quantum annealing machine side-steps the issue by building a different sort of q-bits, that interact differently than in a general purpose quantum computer. The errors become much less of a problem, but you get a much less powerful primitive. And this is why annealing machines can’t run Shor’s algorithm.
The news this week is that researchers actually demonstrated a different technique on a D-wave machine that did actually factor an RSA key. From a research and engineering perspective, it is excellent work. But it doesn’t necessarily demonstrate the exponential speedup that would be required to break real-world RSA keys. To put it into perspective, you can literally crack a 22 bit RSA key by hand.
Zendesk Out of Scope
Here’s an example of two things. First off, a bug being out of scope for a bounty shouldn’t stop a researcher from working on a bug. Second, it’s worth being extra careful in how a bug bounty’s scope is set up, as sometimes bugs have unforeseen consequences. We’re talking here about Zendesk, a customer support tool and ticket manager. [Daniel] found an issue where an attacker could send an email to the support email address from a spoofed sender, and add an arbitrary email address to the ticket, gaining access to the entire ticket history.
Because the problem was related to email spoofing, and the Zendesk bounty program on HackerOne considers “SPF, DKIM, and DMARC” to be out of scope, the ticket was closed as “informative” and no bounty awarded. But [Daniel] wasn’t done. What interesting side effects could he find? How about triggering single sign on verification to go to the support email address? Since an Apple account can be used to sign on to slack, an attacker can create an apple account using the support email address, use the email spoof to get access to the created bug, and therefore the one-time code. Verify the account, and suddenly you have an Apple account at the target’s domain. [Daniel] used this to gain access to company Slack channels, but I’d guess this could be used for even more mayhem at some businesses.
Given that the original bug report was closed as “informational”, [Daniel] started reporting the bug to other companies that use Zendesk. And it paid off, netting more than $50,000 for the trouble. Zendesk never did pay a bounty on the find, but did ask [Daniel] to stop telling people about it.
Fortinet Fixed It
The good folks at Watchtowr Labs have the inside scoop on a recently fixed vulnerability in Fortinet’s FortiGate VPN appliance. It’s a good fix found internally by Fortinet, and gives us a good opportunity to talk about a class of vulnerability we haven’t ever covered. Namely, a format string vulnerability.
The printf() function and its siblings are wonderful things. You give it a string, and it prints it to standard output. You give it a string that contains a format specifier, like %s, and it will replace the specifier with the contents of a variable passed in as an additional argument. I write a lot of “printf debugging” code when trying to figure out a problem, that looks like printf("Processing %d bytes!\n", length);
What happens if the specifier doesn’t match the data type? Or if there is a specifier and no argument? You probably know the answer: Undefined behavior. Not great for device security. And in this case, it does lead to Remote Code Execution (RCE). The good news is that Fortinet found this internally, and the fix was quietly made available in February. The bad news is that attackers found it, and have since been actively using it in attacks.
Escape!
[ading2210] has the story of finding a pair of attack chains in Google Chrome/Chromium, where a malicious extension can access the chrome://policy page, and define a custom “browser” command to use when accessing specific pages. There are two separate vulnerabilities that can be used to pull off this trick. One is a race condition where disallowed JS code can run before it’s disabled after a page reload, and the other is a crash in the page inspector view. That’s not a page non-developers have a habit of visiting, so the browser extension just pulls a fast one on install, launching a simple page that claims that something went wrong, asking the user to press f12 to troubleshoot.
At this point, most of us rely on Linux for our routers and firewalls. Whether you realize it or not, it’s extremely likely that that little magical box that delivers Internet goodness to your devices is a Linux machine, running iptables as the firewall. And while iptables is excellent at its job, it does have its share of quirks. Researchers at Anvil have the low down on ESTABLISHED connection spoofing.
Iptables, when run on the boarder between networks, is often set to block incoming packets by default, and allow outgoing. The catch is that you probably want responses to your requests. To allow TCP connections to work both ways, it’s common to set iptables to allow ESTABLISHED connections as well. If the IP addresses and ports all match, the packet is treated as ESTABLISHED and allowed through. So what’s missing? Unless you explicitly request it, this firewall isn’t checking that the source port is the one you expected. Packets on one interface just might get matched to a connection on a different interface and passed through. That has some particularly interesting repercussions for guest networks and the like.
