In general, the simpler a thing is, the better. That doesn’t appear to apply to engines, though, at least not how we’ve been building them. Pistons, cranks, valves, and seals, all operating in a synchronized mechanical ballet to extract useful work out of some fossilized plankton.

It doesn’t have to be that way, though, if the clever engineering behind this wobbling disk air engine is any indication. [Retsetman] built the engine as a proof-of-concept, and the design seems well suited to 3D printing. The driven element of the engine is a disk attached to the equator of a sphere — think of a model of Saturn — with a shaft running through its axis. The shaft is tilted from the vertical by 20° and attached to arms at the top and bottom, forming a Z shape. The whole assembly lives inside a block with intake and exhaust ports. In operation, compressed air enters the block and pushes down on the upper surface of the disk. This rotates the disc and shaft until the disc moves above the inlet port, at which point the compressed air pushes on the underside of the disc to continue rotation.

[Resetman] went through several iterations before getting everything to work. The main problems were getting proper seals between the disc and the block, and overcoming the friction of all-plastic construction. In addition to the FDM block he also had one printed from clear resin; as you can see in the video below, this gives a nice look at the engine’s innards in motion. We’d imagine a version made from aluminum or steel would work even better.

If [Resetman]’s style seems familiar, it’s with good reason. We’ve featured plenty of his clever mechanisms, like this pericyclic gearbox and his toothless magnetic gearboxes.

youtube.com/embed/z3x-_-5T9DQ?…

hackaday.com/2024/10/22/a-wobb…

It’s easy to use electricity — solar-generated or otherwise — to desalinate water. However, traditional systems require a steady source of power. Since solar panels don’t always produce electricity, these methods require some way to store or acquire power when the solar cells are in the dark or shaded. But MIT engineers have a fresh idea for solar-powered desalination plants: modify the workload to account for the amount of solar energy available.

This isn’t just a theory. They’ve tested community-sized prototypes in New Mexico for six months. The systems are made especially for desalinating brackish groundwater, which is accessible to more people than seawater. The goal is to bring potable water to areas where water supplies are challenging without requiring external power or batteries.

The process used is known as “flexible batch electrodialysis” and differs from the more common reverse osmosis method. Reverse osmosis, however, requires a steady power source as it uses pressure to pump water through a membrane. Electrodialysis is amenable to power fluctuations, and a model-based controller determines the optimal settings for the amount of energy available.

There are other ways to use the sun to remove salt from water. MIT has dabbled in that process, too, at a variety of different scales.

hackaday.com/2024/10/22/for-de…

Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim’s computer to bypass the security measures of banking institutions. It’s been active since at least 2016 and is now one of the most widespread banking trojans globally.

INTERPOL and law enforcement agencies across the globe are fighting against Grandoreiro, and Kaspersky is cooperating with them, sharing TTPs and IoCs. However, despite the disruption of some local operators of this trojan in 2021 and 2024, and the arrest of gang members in Spain, Brazil, and Argentina, they’re still active. We now know for sure that only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the world, further developing new malware and establishing new infrastructure.

Every year we observe new Grandoreiro campaigns targeting financial entities, using new tricks in samples with low detection rates by security solutions. The group has evolved over the years, expanding the number of targets in every new campaign we tracked. In 2023, the banking trojan targeted 900 banks in 40 countries — in 2024, the newest versions of the trojan targeted 1,700 banks and 276 crypto wallets in 45 countries and territories, located on all continents of the world. Asia and Africa have finally joined the list of its targets, making it a truly global financial threat. In Spain alone, Grandoreiro has been responsible for fraudulent activities amounting to 3.5 million euros in profits, according to conservative estimates — several failed attempts could have yielded beyond 110 million euros for the criminal organization.

In this article, we will detail how Grandoreiro operates, its evolution over time, and the new tricks adopted by the malware, such as the usage of 3 DGAs (domain generation algorithm) in its C2 communications, the adoption of ciphertext stealing encryption (CTS), and mouse behavior tracking, aiming to bypass anti-fraud solutions. This evolution culminates with the appearance of lighter, local versions, now focused on Mexico, positioning the group as a challenge for the financial sector, law enforcement agencies and security solutions worldwide.

Grandoreiro: One malware, many operators, fragmented versions

Grandoreiro is a banking trojan of Brazilian origin that has been active since at least 2016. Grandoreiro is written in the Delphi programming language, and there are many versions, indicating that different operators are involved in developing the malware.

Since 2016, we have seen the threat actors behind Grandoreiro operations regularly improving their techniques to stay unmonitored and active for a longer time. In 2020, Grandoreiro started to expand its attacks in Latin America and later in Europe with great success, focusing its efforts on evading detection using modular installers.

Grandoreiro generally operates as Malware-as-a-Service, although it’s slightly different from other banking trojan families. You won’t find an announcement on underground forums selling the Grandoreiro package — it seems that access to the source-code or builders of the trojan is very limited, only for trusted partners.

After the arrests of some operators, Grandoreiro split its codebase into lighter versions, with fewer targets. These fragmented versions of the trojan are a reaction to the recent law enforcement operations. This discovery is supported by the existence of two distinct codebases in simultaneous campaigns: newer samples featuring updated code, and older samples which rely on the legacy codebase, now targeting only users in Mexico — customers of around 30 banks.

