If you look at this solar generator from [Concept Crafted Creations], you might think it’s somehow familiar. That’s because the design was visually inspired by the James Webb Space Telescope, or JWST. Ultimately, though, it’s purpose is quite different—it’s designed to use mirrors to collect and harness solar energy. It’s not quite there yet, but it’s an interesting exploration of an eye-catching solar thermal generator.

To get that JWST look, the build has 18 mirrors assembled on a 3D printed frame to approximate the shape of a larger parabolic reflector. The mirrors focus all the sunlight such that it winds up heating water passing through an aluminum plate. Each mirror was custom made using laser cut acrylic and mirror film. Each mirror’s position and angle can be adjusted delicately with screws and a nifty sprung setup, which is a whole lot simpler than the mechanism used on the real thing. The whole assembly is on a mount that allows it to track the movement of the sun to gain the most sunlight possible. There’s a giant laser-cut wooden gear on the bottom that allows rotation on a big Lazy Susan bearing, as well as a servo-driven tilting mechanism, with an Arduino using light dependent resistors to optimally aim the device.

It’s a cool-looking set up, but how does it compare with photovoltaics? Not so well. The mirror array was able to deliver around 1 kilowatt of heat into the water passing through the system, heating it to a temperature of approximately 44 C after half an hour. The water was warmed, but not to the point of boiling, and there’s no turbines or anything else hooked up to actually take that heat and turn it into electricity yet. Even if there were, it’s unlikely the system would reach the efficiency of a similarly-sized solar panel array. In any case, so far, the job is half done. As explained in the build video, it could benefit from some better mirrors and some structural improvements to help it survive the elements before it’s ready to make any real juice.

Ultimately, if you need solar power fast, your best bet is to buy a photovoltaic array. Still, solar thermal is a concept that has never quite died out.

youtube.com/embed/0XYwtub9bJE?…

youtube.com/embed/Alx_vwyksTw?…

hackaday.com/2025/05/30/diy-so…

The CIA ran a series of web sites in the 2000s. Most of them were about news, finance, and other relatively boring topics, and they spanned 29 languages. And they all had a bit of a hidden feature: Those normal-looking websites had a secret login and hosted CIA cover communications with assets in foreign countries. A password typed in to a search field on each site would trigger a Java Applet or Flash application, allowing the spy to report back. This isn’t exactly breaking news, but what’s captured the Internet’s imagination this week is the report by [Ciro Santilli] about how to find those sites, and the fact that a Star Wars fansite was part of the network.

This particular CIA tool was intended for short-term use, and was apparently so effective, it was dragged way beyond it’s intended lifespan, right up to the point it was discovered and started getting people killed. And in retrospect, the tradecraft is abysmal. The sites were hosted on a small handful of IP blocks, with the individual domains hosted on sequential IP addresses. Once one foreign intelligence agency discovered one of these sites, the rest were fairly easily identified.

youtube.com/embed/TFfuzZC5Qpc?…

This report is about going back in time using the Wayback Machine and other tools, and determining how many of these covert sites can be discovered today. And then documenting how it was done and what the results were. Surprisingly, some of the best sources for this effort were domain name data sets. Two simple checks to narrow down the possible targets were checking for IPs hosting only one domain, and for the word “news” as part of the domain name. From there, it’s the tedious task of looking at the Wayback Machine’s archives, trying to find concrete hits. Once a site was found on a new IP block, the whole block could be examined using historic DNS data, and hopefully more of the sites discovered.

So far, that list is 472 domains. Citizen Lab ran a report on this covert operation back in 2022, and found 885 domains, but opted not to publish the list or details of how they were found. The effort is still ongoing, and if you have any ideas how to find these sites, there’s a chance to help.

Profiling Internet Background Radiation

You may have noticed, that as soon as you put a host on a new IP address on the Internet, it immediately starts receiving traffic. The creative term that refers to all of this is Internet Background Radiation. It’s comprised of TCP probes, reflections from spoofed UDP attacks, and lots of other weird traffic. Researchers at Netscout decided to look at just one element of that radiation, TCP SYN packets. That’s the unsolicited first packet of a TCP handshake. What secrets would this data contain?