Bits and Bytes
On the topic of more secure Linux installs, [Shawn Chang] has thoughts on how to run a container more securely. The easy hint is to use Podman and run rootless containers. If you want even tighter protection, there are restrictions on system calls, selinux, and a few other tricks to think about.
Check the logs! That’s the first step to looking for a breach or infection, right? But what exactly are you looking for? The folks at Trunc have thoughts on this. The basic idea is to look for logins that don’t belong, IPs that shouldn’t be there, and other specific oddities. It’s a good checklist for trouble hunting.
And finally, the playlist from DEF CON 32 is available! Among the highlights are [Cory Doctorow] talking about the future of the Internet, [HD Moore] and [Rob King] talking about SSH, and lots lots more!
Nelle nuove campagne ClickFix, i truffatori attirano gli utenti su false pagine di Google Meet dove vengono mostrati falsi errori di connessione per diffondere malware che possono infettare i sistemi Windows e macOS.
ClickFix risale a maggio, quando Proofpoint ne ha segnalato per la prima volta l’utilizzo da parte del gruppo TA571. Gli attacchi hanno utilizzato falsi messaggi di errore in Google Chrome, Microsoft Word e OneDrive. Alle vittime è stato chiesto di incollare il codice nella riga di comando di PowerShell per risolvere il presunto problema, che ha portato all’infezione dei loro dispositivi. Malware come DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, Lumma Stealer e altri sono stati distribuiti attraverso questo metodo. Nel mese di luglio, McAfee ha riscontrato un aumento nella frequenza di questi attacchi, soprattutto negli Stati Uniti e in Giappone.
Secondo un nuovo rapporto di Sekoia, le tattiche di ClickFix sono recentemente cambiate, con gli aggressori che utilizzano falsi inviti di Google Meet e inviano e-mail di phishing mirate alle società di spedizione e logistica.
Nuovi trucchi includono pagine Facebook false e discussioni GitHub false. Sekoia collega anche le recenti campagne a due gruppi, Slavic Nation Empire (SNE) e Scamquerteo, che si ritiene facciano parte dei gruppi truffatori di criptovaluta Marko Polo e CryptoLove.
Gli attacchi tramite Google Meet sembrano particolarmente convincenti: gli aggressori inviano e-mail con link falsi che imitano quelli ufficiali:
incontra[.]google[.]noi-unisciti[.]com
incontra[.]google[.]web-join[.]com
incontra[.]googie[.]com-unisciti[.]a noi
Dopo aver visitato tali pagine, agli utenti viene mostrato un messaggio relativo a un presunto problema con il microfono o le cuffie. Un tentativo di “correggere” l’errore attiva lo script ClickFix standard: il codice PowerShell dannoso viene eseguito tramite la riga di comando, scaricando malware dal dominio “googiedrivers[.]com”.
Per i dispositivi Windows, viene scaricato Stealc o Rhadamanthys e su macOS, AMOS Stealer è installato nel formato “.DMG” chiamato “Launcher_v194“. Oltre a Google Meet, gli aggressori utilizzano anche altre piattaforme per distribuire malware, tra cui Zoom, falsi lettori PDF, videogiochi falsi e progetti web3.
@Notizie dall'Italia e dal mondo "Ho vissuto la mia Nakba personale e capisco perché migliaia di palestinesi sono fuggiti dalle loro case nel 1948. Ho preso la decisione più difficile della mia vita e ho lasciato Gaza, senza sapere che quello che portavo con me sarebbe stato tutto ciò che avrei mai
@Notizie dall'Italia e dal mondo Khalil Al Hayya ha confermato oggi la morte del leader, promettendo che Hamas continuerà a combattere fino al ritiro di Israele da Gaza L'articolo SINWAR. Hamas conferma la sua uccisione. Netanyahu: “L’offensiva a Gaza continua” proviene da Pagine
@Notizie dall'Italia e dal mondo La polizia federale brasiliana ha richiesto la cattura di decine di golpisti, vicini all'ex presidente Bolsonaro, che sono fuggiti in Argentina e in altri paesi L'articolo Il Brasile chiede all’Argentina l’estradizione di decine di golpisti proviene da Pagine Esteri.