2022 and 2023 campaigns

Grandoreiro campaigns commonly start with a phishing email written in the target country language. For example, the emails distributed in most of Latin America are in Spanish. However, we also saw the use of Google Ads (malvertising) in some Grandoreiro campaigns to drive users to download the initial stage of infection.

Phishing emails use different lures to make the victim interact with the message and download the malware. Some messages refer to a pending phone bill, others mimic a tax notification, and son. In early 2022 campaigns, the malicious email included an attached PDF. As soon as the PDF is opened, the victim is prompted with a blurred image except for a part containing “Visualizar Documento” (“View Document” in Spanish). When the victim clicks the button, they are redirected to a malicious web page which prompts them to download a ZIP file. Since May 2022, Grandoreiro campaigns include a malicious link inside the email body that redirects the victim to a website that then downloads a malicious ZIP archive on the victim’s machine. These ZIP archives commonly contain two files: a legitimate file and a Grandoreiro loader, which is responsible for downloading, extracting and executing the final Grandoreiro payload.

The Grandoreiro loader is delivered in the form of a Windows Installer (MSI) file that extracts a dynamic link library (DLL) file and executes a function embedded in the DLL. The function will do nothing if the system language is English, but otherwise the final payload is downloaded. Most likely, this means that the analyzed versions didn’t target English-speaking countries. There have also been other cases where a VBS file is used instead of the DLL to execute the final payload.

Grandoreiro recent infection flow

As for the malware itself, in August 2022 campaigns, the final payload was an incredibly big 414 MB portable executable file disguised with a PNG extension (which is later renamed to EXE dynamically by the loader). It masked itself as an ASUS driver using the ASUS icon and was signed with an “ASUSTEK DRIVER ASSISTANTE” digital certificate.

In 2023 campaigns, Grandoreiro used samples with rather low detection rates. Initially, we identified three samples related to these campaigns, compiled in June 2023. All of them were portable executables, 390 MB big, with the original name “ATISSDDRIVER.EXE” and internal name “ATIECLXX.EXE”. The main purpose of these samples is to monitor the victims’ visits to financial institution websites and steal their credentials. The malware also allows threat actors to remotely control the victim machines and perform fraudulent transactions within them.

In the campaign involving the discussed samples, the malware tries to impersonate an AMD External Data SSD driver and is signed with an “Advice informations” digital certificate in order to appear legitimate and evade detection.

Implant impersonating AMD driver

Digital certificate used by Grandoreiro malware

In both cases, the malware is an executable that registers itself to be launched with Windows. However, it is worth noting that in the majority of Grandoreiro attacks, a DLL sideloading technique is employed, using legitimate binaries that are digitally signed to run the malware.

The considerable size of the executables can be explained by the fact that Grandoreiro utilizes a binary padding technique to inflate the size of the malicious files as a way to evade sandboxes. To achieve this, the attackers add multiple BMP images to the resource section of the binary. In the example below, the sample included several big images. The sizes of the highlighted images are around 83.1 MB, 78.8 MB, 75.7 and 37.6 MB. However, there are more of them in the binary, and together all the images add ~376 MB to the file.

Binary padding used by Grandoreiro

In both 2022 and 2023 campaigns, Grandoreiro used a well-known XOR-based string encryption algorithm that is shared with other Brazilian malware families. The difference is the encryption key. For Grandoreiro, some magic values were the following:

The various checks and validations aimed at avoiding detection and complicating malware analysis were also changed in the 2022 and 2023 versions. In contrast with the older Grandoreiro campaigns, we found that some of the tasks that were previously executed by the final payload are now implemented in the first stage loader. These tasks include security checks, anti-debugging techniques, and more. This represents a significant change from previous campaigns.

One of these tasks is the use of the geolocation service ip-api.com/json to gather the target’s IP address location data. In a campaign reported in May 2023 by Trustwave, this task is performed by a JScript code embedded in an MSI installer before the delivery of the final payload.

There are numerous other checks that have been transferred into the loader, although some of them are still present in the banking trojan itself. Grandoreiro gathers host information such as operating system version, hostname, display monitor information, keyboard layout, current time and date, time zone, default language and mouse type. Then the malware retrieves the computer name and compares it against the following strings that correspond to known sandboxes:

• WIN-VUA6POUV5UP;
• Win-StephyPC3;
• difusor;
• DESTOP2457;
• JOHN-PC.

Computer name validation

It also collects the username and verifies if it matches with the “John” or “WORK” strings. If any of these validations match, the malware stops its execution.

Grandoreiro includes detection of tools commonly used by security analysts, such as regmon.exe, procmon.exe, Wireshark, and so on. The process list varies across the malware versions, and it was significantly expanded in 2024, so we’ll share the full list later in this post. The malware takes a snapshot of currently executing processes in the system using the CreateToolhelp32Snapshot() Windows API and goes through the process list using Process32FirstW() and Process32NextW(). If any of the analysis tools exists in the system, the malware execution is terminated.

Grandoreiro also checks the directory in which it is being executed. If the execution paths are D:\programming or D:\script, it terminates itself.

Another anti-debugging technique implemented in the trojan involves checking for the presence of a virtual environment by reading data from the I/O Port “0x5658h” (VX) and looking for the VMWare magic number 0x564D5868. The malware also uses the IsDebuggerPresent() function to determine whether the current process is being executed in the context of a debugger.