The first intriguing statistic is the number of spoofed TCP SYN packets coming from known bogus source IPs: zero. This isn’t actually terribly surprising for a couple reasons. One, packets originating from impossible addresses are rather easy to catch and drop, and many ISPs do this sort of scrubbing at their network borders. But the second reason is that TCP requires a three-way handshake to make a useful connection. And while it’s possible to spoof an IP address on a local network via ARP poisoning, doing so on the open Internet is much more difficult.

Packet TTL is interesting, but the values naturally vary, based on the number of hops between the sender and receiver. A few source IPs were observed to vary in reported TTLs, which could indicate devices behind NAT, or even just the variation between different OS network stacks. But looking for suspicious traffic, two metrics really stand out. The TCP Header is a minimum 20 bytes, with additional length being used with each additional option specified. Very few systems will naturally send TCP SYN packets with the header set to 20, suggesting that the observed traffic at that length was mostly TCP probes. The other interesting observation is the TCP window size, with 29,200 being a suspicious number that was observed in a significant percentage of packets, without a good legitimate explanation.

Hacking the MCP

GitHub has developed the GitHub MCP Server, a Master Control Program Model Context Protocol server, designed to allow AI agents to interact with the GitHub API. Invariant Labs has put together an interesting demo in how letting an agentic AI work with arbitrary issues from the public could be a bad idea.

The short explanation is that a GitHub issue can include a prompt injection attack. In the example, it looks rather benign, asking for more information about the project author to be added to the project README. Just a few careful details in that issue, like specifying that the author isn’t concerned about privacy, and that the readme update should link to all the user’s other repos. If the repo owner lets an agentic AI loose on the repo via MCP, it’s very likely to leak details and private repo information that it really shouldn’t.

Invariant Labs suggests that MCP servers will need granular controls, limiting what an AI agent can access. I suspect we’ll eventually see a system for new issues like GitHub already has for Pull Requests, where a project maintainer has to approve the PR before any of the automated Github Actions are performed on it. Once AI is a normal part of dealing with issues, there will need to be tools to keep the AI from interacting with new issues until a maintainer has cleared them.

GitLab Too

GitLab has their own AI integration, GitLab Duo. Like many AI things, it has the potential to be helpful, and the potential to be a problem. Researchers at Legit Security included some nasty tricks in this work, like hiding prompt injection as Hex code, and coloring it white to be invisible on the white GitLab background. Prompt injections could then ask the AI to recommend malicious code, include raw HTML in the output, or even leak details from private repos.

Gitlab took the report seriously, and has added additional filtering that prevents Duo from injecting raw HTML in its output. The prompt injection has also been addressed, but the details of how are not fully available.

Finally, Actually Hacking the Registry

We’ve been following Google’s Project Zero and [Mateusz Jurczyk] for quite a while, on a deep dive into the Windows Registry. We’re finally at the point where we’re talking about vulnerabilities. The Windows registry is self-healing, which could be an attack surface on its own, but it definitely provides a challenge to anyone looking for vulnerabilities with a fuzzer, as triggering a crash is very difficult.

But as the registry has evolved over time and Windows releases, the original security assumptions may not be valid any longer. For instance, in its original form, the registry was only writable by a system administrator. But on modern Windows machines, application hives allow unprivileged users and process to load their own registry data into the system registry. Registry virtualization and layered keys further complicate the registry structure and code, and with complexity often comes vulnerabilities.

An exploit primitive that turned out to be useful was the out-of-bound cell index, where one cell can refer to another. This includes a byte offset value, and when the cell being referred to is a “small dir”, this offset can point past the end of the allocated memory.

There were a whopping 17 memory corruption exploits discovered, but to produce a working exploit, the write-up uses CVE-2023-23420, a use after free that can be triggered by performing an in-place rename of a key, followed by deleting a subkey. This can result in a live reference to that non-existent subkey, and thus access to freed memory.