Changelog: 🦝 fix: avoid crash in HTML rendering; 🦝 fix: text color for direct message conversation title; 🦝 fix: avoid dismissing bottom sheets on long press; 🦝 fix: avoid videos from being stretched out of viewport; 🦝 fix: avoid attachment loss when editing an existing post; 🦝 feat: add support for Markdown and conditional markup; 🦝 enhancement: add warning if alt text is missing in attachments; 🦝 enhancement: improve profile opening in links; 🦝 fix: create post with images and delete images from posts on Mastodon; 🦝 fix: avoid bug which prevented draft creation; 🦝 chore: add more unit tests; 🦝 feat: add possibility to copy post content to clipboard.
I servi dell'UE non si smentiscono mai cari connazionali. Prepariamoci alle restrizioni e tasse. Giorgetti annuncia l'accordo tra UE e Italia: 7 anni di austerità per ridurre il debito - L'INDIPENDENTE lindipendente.online/2024/10/1…
@Notizie dall'Italia e dal mondo Le prime analisi dimostrano l'uccisione del leader del movimento palestinese. Israele attende la conferma definitiva dall'esame del DNA. Sinwar sarebbe stato ucciso durante uno scambio a fuoco e non per un'esecuzione mirata. L'articolo Israele: “Abbiamo ucciso Sinwar”. L’offensiva a
Automattic CEO Matt Mullenweg made another buyout offer this week, and threatened employees who speak to the press with termination.#wordpress #News #automattic
@Notizie dall'Italia e dal mondo Le prime analisi dimostrano l'uccisione del leader del movimento palestinese. Israele attende la conferma definitiva dall'esame del DNA. Sinwar sarebbe stato ucciso durante uno scambio a fuoco e non per un'esecuzione mirata. L'articolo Israele: “Abbiamo ucciso Sinwar”. Hamas non conferma proviene da
[quote]Napoli si prepara ad accogliere i responsabili della Difesa dei Paesi del G7, nell’ambito della ministeriale dedicata al comparto organizzata dalla presidenza italiana. Il Gruppo dei sette parlerà, naturalmente, delle principali sfide geopolitiche attuali, dalla guerra in Ucraina alla crisi in Medio Oriente, passando
@Politica interna, europea e internazionale È uscito il nuovo numero di The Post Internazionale. Il magazine, disponibile già da ora nella versione digitale sulla nostra App, e da domani, venerdì 18 ottobre, in tutte le edicole, propone ogni due settimane inchieste e approfondimenti sugli affari e il
[quote]L’Esercito degli Stati Uniti sta per fare un passo importante verso l’integrazione di veicoli robotici nel proprio arsenale. Entro la prossima primavera, sarà selezionato il vincitore tra quattro concorrenti che stanno sviluppando il Robotic Combat Vehicle
#PNRR, è stata pubblicata oggi la graduatoria degli interventi finanziati a seguito del bando da 515 milioni pubblicato il 29 luglio 2024 per la realizzazione e messa in sicurezza delle mense scolastiche.
#PNRR, è stata pubblicata oggi la graduatoria degli interventi finanziati a seguito del bando da 515 milioni pubblicato il 29 luglio 2024 per la realizzazione e messa in sicurezza delle mense scolastiche.
su facebook ho scritto: testuale commento: "l'alternativa alla Harris è Trump ed è terrificante". commento cancellato. che poi sono un'italiana... mica voto. ecco perché scrivo cose serie anche qua. ma è offensivo sostenere che un candidato è terrificante? pensavo fosse una legittima opinione.
Alla prima giornata a Bari di Fiera Didacta Italia edizione Puglia, il Ministro Giuseppe Valditara ha partecipato alla cerimonia di inaugurazione e ha visitato gli spazi del quartiere fieristico incontrando docenti, studenti, personale scolastico.
Chatting comes to the ATmosphere with Picosky, X is unbanned in Brazil, and a significant group of Brazilians moved back, and a deeper dive into aviary.domains.
Chatting comes to the ATmosphere with Picosky, X is unbanned in Brazil, and a significant group of Brazilians moved back, and a deeper dive into aviary.domains.
