Once upon a time, a computer could tell you virtually nothing about an image beyond its file format, size, and color palette. These days, powerful image recognition systems are a part of our everyday lives. They See Your Photos is a simple website that shows you just how much these systems can interpret from a regular photo.

The website simply takes your image submission, runs it through the Google Vision API, and spits back out a description of the image. I tried it out with a photograph of myself, and was pretty impressed with what the vision model saw:

The photo is taken in a lush green forest, with tall trees dominating the background. The foreground features a person, who appears to be the subject of the photograph. The lighting suggests it might be daytime, and the overall color palette is heavily saturated with shades of green, almost artificial in appearance. There’s also some dried vegetation visible to the left, suggesting a natural setting that is possibly a park or woodland area.

The subject is a young to middle-aged Caucasian male with shoulder-length, light-colored hair. He seems serious, perhaps pensive or slightly uneasy. His clothing —a green and yellow checkered shirt over a green and black striped shirt—suggests a casual or outdoorsy lifestyle. He might be of middle to lower-middle class economic standing. It looks like he’s crouching slightly, possibly for the picture. The image lacks metadata on the camera device used or the time the photo was taken. He appears to be alone in the photo, indicating an individualistic or solitary experience.

The saturation level of the greens and yellows is unusually high, hinting at possible digital editing post-capture. There is a very slight blur, particularly noticeable in the background which could be from a smaller aperture or shallow depth of field when captured, creating a focus on the subject. The color alteration and seemingly intentional focus on the subject suggest it may not be a candid shot but rather a posed photograph, possibly with an artistic or stylistic goal.

The system doesn’t get satire or memes, though.
The model did very well—easily determining both the vague type of locale , and the fact that my shirt implies I don’t have a Ferrari at home in my garage. It also picks up on the fact that it was a posed photograph with certain artistic intent.

Back in 2014, the webcomic XKCD stated that it would be an inordinately difficult task for a computer to determine if a digital photo contained a bird. These days, a computer model can tell us what’s in a photo down to the intimate details, and even make amusing assertions as to the lives of the subjects in the image and their intentions. We’ve come a long way, to be sure.

Machine vision is still far from perfect—there are ways to fool systems and areas in which they still don’t stack up to real humans. The only thing we know for certain is that these systems will continue to improve.

hackaday.com/2024/12/17/see-wh…

Siamo in un’era in cui siamo sommersi da un’infinità di segnali e impulsi digitali che, in qualche modo, governano il nostro modo di agire e di interagire con ciò che ci circonda. Ma cosa succederebbe se potessimo hackerare questi segnali e far sì che il mondo risponda ai nostri comandi?

Prendiamo, ad esempio, un dispositivo straordinario come il Flipper Zero: con esso è possibile divertirsi eseguendo attacchi semplici ed efficaci, che nella maggior parte dei casi hanno esito positivo. Ma se ti dicessi che non è necessario possedere un Flipper preconfezionato per riuscire ad aprire la portiera di una Tesla?

Andiamo con ordine. Il Flipper Zero vanta una grande comunità di sviluppatori attivi e competenti, un motivo di orgoglio per chi lo utilizza. Tuttavia, esiste anche un mondo sommerso che si sta sviluppando a ritmi incredibilmente veloci.

In questo mondo, i dispositivi hanno costi ridotti, ma richiedono una maggiore manutenzione e supervisione. È un mondo in cui appassionati e professionisti, con grande entusiasmo, lavorano ogni giorno per sviluppare firmware personalizzati, rendendo utilizzabili anche dispositivi meno noti, ma perfettamente adatti allo scopo.

Un esempio?

Dispositivi come LilyGO T-Embed CC1101, che, con firmware specifici come “Bruce“, possono facilmente eseguire attacchi RF, RFID, IR, NFC, NRF, BLE, WIFI e altri ancora
Una LilyGO T-Embed CC1101

Conclusione

Questi strumenti, con la loro accessibilità e versatilità, stanno ridefinendo il concetto di hacking moderno: non più appannaggio esclusivo degli esperti, ma un fenomeno sempre più alla portata di chiunque abbia la giusta curiosità e competenza.

Tuttavia, questa crescente potenza solleva interrogativi importanti: fino a che punto possiamo spingerci?

E soprattutto, siamo davvero pronti a confrontarci con un mondo in cui ogni segnale può essere intercettato, manipolato o sfruttato?

La tecnologia ‘punk’ è qui per restare, e sta a noi decidere come utilizzarla: come uno strumento di scoperta e innovazione o come un’arma capace di sfidare ogni sistema.

Nascondere queste tecnologie non porta a nulla di buono, ma occorre conoscerle creando consapevolezza. Infatti rimane sempre il concetto “etico” dietro ad ogni device. Ovvero comprendere le minacce per apportare i miglioramenti per rendere il nostro mondo sempre più sicuro

L'articolo Flipper e Lily per l’hacking di auto e dispositivi smart! La tecnologia Punk che spaventa il mondo proviene da il blog della sicurezza informatica.

The ease of integrating bendy parts into designs is one of 3D printing’s strengths. A great example of this is [uhltimate]’s six-shot blaster which integrates several compliant mechanisms. The main blaster even prints in one piece, so there’s not even any assembly required.
The ergonomics are unconventional, but the design is pretty clever.
The blaster itself has three main parts: the trigger, the sear, and the striker. Each of them rely on compliant mechanisms in order to function. The user pulls back the trigger, which hooks into and pulls back the striker. When the trigger is pulled back far enough, the sear releases the striker. This zips forward and slams into a waiting projectile, sending it flying.

