Every Thursday of the week, Bastian’s Night is broadcast from 21:30 CEST (new time).

Bastian’s Night is a live talk show in German with lots of music, a weekly round-up of news from around the world, and a glimpse into the host’s crazy week in the pirate movement.

If you want to read more about @BastianBB: –> This way

piratesonair.net/bastians-nigh…

Sono passati dieci anni dal rilascio di Windows 10, il sistema progettato per ripristinare la fiducia degli utenti dopo il fallito esperimento con l’interfaccia di Windows 8. Nel 2015, Microsoft ha cercato di riprendere il controllo dell’ecosistema desktop offrendo una soluzione universale che combinasse un’interfaccia familiare con ambizioni multipiattaforma. Sebbene le aspettative iniziali fossero elevate, la realtà si è rivelata contraddittoria.

Il supporto per Windows 10 terminerà il 14 ottobre 2025. Dopo questa data, Microsoft non fornirà più aggiornamenti di sicurezza gratuiti, aggiornamenti software o assistenza tecnica per Windows 10. I PC continueranno a funzionare, ma diventeranno più vulnerabili a virus, malware e altri problemi di sicurezza.

Windows 10 ha infatti eliminato la maggior parte delle fastidiose innovazioni della versione precedente. Gli utenti sono tornati al desktop familiare, liberati dalla navigazione forzata a “tile”, tipica solo dei tablet. In combinazione con un’ampia copertura della base hardware e la possibilità di aggiornamenti gratuiti da Windows 7 e 8.1, questo ha permesso al sistema di conquistare rapidamente la posizione di leader. Sui computer con SSD, a volte ha persino superato il suo predecessore in termini di velocità di avvio e risposta.

Una delle innovazioni chiave è stato il lancio del programma Windows Insider, che ha permesso agli appassionati di partecipare ai test delle build prima del rilascio. Ciononostante, l’azienda non ha sempre tenuto conto del feedback: aggiornamenti semiautomatici, riavvii forzati e malfunzionamenti nel sistema di distribuzione delle patch hanno causato gravi critiche. Il rilascio dell’aggiornamento di ottobre 2018 , che ha eliminato i file degli utenti, è stato particolarmente doloroso: un errore che è costato a Microsoft perdite di reputazione.

Insieme alla versione desktop, è stato rilasciato Windows 10 Mobile, un tentativo di dare una seconda vita al settore mobile. Tuttavia, la mancanza di un adeguato supporto e di interesse da parte degli utenti ha portato la piattaforma a perdere rapidamente rilevanza. Insieme al fallimento dell’ecosistema mobile, le speranze di un unico spazio Windows che includesse smartphone, tablet e visori come HoloLens sono svanite.

Sulla scia del fallimento della sua strategia mobile, Microsoft si è affidata all’integrazione con il browser. La familiare icona di Internet Explorer è stata sostituita da Edge, un motore EdgeHTML più moderno ma ancora limitato. L’azienda è poi passata interamente a Chromium , riconoscendo di fatto il fallimento della propria implementazione e preferisce la compatibilità all’originalità.

Windows 10 ha segnato una svolta anche per la privacy. L’implementazione massiccia della telemetria , le impostazioni di tracciamento limitate e l’invadente invio di aggiornamenti hanno causato un’ondata di malcontento. Nonostante le garanzie sulla protezione dei dati, molti hanno visto queste mosse come un passo indietro nel rapporto tra utenti e sviluppatori.

Allo stesso tempo, Microsoft promuoveva attivamente il concetto di Universal Windows Platform, un modello astratto che prometteva un unico formato applicativo per tutti i dispositivi. Tuttavia, con il cambiamento di priorità all’interno dell’azienda, UWP si è rapidamente trasformata in un esperimento non reclamato, lasciando gli sviluppatori in un limbo.

Windows 10 ha continuato a dominare il mercato desktop anche quando si avvicinava alla fine del suo ciclo di vita, più a causa della mancanza di interesse per Windows 11, dei severi requisiti hardware di Microsoft e della sua attenzione all’intelligenza artificiale che per un reale impegno nei confronti di Windows 10. Tuttavia, è rimasta una piattaforma stabile e non interattiva, una qualità apprezzata da milioni di utenti.