Picosky
Picosky is a new chatting service build on top of atproto. Picosky was created by Juliet, and started as an experiment with building an simple chatting app on atproto, originally limited to just 12 characters per message. It was a demonstration of making an AppView for chatting on atproto that utilises the existing infrastructure of the network: You log in with your Bluesky/atproto account, messages are stored on your PDS, and the PicoSky AppView listens to all the messages on the Relay and displays them. The direct connection of your Bluesky account made it a fun place for atproto hackers to hang out, which expanded the scope of Picosky quickly to a serious project.
Over the last week or so Picosky has undergone rapid changes by the developers Juliet and Elainya: you can log in with OAuth, the character limit got increased multiple times, now at 2048, you can edit and delete your posts, and UI updates where it is now a clear and minimalist proper chat UI.
The simple structure of Picosky, and the way that it integrates with the atproto infrastrucuture, makes Picosky an attractive place to further build on by other developers: one of the first Picosky-compatible projects to make it available via IRC. This is a separate AppView, that reads the same posts as the Picosky AppView does, and that can fully interact (federate) with each other. Other projects in the works are an iOS client or one for the terminal.
Meanwhile, the Lexicon structure (which determines the format of the messages) has had a major update the other day: there is now support for creating separate rooms on Picosky. Anyone can create rooms, and the owner of the room can set moderation to be based on a deny-list or an allow-list. The frontend has not been updated yet to take advantage of this however, but I’m sure we’ll get back to Picosky next week.
The News
It is now a week since X has been unbanned in Brazil, and a significant part of the Brazilian user base that joined Bluesky has gone back to X. Daily Active User count dropped by half, from 1.2M to 600k. This number was around 300k before the ban, indicating that a large number of Brazilians did stick around: Portuguese is still the most popular language of the platform; 45% of posts are in Portuguese, compared to 32% English posts. It shows that social networks are extremely sticky, and people have very high switching costs. In that context, Bluesky has done well with the number of Brazilian who stayed around after X became unbanned.
Bluesky is hiring, and they are looking for a Feed Algorithmics Engineer. The job is to “design and implement machine learning models to improve personalized content recommendations, spam detection, labeling, and more.” As the network grows, so do the challenges of providing algorithmic recommendations for feeds and spam detection.
Threads struggles with moderation on their platform, and Bluesky is seizing the opportunity by creating an account on Threads to promote the platform as an alternative on (and to) Threads.
Altmetric, which tracks online engagement with academic research, is looking for people that are willing to help with feedback sessions for their Bluesky attention tracking roll-out.
Bluesky has updated their app (v1.92), with some new features: you can now pin a post to your profile. There are also design improvements, including new font options. You can also now filter your searches by language.
TOKIMEKI, an alternative client for Bluesky, now supports showing your atproto-powered Linkat and WhiteWind profiles.
Threads struggles with moderation on their platform, and Bluesky is seizing the opportunity by creating an account on Threads to promote the platform as an alternative on (and to) Threads.
Frontpage, a link-aggregator platform build on atproto, is now open and available for everyone to use. The developers say that they’ll work on notifications first, and that decentralised and self-sovereign sub-communities are coming later.
For the protocol-people: what happens when there are clashing lexicon fields? Nick Gerakines publishes his thoughts on how the Lexicon system can evolve, with some additional thoughtsby Bluesky protocol engineer Bryan Newbold.
Deep dive: Aviary.domains
Aviary.domains is a new service that helps managing domains for Bluesky and the ATmosphere, that recently launched in early access. Aviary makes it easy for people who have a domain name to share that domain name with other people as their handle.
To place Aviary in a larger context, a short explanation: It helps to understand as the central offering of the ATmosphere being a single digital identity. When you first sign up for Bluesky, two things happen:
You join the ATmosphere, by creating a digital identity (a DID) that works with all other products that are build on atproto.
You log in with this newly created identity into Bluesky, and use Bluesky with this digital identity.
This digital identity, a DID (Decentralized IDentifier) is a unique string of letters and numbers that can never change, which is good for computers because it is unique, but very unpractical for humans to use. That’s why you have a handle, which corresponds behind the scenes with your DID. The idea of atproto is to use a website domain name as your handle. You can always change your handle to a different handle if you want, as long as you have a website domain you can use. Most people do not have their own website domain, so when you first join the ATmosphere and your DID gets created, Bluesky also gives you one of their sub domains you can use: yourname.bsky.social.