The other interesting part is the projectiles and magazine in which they sit. The magazine fits onto the front of the blaster and pulling the trigger allows the magazine to drop down, putting the next projectile into firing position. After the final round is fired, the empty magazine falls away. It’s a pretty clever design, even if the ergonomics are a little unusual and it relies on gravity in order to feed. Tilt it too far sideways or upside down, and it won’t load properly.

We’ve seen compliant mechanisms used for projectile firing before, but this design really raises the bar in the way it does more than just firing the striker.

3D printing allows rapid iteration of designs, which makes devices that rely on compliant mechanisms much easier to develop and fine-tune.

youtube.com/embed/7Y1OKlcw78g?…

hackaday.com/2024/12/17/3d-pri…

Recentemente, questa espressione è diventata la parola dell’anno secondo la Oxford University Press. Questo termine si riferisce a “un sospetto deterioramento della condizione mentale o intellettuale associato al consumo eccessivo di materiali considerati minori o non stimolanti il ​​pensiero”.

Se la frase “decadimento mentale” veniva originariamente utilizzata per criticare il disinteresse verso idee complesse, oggi viene rievocata per esprimere un fenomeno che si manifesta quotidianamente nel consumo di contenuti digitali.

Ma di cosa si tratta?

L’uso del termine “decadimento mentale” è aumentato del 230% dal 2023 al 2024. Il primo uso documentato della frase risale al 1854, quando Henry David Thoreau, nel suo libro Walden, criticò la tendenza della società a svalutare idee complesse.

Benvenuti nell’era del Decadimento mentale

Nell’era dell’Intelligenza Artificiale generativa, dei social media e delle piattaforme di streaming, siamo circondati da contenuti facili e veloci. Questo ambiente favorisce la velocità e la semplicità, a discapito della riflessione profonda. Ciò che un tempo era visto come un rischio, oggi è diventato un problema concreto. Il dibattito sulla qualità del pensiero umano e sulla salute mentale è più vivo che mai.

Il termine “decadimento mentale” non si limita a descrivere la qualità del contenuto che consumiamo, ma allude anche alla nostra capacità di impegnarci con esso. La psicologia suggerisce che il nostro cervello è naturalmente incline a cercare gratificazione immediata, una tendenza che trova terreno fertile nelle forme brevi di contenuti digitali, come i video di TikTok o i post di Instagram. Questo tipo di stimolazione immediata può ridurre la nostra capacità di concentrarci per periodi prolungati, contribuendo a una “decadimento” della nostra attenzione e della nostra capacità di analizzare in profondità le informazioni.

Inoltre, il consumo di contenuti facilmente fruibili può ridurre l’inclinazione a sviluppare competenze cognitive complesse, come il pensiero critico e la riflessione profonda. In una società sempre più connessa, dominata dall’Intelligenza Artificiale, dove le informazioni si accumulano a ritmi vertiginosi, l’abilità di selezionare, filtrare e riflettere sulle informazioni diventa sempre più rara.

L’impatto della cultura digitale sulle generazioni Z e Alpha

Le generazioni più giovani sono particolarmente vulnerabili agli effetti del “decadimento mentale”. Essendo cresciute in un ambiente dove la tecnologia permea ogni aspetto della vita quotidiana, i ragazzi della Generazione Z e Alpha hanno un rapporto ambivalente con i media digitali. Da un lato, sono consapevoli dei pericoli legati al consumo passivo di contenuti, ma dall’altro, sono anche i maggiori consumatori di questi contenuti. Questo paradosso crea una frattura tra il desiderio di esplorare idee complesse e l’influenza delle piattaforme digitali che spesso promuovono una cultura del “clic veloce” e del “divertimento immediato”.

Le discussioni sul “decadimento mentale” potrebbero rappresentare un campanello d’allarme per queste generazioni, portandole a riflettere sulle loro abitudini digitali e sull’impatto che queste hanno sul loro sviluppo cognitivo e sociale.

Ritorno alla qualità: Come contrastare il “decadimento mentale”

Per contrastare gli effetti negativi del “decadimento mentale”, è fondamentale riscoprire l’importanza di contenuti che stimolino un pensiero più profondo e complesso. La promozione di letture più lunghe, la valorizzazione di contenuti educativi e la creazione di esperienze digitali che incoraggino l’interazione autentica, piuttosto che il consumo passivo, sono passi cruciali per invertire questa tendenza.

Inoltre, è essenziale educare le nuove generazioni alla consapevolezza digitale, insegnando loro a riconoscere e a districarsi tra contenuti di qualità e materiale superficiale. Solo così potremo mantenere un equilibrio tra il mondo virtuale e quello reale, favorendo la crescita intellettuale e il benessere mentale.

Conclusione

In definitiva, il “decadimento mentale” non è solo una riflessione sulla superficialità dei contenuti che consumiamo, ma una sfida culturale che invita ciascuno di noi a riflettere su come la tecnologia influisce sulla nostra vita quotidiana.