Col senno di poi, Windows 10 non è stato esattamente una svolta, ma è riuscito a raddrizzare la rotta dopo il maldestro rilascio della versione 8.x e a mantenere in vita l’ecosistema nonostante il cambio di strategia. Era un sistema senza troppe funzionalità, ma con un’enfasi su prevedibilità e funzionalità, e forse era proprio questo che gli utenti stavano aspettando. Con la fine del supporto per Windows 10, non solo la sua storia tecnica volge al termine, ma anche un’intera era in cui Microsoft stava ancora cercando di bilanciare innovazione e stabilità

L'articolo Buon compleanno e RIP Windows 10! Dieci anni di Windows tra successi e fallimenti proviene da il blog della sicurezza informatica.

WarGames fans, rejoice: [Nick Bild] has rebooted WOPR for real. In his latest hack, the Falcon, he recreates the iconic AI from the 1983 film using a Raspberry Pi 400, a vintage SP0256-AL2 speech chip from General Instrument, and Google’s Gemini LLM. A build to bring us back to the Reagan-era.

Where most stop at visual homage, this one simulates true interaction. The Python script acts as dungeon master for Gemini 2.5 Flash, guiding it to roleplay as the WOPR computer. Keypress sounds click-clack in synchrony with every input. Gemini replies are filtered into allophones, through GI-Pi, [Nick]’s own Python library. The SP0256 then gives it an eerily authentic robotic voice, straight out of 1983.

[Nick] himself is no unfamiliar name to Hackaday. Back in 2020, he hosted a Hack Chat where he talked us through getting from ideas to prototype builds. He practices what he preaches, since he carried out projects like a breadboard 6502 computer, home-automation controlling AI sunglasses, and more silly inventions, like dazzle-proof glasses.

So… shall we play a game? If you’ve ever longed to chat with an 80s military AI about thermonuclear war or tic-tac-toe without doubting you end the world in a blink, start on this build.

youtube.com/embed/CZiND41tn_8?…

hackaday.com/2025/07/30/reboot…

Un utente con il nickname Tsar0Byte ha pubblicato su DarkForums, uno dei forum underground più noti nell’ambiente cybercrime, un annuncio scioccante: la presunta compromissione di dati sensibili appartenenti a 96.252 dipendenti Nokia.

Nel post, pubblicato alle 05:15 del giorno precedente, Tsar0Byte rivendica l’attacco e minaccia ulteriori violazioni, parlando apertamente di “breach” e dichiarando che questa esposizione sarebbe solo l’inizio: il prossimo obiettivo sarebbero i sistemi interni, con possibile accesso al codice sorgente e ulteriori dati riservati.

Di seguito la traduzione del post scritto dai criminali informatici.

Siamo penetrati in profondità, oltre le tue aspettative.
Tramite un collegamento vulnerabile di terze parti, abbiamo avuto accesso a dati collegati a 94.500 dipendenti Nokia. Non si tratta di una semplice fuga di notizie. È un cedimento strutturale.
📁 Directory interna completa
📧 Email aziendali
📞 Numeri di telefono
🧠 Ruoli, reparti, sedi
🔗 Tracce LinkedIn, riferimenti interni
🗂️ Documenti interni e registri lato partner
Sei rimasto in silenzio. Pensavi che sarebbe passato inosservato.
Ora il mondo sa quanto sono deboli le tue fondamenta. 💰 Il pacchetto completo è in vendita. Solo acquirenti privati. Deposito a garanzia accettato. Non cerchiamo l’influenza, ma creiamo impatto.

Secondo quanto riportato dall’autore, l’accesso sarebbe avvenuto attraverso una vulnerabilità di terze parti, che ha permesso di scaricare un archivio contenente informazioni dettagliate su oltre 94.500 dipendenti Nokia. Nello specifico, il pacchetto in vendita conterrebbe:

• Directory interna completa
• Email aziendali
• Numeri di telefono
• Ruoli, reparti e localizzazioni
• Tracce LinkedIn e riferimenti interni
• Documenti riservati e log lato partner

L’autore sottolinea che non si tratta di un semplice dump di dati, ma di una compromissione più profonda, che mette a rischio la struttura stessa della sicurezza interna di Nokia. La vendita del database sarebbe riservata a “private buyers only” e i pagamenti sarebbero accettati esclusivamente in Bitcoin (BTC) o Monero (XMR), criptovalute predilette negli ambienti cybercrime.

Tsar0Byte, nel messaggio, si rivolge direttamente a Nokia, accusandola di aver “taciuto” e di aver sottovalutato l’incidente, minacciando di rilasciare ulteriori dati ancora più sensibili se l’azienda non prenderà provvedimenti.

Questo annuncio dimostra ancora una volta come i forum underground come DarkForums rappresentino un vero e proprio mercato nero per il traffico di informazioni riservate, dove vengono venduti dati personali, vulnerabilità e accessi a sistemi compromessi.

