All your Nintendo Alarmo are belong to mew~ (Credit: GaryOderNichts, Blogspot)
Most of us will probably have seen Nintendo’s latest gadget pop up recently. Rather than a Switch 2 announcement, we got greeted with a Nintendo-branded alarm clock. Featuring a 2.8″ color LCD and a range of sensors, it can detect and respond to a user, and even work as an alarm clock for the low, low price of €99. All of which takes the form of Nintendo-themed characters alongside some mini-games. Naturally this has led people like [Gary] to buy one to see just how hackable these alarm clocks are.

As can be expected from a ‘smart’ alarm clock it has 2.4 GHz WiFi connectivity for firmware and content download, as well as a 24 GHz millimeter wave presence sensor. Before [Gary] even had received his Alarmo, others had already torn into their unit, uncovering the main MCU (STM32H730ZBI6) alongside a 4 GB eMMC IC, as well as the MCU’s SWD pads on the PCB. This gave [Gary] a quick start with reverse-engineering, though of course the MCU was protected (readout protection, or RDP) against firmware dumps, but the main firmware could be dumped from the eMMC without issues.

After this [Gary] had a heap of fun decrypting the firmware, which seems to always get loaded into the external octal SPI RAM before execution, as per the boot sequence (see featured image). This boot sequence offers a few possibilities for inserting one’s own (properly signed) contents. As it turns out via the USB route arbitrary firmware binaries can be loaded, which provided a backdoor to defeat RDP. Unfortunately the MCU is further locked down with Secure Access Mode, which prevents dumping the firmware again.

So far firmware updates for the Alarmo have not nailed shut the USB backdoor, making further reverse-engineering quite easy for the time being. If you too wish to hack your Alarmo and maybe add some feline charm, you can check [Gary]’s GitHub project.

hackaday.com/2024/10/30/tearin…

This week, Jonathan Bennett and Dan Lynch chat with Josh Bressers, VP of Security at Anchore, and host of the Open Source Security and Hacker History podcasts. We talk security, SBOMs, and how Josh almost became a Sun fan instead of a Linux geek.

– https://opensourcesecurity.io/feed/
– hackerhistory.com/feed/
– infosec.exchange/@joshbressers
– anchore.com/feed/

youtube.com/embed/0rbqMv3c0pY?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

hackaday.com/2024/10/30/floss-…

The name BeOS is one which tends to evoke either sighs of nostalgia or blank stares, mostly determined by one’s knowledge of the 1990s operating system scene. Originally released in 1995 by Be Inc., it was featured primarily on the company’s PowerPC-based BeBox computers, as well as being pitched to potential customers including Apple, who was looking for a replacement for MacOS. By then running on both PowerPC and x86-based systems, BeOS remained one of those niche operating systems which even the free Personal Edition (PE) of BeOS Release 5 from 1998 could not change.

As one of the many who downloaded BeOS R5 PE and installed it on a Windows system to have a poke at it, I found it to be a visually charming and quite functional OS, but saw no urgent need to use it instead of Windows 98 SE or 2000. This would appear to have been the general response from the public, as no BeOS revival ensued. Yet even as BeOS floundered and Be Inc. got bought up, sold off and dissected for its parts, a group of fans who wanted to see BeOS live on decided to make their own version. First called OpenBeOS and now Haiku, it’s a fascinating look at a multimedia-centric desktop OS that feels both very 1990s, but also very modern.

With the recent release of the R1 Beta 5 much has been improved, which raises the interesting question of how close Haiku is to becoming a serious desktop OS contender.

Writing A Haiku

Although some parts of BeOS (e.g. Tracker and Deskbar UI components) were open sourced with BeOS R5, for the most part the code of the Haiku project has been written from scratch. What helped a lot here was that even beyond the modular hybrid kernel the entire architecture of BeOS focused on modularity, allowing these developers in the early 2000s to gradually create new components to replace the proprietary ones in BeOS while testing them for regressions and bugs.

Even so, it took until September 2009 for the first Alpha release to be published, following eight years of intensive work. The first Beta came nine years later, at the end of September 2018, by which time support for x86_64 systems had also been added. This created an interesting inflection point, as only the 32-bit x86 version is fully binary compatible with BeOS R5, while the 64-bit version merely has compatible APIs. Unless you intend to run proprietary BeOS software this is probably not much of a concern, of course.