Se da un lato la tecnologia offre innumerevoli opportunità di apprendimento e connessione e facilità il lavoro quotidiano (vediamo ad esempio le AI Generative), dall’altro, richiede anche una maggiore consapevolezza e responsabilità nel suo utilizzo.

Le nuove generazioni, in particolare, devono trovare il giusto equilibrio che consenta loro di utilizzare il digitale in modo sano, con una mente attenta e critica, pronta ad affrontare le sfide del futuro, perché nel bene o nel male, ce ne saranno tante da affrontare.

L'articolo Decadimento Mentale: La Tecnologia Sta Rovinando le Nostre Menti? proviene da il blog della sicurezza informatica.

In late October 2024, a new scheme for distributing a certain Android banking Trojan called “Mamont” was uncovered. The victim would receive an instant message from an unknown sender asking to identify a person in a photo. The attackers would then send what appeared to be the photo itself but was actually a malware installer. Shortly after, reports surfaced of Mamont being disseminated through neighborhood chat groups. Cybercriminals were touting an app to track a parcel containing household appliances they said they were offering for free. In reality, this was malware with no parcel-tracking functionality whatsoever. Both scams targeted individual users only. Recently, however, we noticed a number of websites promoting a variety of bulk-priced goods that could attract both individual bargain hunters and businesses. A closer look revealed a previously unknown Mamont dissemination pattern.

How we tried to save some cash on a purchase

As we began our investigation, our attention was drawn to websites that offered various products at wholesale prices. We decided to place an order to see if there was a catch. The contact details for one of the stores contained a link to a dedicated private Telegram chat that instructed users to DM their manager to place an order.

Reach out to the agent to place an order

We did just that, checked the details, and made an order. They told us we could pay on delivery with no advance payment whatsoever. This was likely a way for the criminals to avoid arousing suspicions.

The agent requests shipping details

We were notified the following day that our order had shipped and could be tracked with a special mobile app linked in a message from the manager. The link directed users to a phishing site offering to download Mamont for Android (12936056e8895e6a662731c798b27333). The link came with a tracking number that had to be entered in the app. We reported the scam accounts and channels to Telegram, but the messaging service had done nothing to block them at the time of writing this.

The phishing link sent by the manager

We have to give it to the operators: the scam was quite convincing. The private channel was full of users asking questions, no prepayment was necessary, and the “shipping” took a credible length of time. We can’t rule out, however, that some of the group members were, in fact, bots keeping potential victims distracted. Our security products detect the malware spreading via this scam as Trojan-Banker.AndroidOS.Mamont.

The inner workings of the “tracker app”

When launched, the Trojan requests permission to run in the background, and access to push notifications, text messaging, and calls. It then asks the victim to enter the tracking number previously received from the scammers, and sends a POST request containing device information along with the number to the C2 server. We believe the scam operators use that number for victim identification. If the POST request returns a 200 code, the Trojan opens a window that supposedly downloads order details.

Sending data to the C2

The app also starts two malicious services. The first one hijacks all push notifications and forwards them to the attackers’ server. The other one sets up a connection with the attackers’ WebSocket server. The server responds with JSON-formatted commands. The “type” field in the object contains the command name. The object may also contain other fields with command arguments. The full list of commands with their descriptions is given in the table below.

The “custom” and “photo” commands, designed to trick the user into giving away data, call for special attention. The “custom” command can be used to manipulate the victim into giving up various login details. When the app receives that command, the user sees a window with a text box for entering data, which is then sent to the command-and-control server. The “photo” command is similar to “custom”, but instead of a text box, it displays an image upload window. It appears that the attackers do this to harvest data for further social engineering scams like posing as law enforcement or a regulatory agency to trick users into sending money. Additionally, cybercriminals can leverage the banker’s capabilities to directly extract data from victims during this manipulation for added credibility.

Victims

The Mamont campaign exclusively targets Android phone users in Russia as highlighted by the operators themselves.

According to Kaspersky Security Network (KSN) anonymized telemetry data consensually provided by users, our security products blocked more than 31,000 Mamont attacks under the guise of a parcel-tracking app in October and November 2024.

Conclusion

What makes the scam detailed above notable is that both individual users and businesses may take the bait. The attackers lure victims with bulk-priced offers, spreading malware disguised as parcel-tracking apps. Admittedly, the scam is highly convincing and may well look like a bona fide offer to the victim. Besides, the scammers get the victim to contact them first, which boosts the level of trust.

Simple as it may be, the Trojan possesses the essential feature set for stealing login credentials through windows with customizable text elements and controlling SMS banking. We recommend following a few simple rules to avoid getting infected with this and other malware.

• Don’t click links in messages you get from strangers.
• Be wary of overly generous offers you come across online.
• Avoid downloading apps from anywhere but official sources.
• Use a reliable security solution to keep malware away from your device.