Last but not least, Grandoreiro searches for anti-malware solutions such as AVAST, Bitdefender, Nod32, Kaspersky, McAfee, Windows Defender, Sophos, Virus Free, Adaware, Symantec, Tencent, Avira, ActiveScan and CrowdStrike. It also looks for banking security software, such as Topaz OFD and Trusteer.

In terms of the core functionality, some Grandoreiro samples check whether the following programs are installed:

• CHROME.EXE;
• MSEDGE.EXE;
• FIREFOX.EXE;
• IEXPLORE.EXE;
• OUTLOOK.EXE;
• OPERA.EXE;
• BRAVE.EXE;
• CHROMIUM.EXE;
• AVASTBROWSER.EXE;
• VeraCrypt;
• Nortonvpn;
• Adobe;
• OneDrive;
• Dropbox.

If any of these is present on the system, the malware stores their names to further monitor user activity in them.

Grandoreiro also checks for crypto wallets installed on the infected machine. The malware includes a clipboard replacer for crypto wallets, monitoring the user’s clipboard activity and replacing the clipboard data with the threat actor keys.

Clipboard replacer

2024 campaigns

During a certain period of time in February 2024, a few days after the announcement of the arrest of some of the gang’s operators in Brazil, we observed a significant increase in emails detected by spam traps. There was a notable prevalence of Grandoreiro-themed messages masquerading as Mexican CFDI communications. Mexican CFDI, short for “Comprobante Fiscal Digital por Internet” is an electronic invoicing system administered by the Mexican Tax Authority (SAT — Servicio de Administración Tributaria). It facilitates the creation, transmission, and storage of digital tax documents, mandatory for businesses in Mexico to record transactions for tax purposes.

In our investigation, we have acquired 48 samples associated not only with this instance but also with various other campaigns.

Notably, this new campaign added a new sandbox detection mechanism, namely a CAPTCHA before the execution of the main payload, as a way to avoid the automatic analysis used by some companies:

Grandoreiro anti-sandbox CAPTCHA

It is worth noting that in the 2024 Grandoreiro campaigns, the new sandbox evasion code has been implemented in the downloader. Although the main sample still has anti-sandbox functionality too, if a sandbox is detected, it is simply not downloaded. Besides that, the new version also added detection of many tools to its arsenal, aiming to avoid analysis. Here is whole list of analysis tools detected by the newest versions:

These are some RAT features that we found in this version:

• Auto-update feature allows newer versions of the malware to be deployed to the victim’s machine;
• Sandbox/AV detection, still present in the main module, which includes more tools than previous versions;
• Keylogger feature;
• Ability to select country for listing victims;
• Banking security solutions detection;
• Checking geolocation information to ensure it runs in the target country;
• Monitoring Outlook emails for specific keywords;
• Ability to use Outlook to send spam emails.

In terms of static analysis protection, in 2024 versions, Grandoreiro has implemented enhanced encryption measures. Departing from its previous reliance on commonly shared encryption algorithms found in other malware, Grandoreiro has now adopted a multi-layered encryption approach. The decryption process in the newer versions is the following. Initially, the string undergoes deobfuscation through a simple replacement algorithm. Following this, Grandoreiro employs the encryption algorithm based on XOR and conditional subtraction typically utilized by Brazilian malware; however, it differs from them by incorporating a lengthy, 140759-byte string instead of smaller magic strings we saw in 2022 and 2023 samples. Subsequently, the decrypted string undergoes base64 decoding before being subjected to decryption via the AES-256 algorithm. Notably, the AES key and IV are encrypted within Grandoreiro’s code. Upon completion of all these steps, the decrypted string is successfully recovered.

Grandoreiro AES key and IV

In newer samples, Grandoreiro upgraded yet again the encryption algorithm using AES with CTS, or Ciphertext Stealing, a specialized encryption mode used when the plaintext is not a multiple of the block size, which in this case is the 128-bit (16-byte) block size used by AES. Unlike more common padding schemes, such as PKCS#7, where the final block is padded with extra bytes to ensure it fits a full block, CTS operates without padding. Instead, it manipulates the final partial block of data by encrypting the last full block and XORing its output with the partial block. This allows encryption of any arbitrary-length input without adding extra padding bytes, preserving the original size of the data.

ECB Encryption Steps for CTS

In the case of Grandoreiro, the malware’s encryption routine does not add standard padding to incomplete blocks of data. Their main goal is to complicate analysis: it takes time to figure out that CTS was used, and then more time to implement decryption in this mode, which makes the extraction and obfuscation of strings more complicated. This marks the first time this particular method has been observed in a malware sample.

As the threat actors continue to evolve their techniques, changing the encryption in every iteration of the malware, the use of CTS in malware may signal a shift toward more advanced encryption practices.

Local versions: old meets new

In a recent campaign, our analysis has revealed the existence of an older variant of the malware that utilizes legacy encryption keys, outdated algorithms, and a simplified structure, but which runs in parallel to the campaign using the new code. This variant targets fewer banks — about 30 financial institutions, mainly from Mexico. This analysis clearly indicates that another developer, likely with access to older source code, is conducting new campaigns using the legacy version of the malware.