Currently, the Haiku project describes the OS as an ‘easy to use and lean open source operating system’, rather than limiting itself to being merely a way to run 1990s BeOS applications. The implications of this are covered in the general FAQ on the Haiku website along with a whole range of other common questions. The tl;dr is that while Haiku grew out of BeOS, its focus is mostly on maintaining BeOS’s unified vision for the desktop OS experience, which is why merely putting another skin around the Linux kernel would not have worked.

This drive to keep Haiku as a spiritual successor to BeOS can be seen in this and many other aspects, from its general appearance, to the name. Within BeOS the use of haiku (Japanese short-form poetry) was quite common, in particular in its NetPositive web browser error messages, such as:

Sites you are seeking
From your path they are fleeing
Their winter has come.

So What Does It Do?

Inevitably, when someone is confronted with Yet Another Open Source OS (YAOSO), the first question that comes to mind is what it does that another OS does not. After all, there are so many hobby OSes out there, all too often merely written to promote one’s pet language like Zig, Dart, NodeJS, Rust, D or another collection of letters that may or may not be infuriating to search for on the Internet. All of these OSes will tend to have a GUI, a file & internet browser, maybe someone has ported Tux Racer and some other bits of Linux userland, but with less functionality than the average Linux distribution these OS projects mostly spend a lot of time coming to terms with being less relevant than BeOS R5 and OS/2 Warp still are in the 2020s.

Here Haiku of course is a far cry from a hobby OS. Its kernel is inspired by the NewOS kernel, written by a former Be Inc. employee, it uses C++ and even GCC 2.x in places for that BeOS compatibility, but for new code you will be using a current C++ toolchain. You find the same GUI-centric user interface as BeOS had, though in the Terminal application you quickly find that it’s as familiar as any Linux or BSD shell, a pattern which persists in its POSIX compatibility. Meanwhile the overall user experience feels familiar to both old-school BeOS users and the average Windows user.

Although this is decidedly a personal matter, Haiku for me is a breath of fresh air compared to Yet Another Linux Distro (YALD) in the user interface consistency and the sheer snappiness. Booting Haiku takes seconds before you’re on the desktop, and the whole experience is that of a nimble single-user desktop system, rather like something such as Windows 98, except even faster and less crash-y. As for what it does when you’re on the desktop, it of course has the usual assortment of web browsers, office applications, multimedia players and editors, but as said earlier all of that is rather beside the point when the real question is whether you can use it as a daily driver.

This was also the point of a recent video by the Action Retro channel on YouTube, in which Haiku as a daily driver OS is attempted and found to be working quite well, even with video hardware acceleration in the Beta 4 release not implemented yet. My own experiences this year with Beta 4 and 5 mostly confirm this take, albeit mostly from the experience of a software developer doing some serious application porting.

Basically, how badly does Haiku break when you try to use it as a serious OS and port FFmpeg and Qt5-based applications to it?

No YALD, Just Haiku

While I am not sure how enthusiastic I am about swapping the Windows-style taskbar (incidentally replicated by most Linux GUIs) for the BeOS-style Deskbar, or the BeOS window decorations, you do get used to these differences. To get started with porting software you ideally use the pkgman package manager, which is reminiscent of FreeBSD’s pkg (and ports, incidentally). As I found out earlier this year when I ported my FFmpeg-based NymphCast project to Haiku, the OS is a lot closer to FreeBSD than Linux in many respects, including its file stat handling. This means no hacky lstat64() as on 64-bit dirty Linux platforms.

The whole string of dependencies required by the NymphCast project were all present and easily installed with pkgman, with the next challenge being that Haiku does not follow the Linux or BSD filesystem conventions. This is not unexpected, as it’s a desktop OS with absolutely no need to pretend that it dates back to an era when PDP-8s roamed the Earth. Instead it’s a multimedia-focused OS from the 1990s, with a filesystem that has a lot of added meta-data features, and a layout for installed applications and development files that mostly non-confusing.