In that free memory, a fake key is constructed. As the entire data structure is now under the arbitrary control of the attacker, the memory can point to anywhere in the hive. This can be combined with the out-of-bounds cell index, to manipulate kernel memory. The story turns into a security researcher flex here, as [Mateusz] opted to use a couple registry keys rigged in this way to make a working kernel memory debugger, accessible from regedit. One key sets the memory address to inspect, and the other key contains said memory as a writable key. Becoming SYSTEM at this point is trivial.

Bits and Bytes

[Thomas Stacey] of Assured has done work on HTTP smuggling/tunneling attacks, where multiple HTTP requests exist in a single packet. This style of attack works against web infrastructure that has a front-end proxy and a back-end worker. When the front-end and back-end parse requests differently, very unintended behavior can result.

ONEKEY researchers have discovered a pair of issues in the Evertz core web administration interface, that together allow unauthenticated arbitrary command injection. Evertz manufactures very large video handling equipment, used widely in the broadcast industry, which is why it’s so odd that the ONEKEY private disclosure attempts were completely ignored. As the standard 90 day deadline has passed, ONEKEY has released the vulnerability details in full.

On the other hand, Mozilla is setting records of its own, releasing a Firefox update on the same day as exploits were revealed at pwn2own 2025. Last year Mozilla received the “Fastest to Patch” award, and may be on track to repeat that honor.

What does video game cheat development have to do with security research? It’s full of reverse engineering, understand memory structures, hooking functions, and more. It’s all the things malware does to take over a system, and all the things a researcher does to find vulnerabilities and understand what binaries are doing. If you’re interested, there’s a great two-part series on the topic just waiting for you to dive into. Enjoy!

hackaday.com/2025/05/30/this-w…

The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the focus away from vulnerabilities that received new CVE-2025-NNNNN identifiers. The nature of the CVE assignment process can result in a notable delay between problem investigation and patch release, which is mitigated by reserving a CVE ID early in the process. As for trends in vulnerability exploitation, we are seeing increasing rates of attacks targeting older operating system versions. This is mainly driven by two factors: users not installing updates promptly, and the ongoing rollout of new OS versions that include improved protections against the exploitation of vulnerabilities in certain subsystems.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. The data is taken from cve.org.

Total number of registered vulnerabilities and number of critical ones, Q1 2024 and Q1 2025 (download)

The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report examines the characteristics of vulnerabilities in the Linux operating system and Microsoft software, specifically the Windows OS. Given that the Linux kernel developers have obtained the status of a CVE Numbering Authority (CNA) and they can independently assign CVE identifiers to newly discovered security issues, all information about vulnerabilities can now be obtained firsthand.

Let us look at the Linux kernel vulnerabilities registered in the first quarter of 2025 and categorized according to their Common Weakness Enumeration (CWE) types.

Top 10 CWEs for Linux kernel vulnerabilities registered in Q1 2025 (download)

For Linux, the most common CWEs are those with the following identifiers:

• CWE-476: Null Pointer Dereference
• CWE-416: Use after Free
• CWE-667: Improper Locking
• CWE-125: Out-of-bounds Read
• CWE-908: Use of Uninitialized Resource, most often referring to regions of system memory

This set of vulnerability types is fairly common for system software. That said, exploiting vulnerabilities in these CWEs often demands complex read-and-write capabilities from attackers, due to Linux’s robust exploit mitigations such as kernel address space layout randomization (KASLR).

Let us examine similar statistics for Microsoft software. Given the developer’s extensive product lineup, a variety of security issues have been identified. As a result, we will limit our analysis to the most common CWEs for vulnerabilities disclosed during the first quarter of 2025.