How they steal your money

Operators behind Grandoreiro are equipped with a wide variety of remote commands, including an option to lock the user screen and present a custom image (overlay) to ask the victim for extra information. These are usually OTPs (one-time passwords), transaction passwords or tokens received by SMS, sent by financial institutions.

A new tactic that we have discovered in the most recent versions found in July 2024 and later suggests that the malware is capturing user input patterns, particularly mouse movements, to bypass machine learning-based security systems. Two specific strings found in the malware — “GRAVAR_POR_5S_VELOCIDADE_MOUSE_CLIENTE_MEDIA” (“Record for 5 seconds the client’s average mouse speed”) and “Medição iniciada, aguarde 5 segundos!” (“Measurement started, please wait 5 seconds!”) — indicate that Grandoreiro is monitoring and recording the user’s mouse activity over a short period. This behavior appears to be an attempt to mimic legitimate user interactions in order to evade detection by anti-fraud systems and security solutions that rely on behavioral analytics. Modern cybersecurity tools, especially those powered by machine learning algorithms, analyze user’s behavior to distinguish between human users and bots or automated malware scripts. By capturing and possibly replaying these natural mouse movement patterns, Grandoreiro could trick these systems into identifying the activity as legitimate, thus bypassing certain security controls.

This discovery highlights the continuous evolution of malware like Grandoreiro, where attackers are increasingly incorporating tactics designed to counter modern security solutions that rely on behavioral biometrics and machine learning.

To perform the cash-out in the victim’s account, Grandoreiro operators’ options are to transfer money to the account of local money mules, using transfer apps, buy cryptocurrency or gift cards, or even going to an ATM. Usually, they search for money mules in Telegram channels, paying $200 to $500 USD per day:

Grandoreiro operator looking for money mules

Infrastructure

The newest Grandoreiro version uses 3 Domain Generation Algorithms (DGAs), generating valid domains for command and control (C2) communications. The algorithm uses the current daytime to select strings of predefined lists and concatenates them with a magic key to create the final domain.

By dynamically generating unique domain names based on various input data, the algorithm complicates traditional domain-based blocking strategies. This adaptability allows the malicious actors to maintain persistent command-and-control communications, even when specific domains are identified and blacklisted, requiring security solutions to base their protection not on a fixed list of domains, but on an algorithm for generating them.

Since early 2022, Grandoreiro leverages a known Delphi component shared among different malware families named RealThinClient SDK to remotely access victim machines and perform fraudulent actions. This SDK is a flexible and modular framework for building reliable and scalable Windows HTTP/HTTPS applications with Delphi. By using RealThinClient SDK, the program can handle thousands of active connections in an efficient multithreaded manner.

Grandoreiro C2 Communication

Operator tool

Grandoreiro’s Operator is the tool that allows the cybercriminal to remotely access and control the victim’s machine. It’s a Delphi-based software that lists its victims whenever they start browsing a targeted financial institution website.

Grandoreiro’s Operator tool

Once the cybercriminal chooses a victim to operate on, they will be presented with the following screen, seen in the image below, which allows many commands to be executed and visualizes the victim’s desktop.

Grandoreiro’s Operator commands

Cloud VPS

One overlooked feature of the Grandoreiro malware is what is called “Cloud VPS” by the attackers — it allows cybercriminals to set up a gateway computer between the victim’s machine and the malware operator, thus hiding the cybercriminal’s real IP address.

This is also used by them to make investigation harder, as the first thing noted is the gateway’s IP address. When requesting a seizure, an investigator just finds the gateway module. Meanwhile, the criminal has already set up a new gateway somewhere else and new victims connect to the new one through its DGA.

Grandoreiro Cloud VPS

Victims and targets

The Grandoreiro banking trojan is primed to steal the credentials accounts for 1,700 financial institutions, located in 45 countries and territories. After decrypting the strings of the malware, we can see the targeted banks listed separated by countries/territories. This doesn’t mean that Grandoreiro will target a specific bank from the list; it means it is ready to steal credentials and act, if there is a local partner or money mule who can operationalize and complete the action. The banks targeted by Grandoreiro are located in Algeria, Angola, Antigua and Barbuda, Argentina, Australia, Bahamas, Barbados, Belgium, Belize, Brazil, Canada, Cayman Islands, Chile, Colombia, Costa Rica, Dominican Republic, Ecuador, Ethiopia, France, Ghana, Haiti, Honduras, India, Ivory Coast, Kenya, Malta, Mexico, Mozambique, New Zealand, Nigeria, Panama, Paraguay, Peru, Philippines, Poland, Portugal, South Africa, Spain, Switzerland, Tanzania, Uganda, United Kingdom, Uruguay, USA, and Venezuela. It’s important to note that the list of targeted banks and institutions tend to slightly change from one version to another.

From January to October 2024, our solutions blocked more than 150,000 infections impacting more than 30,000 users worldwide, a clear sign the group is still very active. According to our telemetry, the countries most affected by Grandoreiro infections are Mexico, Brazil, Spain, and Argentina, among many others.

Conclusion

We understand how difficult it is to eradicate a malware family, but it is possible to impede their operation with the cooperation of law enforcement agencies and the private sector — modern financial cybercrime can and must be fought.

