It’s sometimes easy to forget that the light in the sky is an actual star. With how reliable it is and how busy we tend to be as humans, we can take that incredible fact and stow it away and largely go on with our lives unaffected. But our star is the thing that gives everything on the planet life and energy and is important to understand. Humans don’t have a full understanding of it either; there are several unsolved mysteries in physics which revolve around the sun, the most famous of which is the coronal heating problem. To help further our understanding a number of scientific instruments have been devised to probe deeper into it, and this adaptive optics system just captures some of the most impressive images of it yet.

Adaptive optics systems are installed in terrestrial telescopes to help mitigate the distortion of incoming light caused by Earth’s atmosphere. They generally involve using a reference source to measure these distortions, and then make changes to the way the telescope gathers light, in this case by making rapid, slight changes to the telescope’s mirror. This system has been installed on the Goode Solar Telescope in California and has allowed scientists to view various solar phenomena with unprecedented clarity.

The adaptive optics system here has allowed researchers to improve the resolution from the 1000 km resolution of other solar telescopes down to nearly the theoretical limit of this telescope—63 km. With this kind of resolution the researchers hope that this clarity will help shine some light on some of the sun’s ongoing mysteries. Adaptive optics systems like this aren’t just used on terrestrial telescopes, either. This demonstration shows how the adaptive optics system works on the James Webb Space Telescope.

Thanks to [iliis] for the tip!

hackaday.com/2025/06/01/adapti…

Gli analisti di Patchstack hanno scoperto una vulnerabilità critica nel plugin TI WooCommerce Wishlist per WordPress. Il problema non è ancora stato risolto e può essere sfruttato dagli aggressori per scaricare file arbitrari.

TI WooCommerce Wishlist ha oltre 100.000 installazioni attive. Il plugin consente ai clienti del negozio online di salvare i loro prodotti preferiti per acquistarli in un secondo momento e di condividere tali elenchi con altri utenti sui social network. “Il plugin è vulnerabile al caricamento di file arbitrario, consentendo ad aggressori non autenticati di caricare file dannosi sul server”, avverte Patchstack.

Alla vulnerabilità è stato assegnato l’identificatore CVE-2025-47577 e ha ricevuto il punteggio massimo di 10 punti su 10 sulla scala CVSS. Il problema riguarda tutte le versioni del plugin elencate di seguito, inclusa la 2.9.2 del 29 novembre 2024.

Come hanno spiegato gli esperti, la radice del problema risiede nella funzione tinvwl_upload_file_wc_fields_factory, che a sua volta utilizza un’altra funzione integrata di WordPress, wp_handle_upload, per eseguire la convalida, ma imposta i parametri di override test_form e test_type su false.

Il parametro test_type viene utilizzato per verificare se il tipo di file MIME (Multipurpose Internet Mail Extension) corrisponde al tipo previsto, mentre test_form viene utilizzato per verificare se il parametro $_POST[‘action’] corrisponde al tipo previsto.

Di conseguenza, impostando test_type su false è possibile ignorare il controllo del tipo di file, consentendo quindi di caricare file di qualsiasi tipo.

Si noti che la funzione vulnerabile è accessibile tramite tinvwl_meta_wc_fields_factory e tinvwl_cart_meta_wc_fields_factory solo quando il plugin WC Fields Factory è attivo sul sito. Ciò significa che lo sfruttamento riuscito del bug è possibile solo se il plugin WC Fields Factory è attivo su un sito basato su WordPress e se l’integrazione è abilitata nel plugin TI WooCommerce Wishlist.

In caso di attacco, un aggressore ha la possibilità di caricare un file PHP dannoso ed eseguire codice in remoto accedendo direttamente al file caricato. Poiché non è ancora disponibile alcuna patch, si consiglia vivamente agli utenti del plugin di disattivarlo o rimuoverlo dai propri siti.

L'articolo Un bug di sicurezza con score 10 affligge un plugin WordPress con 100.000 installazioni proviene da il blog della sicurezza informatica.

Portal 2 is mostly known as the successful sequel to Valve’s weird physics platformer, Portal. It’s not really known for being a webserver. That might change, though, given the hard work of [PortalRunner].