TOP 10 CWEs for Microsoft product vulnerabilities registered in Q1 2025 (download)

In addition to the CWEs described above, the following types of vulnerabilities were also frequently reported in the first quarter:

• CWE-122: Heap-based Buffer Overflow
• CWE-787: Out-of-bounds Write

In general, the TOP 10 CWEs for Microsoft products and the Linux kernel tend to be similar or overlap, which means the vulnerabilities are rooted in comparable principles. As a result, we often see attack techniques being “ported” from Linux to Windows and vice versa, with attackers modifying existing exploits to target a different operating system. This method is likewise applied to multiple products of the same software type.

These CWEs have remained an issue for some time, in spite of ongoing efforts from the research and development community. Knowing the most frequently encountered vulnerabilities on a given platform provides insight into which tools attackers are likely to use to compromise it.

Exploitation statistics

This section presents statistics on vulnerability exploitation for the first quarter of 2025. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

The first quarter of 2025 saw a year-over-year increase in attacks using Windows exploits. As before, the vast majority of detected exploits targeted Microsoft Office products. Even though office suite applications are now widely available as cloud services, vulnerable local versions remain popular with users.

Historically, Kaspersky products have most often detected exploits targeting the Windows platform that leverage the following older vulnerabilities:

• CVE-2018-0802: a remote code execution vulnerability in the Equation Editor component
• CVE-2017-11882: another remote code execution vulnerability, also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad allowing an attacker to gain control over the system

These three vulnerabilities were the most prevalent throughout 2024, and we expect this trend to continue.

Following the top three vulnerabilities, other commonly exploited issues include vulnerabilities in WinRAR and in the Windows operating system itself, such as:

• CVE-2023-38831: a vulnerability in WinRAR involving improper handling of files within archive contents
• CVE-2024-35250: a vulnerability in the ks.sys driver that stems from dereferencing an untrusted pointer, which can allow an attacker to execute arbitrary code
• CVE-2022-3699: a vulnerability in the Lenovo Diagnostics Driver that allows improper issuance of IOCTL commands, enabling the attackers to read from or write to arbitrary kernel memory

All of the vulnerabilities listed above can be used for privilege escalation, and those affecting the kernel and drivers can result in full system compromise. For this reason, we strongly recommend regularly installing updates for the relevant software.

Dynamics of the number of Windows users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

For the Linux operating system, the most frequently exploited vulnerabilities in early 2025 targeted the following issues:

• CVE-2022-0847, also known as Dirty Pipe: a widespread vulnerability that allows privilege escalation and enables attackers to take control of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-3156: a heap overflow vulnerability in the sudo utility that allows attackers to escalate privileges to root

Dynamics of the number of Linux users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

It is essential to keep your operating system and software up to date by promptly installing all available patches and updates. However, updates for the Linux kernel and applications included with most distributions are critical, as a single vulnerability can lead to full system compromise.

Most common published exploits

Distribution of published exploits by platform, Q4 2024 (download)

Distribution of published exploits by platform, Q1 2025 (download)

In the first quarter of 2025, operating systems – among the most complex types of software – continued to account for the highest number of published exploits. This is due to the large codebase and numerous OS components, as well as the operating system’s critical role in device functionality. Furthermore, we are seeing a steady rise in the number of browser exploits, a trend that continued throughout the past year. The proportion of exploits targeting vulnerabilities in Microsoft Office products has also increased.

Vulnerability exploitation in APT attacks

We analyzed data on attacks carried out by APT groups and identified which vulnerabilities they most frequently exploited during the first quarter of 2025. The following rankings are informed by our telemetry, research, and open-source data.

Top 10 vulnerabilities exploited in APT attacks, Q1 2025 (download)

Most attacker techniques are designed to gain access to the victim’s local network. As a result, the most commonly targeted vulnerabilities are typically found in perimeter devices and software that can function as server. Notably, the well-known critical Zerologon vulnerability, which allows attackers to take over a domain controller, has reappeared in the TOP 10 most exploited vulnerabilities.

The only exception to this trend is software used for accessing information, such as text editors and file-sharing applications.