Brazilian banking trojans are already an international threat; they’re filling the gaps left by Eastern European gangs who have migrated into ransomware. We know that in some countries, internet banking is declining on desktops, forcing Grandoreiro to target companies and government entities who are still using operating in that way.

The threat actors behind the Grandoreiro banking malware are continuously evolving their tactics and malware to successfully carry out attacks against their targets and evade security solutions. Kaspersky continues to cooperate with INTERPOL and other agencies around the world to fight the Grandoreiro threat among internet banking users.

This threat is detected by Kaspersky products as HEUR:Trojan-Banker.Win32.Grandoreiro, Trojan-Downloader.OLE2.Grandoreiro, Trojan.PDF.Grandoreiro and Trojan-Downloader.Win32.Grandoreiro.

For more information, please contact: crimewareintel@kaspersky.com

Indicators of Compromise

Host based
f0243296c6988a3bce24f95035ab4885
dd2ea25752751c8fb44da2b23daf24a4
555856076fad10b2c0c155161fb9384b
49355fd0d152862e9c8e3ca3bbc55eb0
43eec7f0fecf58c71a9446f56def0240
150de04cb34fdc5fd131e342fe4df638
b979d79be32d99824ee31a43deccdb18

securelist.com/grandoreiro-ban…

We’ve been hinting at it for a few months now, running a series of articles on SAOs, then a Supercon Add-On Challenge. We even let on that the badge would have space for multiple SAOs this year, but would you believe six?

Way back in 2017ish, Hackaday’s own [Brian Benchoff] and the [AND!XOR] crew thought it would be funny and useful to create a “standard” for adding small custom PCB art-badges onto bigger conference badges. The idea was to keep it quick and dirty, uncomplicated and hacky, and the “Shitty” Add On was born. The badge community took to this like wildfire. While the community has moved on from the fecal humor, whether you call these little badgelets “SAOs”, “Simple Add-Ons”, or even “Supercon-8 Add Ons”, there’s something here for everyone. So if you’ve already got some SAOs in a drawer, bring them to this year’s Supercon and show them off!

But you don’t need to bring your own SAOs. We thought that as long as we were providing six SAO ports, we’d provide you with a small starter collection: four of them, in fact. A fantastic capacitive touch wheel designed by [Todbot], a beautiful spiral petal matrix of LEDs designed by [Voja Antonic], a completely blank-slate protoboard petal, and an I2C-enabled microcontroller proto-petal.

Bringing it all together, of course, is the main badge, which sports a Raspberry Pi Pico W on the back-side, for WiFi and Bluetooth connectivity. This badge is intended to be a showcase of SAOs, and we thought that there have always been some under-explored corners of the spec. The most recent six-pin standard has power, ground, two GPIO pins, and an I2C pair. How often do we see SAOs that only use the power lines? This year, that changes!

Every GPIO pin on all six SAO slots is individually accessible, and the Pi Pico’s two hardware I2C peripheral busses are broken out on the left and right sides of the badge respectively. (Have an I2C enumeration conflict? Just move one of the offenders to the other side.) The idea here, combined with the wireless features and a trio of buttons on the front, is to give you a big sandbox to explore the possibilities of SAOs that go farther than just art.

Many Ways to Play

Straight out of the gate, the touch wheel and the LED petal matrix invite you to play with them, all the while fooling you into learning a little bit about interfacing I2C devices. You see, I2C devices have a unique address, and the rest of the functionality is handled by as if they were memory-mapped peripherals. What does this mean? If you want to ask the touch wheel where your finger is, you simply query its memory location 0. To set the LED colors, you write bytes to memory locations 15, 16, and 17 for red, green, and blue, respectively. Each spiral arm of the LED matrix petal is simply a byte in memory – write to it and the blinkies blink.

The take-home: I2C devices are fun and to play with. And when you start combining the functions of multiple SAOs, you can really start getting creative. But we’ve only scratched the surface. The I2C proto petal includes a CH32V003 chip, with its own dedicated I2C device hardware peripheral, so if you have essentially anything that you can solder to it, you can turn that into an I2C-enabled device to add to the party.

This is a multi-lingual party, though. The main badge, and all of the connection logic, runs on MicroPython. This makes it just a few lines of code to display your finger presses on the touchwheel over on the LED petal matrix, for instance, and we’ll have some demo code to ease you in. (And we’re frantically writing more!) But the I2C protoboard requires a little bit of C. If you’ve got a CH32V003 environment set up, by all means bring it – we love [CHLohr]’s CH32V003fun. We’re working on getting the badge board to program the CH32 in-situ, and we’re 99% sure we’ll have that ready by showtime. We’ll have demo code here to get you started as well. Will you program your first RISC-V chip at this year’s Supercon?

But say you don’t want anything to do with all this software? Just give me the solder! The blank-slate protoboard is for you. It breaks out the SAO lines, and gives you maximal room for creative hardware play. Heck, you could solder an LED, a resistor, and call it done. Or play around with the possibilities of the GPIOs. Low-code or no-code, the choice is yours.

Participate!

We know you’re all looking forward to getting your hands on the badge and the SAOs and getting creative. Here is the 2024 Supercon SAO Badge GitHub repository, for your perusal. All of the design files that we have are there in the hardware directory, but the code is not yet complete. If you want to design a 3D-printed case or add-on, you’ll find the vector files in PDF.