Quite literally, [PortalRunner] hacked the Source engine and Portal 2 to actually run a working HTTP web server. That required setting up the code to implement a TCP network socket that was suitable for web traffic, since the engine primarily functions with UDP sockets for multiplayer use. This was achieved with a feature initially put in the Source engine for server management in the Left 4 Dead games. From there, the game engine just had to be set up to reply to HTTP requests on that socket with the proper responses a visiting browser expects. If the game engine responds to a browser’s connection request with a bunch of HTML, that’s what the browser will display. Bam! You’ve got a web server running in Portal 2.

From there, [PortalRunner] went further, setting things up so that the status of in-game objects effects the HTML served up to visiting web browsers. Move objects in the game, and the served web page changes. It’s pretty fun, and the complexity and features [PortalRunner] implements only get more advanced from there. When he gets into stacking companion cubes to write HTML in visual form, you’ll want to applaud the Minecraftian glory of it all.

The devil is really in the details on this one, and it’s a great watch. In reality, making Portal 2 into a simple web server is far easier than you might have thought possible. Valve’s physics masterpiece really is popular with hackers; we see it popping up around here all the time. Video after the break.

youtube.com/embed/-v5vCLLsqbA?…

hackaday.com/2025/06/01/portal…

Since the tail end of World War II, humanity has struggled to deal with its newfound ability to harness the tremendous energy in the nucleus of the atom. Of course there have been some positive developments like nuclear power which can produce tremendous amounts of electricity without the greenhouse gas emissions of fossil fuels. But largely humanity decided to build a tremendous nuclear weapons arsenal instead, which has not only cause general consternation worldwide but caused specific problems for one scientist in particular.

[Steve Weintz] takes us through the tale of [Dr. John C. Clark] who was working with the Atomic Energy Commission in the United States and found himself first at a misfire of a nuclear weapons test in the early 1950s. As the person in charge of the explosive device, it was his responsibility to safely disarm the weapon after it failed to detonate. He would find himself again in this position a year later when a second nuclear device sat on the test pad after the command to detonate it was given. Armed with only a hacksaw and some test equipment he was eventually able to disarm both devices safely.

One note for how treacherous this work actually was, outside of the obvious: although there were safety devices on the bombs to ensure the nuclear explosion would only occur under specific situations, there were also high explosives on the bomb that might have exploded even without triggering the nuclear explosion following it. Nuclear bombs and nuclear power plants aren’t the only things that the atomic age ushered in, though. There have been some other unique developments as well, like the nuclear gardens of the mid 1900s.

hackaday.com/2025/05/31/disarm…

Today we heard from [Richard James Howe] about his new CPU. This new 16-bit CPU is implemented in VHDL for an FPGA.

The really cool thing about this CPU is that it eschews the typical program counter (PC) and replaces it with a linear-feedback shift register (LFSR). Apparently an LFSR can be implemented in hardware with fewer transistors than are required by an adder.

Usually the program counter in your CPU increments by one, each time indicating the location of the next instruction to fetch and execute. When you replace your program counter with an LFSR it still does the same thing, indicating the next instruction to fetch and execute, but now those instructions are scattered pseudo-randomly throughout your address space!

When the instructions for your program are distributed pseudo-randomly throughout your address space you find yourself in need of a special compiler which can arrange for this to work, and that’s what this is for. Of course all of this is shenanigans and is just for fun. This isn’t the first time we’ve heard from [Richard], we have seen his Bit-Serial CPU and Forth System-On-Chip in recent history. Glad to see he’s still at it!

Thanks to [Richard James Howe] for letting us know about this latest development.

hackaday.com/2025/05/31/can-we…

Monday, the Cambridge Public Safety Committee hosts a hearing to examine Cambridge’s use of ShotSpotters. You can attend in person, via Zoom or email testimony. Meeting details, including how to sign up to testify, are up now.

We especially urge Cambridge Pirates to speak against ShotSpotters, but if you live or work near Cambridge, please come by to speak or attend remotely.

masspirates.org/blog/2025/05/3…

Il 9 febbraio avevo cancellato l'account Facebook, il sistema mi aveva detto che per 30 giorni sarebbe stato solo disattivato e che l'eliminazione vera e propria sarebbe avvenuta solo 30 giorni dopo.

Siamo al 30 maggio e il mio account è ancora lì.

Stasera sono nuovamente entrato e ho rifatto la procedura, al termine della quale il sistema mi ha ancora una volta confermato che la mia richiesta di cancellazione era stata ricevuta, che l'account era stato programmato per l'eliminazione ma che per 30 giorni sarebbe stato solo disattivato, casomai avessi cambiato idea.