Interesting vulnerabilities

This section covers the most noteworthy vulnerabilities published in the first quarter of 2025.

ZDI-CAN-25373: a vulnerability in Windows that affects how LNK files are displayed

The first vulnerability to make our list has been actively exploited against users for some time, yet it still lacks a CVE identifier. It affects LNK files in the Windows operating system. The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts. In the Target field, attackers add extra characters, such as spaces or line breaks, after a legitimate-looking path, followed by malicious commands that can compromise the system. At the same time, only the first part of the path is shown in the shortcut’s properties:

Example of shortcut properties with additional characters that are not fully displayed in File Explorer

Opening a shortcut like this executes commands that are hidden from the user. For example, the Target field might include arguments at the end of the line that trigger a request to download a payload using powershell.exe. It is important to consider the psychological aspect of this vulnerability: a file with hidden malicious activity like this can mislead users, since they cannot see the main actions that will be performed when the file is opened.

CVE-2025-21333: a heap buffer overflow vulnerability in the vkrnlintvsp.sys driver

This is a buffer overflow vulnerability in the kernel’s paged pool memory allocation that was actively exploited in zero-day attacks against end-user systems. The vulnerable vkrnlintvsp.sys driver, designed for Hyper-V, improperly handles pointers to kernel pool structures. This results in a paged pool overflow, allowing attackers to execute arbitrary code or escalate their privileges.

Notably, this vulnerability can be exploited during process creation within Windows Sandbox. The name of the vulnerable function, VkiRootAdjustSecurityDescriptorForVmwp, suggests that providing a security descriptor that exceeds the allowed size is sufficient to trigger the vulnerability. In this scenario, the memory counter responsible for calculating the security descriptor’s length will overflow, enabling arbitrary read/write operations of 0xffff bytes and ultimately allowing attackers to escape the sandbox environment.

CVE-2025-24071: a NetNTLM hash leakage vulnerability in the file system indexer

A built-in feature of File Explorer in all Windows operating systems has become a common tool for stealing NetNTLM hashes. Attackers distributed a malicious file with a .library-ms extension that contained a specially crafted directory path. The appearance of this file in the victim’s file system triggers the indexing mechanism. It opens a specified directory, and the operating system automatically performs NTLM authentication in the background without notifying the user, which results in the disclosure of NetNTLM hashes.

Conclusion and advice

The number of vulnerabilities registered in the first quarter of 2025 might appear misleading. One possible reason for the decrease is that security research findings or vulnerability descriptions are sometimes published well after the vulnerabilities are initially discovered. Therefore, it is critically important to update all software and devices as soon as updates become available.

To stay safe, it is essential to respond promptly to changes in the threat landscape. It is also recommended to ensure the following:

• Maintain continuous, around-the-clock monitoring of your infrastructure, with particular attention to perimeter defenses.
• Implement strong patch management process and apply security fixes without delay. Solutions like Kaspersky Vulnerability and Patch Management and Kaspersky Vulnerability Data Feed can be used to configure and automate vulnerability and patch management.
• Use robust solutions that can detect and block malware on corporate devices, and comprehensive tools that include incident response plans, employee training programs, and an up-to-date cyberthreat database.

securelist.com/vulnerabilities…

The following was a letter submitted by an anonymous Pirate supporter using the pseudonym “Forward Thoughts”, sharing critiques of “Uncle Sam”. This article is apart of the project “Message in a Bottle”, allowing supporters of the US Pirate Party to submit editorial articles to the United States Pirate Party website.

Uncle Sam, the personification of the federal government, is supposed to be a beacon of democracy and good fortune towards the will of the people right here in the United States of America. However, he has gotten too big for his britches since the beginning. History highlighting this goes as far back as Uncle Sam exerting his power from the Whiskey Rebellion to recently using the Enemy Alien Act of 1787 to deport immigrant dissenters speaking out against the genocide happening in Palestine.

Every state relies on his charity to a certain extent, some more than others. How can we rely on our government to provide for its people when it directly meddles and persistently goes against the will of its people by starting wars and cutting funds to social programs, sometimes it creates on its own volition?