Nokia, al momento, non ha rilasciato dichiarazioni ufficiali sull’accaduto. Resta da vedere se si tratta di una reale compromissione o di una tattica per ottenere guadagni illeciti sfruttando l’effetto mediatico. Quel che è certo è che la notizia ha già attirato l’attenzione della comunità cyber e potrebbe rappresentare un grave problema per l’azienda e per la sicurezza dei dati dei suoi dipendenti.

L'articolo Nokia sotto attacco: su DarkForums spunta in vendita il database di quasi 100.000 dipendenti proviene da il blog della sicurezza informatica.

On a Friday afternoon in mid-June, independent journalist Jack Poulson made a curious discovery: An article that we published about the aggressive attempts of a San Francisco-based tech executive named Maury Blackman to censor Poulson’s reporting about his sealed domestic violence arrest had, itself, disappeared from Google search results.

After Poulson alerted us that day, we immediately investigated that weekend. Even when searching for the article’s exact headline – “Anatomy of a censorship campaign: A tech exec’s crusade to stifle journalism” – it didn’t appear on Google search. It did, however, show up atop results on other search engines like DuckDuckGo and Bing. No other articles published by Freedom of the Press Foundation (FPF) seemed to have been suppressed by Google.

A Google search conducted by FPF on June 17 of the exact headline didn’t return the article. Other FPF articles appeared normally.

(Screenshot)

The article removed from Google search reported on a sweeping, persistent effort by Blackman or his apparent representatives to silence reporting by Poulson and his nonprofit Tech Inquiry.

The censorship campaign started after Poulson reported in 2023 about the executive’s 2021 arrest on suspicion of domestic violence against his then-25-year-old girlfriend in San Francisco. Blackman, 53 at the time, was never charged or convicted, and the alleged victim recanted her statements. A California court sealed the arrest report in 2022.

Shortly after the publication of Poulson’s article, Blackman resigned as CEO of Premise Data Corp., a surveillance technology firm with U.S. military contracts.

When Blackman was still Premise’s CEO, the company hired a private investigation and security service firm, and filed legal requests in an attempt to unmask Poulson’s confidential sources. Someone claiming to represent Blackman submitted fraudulent Digital Millennium Copyright Act takedown requests targeting Poulson’s article. Blackman’s attorneys also roped the San Francisco city attorney into an intimidation campaign against Poulson and Substack, which hosts his newsletter.

These tactics all failed.

But that wasn’t all. Blackman also filed a baseless defamation lawsuit against Poulson, his website hosts, and Tech Inquiry that was later dismissed on First Amendment grounds under California’s anti-SLAPP statute (SLAPP, a strategic lawsuit against public participation, refers to legal actions brought to chill speech). Blackman is appealing the dismissal.

And in April, Blackman even filed a lawsuit against the city of San Francisco for allegedly releasing the arrest report. One of the exhibits to a later filing included a May 2024 letter sent by Blackman’s lawyer to an individual that he thought was Poulson’s source, threatening legal action and demanding a $7.5 million settlement payment.

How Google search was exploited

There are several well-known tactics used to suppress or remove results from Google search. Copyright claims (legitimate and frivolous), court orders (real, forged, or otherwise fishy), and warning letters from government agencies have all been used to disappear search results from Google, sometimes as the result of the work of shady reputation management companies.

Our article, however, was vanished from Google search using a novel maneuver that apparently hasn’t been publicly well documented before: a sustained and coordinated abuse of Google’s “Refresh Outdated Content” tool. (In 2023, in response to a public support request flagging the abuse of the tool to de-index pages, Google’s search liaison said that the company would look into it further, but provided no additional information. The request has since been locked and the replies disabled.)

Google’s “Refresh Outdated Content” tool

(Screenshot)

This tool is supposed to allow those who are not a site’s owner to request the removal from search results of web pages that are no longer live (returning a “404 error”), or to request an update in search of web pages that display outdated or obsolete information in returned results.

However, a malicious actor could, until recently, disappear a legitimate article by submitting a removal request for a URL that resembled the target article but led to a “404 error.” By altering the capitalization of a URL slug, a malicious actor apparently could take advantage of a case-insensitivity bug in Google’s automated system of content removal.

That is exactly what happened to our article about the censorship campaign against Poulson. Someone reported an invalid variation of the article’s URL and requested its removal from Google search results. When Google’s crawler encountered the “404 error” following the report, it not only de-indexed the reported URL but also erroneously removed the live, valid article, possibly alongside every other variant of the URL, from search results.