Qualcuno di voi è riuscito a cancellarsi per davvero?

Nel frattempo ho scritto al Garante per la Privacy segnalando il problema e chiedendo come fare per poter vedere rispettato il mio diritto ad essere rimosso da quel social network.

Ho visto il primo episodio di Adolescence.

Non avrei mai dovuto farlo.

Dear Friend of Press Freedom,

It’s now the 66th day that Rümeysa Öztürk is facing deportation by the United States government for writing an op-ed it didn’t like. More press freedom news below.

Risking free speech won’t protect kids

Federal agencies are transforming into the speech police under President Donald Trump. So why are some Democrats supporting the Kids Online Safety Act, a recently reintroduced bill that would authorize the MAGA-controlled Federal Trade Commission to enforce censorship?

As Freedom of the Press Foundation (FPF) senior advocacy adviser Caitlin Vogus wrote for The Boston Globe, there’s never an excuse for supporting censorship bills, but especially when the political loyalists at the FTC are sure to abuse any power they’re given to stifle news on disfavored topics. Read the op-ed here.

We’re ready to sue if Paramount executives sell out the press

We’ve written previously about how Trump’s frivolous complaint against Paramount Global over CBS News’ editing of an interview with Kamala Harris threatens the freedoms of other news outlets. Yesterday, Trump proved it by claiming his $20 billion damages demand is based on “mental anguish” due to the answer – which doesn’t even mention him. How’s that for a “snowflake”?

As we informed Paramount Global executives last week, we plan to file a shareholder derivative lawsuit if Paramount settles. We believe any settlement – let alone the eight figure range being discussed – would be an effort to launder bribe money through the courts and would damage Paramount irreparably.

Reports this week in the Los Angeles Times, The Wall Street Journal, and elsewhere have noted that executives fear derivative liability if they settle. They should. Read more here.

Phone companies keep journalist surveillance secret

A letter by Sen. Ron Wyden about surveillance of senators’ phone lines has an important lesson for journalists, too: Be careful in selecting your phone carrier.

Wyden wrote his Senate colleagues revealing which wireless carriers inform customers about government surveillance requests (Cape, Google Fi, and US Mobile), and which don’t (AT&T, Boost Mobile, Charter/Spectrum, Comcast/Xfinity Mobile, T-Mobile, and Verizon). Read more here.

Fallout from silencing Voice of America

As a reporter on the press freedom beat, Liam Scott chronicled abuses against journalists for Voice of America. But now, Scott himself is part of the story.

In March, Trump signed an executive order gutting the United States Agency for Global Media, which oversees VOA. Scott and his colleagues have been or are set to be terminated imminently, and the website hasn’t published a new story in months.

We spoke to Scott about his unique perspective on current threats to press freedom, as both a victim and a journalist covering them. We were joined by Jason Scott of Archive Team, who is working to preserve VOA’s content should it be taken offline. Read more and watch the webinar here.

Administration abuses secrecy rules

Lauren Harper, FPF’s Daniel Ellsberg chair on government secrecy, joined MeidasTouch Network’s Legal AF podcast, “Court of History,” to explain how the Trump administration is abusing secrecy to control the news narrative — and how an FPF Freedom of Information Act win revealed the truth.

Harper was joined by University of Maryland professor Jason Baron in a wide-ranging discussion with co-hosts Sidney Blumenthal and Sean Wilentz. Watch the video podcast here.

Federal police reforms repealed

The same week the Justice Department announced it was dropping federal oversight programs and investigations into more than two dozen police departments, including in Minneapolis, the city held a remembrance marking five years since the murder of George Floyd by a local police officer.

Police abuses of protestors and journalists during the demonstrations that followed Floyd’s murder led to the now-abandoned reforms, including consent decrees in Minneapolis and Louisville dealing with how police should interact with journalists covering protests and their aftermaths. The U.S. Press Freedom Tracker, a project of FPF, has more. Read the Tracker’s coverage here.

What we’re reading

Greene County policy barring staff from speaking to press ‘unconstitutional,’ experts say (The Daily Progress). Local government employees should be able to talk to the press. But in Greene County, Virginia, they can’t. We told The Daily Progress that the county policy is unconstitutional.