The only real showstoppers that I came across during the porting of NymphCast was a lack of IPv6 support in Haiku, and stability issues in Beta 4, but switching to Beta 5 (nightly) and improving IPv6 handling in my code fixed this. Running through the compilation and installation procedure again on Beta 5 recently, I encountered no stability issues, just an issue (#6400) in the SDL2 package for Haiku that makes SDL2-based applications still somewhat of a no-go until the responsible hack gets fixed, at least from how I understand the issue.
Qt5-based NymphCast Player running on Haiku Beta 5.
For fun, I also tried building the Qt5-based NymphCast Player client in Haiku R1 Beta 5, which succeeded with absolutely zero issues. This application ran fine, connected to NymphCast server and media server instances running elsewhere on the network just fine, allowing me to control them as I would have on any other OS. How perfectly boring.

Is It Boring Enough?

In the question of whether an OS can be a daily driver I feel that there’s a lot being implied. When I consider my own OS preferences, having used MS-DOS, Win3.x, Win9x, Win2k, etc., as well as desktop Linux since SuSE Linux 6.3 in ’99, the BSDs, OS X and MacOS (post-OS X), I feel strongly that a good daily driver OS is one that is so utterly boring and Just Works that you spend as little time as possible thinking about the OS, while maximizing the time you are productive, have fun playing games, being online, and so on.

Windows has become more and more boring in this regard until Windows 7, when it began to tailspin with Windows 8 and is with Windows 11 less functional than Windows 3.11, or Windows 9x during the delightful winmodem days. Similarly OS X/MacOS decided to lock down the OS with its rootless ‘feature’, among other unpopular decisions with power users and developers. Combined with the many bugs in MacOS (e.g. in its printer spool that existed since at least 10.4), I was happy to move to Windows 10, which is only infuriating due to the horrid Flat Design Language and completely unnecessary Settings app.

Although 1998 was supposed to be the Year of the Linux Desktop, the fact remains that Linux as a desktop OS is not boring, but a constant exercise in troubleshooting the window manager, desktop environment, audio subsystem, a kernel module that vanished after a kernel upgrade, an uncooperative driver, hunting down a non-existent driver for a new WiFi dongle and so on. This is why I use Linux on an almost daily basis, but run a Windows desktop system.

When it pertains to Haiku, I feel that there’s some real potential for it to become as boring as Windows 2000, or even Windows XP or 7. I will be using Haiku more the coming months and likely years as it matures towards Release 1, along with ReactOS and similar open source OSes that strive to provide the user with the most boring and pleasantly unremarkable desktop experience possible.

hackaday.com/2024/10/30/haiku-…

Si è conclusa recentemente a Vienna la Conferenza delle Parti alla Convenzione della Nazioni Unite contro la Criminalità Organizzata Transazionale (#UNTOC) – nota come "Convenzione di Palermo" – l’appuntamento biennale più importante dell’agenda dell’Onu in tema di prevenzione e lotta alla criminalità organizzata tramite il rafforzamento della cooperazione transfrontaliera.

L’Italia, che da sempre riveste un ruolo di rilievo nell’azione internazionale di contrasto alle mafie, ha partecipato ai lavori con una delegazione interministeriale guidata dal Ministro della Giustizia, Carlo Nordio, che intervenendo in "plenaria" ha sottolineato l’urgenza di rafforzare, a livello nazionale e attraverso la collaborazione multilaterale, il contrasto alle nuove forme di criminalità organizzata, che sempre più spesso opera nel dominio cyber.

Insieme alla Direttrice Esecutiva dell’Ufficio Onu sulle Droghe e il Crimine, Ghada Waly, il Ministro ha inoltre preso parte ad un evento di alto livello che segna l’avvio di un mese di mobilitazione in vista della prima Giornata internazionale contro la Criminalità Organizzata Transnazionale (15 novembre), inaugurando in tale occasione anche la mostra ”Cooperation in the fight against transnational organized crime: Italy’s Experience’‘ che offre una testimonianza della storia e delle capacità italiane nella lotta alle mafie. La mostra rimarrà al Vienna International Center per essere poi esposta anche al Palazzo di Vetro di New York. La mostra che illustra l’esperienza del nostro Paese nella lotta alla criminalità organizzata transnazionale, è stata realizzata dai Ministeri degli Affari Esteri e della Cooperazione Internazionale, dell’Interno e della Giustizia.