As usual [Voja] makes his circuit diagrams by hand, so you’ll find a beautifully annotated schematic that lets you know where each and every pin goes. If you’re not feeling the AA battery love, you’ll see that [Voja] has left you some pads to hook up an external power supply, for instance.

But the software is a work in progress, and in particular, we don’t know what I2C devices you’ll be bringing with you. We’re going to include as many MicroPython I2C device libraries as we can find, from OLED screens to magnetometers, and we’d like them to be on the default conference image. So if you’ve a device that you’d like us to support, either drop a link in the comments below or add the code in the libraries folder and submit a pull request! We’ll be flashing these at the absolute last minute, of course, but please get it in this weekend if you can.

Supercon!

Supercon 8’s badge is the unofficial world-record holder for the most SAO connectors on any official conference badge, but it also aspires to encourage you to play around with the functional aspects of our favorite mini-badge form factor. Heck, maybe you’ll learn a thing or two about I2C along the way? Push some GPIOs around? Or maybe you’ll just have a fun weekend with a soldering iron, some stellar talks, and some great company. Whatever it’s going to be, we can’t wait to see you all, and to see what you come up with!

If you have any questions about the badge, fire away in the comments here.

You do have your tickets already, right? See you soon!

(C3P0 add-on by [kuro_dk] and Cyclops by [Simenzhor] not included.)

Che la 'Ndrangheta sia l'organizzazione criminale italiana che presenta la maggiore minaccia all'estero è assunto consolidato. Non a caso all'interno di INTERPOL è stato attivato un programma ad hoc di collaborazione, guidato dall'Italia, denominato "I-CAN", un'alleanza globale per confrontarsi sulle nuove sfide e strategie di contrasto alla ‘Ndrangheta. Il Progetto è nato 4 anni fa dalla stretta collaborazione tra il Segretariato generale di Interpol e il Dipartimento della pubblica sicurezza italiano. Anche il progetto europeo di una rete internazionale di polizia @ON, guidato dalla italiana Direzione Investigativa Antimafia (DIA) mira a creare una rete tra le forze di polizia coinvolte, fornendo loro informazioni rapide sulle formazioni criminali internazionali su cui stanno indagando. Ciò avviene attraverso il canale sicuro “Siena” di Europol e la creazione di un database internazionale relativo alla criminalità organizzata.

Copertina rivista SN Social Sciences

Un recentissimo studio condotto da due esperte della materia, Anna Sergi e Anita Lavorgna, rispettivamente docente di criminologia presso l'University of Essex e Professoressa Associata presso il Dipartimento di Scienze Politiche e Sociali dell'Università di Bologna, sulla rivista SN Social Sciences (in inglese, Intergenerational and technological changes in mafia-type groups a transcultural research agenda to study the ‘ndrangheta and its mobility, reperibile anche in rete: link.springer.com/article/10.1…) pone l'accento sulla mobilità della 'ndrangheta e come le trasformazioni culturali e tecnologiche influenzino le sue operazioni.

L'analisi si basa su una revisione preliminare di documenti, tra cui trascrizioni di conversazioni intercettate, per esaminare l'uso di comunicazioni criptate nelle attività di traffico di droga. Questo approccio mira a fornire un contributo teorico piuttosto che empirico.

Tra gli altri aspetti considerati quelli di mobilità ed i legami sociali e culturali: la 'ndrangheta sfrutta i legami con la diaspora calabrese per espandere le sue operazioni e le dinastie mafiose si adattano a contesti internazionali, facilitando la loro mobilità.

Lo studio sottolinea l'importanza di un approccio transculturale per comprendere le dinamiche della 'ndrangheta, evidenziando come le trasformazioni tecnologiche e culturali influenzino le sue operazioni e resilienza a livello globale.

Da segnalare inoltre come proprio una delle due autrici, la Professoressa Sergi, sia protagonista di un podcast sulla infiltrazione della 'Ndrangheta agli antipodi, ovvero in Australia. Si tratta di un lavoro curato da Carlo Oreglia
, che evidenzia come da anni tale organizzazione criminale sia presente con i suoi traffici illeciti in varie città australiane (“My Australian Mafia Road Trip”: viaggio nella storia della 'ndrangheta in Australia).

Terza puntata Bomba!!!

1 - The Peawees - Drive  - Recensione : The Peawees One Ride
2 - Colloquio - Uomo del silenzio - Recesnsione - Colloquio – Io E L’altro
3 - Class - A healty alternative
4 - Alessandra Celletti - Le vrai nom du vent
5 - The Chefs - You Get Everywhere
6 - Fabio Vernizzi - ShorTrane (radio edit)
7 - The Guy Hamper Trio feat. James Taylor - Dog Jaw Woman
8 - Kluster Cold - Chrome chromosome
9 - Saffron Wood feat Ingrid Chavez- Visit Dream
10 - Freez - Always friends

iyezine.com/frontiere-sonore-r…

Frontiere Sonore Radio Show Ep. 3

Frontiere Sonore Radio Show Ep. 3 - Frontiere Sonore Radio Show Ep. 3:The Peawees, Colloquio, Class, Alessandra Celletti, The Chefs, Fabio Vernizzi,The Guy Hamper Trio feat.