Indicators of compromise

C2 server
apisys003[.]com

MD5
12936056e8895e6a662731c798b27333

securelist.com/mamont-banker-d…

Avete notato anche voi che il social nato per i "contatti professionali" ultimamente è diventato un Instagram per boomer?

spreaker.com/episode/dk-9x13-i…

##

La recente presentazione del Calendario CITES dei carabinieri Forestali che si occupano di tale materia, fornisce l'occasione per tornare a parlare di questo particolare servizio, non conosciuto da molti, che ha importanti ricadute in ambito di cooperazione internazionale tra forze di polizia.
Nel 1973, nell'ambito delle attività dell'ONU per l'ambiente, 80 paesi firmarono a Washington la Convenzione CITES (Convention on International Trade of Endangered Species) per la tutela della biodiversità, attraverso il controllo del commercio di specie di flora e fauna, rischio di estinzione o particolarmente vulnerabili.
Entrata in vigore il 1° luglio 1975, oggi conta ben 183 paesi, quasi la totalità dei componenti della comunità internazionale. Anche l'Italia quale paese membro, si è dotata di una specifica normativa, che è la legge 150 del 1999.
L’Arma dei carabinieri ha un ruolo da protagonista, quale co–Autorità di gestione.
Il commercio illegale delle specie selvatiche (wildlife traffic) è uno dei traffici illeciti più importanti al mondo, dopo quello di droga, armi ed esseri umani, ed è un fenomeno per sua natura transnazionale, che per essere contrastato richiede la collaborazione di organismi, autorità, organizzazioni governative e non–governative (ONG), per la raccolta delle informazioni, la loro disseminazione, lo scambio di esperienze, di tecniche investigative e di intelligence. Per questa ragione, su tutto il territorio nazionale sono dislocati oltre 50 uffici CITES che rilasciano mediamente circa 80.000 certificati che consentono l'importazione dopo verifiche all'anno, riguardanti animali riprodotti in cattività, ma anche zanne ed oggetti in avorio di elefante, articoli in pelle di rettile, tessuti e pellicce pregiati, piante ornamentali, legname e prodotti derivati dal legno.

Un’altra importante funzione del Servizio CITES è quello di educare alla legalità e sensibilizzare i cittadini, tra i quali vi sono anche viaggiatori e turisti.

L’Italia è un Paese di destinazione, si pensi ad esempio alla importazione illegale di pappagalli tropicali, ma va al riguardo sottolineato come sia anche Paese di origine del traffico: vi sono gruppi criminali coinvolti nella raccolta di nidi e nel traffico di specie di uccelli in via di estinzione (cardellini, verzellini ed altri), il cui mercato principale sono i Paesi europei. Cavallucci marini e i cetrioli di mare invece, raccolti lungo gli habitat costieri italiani, sono specie trafficate verso mercati cinesi.

Il video di presentazione del Calendario si può vedere qui
materialious.nadeko.net/search…

@Notizie dall'Italia e dal mondo

Un post allarmante è stato recentemente individuato nel Dark Web, dove un Threat Actor sta promuovendo una presunta vulnerabilità 0-day Remote Code Execution (RCE), in grado di compromettere i due browser più diffusi al mondo: Google Chrome e Microsoft Edge.

Questa segnalazione solleva serie preoccupazioni all’interno della comunità della sicurezza informatica, evidenziando il potenziale rischio di sfruttamento di una falla non ancora divulgata, con implicazioni che potrebbero mettere in pericolo la sicurezza di milioni di utenti a livello globale.

L’offerta dell’hacker: bug bounty o vendita diretta

Secondo quanto dichiarato nel post, il Threat Actor afferma di aver scoperto la vulnerabilità, ma di non averla ancora resa pubblica. Il Cybercriminale ha avanzato due opzioni:

• Trovare un programma di bug bounty che accetti pagamenti in criptovaluta e non richieda procedure di identificazione personale.

• Vendere direttamente la vulnerabilità, limitando la transazione a compratori in grado di fornire prove di fondi o che possiedano uno status di “acquirente fidato”.

Il prezzo di partenza richiesto è di 100.000 dollari, con transazioni esclusivamente in criptovaluta, un dettaglio che sottolinea la volontà di mantenere l’anonimato e rende difficile rintracciare le operazioni.

Potenziali rischi della vulnerabilità

Se autentica, questa vulnerabilità rappresenta una minaccia significativa sia per gli utenti individuali che per le aziende. Una falla RCE consente agli attaccanti di eseguire codice arbitrario da remoto, aprendo la strada a diverse tipologie di attacco:

• Compromissione dei dispositivi, utilizzando exploit specifici.
• Furto di dati sensibili, incluse credenziali e informazioni personali.
• Distribuzione di malware, come ransomware o spyware, con impatti potenzialmente estesi e dannosi.

La gravità di una vulnerabilità 0-day risiede nella sua natura: essendo sconosciuta al pubblico e ai fornitori, non esistono patch o misure di difesa immediate, lasciando gli utenti esposti a possibili attacchi.

Conclusione

L’episodio sottolinea ancora una volta il ruolo cruciale della cybersecurity in un panorama digitale sempre più complesso e minaccioso. Il Dark Web continua a essere un punto di scambio per falle di alto profilo, mettendo in evidenza la necessità di un monitoraggio costante e di una risposta rapida alle minacce emergenti. La prevenzione e l’adozione di misure proattive restano le armi più efficaci per contrastare un ambiente in cui ogni vulnerabilità rappresenta un’opportunità per i Cybercriminali e un potenziale disastro per utenti e organizzazioni.

L'articolo Minaccia Dal Dark Web: Un Bug RCE 0-Day per Chrome ed Edge in Vendita nelle Underground proviene da il blog della sicurezza informatica.

