This week, Jonathan Bennett and Randal chat with Matija Šuklje about Open Source and the Law! How do Open Source projects handle liability, what should a Contributor License Agreement (CLA) look like, and where can an individual or project turn for legal help?

• matija.suklje.name/
• openchainproject.org/feed/
• matija.suklje.name/fiduciary-l…

youtube.com/embed/YgeecPVHtPg?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/01/08/floss-…

Der Vorstand der Piratenpartei Schweiz hat durch Umlaufbeschluss folgende Position beschlossen:

#8716: Stimmenthaltung zur Umweltverantwortungsinitiative, Abstimmung vom 09.02.2025

Infos zur Abstimmung: admin.ch/gov/de/start/dokument…

Gegen diesen Beschluss ist das fakultative innerparteiliche Referendum durch ein Quorum vom 2 Piraten innert 48 Stunden nach der Publikation gegeben. Das Referendum ist zuhanden des Präsidiums der Piratenversammlung anzuzeigen.

piratenpartei.ch/2025/01/08/re…

There are many AI models out there that you can play with from companies like OpenAI, Google, and a host of others. But when you use them, you get the experience they want, and you run it on their computer. There are a variety of reasons you might not like this. You may not want your data or ideas sent through someone else’s computer. Maybe you want to tune and tweak in ways they aren’t going to let you.

There are many more or less open models, but setting up to run them can be quite a chore and — unless you are very patient — require a substantial-sized video card to use as a vector processor. There’s very little help for the last problem. You can farm out processing, but then you might as well use a hosted chatbot. But there are some very easy ways to load and run many AI models on Windows, Linux, or a Mac. One of the easiest we’ve found is Msty. The program is free for personal use and claims to be private, although if you are really paranoid, you’ll want to verify that yourself.

What is Msty?

Talkin’ about Hackaday!
Msty is a desktop application that lets you do several things. First, it can let you chat with an AI engine either locally or remotely. It knows about many popular options and can take your keys for paid services. For local options, it can download, install, and run the engines of your choice.

For services or engines that it doesn’t know about, you can do your own setup, which ranges from easy to moderately difficult, depending on what you are trying to do.

Of course, if you have a local model or even most remote ones, you can use Python or some basic interface (e.g., with ollama; there are plenty of examples). However, Msty lets you have a much richer experience. You can attach files, for example. You can export the results and look back at previous chats. If you don’t want them remembered, you can chat in “vapor” mode or delete them later.

Each chat lives in a folder, which can have helpful prompts to kick off the chat. So, a folder might say, “You are an 8th grade math teacher…” or whatever other instructions you want to load before engaging in chat.

MultiChat

What two models think about 555s
One of the most interesting features is the ability to chat to multiple chatbots simultaneously. Sure, if it were just switching between them, that would be little more than a gimmick. However, you can sync the chats so that each chatbot answers the same prompt, and you can easily see the differences in speed and their reply.

For example, I asked both Google Gemini 2.0 and Llama 3.2 how a 555 timer works, and you can see the answers were quite different.

RAGs

The “knowledge stack” feature lets you easily grab up your own data to use as the chat source (that is RAG or Retrivial Augmented Generation) for use with certain engines. You can add files, folders, Obsidian vaults, or YouTube transcripts.
Chatting about the podcast
For example, I built a Knowlege Stack named “Hackaday Podcast 291” using the YouTube link. I could then open a chat with Google’s Gemini 2.0 beta (remotely hosted) and chat with the podcast. For example:

You: Who are the hosts?

gemini-2.0-flash-exp: Elliot Williams and Al Williams are the hosts.

You: What kind of microscope was discussed?

gemini-2.0-flash-exp: The text discusses a probe tip etcher that is used to make tips for a type of microscope that can image at the atomic level.

It would be easy to, for example, load up a bunch of PDF data sheets for a processor and, maybe, your design documents to enable discussing a particular project.

You can also save prompts in a library, analyze result metrics, refine prompts and results, and a host of other features. The prompt library has quite a few already available, too, ranging from an acountant to a yogi, if you don’t want to define your own.