The goal for Bluesky is that people use their website domains as their handle, as it gives an easy way to verify ownership: the owner of the website is also the owner of the account. One problem however, is that many people do not have their own website domain. This is both an opportunity for Bluesky (which now sells domain names to people), but also still a challenge: a significant group of people are simply not interested in paying money for what amounts to a better user name. Even if you have your own website domain, having to change DNS settings is still a technical barrier that is too high for a large group of people.
This is the part where Aviary.domains comes it, as it tries to find an audience for people who have a domain name, that they want to share with their community. It has created a system where an owner of a domain name can invite other people to use a version of that domain as their handle on Bluesky. So as the owner of laurenshof.online, I can log in with Aviary, and generate a subdomain for, lets say my cat. Aviary generates a link that my cat can click; they log in on Aviary with Bluesky’s OAuth, type in their name, press accept, and their handle is now changed, without them having to change settings.
What makes this different from projects like swifties.social, which also hand out subdomains for people to use as handles on Bluesky, is that it does not require the final step, changing settings in the app. It also gives the owner of the domain control over each subdomain, with the ability to subtract subdomains as well. This makes Aviary more useful for people who want to have more control over who identifies with the domain, and can show they are part of the community.
Audio spaces app Bluecast now can show your broadcasting history.
That’s all for this week, thanks for reading! You can subscribe to my newsletter to receive the weekly updates directly in your inbox below, and follow me on Bluesky @laurenshof.online.
A quieter news week: self-hosted 3d printing app Manyfold joins the fediverse, and write.as now offers paid subscriptions for fediverse accounts with sub.club.
The News
Manyfold is a self-hosted open source web app for organising and managing your collection of 3d files, and in particularly 3d printing. With their latest update, Manyfold has now joined the fediverse by adding ActivityPub support. With the new integration, you can now follow a Manyfold creator from your fediverse account of choice, and get notified when the Manyfold account uploads a new 3d file. New Manyfold uploads appear as short posts with a link in the rest of the fediverse. To demonstrate, here is the Manyfold account from the creator Floppy as visible from Mastodon, and here is the profile on their Manyfold instance itself. The Manyfold server also has a button to follow the account on the fediverse. Manyfold implementing ActivityPub support is an illustration of how ActivityPub can be viewed as a form of ‘Social RSS’: it allows you to follow any Actor for updates, and adds social features (sharing/liking to it).
Sub.club is a service that lets people create paid subscription feeds on the fediverse. The service recently launched with the ability to monetise Mastodon feeds, and has now expanded to also include long-form writing, by collaborating with write.as. Write.as is the flagship instance of fediverse blogging software WriteFreely. With this update, blogs on write.as can now set on a a per-blog basis if a blog is a premium blog, and where the cut-off is. People who follow the blog from a fediverse account will see an option to subscribe and view the full post; this post by the sub.club account shows how a premium blog will look like from various perspectives. Adding sub.club to a write.as blog is as simple as following this three-minute PeerTube video.
The Redbox operating system has been dumped, and people are repurposing the massive DVD kiosks they've saved from the scrap heap.
The Redbox operating system has been dumped, and people are repurposing the massive DVD kiosks theyx27;ve saved from the scrap heap.#Redbox #CarRepair #Reverseengineering
@Politica interna, europea e internazionale Addio ai test d’ingresso per le facoltà universitarie di Medicina: dopo un semestre ad accesso libero, verrà stabilita una graduatoria nazionale tenendo in considerazione gli esami fatti che saranno uniformi per tutti. Il proseguimento degli studi al secondo semestre sarà
A prototype app called Impact describes “A Volunteer Fire Department For The Digital World,” which would summon real people to copy and paste AI-generated talking points on social media.#News
How the WordPress chaos may impact the web; using AI to apply for jobs; and how the National Archives wants to push its employees to use Google's AI.