L’Ufficio federale per la sicurezza dell’informazione (BSI) della Germania ha interrotto la botnet Badbox. Il malware con lo stesso nome è preinstallato sui dispositivi Android e sono stati scoperti più di 30.000 dispositivi infetti. Tra questi cornici per foto digitali, lettori multimediali, set-top box TV e probabilmente smartphone e tablet nel paese.

Ricordiamo che l’anno scorso gli specialisti di Human Security e il ricercatore indipendente sulla sicurezza informatica Daniel Milisic hanno avvertito che migliaia di dispositivi IoT sono infettati da Badbox e tale botnet viene venduta con il malware pre-installato. È stato poi riferito che le backdoor contenevano almeno sette set-top box e un tablet e che anche più di 200 modelli di altri dispositivi Android mostravano segni di infezione.

Tuttavia, i ricercatori non sono riusciti a scoprire in quale fase della catena di approvvigionamento si verifica la compromissione. Il fatto è che i dispositivi sono prodotti in Cina e, prima che cadano nelle mani dei rivenditori, al loro firmware viene aggiunta una backdoor. Ad esempio, i set-top box Android economici per lo streaming video (di solito costano meno di 50 dollari) sono risultati infetti. Spesso venduti con marchi diversi o senza alcun marchio, quindi è difficile tracciarne l’origine e la catena di fornitura;

Badbox è un malware Android che viene utilizzato per rubare dati. Inoltre installa malware aggiuntivo e consentire agli aggressori di ottenere l’accesso remoto alla rete su cui si trova il gadget infetto.

Quando un dispositivo infetto si connette per la prima volta a Internet, il malware contatta il suo server di comando e controllo. Comunica quindi a Badbox quali servizi dannosi eseguire e riceve anche tutti i dati rubati dalla rete della vittima.

Secondo gli esperti, il malware è in grado di rubare codici di autenticazione a due fattori, installare altri programmi dannosi e creare nuovi account di posta elettronica e di messaggistica per diffondere notizie false. Inoltre, come notato nel 2023, gli operatori Badbox possono essere associati a frodi pubblicitarie e i gadget infetti che vengono talvolta utilizzati come proxy residenziali.

BSI ha ora riferito di essere riuscito a bloccare le comunicazioni tra i dispositivi infetti da Badbox e la loro infrastruttura di gestione tramite il sinkhole delle query DNS. Tutti i fornitori Internet del Paese che servono più di 100.000 abbonati hanno ricevuto istruzioni adeguate.

Di conseguenza, il malware comunica invece che con i server di controllo degli aggressori, con server controllati dalla polizia. Ciò impedisce al malware di trasmettere dati rubati agli hacker e di ricevere nuovi comandi da eseguire sui dispositivi infetti.

Ora tutti i possessori di dispositivi infetti riceveranno notifiche dai propri provider Internet (a seconda dell’indirizzo IP). Le forze dell’ordine sottolineano che chiunque riceva tali notifiche dovrebbe immediatamente disconnettere i dispositivi infetti da Badbox dalla propria rete. Oppure, meglio ancora, smettere del tutto di utilizzarli.

L'articolo Badbox Malware: Più di 30.000 dispositivi Android compromessi in Supply-Chain proviene da il blog della sicurezza informatica.

Air hockey is a fun game, but it’s one you can’t play by yourself. That is, unless you have a smart robot hockey player to act as your rival. [Zeroshot] built exactly that.

The build is based around a small 27-inch air hockey table—not exactly arcade-spec, but big enough to demonstrate the concepts at play. The robot player moves its mallet in the X and Y axes using a pair of NEMA17 stepper motors and an H-belt configuration. To analyze the game state, there’s a Raspberry Pi 3B fitted with a camera, and it has a top-down view of the board. The Pi gives the stepper motors commands on how to move the mallet via an Arduino that communicates with the stepper drivers. The Pi doesn’t just aim for the puck itself, either. With Python and OpenCV, it tries to predict your own moves by tracking your mallet, and the puck, too. It predicts the very-predictable path of the puck, and moves itself to the right position for effective defence.

Believe it or not, we’ve featured quite a few projects in this vein before. They’ve all got their similarities, and their own unique quirks. Video after the break.

youtube.com/embed/VZdKkK-lPW4?…

[Thanks to hari wiguna for the tip!]

hackaday.com/2024/12/16/robot-…

When it comes to aviation curiosities, few machines captivate the imagination like the Fairey Rotodyne. This British hybrid aircraft was a daring attempt to combine helicopter and fixed-wing efficiency into a single vehicle. A bold experiment in aeronautical design, the Rotodyne promised vertical takeoffs and landings in cramped urban spaces while offering the speed and range of a regional airliner. First flown in 1957, it captured the world’s attention but ultimately failed to realize its potential. Despite featured before, new footage keeps fascinating us. If you have never heard about this jet, keep reading.

The Rotodyne’s innovative design centered around a massive, powered rotor that utilized a unique tip-jet system. Compressed air, mixed with fuel and ignited at the rotor tips, created lift without the need for a tail rotor. The result: a smoother transition between vertical and forward flight modes. Inside, it offered spacious seating for 50 passengers and even had clamshell doors for cargo. Yet its futuristic approach wasn’t without drawbacks—most notably, the thunderous noise produced by its rotor jets, earning complaints from both city planners and residents.