New Models

The chat features are great, and having a single interface for a host of backends is nice. However, the best feature is how the program will download, install, run, and shut down local models.
Selecting a new local model will download and install it for use.
To get started, press the Local AI Model button towards the bottom of the left-hand toolbar. That will give you several choices. Be mindful that many of these are quite large, and some of them require lots of GPU memory.

I started on a machine that had an NVidia 2060 card that had 6GB of memory. Granted, some of that is running the display. But most of it was available. Some of the smaller models would work for a bit, but eventually, I’d get some strange error. That was a good enough excuse to trade up to a 12GB 3060 card, and that seems to be enough for everything I’ve tried so far. Granted, some of the larger models are a little slow, but tolerably so.

There are more options if you press the black button at the top, or you can import GGUF models from places like huggingface. If you’ve already loaded models for something like ollama, you can point Msty at them. You can also point to a local server if you prefer.

The version I tested didn’t know about the Google 2.0 model. However, when adding any of the Google models, it was easy enough to add the (free) API key and the model ID (models/gemini-2.0-flash-exp) for the new model.

Wrap Up

You can spend a lot of time finding and comparing different AI models. It helps to have a list, although you can wait until you’ve burned through the ones Msty already knows about..

Is this the only way to run your own AI model? No, of course not. But it may well be the easiest way we’ve seen. We’d wish for it to be open source, but at least it is free to use for personal projects. What’s your favorite way to run AI? And, yes, we know the answer for some people is “don’t run AI!” That’s an acceptable answer, too.

hackaday.com/2025/01/08/runnin…

Negli ultimi anni, il mercato globale del sequenziamento genetico è cresciuto a un ritmo allarmante. Secondo i dati della ricerca, con il progresso della tecnologia medica e la crescente domanda di medicina personalizzata, la tecnologia di sequenziamento genetico è sempre più utilizzata nella ricerca sul cancro, nella diagnosi delle malattie genetiche e nella ricerca e sviluppo di farmaci. Inoltre, anche i servizi di sequenziamento genetico di consumo come l’“analisi ancestrale” hanno mostrato una crescita esplosiva. Tuttavia, poche persone prestano attenzione ai problemi di sicurezza tecnica dietro le apparecchiature per il sequenziamento dei geni.

Recentemente, Eclypsium, la società leader mondiale nella sicurezza del firmware, ha sottolineato che il sequenziatore genetico Illumina iSeq 100, classificato al primo posto nel mercato globale, presenta seri rischi per la sicurezza del firmware. Questa scoperta ha lanciato l’allarme per l’intero settore dei dispositivi medici.

Illumina iSeq 100 è l’apparecchiatura di riferimento nel campo del sequenziamento genetico globale ed è ampiamente utilizzata nei principali laboratori di test genetici come 23andMe. Tuttavia, la ricerca di Eclypsium ha rilevato che questo dispositivo non supporta Windows Secure Boot, presentando un potenziale rischio di attacchi al firmware. Secure Boot è un meccanismo di sicurezza del sistema Windows ampiamente utilizzato dal 2012. Mira a impedire il caricamento di codice non autorizzato tramite crittografia a chiave pubblica e proteggere la sicurezza del processo di avvio del dispositivo.

In modalità operativa normale, iSeq 100 utilizza la versione 2018 del BIOS (B480AM12). Questa versione del firmware contiene vulnerabilità di sicurezza da molti anni e può essere sfruttata dagli aggressori per implementare infezioni dannose del firmware. Questa infezione viene eseguita prima dell’avvio del sistema operativo ed è difficile da rilevare o rimuovere. Inoltre, la ricerca ha anche scoperto che la funzione di protezione da lettura e scrittura del firmware del dispositivo non era abilitata e gli aggressori potevano manomettere il firmware del dispositivo a piacimento per inserire codice dannoso nel dispositivo.