Journalist sues LA county, ex-LA county sheriff for criminally investigating her (The Dissenter). It’s good to see journalist Maya Lau stand up for journalists’ right to not be investigated and harassed for doing their jobs.

How to stand your ground, in three (not so easy) steps (American Crisis). Institutions shouldn’t cave to Trump’s threats. Thanks to Margaret Sullivan for citing our plans to sue if Paramount settles with Trump as an example on how to stand your ground.

FBI visits me over manifesto (Ken Klippenstein). Journalists’ sources and newsgathering are none of the FBI’s business. They don’t seriously think Klippenstein was some kind of conspirator — they just want to intimidate him and other journalists.

freedom.press/issues/risking-f…

As a reporter on the press freedom beat, Liam Scott chronicled abuses against journalists at home and abroad for Voice of America. But he was shocked when the experiences of those on the other side of the page became his own.

In March, President Donald Trump signed an executive order suddenly gutting the United States Agency for Global Media, which oversees VOA. Scott and hundreds of colleagues have been or are set to be terminated imminently, and the international news service’s website hasn’t published a new story in months.

To understand more about how Trump’s anti-press tactics threaten the independence of public-interest journalism and what comes next for press freedom in the U.S. and around the world, Freedom of the Press Foundation (FPF) hosted an online webinar May 23 with Scott and Archive Team Co-founder Jason Scott, who is working to preserve VOA’s content should it be taken offline.

youtube.com/embed/mPh-iQlQuMU?…

“After several years of covering press freedom issues, it still feels weird to be in the midst of a press freedom issue that is affecting me and my colleagues,” Liam Scott said. “There is actually a lot that is happening here that reminds me of what I’ve reported on in other countries.”

He also expressed significant concern for colleagues who are in the U.S. on visas. Without authorization to continue working here, they will be forced to return home to countries where austere rules about free speech can lead to jail time or worse, he cautioned.

“VOA has journalists now imprisoned in Myanmar, Vietnam, and Azerbaijan, and there are other journalists from Radio Free Europe and Radio Free Asia who are imprisoned in other countries around the world as well, just for doing their jobs,” Liam Scott said, referring to two other international news services long supported by the U.S. government. “So my immediate concern was if VOA and its sister outlets shut down, who is going to advocate for these reporters?”

Preserving VOA’s online content

While the fate of VOA’s employees hangs in the balance, so too does its website, a resource for readers who live in regions of censorship and can’t access this information anywhere else. Amid fears that the site and the reporting it hosts will vanish from the internet and leave behind thousands of stories, efforts are underway to preserve its contents.

Archive Team members, including Jason Scott, have created an “online footprint” of VOA’s website that contains over 400 gigabytes worth of stories. It’s paramount to ensure a replica of the site exists before its potential takedown, he said, because the work cannot be done retroactively.

“The conversation about whether or not to save something usually stops once it’s gone,” he added.

As a general rule of thumb, Jason Scott recommended that journalists keep multiple copies of their work in different locations, in the event they lose access to where their work is published.

Doing so is especially important in the current digital climate under the Trump administration, which has scrubbed countless federal webpages.

In that sense, said Jason Scott, it bears resemblance to a startup company.

“You move fast, you break things, you work it out later. If something can’t be explained to you in two seconds, get rid of it,” he added. This slash-and-burn approach, a Trump administration hallmark, can wreak havoc for preservation efforts because it evokes a digital “entropy” that can change data access on a dime, said Jason Scott.

While trawling internet data can be exhausting, so can reporting through censorship. Liam Scott, who has continued his work on the press freedom beat at outlets elsewhere, said it’s important “to not get fatigued” and to remember that threats and retaliation are often reactions to strong journalism, which underscores the need to protect the rights of those doing the work.

“Attacks on journalists are also attacks on the public,” he said. “Because when you’re attacking a journalist, you’re attacking the information that they’re trying to share with their audience — information that is so important for how we live our lives.”

Just as accountability is met with reprisal, archiving data is met with unpredictability. As the Archive Team compiles the work of countless VOA journalists who risked their lives to report the truth, Jason Scott said to remember that data preservation is an uphill battle. The power to decide what stays online often belongs to those with the most effective keys to the internet: powerful institutions like the government.

“Data is an incredible devil’s bargain,” he said. “Entropy is the house, and the house always wins.”

freedom.press/issues/silencing…