In a way, the American people receive assistance from the suits and ties of Capitol Hill in Washington D.C., that assistance comes in the form of government regulations more so than it comes from funding assistance. Guns, voting, criminal penalties, taxes, immigration, etc. are always the hot button issues every politician or candidate running for office has on their agenda.

“I want to be controlled harder by my government” said no one ever.

In order to curtail exerting pragmatic force against the will of the people, there’s supposed to be a system our founding fathers put in place called “checks and balances.” How this works is there’s the executive branch consisting of the presidency and cabinet members, Congress which consists of both the House of Representatives and the Senate, and the Supreme Court which consists of 9 justices.

However, what happens when all 3 branches reciprocate the same political ideology as one another? Who’s gonna stop these corrupt politicians from filling the coffers of themselves and of their allies (the oligarchy) they’re in cahoots with? Now we’re faced with a constitutional crisis where all 3 branches need to be severed like an infected limb.

Get this: Uncle Sam can exert his power over the economy on a whim. Right now President Trump is putting his hand up Uncle Sam as a puppet and he’s levying taxes on Chinese imports and other countries around the world. In retaliation, other countries he’s levied tariffs on are levying retaliatory tariffs against our imports into their countries. Consequently, prices on goods and services are rising. Stocks on the stock market are plummeting.

History is repeating itself. Remember back in US history class (well, hopefully you were taught this in US history class) about the Great Depression at the very end of the 1920s? Part of the reason why the economy went into a spiral was because of then Congress’s tariffs on foreign imports. Consumers no longer were able to afford products, therefore companies losing profits, especially those in the manufacturing industry, laid off workers.

Granted it wasn’t as if President Hoover bypassed Congress to make the tariffs happen, but my point still stands on how tariffs cause unintentional side effects to our everyday lives.

Lesson learned: tariffs backfire immensely on the economy.

Then President Nixon back in 1969 wanted to defund TV program PBS, Public Broadcasting Service. The nonprofit network was created to provide educational programming in a non-commercialized manner. It has brought us shows such as Sesame Street, Arthur, Mr. Rogers’ Neighborhood, just to name a few.

Speaking of Mr. Rogers, he testified before Congress and managed to avert budget cuts for the nationally renowned TV station. Fast forward to present day 2025 — Republicans in Congress and President Trump are trying to cut funds for PBS. History is repeating itself yet again. Will we have a savior of PBS like we did back in 1969?

Lesson to be learned: PBS really is made possible by viewers like you.

Even at the state level, funding can be granted and cut based on the current majority party’s and governor’s ideology of that time. Pennhurst State School & Hospital in Spring City, PA is one of many examples of state government apathetic to the welfare of its people, especially a vulnerable population.

Opened in 1908 and closed in 1987, Pennhurst State School & Hospital was a product of an era of eugenics where those deemed unfit to reproduce in the Caucasian gene pool were euthanized or removed from society. Marginalized groups such as the epileptic and the mentally disabled were housed here, but soon grew to orphans, physically disabled, etc. Within a few years Pennhurst became overcrowded and conditions became deplorable.

In 1968, Bill Baldini did a 5-part segment on the conditions at Pennhurst exposing its wretched standard of living and abuse residents faced. There was a public outcry after the segment aired. Conditions seldomly improved from there on out until its closure in 1987. Fortunately, these residents were moved to boarding homes.

Have you ever heard of a Kirkbride psychiatric hospital? They’re long-term psychiatric hospitals designed in a batwing fashion with emphasis on natural light and air circulation. However, lack of funding and mismanagement had led to conditions in a handful of these facilities to be anything but cheery. In fact, it is what can easily be described as wicked.

Trenton Psychiatric Hospital in Trenton, NJ, under the direction of Dr. Henry Cotton, extracted organs and teeth from patients. In spite of high mortality rates and disprovable claims of cure rates, this persisted at the behest of Dr. Cotton during his tenure.