Despite these hurdles, the helicopter plane crossover demonstrated its versatility, setting a world speed record and performing groundbreaking intercity flights. Airlines and militaries expressed interest, but escalating development costs and noise concerns grounded this ambitious project.

To this day, the Rotodyne remains a symbol of what could have been—a marvel of engineering ahead of its time. Interested in more retro-futuristic aircraft tales? Read our previous story on it, or watch the original footage below and share your thoughts.

youtube.com/embed/Xa0G6brh420?…

hackaday.com/2024/12/16/versat…

[Mark B] had a problem. He’d come into possession of an Acer N30 PDA, sans batteries. He couldn’t just throw any old cells in, since the unit expected to communicate with an onboard controller chip in the original pack. What ensued was his effort to emulate the original battery controller hardware. This is classic Hackaday right here, folks.

Just wiring in typical Li-Ion voltages to the PDAs battery pins wasn’t enough to make this Windows CE device happy. The device kept fleeing to sleep mode, thinking the battery was faulty or very low. Eventually, inspecting the motherboard revealed the PDA hosted a BQ24025 charger IC from Texas Instruments. [Mark] surmised it was trying to communciate with a BQ26500 “gas gauge” IC from the original battery pack. Armed with that knowledge, he then set about programming an STM32 chip to emulate its behavior. He then successfully ported the functionality over to a CH32V003 microcontroller as well. Paired with a Nokia BL-5CT battery, he had a working portable power solution for his PDA.

It’s great to see ancient hardware brought back to functionality with some good old fashioned hacking. I’d hoped to do the same with my Apple Newton before someone nicked it from my lounge room, more’s the pity. If you’re rescuing your own beleaguered battery-powered portables, don’t hesitate to let us know!

hackaday.com/2024/12/16/emulat…

In most natural environments, fish are able to feed themselves. However, if you wanted to help them out with some extra food, you could always build a 3D-printed boat to do the job for you, as [gokux] did.

The concept is simple enough—it’s a small radio-controlled boat that gets around the water with the aid of two paddle wheels. Driven together, the paddle wheels provide thrust, and driven in opposite directions, they provide steering. A SeeedStudio XIAO ESP32 is the brains of the operation. It listens into commands from the controller and runs the paddle drive motors with the aid of a DRV8833 motor driver module. The custom radio controller is it itself running on another ESP32, and [gokux] built it with a nice industrial style joystick which looks very satisfying to use. The two ESP32s use their onboard wireless hardware to communicate, which keeps things nicely integrated. The boat is able to potter around on the water’s surface, while using a servo-driven to deliver small doses of food when desired.

It’s a neat build, and shows just what you can whip up when you put your 3D printer to good use. If you’d like to build a bigger plastic watercraft, though, you can do that too. Video after the break.

youtube.com/embed/HWH-6doB_aM?…

hackaday.com/2024/12/16/3d-pri…

A long-term project of mine is the the Sony Vaio new mainboard project. A year ago, I used it as an example to show you the cool new feature in KiCad 8, known as “background bitmaps”.

There are a heap of cool aspects to this specific Sony Vaio. It’s outrageously cute and purse-sized, the keyboard is nice enough for typing, motherboard schematics are available (very important!), and it’s not too terribly expensive. Of course, the most motivating aspect is that I happen to own one, its mainboard is not in the best state, and I’ve been itching to make it work.

It turned out to be a pretty complicated project, and, there was plenty to learn – way more than I expected in the beginning, too. I’m happy to announce that my v1 PCB design has been working wonders so far, and there are only a few small parts of it left untested.

I know that some of you might be looking to rebuild a lovely little computer of your choice. Hell, this particular laptop has had someone else rebuild it into a Pi-powered handheld years ago, as evidenced by this majestic “mess of wires” imgur build log! In honor of every hacker who has gotten their own almost-finished piece of hardware waiting for them half-assembled on the shelf, inside a KiCad file, or just inside your mind for now, let’s go through the tricks and decisions that helped made my board real.

Barely Any Space? Plan It Out Well

I recently finished and tested the first revision of this motherboard. It’s a tightly packed four-layer board, populated from both sides, and I want to show it off – describe how I designed it, the various low-level and high-level decisions that went into it, and strategies that I used to make sure this board became real and workable despite the odds.

First of all, the original article has helped in more than one way. Most importantly, I was lucky be contacted by [Exentio], a hacker who was also looking at remaking this particular Vaio with a Compute Module. He had designed two crucial blocks: a display parallel RGB to LVDS converter and a keyboard controller board. From my side, I could help and design review these boards, and design the backlight circuit, uhhh, eventually. Having these blocks was instrumental in me feeling comfortable enough to start the Vaio board design!

At some point in May, I realized I had the board outline and two of the crucial building blocks tested and ready to go, thanks to [Exentio]’s effort – there was barely anything else left that could hold me back. I started playing with the design by throwing these blocks into the schematic and copy-pasting some of my own general building blocks in, for instance, a PAM2306 dual-channel buck regulator, a USB hub, and two simple powerpaths for initial power management.