Attraverso un percorso di immagini evocative (vedi foto in apertura), la mostra illustra alcune fasi cruciali della lotta contro la mafia, il ruolo dei magistrati Flacone e Borsellino, la reazione alle stragi del 1992, la strada che ha portato all’adozione della Convenzione di Palermo, le attività di cooperazione internazionale e le sfide future.

La settimana è stata animata anche da numerosi eventi a latere. La Rappresentante Permanente italiana, Amb. Debora Lepre, è intervenuta in un panel di alto livello sul meccanismo di verifica dell’attuazione della Convenzione di Palermo e in un side event sullo sfruttamento dei minori da parte delle organizzazioni criminali. L’Italia ha co-organizzato anche eventi incentrati su temi prioritari per il nostro Paese, quali il contrasto ai reati contro il patrimonio culturale, la prevenzione del terrorismo, le connessioni tra corruzione e criminalità organizzata, il traffico di armi da fuoco.
La Conferenza ha adottato 4 risoluzioni e 2 decisioni: tra queste due importanti risoluzioni sul contrasto al traffico di armi da fuoco e sulla prevenzione e la lotta ai crimini ambientali.

We see a fair few glitcher projects, especially the simpler voltage glitchers. Still, quite often due to their relative simplicity, they’re little more than a microcontroller board and a few components hanging off some wires. PicoGlitcher by Hackaday.IO user [Matthias Kesenheimer] is a simple voltage glitcher which aims to make the hardware setup a little more robust without getting caught up in the complexities of other techniques. Based on the Raspberry Pico (obviously!), the board has sufficient niceties to simplify glitching attacks in various situations, providing controllable host power if required.

A pair of 74LVC8T245 (according to the provided BoM) level shifters allow connecting to targets at voltages from 1.8 V to 5 V if powered by PicoGlitcher or anything in spec for the ‘245 if target power is being used. In addition to the expected RESET and TRIGGER signals, spare GPIOs are brought out to a header for whatever purpose is needed to control a particular attack. If a programmed reset doesn’t get the job done, the target power is provided via a TPS2041 load switch to enable cold starts. The final part of the interface is an analog input provided by an SMA connector.

The glitching signal is also brought out to an SMA connector via a pair of transistors; an IRLML2502 NMOS performs ‘low power’ glitching by momentarily connecting the glitch output to ground. This ‘crowbarring’ causes a rapid dip in supply voltage and upsets the target, hopefully in a helpful way. An IRF7807 ‘NMOS device provides a higher power option, which can handle pulse loads of up to 66A. Which transistor you select in the Findus glitching toolchain depends on the type of load connected, particularly the amount of decoupling capacitance that needs to be discharged. For boards with heavier decoupling, use the beefy IRF7807 and accept the glitch won’t be as sharp as you’d like. For other hardware, the faster, smaller device is sufficient.

The software to drive PicoGlitcher and the hardware design files for KiCAD are provided on the project GitHub page. There also appears to be an Eagle project in there. You can’t have too much hardware documentation! For the software, check out the documentation for a quick overview of how it all works and some nice examples against some targets known to be susceptible to this type of attack.

For a cheap way to glitch an STM8, you can just use a pile of wires. But for something a bit more complicated, such as a Starlink user terminal, you need something a bit more robust. Finally, voltage glitching doesn’t always work, so the next tool you can reach for is a picoEMP.

youtube.com/embed/HGCZwSZWE1I?…

hackaday.com/2024/10/30/use-pi…

Nel Regno Unito si è concluso il primo processo nella storia del Paese contro il creatore di contenuti illegali che utilizzano l’intelligenza artificiale . Hugh Nelson, 27 anni, residente a Bolton, ha ricevuto 18 anni di prigione per aver creato e distribuito materiale proibito raffigurante minori. L’indagine è stata condotta dalla polizia di Greater Manchester.