How the WordPress chaos may impact the web; using AI to apply for jobs; and how the National Archives wants to push its employees to use Googlex27;s AI.#Podcast
@Politica interna, europea e internazionale Cosa prevede il disegno di legge di Bilancio 2025: tutte le misure Un piccolo sacrificio chiesto alle banche, l’ennesima sforbiciata a carico dei ministeri, la prevista conferma del taglio del cuneo fiscale e della
Un'indagine condotta dalla Gendarmeria francese (Gendarmerie Nationale), che ha coinvolto l'Arma dei Carabinieri italiani (NAS) e la Polizia federale svizzera (Police Federale Swiss), sostenuta da Europol ed Eurojust, ha portato allo smantellamento di una rete criminale di contraffazione dei vini francesi a Denominazione di Origine Protetta (DOP) in Italia. La rete criminale falsificava il vino rosso francese, facendo pagare fino a 15.000 euro a bottiglia. Il vino finto è stato contraffatto in Italia, poi consegnato ad un aeroporto italiano ed esportato per la vendita a valore di mercato in tutto il mondo da commercianti inconsapevoli.
L’operazione ha portato a: 6 arresti; 14 perquisizioni a Torino e Milano; sequestri tra cui: grandi quantità di bottiglie di vino provenienti da diversi domini Grand Cru contraffatti, adesivi per vino e prodotti in cera, ingredienti per sofisticare il vino, macchine tecniche per tappare le bottiglie, beni di lusso e apparecchiature elettroniche per un valore di 1,4 milioni di euro, oltre 100.000 euro in contanti e documenti.
Il modus operandi della rete criminale, unito alle caratteristiche delle contraffazioni, ha portato gli investigatori a stabilire un collegamento con una precedente indagine sostenuta da Europol mirata alla contraffazione di vino DOP. Le operazioni forensi condotte hanno rivelato le tecniche utilizzate dalla rete criminale per contraffare il vino francese di alta qualità. Collegamenti tra le due indagini sono stati scoperti anche esaminando i produttori di capsule e capsule e gli stampatori di etichette. L'indagine, chiusa nel 2015, coinvolgeva un cittadino russo anch'egli collegato all'indagine. Ulteriori indagini hanno portato alla luce transazioni commerciali effettuate tra l'Italia e la Svizzera. Successivamente furono scoperte altre bottiglie con simili segni di contraffazione.
Nel 2014 è stata scoperta una traccia latente sul retro di un'etichetta, che ha scoperto un collegamento con un individuo già noto alle autorità per un caso precedente simile. L'indagine su una rete internazionale di contraffazione di vini di lusso ha portato all'arresto di un cittadino russo associato a due viticoltori di nazionalità italiana. Tuttavia, dal 2019, in Europa sono comparse nuove contraffazioni, in particolare nei mercati svizzero e italiano. Dalle indagini effettuate è emerso che le vecchie bottiglie false venivano ancora vendute insieme a quelle nuove con copie delle nuove caratteristiche di sicurezza. Gli indizi investigativi e lo scambio internazionale di informazioni attraverso Europol hanno consentito all'unità della gendarmeria francese incaricata del caso di identificare questo nuovo percorso di distribuzione di bottiglie contraffatte utilizzando l'identità dei domini Grand Cru.
📌 Torna Fiera Didacta Italia! La più importante fiera sull’innovazione della #scuola si svolge per la prima volta in Puglia, dal 16 al 18 ottobre, alla Fiera del Levante a Bari.
📌 Torna Fiera Didacta Italia! La più importante fiera sull’innovazione della #scuola si svolge per la prima volta in Puglia, dal 16 al 18 ottobre, alla Fiera del Levante a Bari.
Oggi #16ottobre è la Giornata Mondiale dell'Alimentazione. L’iniziativa, istituita dalla FAO nel 1979, ha l’obiettivo di sensibilizzare l’opinione pubblica sui problemi legati alla fame e alla malnutrizione e di promuovere la sicurezza alimentare bas…
Oggi #16ottobre è la Giornata Mondiale dell'Alimentazione. L’iniziativa, istituita dalla FAO nel 1979, ha l’obiettivo di sensibilizzare l’opinione pubblica sui problemi legati alla fame e alla malnutrizione e di promuovere la sicurezza alimentare bas…
Moonrise2473
in reply to Andrea Russo • • •Andrea Russo
in reply to Moonrise2473 • •Notizie dall'Italia e dal mondo reshared this.