One trick that’s definitely helped from the start, is planning out locations for the building blocks using empty squares on the silkscreen, ensuring I’d keep space for everything. It didn’t have to be the perfect kind of planning, and I still had to move things here and there during layout, but it’s definitely helped in that I didn’t end up requiring any giant moves and rearrangements.
The silkscreen separations turned out to be super helpful for starting the board. Half of them ended up moving, but they did serve as a helpful “what to expect and where” TODO list
If you want to make your estimates more precise or make more educated layout guesses, don’t limit yourself to squares – just throw footprints (“Add Footprint”) onto the board before you even get to their schematic – any little bit of pre-planning that helps you avoid moving large chunks of your layout later. This applies doubly to connectors – you might not have the symbols for them wired up or even ready yet, but if you make sure the required external connectors are present on the board from the start, it will help you avoid some nasty moves.

Another crucial trick was spending about an hour-two on this board every day, for a week or two. A large project like this will take a fair bit of time, so you’ll want to make sure you can put tons of effort into it, and be emotionally prepared that it won’t happen in an evening’s time – this one took about two weeks. I also kept a TODO list in the schematic – you really want a place to note even the smallest things, from features, to potentially problematic spots that you’ll want to pay extra attention.

Space Constraints

When planning out a board with a large amount of passives, you want to make sure they’re as uniform as possible, so you have less to worry when ordering. In particular – what’s the size of passives you can afford in terms of board space? If you pick too large ones, you might run out of board space way way too quickly, becoming unable to route tracks

I standardized on 0402 components, which also meant I’d certainly be stenciling this board. It gets tiring to hand-solder parts given that this board has a thousand or two solder pads to touch. I opted to use 0805 for larger-value bulk capacitors for switching regulators and power rail purposes because 0402 10uF and 22uF capacitors get expensive if you want to get reliable ones, as we’ve discussed previously. In a few spots, though, I had to switch some 0805 capacitors to 0603, purely due to space constraints.

There are about a hundred resistors and a hundred capacitors on this board – remember, at some point, you can get a PCB fab to assemble just the passives for you, purely to spare yourself all the resistor and capacitor placement. You won’t get to stencil the ICs together with the passives, though, which is why I didn’t bother, because the RP2040 QFNs alone are annoying to handle without solder paste. Have you heard of Interactive HTML BOM for KiCAD? Make sure to use that, it’s simply wonderful and will prevent assembly errors of the kind that burn your board up before it’s even placed into the case.
This was one of the high-power inductors for which I didn’t estimate physical size early enough, and as a result, I had to somewhat bend reality around it
Inductors in the switching regulator can be an unexpected contribution to board space – if you need a 4.7 uH inductor and you need it to pass 5 A or more, take a look at online marketplaces before you even start designing the circuit, and see what the average size is for an inductor that fits your parameters. In my case, I got lucky, but only barely – some inductors definitely didn’t fit as well as I would’ve had hoped.

For this specific board, expected to fit inside the thin Sony Vaio’s shell, I had one more different thing to consider – component height. The original Vaio board was definitely designed in a way where all switching regulator components were placed on only one side, with plenty of height room for inductors and capacitors specifically. I placed all the switching regulators on one side, except one – the PAM2306 for the display 2.5 V and mod board extra 3.3 V rail.

In the end, I mis-estimated the inductor height, and had to shop for lower-profile inductors for that regulator. Thankfully, I found some decent lower-height inductors – they work wonders for powering the screen, and the only problem is that the inductor heats up more than I’d expect, but not too badly.

Source Considerations

Ordering the components for your board? Missing a position or two will really suck, and could delay your project by a week or two easily. My advice is to make sure that all component values are assigned and correct, and to pay the most attention to configuration and feedback resistors! Then, optimize the BOM, export the BOM out of the board into a .csv, and go through it line by line as you’re ordering. Alternatively, you can use the checkboxes in the InteractiveHTLMBoM – just that you’ll have to keep it open all throughout.

When it comes to resistors, remember that you might have to improvise them on the spot – again, you don’t want to wait on them, so get a collection of resistor values. I bought a $15 book of 0402 resistors from Aliexpress, and it proved instrumental – especially given it lets you adjust values during bringup, and, it let me basically not worry at all about missing resistor values at all during sourcing. The earlier you order, the more likely will it be that one IC won’t go out – which has very much prevented me from testing out the display properly.

Apart from that, the book let me be a little more lazy and figure out switching regulator feedback circuits during assembly – and there’s nothing like being able to adjust your USB boost regulator to 5.25 V post-factum, or increasing backlight current in case you figure out the calculated resistors result in a dim screen.

Hacks For Routability, Bootstrap, Motivation

This board’s switching regulators are probably worth their ownr article. There were two power hacks I ended up doing. The first one was having a separate always-on linear regulator for the EC, avoiding chicken-and-egg power problems. This one was certainly a success, and if you’re planning a motherboard that will also have to go low-power at times, you might really want a separate regulator for your EC.

The second one was making use of the Pi Zero’s 3.3 V regulator for powering a ton of stuff, like the keyboard controller chip, the LVDS transmitter, the USB hub, and – basically, everything that would only need to run once the Pi would be powered. This constrains the Zero’s onboard 3.3 V regulator, sure, but it’s not too much of a problem – I’ve powered tons of stuff from the Pi Zero’s 3.3 V rail in the past. It also has helped quite a bit, because the less switching regulators I have to design and keep track of, the better.