^{Simone Benerecetti (In Your Eyes ezine)}

pubblicato su «Il Giorno», 3 febbraio 1965

Il brigadiere è davanti alla macchina da scrivere. L’interrogato, seduto davanti a lui, risponde alle domande un po’ balbettando, ma attento a dire tutto quel che ha da dire nel modo più preciso e senza una parola di troppo: «Stamattina presto andavo in cantina ad accendere la stufa e ho trovato tutti quei fiaschi di vino dietro la cassa del carbone. Ne ho preso uno per bermelo a cena. Non ne sapevo niente che la bottiglieria di sopra era stata scassinata». Impassibile, il brigadiere batte veloce sui tasti la sua fedele trascrizione: «Il sottoscritto essendosi recato nelle prime ore antimeridiane nei locali dello scantinato per eseguire l’avviamento dell’impianto termico, dichiara d’essere casualmente incorso nel rinvenimento di un quantitativo di prodotti vinicoli, situati in posizione retrostante al recipiente adibito al contenimento del combustibile, e di aver effettuato l’asportazione di uno dei detti articoli nell’intento di consumarlo durante il pasto pomeridiano, non essendo a conoscenza dell’avvenuta effrazione dell’esercizio soprastante».
Ogni giorno, soprattutto da cent’anni a questa parte, per un processo ormai automatico, centinaia di migliaia di nostri concittadini traducono mentalmente con la velocità di macchine elettroniche la lingua italiana in un’antilingua inesistente. Avvocati e funzionari, gabinetti ministeriali e consigli d’amministrazione, redazioni di giornali e di telegiornali scrivono parlano pensano nell’antilingua. Caratteristica principale dell’antilingua è quello che definirei il «terrore semantico», cioè la fuga di fronte a ogni vocabolo che abbia di per se stesso un significato, come se «fiasco» «stufa» «carbone» fossero parole oscene, come se «andare» «trovare» «sapere» indicassero azioni turpi. Nell’antilingua i significati sono costantemente allontanati, relegati in fondo a una prospettiva di vocaboli che di per se stessi non vogliono dire niente o vogliono dire qualcosa di vago e sfuggente. «Abbiamo una linea esilissima, composta da nomi legati da preposizioni, da una copula o da pochi verbi svuotati della loro forza» come ben dice Pietro Citati che di questo fenomeno ha dato su queste colonne un’efficace descrizione.
Chi parla l’antilingua ha sempre paura di mostrare familiarità e interesse per le cose di cui parla, crede di dover sottintendere: «io parlo di queste cose per caso, ma la mia funzione è ben più in alto delle cose che dico e che faccio, la mia funzione è più in alto di tutto, anche di me stesso». La motivazione psicologica dell’antilingua è la mancanza d’un vero rapporto con la vita, ossia in fondo l’odio per se stessi. La lingua invece vive solo d’un rapporto con la vita che diventa comunicazione, d’una pienezza esistenziale che diventa espressione. Perciò dove trionfa l’antilingua – l’italiano di chi non sa dire «ho fatto» ma deve dire «ho effettuato» – la lingua viene uccisa.
Se il linguaggio «tecnologico» di cui ha scritto Pasolini (cioè pienamente comunicativo, strumentale, omologatore degli usi diversi) si innesta sulla lingua non potrà che arricchirla, eliminarne irrazionalità e pesantezze, darle nuove possibilità (dapprincipio solo comunicative, ma che creeranno, come è sempre successo, una propria area di espressività); se si innesta sull’antilingua ne subirà immediatamente il contagio mortale, e anche i termini «tecnologici» si tingeranno del colore del nulla.
L’italiano finalmente è nato, – ha detto in sostanza Pasolini, – ma io non lo amo perché è «tecnologico».
L’italiano da un pezzo sta morendo, – dico io, – e sopravviverà soltanto se riuscirà a diventare una lingua strumentalmente moderna; ma non è affatto detto che, al punto in cui è, riesca ancora a farcela.
Il problema non si pone in modo diverso per il linguaggio della cultura e per quello del lavoro pratico. Nella cultura, se lingua «tecnologica» è quella che aderisce a un sistema rigoroso, – di una disciplina scientifica o d’una scuola di ricerca – se cioè è conquista di nuove categorie lessicali, ordine più preciso in quelle già esistenti, strutturazione più funzionale del pensiero attraverso la frase, ben venga, e ci liberi di tanta nostra fraseologia generica. Ma se è una nuova provvista di sostantivi astratti da gettare in pasto all’antilingua, il fenomeno non è positivo né nuovo, e la strumentalità tecnologica vi entra solo per finta.
Ma il giusto approccio al problema mi pare debba avvenire al livello dell’uso parlato, della vita pratica quotidiana. Quando porto l’auto in un’officina per un guasto, e cerco di spiegare al meccanico che «quel coso che porta al coso mi pare che faccia uno scherzo sul coso», il meccanico che fino a quel momento ha parlato in dialetto guarda dentro il cofano e spiega con un lessico estremamente preciso e costruendo frasi d’una funzionale economia sintattica, tutto quello che sta succedendo al mio motore. In tutta Italia ogni pezzo della macchina ha un nome e un nome solo, (fatto nuovo rispetto alla molteplicità regionale dei linguaggi agricoli; meno nuovo rispetto a vari lessici artigiani), ogni operazione ha il suo verbo, ogni valutazione il suo aggettivo. Se questa è la lingua tecnologica, allora io ci credo, io ho fiducia nella lingua tecnologica.