Il criminale ha utilizzato Daz 3D, un programma di intelligenza artificiale, per convertire normali fotografie di minorenni in contenuti illegali. Secondo l’indagine, alcuni clienti hanno fornito fotografie di bambini veri con cui hanno avuto contatti.

Nel corso di un anno e mezzo l’aggressore ha guadagnato circa 5.000 sterline vendendo materiale creato nelle chat room di Internet. A differenza dei precedenti casi di “deepfake” in cui i volti venivano scambiati, Nelson ha creato modelli 3D basati su fotografie reali.

L’arresto è avvenuto dopo che Nelson ha detto a un agente di polizia sotto copertura in una chat online che era disposto a creare un nuovo “personaggio” per 80 sterline. Durante la perquisizione, è stato scoperto che il criminale aveva della corrispondenza in cui incoraggiava azioni illegali contro bambini di età inferiore a 13 anni. La polizia ha identificato diversi sospetti e vittime in tutto il mondo, tra cui Italia, Francia e Stati Uniti.

Hugh Nelson è stato giudicato colpevole di incitamento alla violenza contro i bambini sotto i 13 anni, tentando di indurre un adolescente sotto i 16 anni a impegnarsi in attività sessuali, distribuendo e realizzando immagini illegali.

L’avvocato ha cercato di presentare l’imputato come una persona sola che viveva nella casa dei suoi genitori e cercava riconoscimento nella comunità di Internet. Tuttavia, il giudice ha definito le azioni di Nelson “orribili e disgustose”, sottolineando la mancanza di comprensione da parte dell’imputato del danno causato.

Janette Smith, procuratore speciale del Crown Prosecution Service, ha affermato che il caso dimostra come la tecnologia in rapida evoluzione possa rappresentare una minaccia per i bambini. L’ispettore Jen Tattersall ha affermato che tali crimini che coinvolgono la computer grafica stanno diventando sempre più comuni. La scorsa settimana sono state avviate indagini su altri due casi simili.

L'articolo 18 Anni di Prigione, per aver Creato con le AI e Distribuito Materiale di Abuso dei Minori proviene da il blog della sicurezza informatica.

Sensitive content Clicca per aprire/chiudere

Sensitive content Clicca per aprire/chiudere

Qual è il bilancio dopo 10 mesi di governo Tusk, a un anno dalla vittoria nelle elezioni parlamentari? Ho scritto un'analisi per ResetDoc, partendo dalla svolta securitaria in materia di immigrazione.

What's the balance after 10 months of Tusk's government, one year after the victory in the parliamentary elections? I wrote an analysis for ResetDoc.

resetdoc.org/story/polands-imm…

Poland’s Immigration Law: Tusk’s Struggle to Hold the Center

“Regain control, ensure security.” This is the slogan of a draft law promoted by Polish Prime Minister Donald Tusk and adopted by his government to outline the country’s migration strategy from 2025 to 2030.

^{Reset DOC}

Frontiere Sonore Radio Show Ep. 4: Simone inizia una sezione di presentazione di piccole etichette italiane, in questa puntata presentiamo Stanze Fredde Records di Torino

iyezine.com/frontiere-sonore-r…

#radio

Frontiere Sonore Radio Show Ep. 4

Frontiere Sonore Radio Show Ep. 4 - Frontiere Sonore Radio Show Ep. 4: Simone inizia una sezione di presentazione di piccole etichette italiane, in questa puntata presentiamo Stanze Fredde Records di Torino -

^{Simone Benerecetti (In Your Eyes ezine)}

The Animal Kingdom, In un futuro prossimo alcuni umani iniziano a mutare trasformandosi gradualmente in animali.

iyezine.com/the-animal-kingdom

The Animal Kingdom

The Animal Kingdom - The Animal Kingdom, In un futuro prossimo alcuni umani iniziano a mutare trasformandosi gradualmente in animali. - The Animal Kingdom

^{Roberto Pardini (In Your Eyes ezine)}

La legge Calderoli spezzetta l'Italia e peggiora i iservizi "per tutti". Quello che migliora, se si vuol dire così, è il potere dei Presidenti di Regione e la "vicinanza" fra grossi imprenditori locali ed il sistema di potere.
Altro proprio non mi sovviene.

#autonomiadifferenziata