Eclypsium ha inoltre avvertito che i problemi con iSeq 100 non sono unici. Questi dispositivi utilizzano spesso piattaforme informatiche fornite da fornitori di terze parti, che possono presentare vulnerabilità di sicurezza simili. Ad esempio, la scheda madre dell’iSeq 100 è prodotta da IEI Integration Corp., un’azienda che fornisce prodotti informatici industriali e servizi ODM per dispositivi medici a diversi settori. Ciò suggerisce che vulnerabilità simili potrebbero essere diffuse in altri dispositivi medici e industriali che utilizzano schede madri simili.

Alex Bazhaniuk, chief technology officer di Eclypsium, ha dichiarato: “Molti dispositivi medici sono basati su server generici e configurazioni legacy e spesso questi dispositivi non dispongono di un avvio sicuro abilitato o in alcuni casi eseguono firmware obsoleto, a causa di complessità tecnica o problemi di costo , gli aggiornamenti del firmware sono quasi impossibili.”

Più un dispositivo medico è costoso, più gravi sono i problemi di sicurezza, perché i dispositivi costosi tendono ad avere un ciclo di vita lungo. In un istituto di ricerca medica o di produzione ad alta tecnologia, potrebbe essere in funzione un dispositivo multimilionario qualcosa come Windows XP SP1″.

Inoltre, sebbene questi costosi dispositivi medici funzionino solitamente in reti altamente isolate, non sono immuni dall’esposizione a Internet, perché con l’approfondimento della digitalizzazione medica, sempre più dispositivi medici saranno collegati alla rete locale dell’ospedale o ai servizi cloud per trasferire rapidamente i dati, il che potrebbe comportare ulteriori rischi di attacchi informatici. Sebbene le reti isolate o le reti locali virtuali (VLAN) possano ridurre alcuni rischi, una volta violato il firewall, le conseguenze saranno disastrose.

L'articolo Ospedali e Dispositivi Medici Sono Sempre Più Vulnerabili! Ecco il Perché proviene da il blog della sicurezza informatica.

You probably get a few of these things each week in the mail. And some of them actually do a good job of obscuring the contents inside, even if you hold the envelope up to the light. But have you ever taken the time to appreciate the beauty of security envelope patterns? Yeah, I didn’t think so.

The really interesting thing is just how many different patterns are out there when a dozen or so would probably cover it. But there are so, so many patterns in the world. In my experience, many utilities and higher-end companies create their own security patterns for mailing out statements and the like, so that right there adds up to some unknown abundance.

So, what did people do before security envelopes? When exactly did they come along? And how many patterns are out there? Let’s take a look beneath the flap.

Before Envelopes, There Was Letterlocking

Pretend it’s 1525 and you have some private correspondence to send. Envelopes won’t come along for another three hundred years, at least not on a commercial scale. So what do you do? A common practice since the end of cuneiform tablets was a technique called letterlocking. This is a method of folding the paper of your letter in such a way that it becomes its own envelope, often using slits and tabs running throughout the creased letter. A wax seal was often employed for good measure.
The completed letter packet. Image via YouTube
The video below shows a model of Mary Queen of Scots’ last letter, written a few hours before she was beheaded, being letterlocked. Many say that writing this missive was her last act, but after that, it was performing this spiral letterlock to ensure the contents reached her brother-in-law without obvious tampering.

The letter is written on a large sheet of paper folded in half, with plenty of space in the left and right margins. This is where the slits and the tab that binds it all together will end up. Once written, the sender starts by folding a narrow spine into the left margin where the sheet is connected, then cutting a long, thin slice, leaving one short end attached.

Then the letter is then folded top to bottom twice, minus the slice. Then a hole is cut through all the layers and the the slice is pushed through the hole, wrapped around the letter packet and stuck through again until none remains. Finally, the slit and slice are coated with a bit of water so that the paper swells, sealing the lock. This is where sealing wax would come in handy.

youtube.com/embed/dzPE1MCgXxo?…

The point of letterlocking is that it was impossible to open the letter without causing a least a little bit of damage. So, if you received a tampered-with letter, it should have been quite obvious. Today we can see through locked letters without opening them thanks to x-rays. If you don’t like this method, here are step-by-step instructions for three different letterlocking methods.