Mi si può obiettare che il linguaggio – diciamo così – tecnico-meccanico è solo una terminologia; lessico, non lingua. Rispondo: più la lingua si modella sulle attività pratiche, più diventa omogenea sotto tutti gli aspetti, non solo, ma pure acquista «stile». Finché l’italiano è rimasto una lingua letteraria, non professionale, nei dialetti (quelli toscani compresi, s’intende) esisteva una ricchezza lessicale, una capacità di nominare e descrivere i campi e le case, gli attrezzi e le operazioni dell’agricoltura e dei mestieri che la lingua non possedeva. La ragione della prolungata vitalità dei dialetti in Italia è stata questa. Ora, questa fase è superata da un pezzo: il mondo che abbiamo davanti, – case e strade e macchinari e aziende e studi, e anche molta dell’agricoltura moderna – è venuto su con nomi non dialettali, nomi dell’italiano, o costruiti su modelli dell’italiano, oppure d’una inter-lingua scientifico-tecnico-industriale, e vengono adoperati e pensati in strutture logiche italiane o interlinguistiche. Sarà sempre di più questa lingua operativa a decidere le sorti generali della lingua.
Anche nel suo aspetto espressivo: non tanto per le possibili rapide fortune di nuovi termini che dall’uso scientifico o tecnico passano a quello metaforico, affettivo, psicologico ecc. (questo è sempre successo: parole come «allergico», «cartina al tornasole», «relativistico» già erano entrate nell’«italiano medio» dei nostri padri, ma devo dire che mi garbano poco), ma perché anche qui le forme dell’uso pratico sono sempre determinanti, fanno cadere vecchie forme di coloritura espressiva diventate incompatibili col resto del modo di parlare, obbligano a sostituirle con altre.
Il dato fondamentale è questo: gli sviluppi dell’italiano oggi nascono dai suoi rapporti non con i dialetti ma con le lingue straniere. I discorsi sul rapporto lingua-dialetti, sulla parte che nell’italiano d’oggi hanno Firenze o Roma o Milano, sono ormai di scarsa importanza. L’italiano si definisce in rapporto alle altre lingue con cui ha continuamente bisogno di confrontarsi, che deve tradurre e in cui deve essere tradotto.
Le grandi lingue europee hanno tutte i loro problemi, al loro interno e soprattutto nel confronto reciproco, tutte hanno limiti gravi di fronte ai bisogni della civiltà contemporanea, nessuna riesce a dire tutto quello che avrebbe da dire. Per esempio, la spinta innovatrice del francese, di cui parlava su queste colonne Citati, è fortemente frenata dalla struttura della frase fondamentalmente classicista, letteraria, conservatrice: la Quinta Repubblica vive il contrasto tra la sua realtà economica solidamente tecnocratica e il suo linguaggio d’una espressività letteraria vaga e anacronistica.
La nostra epoca è caratterizzata da questa contraddizione: da una parte abbiamo bisogno che tutto quel che viene detto sia immediatamente traducibile in altre lingue; dall’altra abbiamo la coscienza che ogni lingua è un sistema di pensiero a sé stante, intraducibile per definizione.
Le mie previsioni sono queste: ogni lingua si concentrerà attorno a due poli: un polo di immediata traducibilità nelle altre lingue con cui sarà indispensabile comunicare, tendente ad avvicinarsi a una sorta di interlingua mondiale ad alto livello; e un polo in cui si distillerà l’essenza più peculiare e segreta della lingua, intraducibile per eccellenza, e di cui saranno investiti istituti diversi come l’argot popolare e la creatività poetica della letteratura.
L’italiano nella sua anima lungamente soffocata, ha tutto quello che ci vuole per tenere insieme l’uno e l’altro polo: la possibilità d’essere una lingua agile, ricca, liberamente costruttiva, robustamente centrata sui verbi, dotata d’una varia gamma di ritmi nella frase. L’antilingua invece esclude sia la comunicazione traducibile, sia la profondità espressiva. La situazione sta in questi termini: per l’italiano trasformarsi in una lingua moderna equivale in larga parte a diventare veramente se stesso, a realizzare la propria essenza; se invece la spinta verso l’antilingua non si ferma ma continua a dilagare, l’italiano scomparirà dalla carta linguistica d’Europa come uno strumento inservibile.

Gnu/Linux Italia (LaserOffice) ha pubblicato un mio articolo introduttivo al Fediverso e della sua correlazione con il panorama opensource.

laseroffice.it/blog/2024/10/20…

FEDIVERSO: Un'alternativa decentralizzata e open source ai social network proprietari - Aggregatore

Nel mondo odierno, la maggior parte delle persone si affida a piattaforme social centralizzate come Facebook, Instagram, YouTube e WhatsApp. Questi servizi,

^{Alex (Aggregatore GNU/Linux e dintorni)}

Nasce a Lugos, Ungheria [ora Lugoj, Romania] Bela Lugosi attore famoso soprattutto per la sua sinistra interpretazione del vampiro Conte Dracula.
@Storia
#otd