Philly (Philadelphia) State Hospital at Byberry opened in 1907. Unlike Trenton Psychiatric Hospital and others similar to Trenton, it was not made using the Kirkbride blueprints. This didn’t make the hospital any less susceptible to daunting conditions such as overcrowding, barbaric experiments, abuse, and neglect.

Props are in order to a conscientious objector named Charlie Lord, who between 1945 and 1946 was so appalled by the conditions he took note of that he covertly took photos and leaked them to the press. In these photos, raw sewage and naked men lined the hallways of Byberry.

Lesson to be learned: these residents were at the mercy of state politicians apathetic to their basic needs. Moreover and lastly, psychiatric hospitals such as the Kirkbride hospitals and disabled residential facilities such as Pennhurst are archaic and stunt personal psychiatric growth in patients.

Most states’ systems are designed to where property taxes fund our public schools. Back in the late 1800s, public schools were a shining gem of what America could be. Nowadays in many communities, our schools are nothing more than shadows of their former selves, meeting the minimum standards set by the state for funding.

Gone are the days of home economics and industrial shop classes. It’s all about standardized testing mandated by the state capital and even Uncle Sam, which is basically modern day phrenology. There’s educators and politicians who’ll justify this inane waste of paper by saying it measures how schools are doing with educating their students.

Standardized testing can be summed up in four words, it’s this: elite stay in control.

Lesson to be learned: standardized testing is a disease on our education system designed to punish lower socioeconomic schools and to keep those at the higher end of the socioeconomic.

uspirates.org/message-in-a-bot…

What if you could design your 3D print to fall apart on purpose? That’s the curious promise of a new paper from CHI 2025, which brings a serious hacker vibe to the sustainability problem of multi-material 3D printing. Titled Enabling Recycling of Multi-Material 3D Printed Objects through Computational Design and Disassembly by Dissolution, it proposes a technique that lets complex prints disassemble themselves via water-soluble seams. Just a bit of H₂O is needed, no drills or pliers.

At its core, this method builds dissolvable interfaces between materials like PLA and TPU using water-soluble PVA. Their algorithm auto-generates jointed seams (think shrink-wrap meets mushroom pegs) that don’t interfere with the part’s function. Once printed, the object behaves like any ordinary 3D creation. But at end-of-life, a water bath breaks it down into clean, separable materials, ready for recycling. That gives 90% material recovery, and over 50% reduction in carbon emissions.

This is the research – call it a very, very well documented hack – we need more of. It’s climate-conscious and machine-savvy. If you’re into computational fabrication or environmental tinkering, it’s worth your time. Hats off to [Wen, Bae, and Rivera] for turning what might otherwise be considered a failure into a feature.

youtube.com/embed/akN1_7oDHr8?…

hackaday.com/2025/05/30/sustai…

nugole.it/nugoletta/ju/p/17485…

Ju

2025-05-30 05:21:56

Questo è bello.
Storie di Verona: il brigante Falasco.

La torre Falasco è ancora in piedi, costruita in una specie di rientranza - coalo - in una delle molte falesie. Si vede facendo un po' di attenzione quando si risale la Valpantena, è sul lato a sinistra della valle venedo su da Verona.
Nell'articolo dice che s'è perso arrivandoci ma da quel che mi ricordo c'è una stradella abbastanza confortevole che porta su.

larena.it/rubriche/vi-cammino-…

La leggenda del Brigante Falasco. Bello e spietato, era il terrore della valle

I Balladoro, i Leonardi, i Tedeschi, gli Oliboni, i Benella di Laudi, i Rotari, i Padoani, gli Allegri… Perché dal passato riaffiorano... Scopri di più

^{Alessandro Anderloni (L'Arena)}

The Trump administration’s hostility to First Amendment rights extends beyond the press to nonprofit organizations, museums, colleges, and anyone else who might question his infallibility.