Each time our original article was re-indexed by Google, someone submitted a new removal request for a slightly modified, oddly-capitalized version of the URL’s slug, triggering the same process, and so on. This cycle allowed the person or people submitting the reports to continuously suppress our article from search visibility — resulting in a game of digital Whac-A-Mole.

Nine removal requests targeting the same article on FPF’s site between May 7 and June 23, 2025.

(Screenshot/Google Search Console)

Once we identified the pattern, we took action by canceling the active removal requests in our Google Search Console and manually re-indexing the article so it would reappear in Google search results.

But we weren’t the only targets of this de-indexing scheme. After we alerted Poulson about what we had found, he discovered that two of his articles were similarly targeted using the same Refresh Outdated Content tool during the same time frame as ours.

In total, the two Poulson articles were targeted using this method 21 times. Our article was targeted nine times. The attacks on both websites spanned the same period, May 7 to June 23, strongly suggesting that a single actor was behind the campaign and that the campaign was forced to an end once Google introduced its fix.

Google’s ‘rare’ response and fix

When we reached out about the removal of our article, a Google spokesperson confirmed the abuse to us in an emailed statement on June 27. Initially, the company told us that the Refresh Outdated Content tool “helps ensure our search results are up to date,” adding that they are “vigilant in monitoring abuse,” and that they have “relisted pages that were wrongly impacted for this specific issue.”

This vague response did not explain whether Google already knew about the vulnerability of its tool for abuse, and was unclear about whether only our and Poulson’s pages had been re-indexed, or other websites were also impacted by similar attacks.

In a response to another question about whether this vulnerability has been widely exploited and how many other web pages could have been improperly de-indexed as a result of the abuse of this tool, the spokesperson claimed that “the issue only impacted a tiny fraction of websites,” which is a very unhelpful answer given the internet’s 1 billion websites.

Upon pressing Google with another round of detailed questions about our findings, the company was more forthcoming: “Confirming that we’ve rolled out a fix to prevent this type of abuse of the ‘Refresh Outdated Content Tool,’ the spokesperson said, but added that they “won’t be able to share anymore on this.”

While Google did the right thing by fixing this vulnerability, it’s disappointing that the company is unwilling to be more transparent. Google says that it’s committed to maximizing access to information. If that’s true, it has an obligation to the public to be transparent about how its products can be misused in such a basic way to censor speech.

Did Google know about the problem before we alerted it? Is it aware of other methods used to maliciously de-index search results? The company isn’t saying. But at least now that Google has confirmed that they’ve introduced a universal fix to avoid further exploitation of that bug, we can reveal the scheme’s details.

Google allowing those other than sites’ owners to remove pages from Google search results “is obviously a huge problem,” said Jason Kelley, director of activism at the Electronic Frontier Foundation. “The other issue is the lack of transparency from Google. Site owners would probably never find out if this feature was used to impact their search results, and probably never will find out that this had happened to them now that it’s corrected.”

Kelley described the company’s admission of the issue’s existence and taking it seriously as “rare.”

(EFF lawyers represented Poulson in the case.)

‘Legal failure’

Poulson told us it was “humbling” to realize that a 600-word article on the CEO of a surveillance firm could lead to such cascading censorship efforts, including the recent effort to “sabotage Google search results.”

“Blackman’s attempt to use the courts to scrub his felony arrest report and related news articles from the internet was not just a legal failure,” Susan Seager, a First Amendment lawyer who represents Tech Inquiry, told FPF. She added that his libel and privacy lawsuit against Poulson, Tech Inquiry, Substack, and Amazon Web Services “brought even more publicity to his arrest.”

On Tuesday, Poulson, Tech Inquiry, and Substack were awarded close to $400,000 in attorneys’ fees by the San Francisco Superior Court.

Who might be behind it?

Because Google does not document who submits removal requests through the Refresh Outdated Content tool, we have no way of knowing for certain who was behind the attempts to suppress search results featuring articles by us and Poulson.

We reached out to Blackman, who is now the CEO of a reputation management agency, ironically named The Transparency Company. We asked whether he or one of his associates reported our or Poulson’s articles using the Refresh Outdated Content tool or otherwise attempted to have Google de-index or suppress them. He didn’t respond to our requests for comment.

The good news is that all three articles — ours and Poulson’s — are restored on Google search, and Google claims to have fixed this problem. Plus, the new round of censorship inspired a new round of reporting, including the article you’re reading right now and a new article by Poulson, also published today.

Maybe now, anyone attempting to abuse legal or technical tools to censor journalism will learn the hard truth about the Streisand Effect: it will almost inevitably draw more attention, not less.

freedom.press/issues/censorshi…