The Rise of Security Envelopes

The mass-produced envelope came along in 1830. They started out thick enough to write addresses on and subsequently obscure the contents, but eventually got thinner and thinner as paper advanced. When the windowed envelope was invented by Americus F. Callahan in 1901 and patented 1902, envelopes became a real problem.

Fortunately, one Julius Regenstein of the Transo Envelope Company would invent the security tint just two years later in 1903. And that’s about all we know about the origin story, unfortunately. There isn’t even a Wikipedia page for security envelopes. Can you believe that?

The Good, the Bad, and the Ugly

In the biz, they’re called security tints, and there are a few companies like SupremeX out there generating new ones. The two most common tints you’re likely to see are confetti and some variation of the crosshatch pattern, which is just a bunch of intersecting lines. Both of these do a fine job of obscuring the contents of letters.

A variation of the common confetti pattern for security envelopes. Image by [Dan Schreck] via Abstract CollageOther tints are comprised of things like heavily overlapped circles and weird repeated shapes, or some form of television snow. I have nice wood grain envelopes in both black and blue, but my personal favorite resembles a field of asteroids.

The most common tints I’ve seen are black on white. Blue on white is a close second, but only represents maybe a third of my own personal collection. Red seems to be pretty rare except for mailings from the Red Cross , and I only have one lone envelope in green so far. I do have one highlighter-green return envelope from Globe Life with small black dots in overlapping concentric circles. It’s pretty hard to look at, honestly, but it’s still beautiful.

Usually the tints you see are some kind of abstract, entropic pattern, but sometimes a phrase like THANK YOU or PLEASE RECYCLE THIS ENVELOPE is repeated instead. And then of course, there are all the individual company tints. You can see many, many examples of these and more in the worldly collections of both [Dan Schreck] and [Joseph King], but some of my own collection are below.

For Your Own Security

Of course, you can pick up a box of security envelopes from the drugstore. But if you want to generate and print your own, have at it here or just run it in the browser. There’s a pattern generator in 12 colors plus grayscale, you can change the size of the pattern repeat, and there’s a randomizer if you’re not artistically inclined.

I hope you look at security envelopes a little differently now. Maybe you’ll start collecting them. If so, here are a bunch of ideas for using them. Or, you could send them to me.

L'Assemblea generale delle Nazioni Unite ha adottato la Convenzione delle Nazioni Unite contro la criminalità informatica il 24 dicembre 2024. (immagine sottostante)

Questo trattato storico mira a rafforzare la cooperazione internazionale nella prevenzione e nella lotta alla criminalità informatica e a proteggere le società dalle minacce digitali.
La Convenzione è il primo trattato di giustizia penale internazionale negoziato in oltre 20 anni e segna una vittoria per il multilateralismo. Crea una piattaforma per la collaborazione nello scambio di prove, nella protezione delle vittime e nella prevenzione, salvaguardando al contempo i diritti umani online.
La Convenzione riconosce i rischi posti dall'uso improprio delle tecnologie dell'informazione e della comunicazione e si concentra sulla protezione degli individui e della società da reati quali terrorismo, tratta di esseri umani, traffico di droga e reati finanziari online.
Con oltre due terzi della popolazione mondiale che utilizza Internet, la criminalità informatica rappresenta una minaccia crescente, sfruttando i sistemi digitali tramite malware, ransomware e hacking. La Convenzione affronta questo problema consentendo risposte più rapide e meglio coordinate e facilitando indagini e azioni penali. Affronta inoltre specificamente la violenza sessuale contro i bambini commessa con le ICT e incoraggia il supporto alle vittime e migliori strategie di prevenzione.
La Convenzione sarà aperta alla firma ad Hanoi, in Vietnam, nel 2025 ed entrerà in vigore 90 giorni dopo essere stata ratificata da 40 firmatari.
La Convenzione (in inglese) è reperibile in pdf a questo indirizzo: documents.un.org/doc/undoc/gen…

#cybercrime #NazionUnite #UnitedNations #ONU #Convenzionesulcybercrime
@Informatica (Italy e non Italy 😁)