But his targeting of the press is a key component of the administration’s effort to appoint itself the country’s sole arbiter of truth. Freedom of the Press Foundation (FPF) Advocacy Direction Seth Stern writes for the Daily Beast that in Trump’s view, “inconvenient truths and malicious lies are equally troublesome. They must be met with equal force.”

Stern urged journalists and others who value press freedom to treat these attacks not as passing storms but as existential threats.

Read Stern’s article here.

freedom.press/issues/when-alte…

Io sono un appassionato di linux e del software libero, potremmo dire un entusiasta. Continuerò a consigliarlo a tutti e ad aiutare gli amici ad installarlo quando vogliono provarlo o migliorare la loro vita digitale.

Ma, non per questo, vivo nel mondo delle fate.

Nel caso di questo articolo, mi trovo molto in disaccordo. A differenza di quanto è scritto nel titolo, ci sono pochi software di livello davvero professionale per l'elaborazione video su Linux: Da Vinci Resolve (ammesso di riuscire a farlo funzionare sulla propria distribuzione se NON è Centos o Rocky, dopo l'installazione) e Blender. Il secondo in realtà è più adatto a chi lavora con il 3D. Nel corpo dell'articolo si va un po' meglio, ma tra le righe si leggono dei limiti che purtroppo ha la soluzione proposta.

Poi ci sono tanti (ma tanti) software che vanno bene soltanto per uso casalingo, e ben venga che ci siano, e poi ci sono le vie di mezzo.

KDEnlive e Cinelerra secondo me sono 2 vie di mezzo, ma nell'articolo sembra che KDEnlive sia la soluzione di tutti i mali, e che il "comune sentire" (che sia difficile lavorare con i video su Linux), sia un errore.

(Inkscape non lo affronto neanche, è bello e completo ma le sue potenzialità sono quelle che aveva Adobe Illustrator 15 anni fa; ormai quel modo di lavorare è vecchio. In altre parole un professionista difficilmente lo userà).

Ecco il punto: nel 2025, per me, il punto non è "se" con una distribuzione linux si possa fare qualcosa, ma "in quanto tempo" e "con quale difficoltà".

Se gli sviluppatori non lavorano su questo, non credo che ci sarà mai una vera diffusione di Linux sul desktop.

Per citare un esempio, ormai anche il blocco note di Windows è pieno di IA, mentre Linux è rimasto indietro su questo fronte (e lo dico dopo l'installazione delle componenti di VOSK necessarie per trascrivere sottotitoli su KDEnlive).

Può piacere o no, ma io credo che l'IA sia qui per restare e per semplificarci la vita: ormai l'utente se la aspetta; non si può pretendere che gli utenti sacrifichino il loro tempo in nome di principi che, magari, neanche condividono.

Se ci fate caso, le soluzioni open che sono massicciamente sul mercato funzionano perché vanno meglio delle soluzioni chiuse per...uno scopo particolare, un esigenza. Sono abbastanza vecchio, ad esempio, per ricordare PERCHE' c'è stato un tempo in cui Firefox era IL browser: perché a differenza di Internet Explorer FUNZIONAVA.

Sarò cinico ma alla maggior parte delle perone non importano i principi, se c'è un modo per convincerle definitivamente è dar loro qualcosa di semplice e che funziona meglio dell'alternativa chiusa.

Mi spiace se urto la sensibilità di qualcuno, nel qual caso chiedo scusa. Questo però è il mio pensiero che non ha lo scopo di distruggere nulla, esprimo tutto ciò con malinconia per qualcosa che potrebbe essere ma non è.

Sta alla comunità cogliere il mio ragionamento con lo spirito che vuole avere: costruttivo.

In ogni caso, ecco l'articolo:

ilsoftware.it/focus/linux-non-…

#linux #opensource #foss #nonuccidetemi

Linux non permette di creare contenuti video professionali. Sbagliato! | IlSoftware.it

Come creare video professionali su Linux utilizzando software open source come Kdenlive, OBS Studio e Inkscape.

^{IlSoftware.it}