A big problem was making use of board layers correctly. I went for four layers on this board, with one 3.3 V layer which carries the output 3.3V rail from the Pi Zero, and one GND layer: SIG-GND-PWR-SIG. Later on, I took a look at the 3.3 V polygon, and realized that nothing used 3.3 V on a big chunk of the board. I deliberated some, and added an extra GND polygon covering a good third of the 3.3 V layer on the path where all the switching regulators were concentrated, and specifically, the path where the DC input jack current would flow into the switching regulator providing 5 V. It’s a plane split, sure, which is not great as far as signal return currents go, but there was one continuous GND layer right next to it already. Fingers crossed it works out for me long-term!

I kept inner layers as clean as possible generally – however, some tracks still had to go on inner layers. My compromise for having good inner polygons was keeping the inner layer traces as close as possible to the edge of the board, ensuring that there’s the least amount of plane splitting possible.

The cherry on top of the cake? I used KiCad board image generation hook for GitHub that I covered this year, and, it’s added a surprising source of motivation to the project. Each time I’d push changes to the repository after a day of board design work, the board image would regenerate, showing off my changes – a lovely conclusion to my work and a reminder that I’ve done well with it. Also, I could demonstrate the board additions to my friends, including [Exentio] – can’t deny, having a social element to this design has really helped in getting this board completed!

There are a few fundamental aspects left – like power management, making plans for board assembly and bringup before you send off the board to manufacturing, and giving yourself the best chances for success when assembly and bringup time comes. That’s within a week – together with a report on how the board is working out so far!

hackaday.com/2024/12/16/sony-v…

The Red Ring of Death (RROD) was the bane of many an Xbox 360 owner. The problem was eventually solved, mostly, but memories of that hellish era lurk in the back of many a gamer’s mind. For a more cheery use of those same status lights, you might appreciate “Lightshow” from [Derf].

The concept is simple enough. It’s a small application that runs on an Xbox 360, and allows you to test the individual LEDs that make up the Ring of Light indicator, along with the main power LED. If you want to test the lights and see each segment correctly lights up as green, yellow and red, you can.

Alternatively, you can have some fun with it. [Derf] also programmed it to flash along to simple four-channel MIDI songs. Naturally, Sandstorm was the perfect song to test it with. It may have been the result of a simple throwaway joke, but [Derf] delivered in amusing fashion nonetheless.

Lightshow is an entry for Xbox Scene Modfest 2024; it’s nice to see the community is still popping off even in this era of heavily-locked-down consoles. We’ve featured some other useful 360 hacks in recent months, too. Video after the break.

youtube.com/embed/3WJwQjNUcpw?…

youtube.com/embed/-H91NT_gmmU?…

hackaday.com/2024/12/16/a-red-…

CYFIRMA ha analizzato un’applicazione Android dannosa progettata per attaccare risorse nell’Asia meridionale. L’esempio è stato creato utilizzando lo strumento di amministrazione remota SpyNote. Si presume che l’obiettivo possa essere oggetto di interesse per un gruppo APT. I dettagli sulle vittime e sulle regioni specifiche non sono stati divulgati.

Si è scoperto che l’applicazione dannosa veniva distribuita tramite WhatsApp. Alla vittima sono state inviate quattro versioni del file denominate “Best Friend”, “Best-Friend 1”, “Friend” e “best”. Tutte le applicazioni avevano un server di gestione. I programmi venivano installati segretamente e cominciavano a funzionare in background utilizzando l’offuscamento del codice.

SpyNote utilizza una serie di autorizzazioni per accedere ai dati chiave del dispositivo: geolocalizzazione, contatti, SMS, memoria del dispositivo e fotocamera. L’applicazione può anche intercettare chiamate, raccogliere dati di sistema e persino utilizzare funzionalità speciali del sistema per monitorare lo schermo e inserire testo.

Il codice dannoso mirava a raccogliere dati come numero IMEI, carta SIM, versione di Android e tipo di rete. I dati ricevuti sono stati immediatamente inviati al server di controllo. Inoltre, l’applicazione ha acquisito screenshot e copiato i dati utente come contatti, messaggi e foto.

SpyNote e le sue modifiche, tra cui SpyMax e Crax RAT, vengono utilizzate attivamente da hacker e gruppi APT come OilRig (APT34) e APT-C-37. Questi strumenti aiutano gli aggressori a spiare le comunicazioni, rubare dati e mantenere l’accesso ai sistemi delle vittime.

Gli incidenti di SpyNote hanno già colpito agenzie governative, ONG, media e istituzioni finanziarie. Il caso attuale indica il probabile coinvolgimento di un gruppo APT sconosciuto o di un altro attore criminale informatico.

SpyNote rimane una seria minaccia a causa della sua disponibilità sui forum clandestini e sui canali Telegram. Gli attacchi che utilizzano questo strumento confermano la preferenza degli aggressori per strumenti comprovati e potenti per compromettere obiettivi di alto profilo.

L'articolo SpyNote colpisce ancora: malware Android distribuito via WhatsApp nell’Asia meridionale proviene da il blog della sicurezza informatica.

What do you get when you combine a Raspberry Pi 4B, a Kaypro keyboard, and a 9″ Apple ], you get the coolest AVR development workstation I’ve seen in a while.

Image by [John Anderson] via Hackaday.IOAs you may have guessed, I really dig the looks of this thing. The paint job on the display is great, but the stripes on the keyboard and badging on are on another level. Be sure to check out the entire gallery on this one.

About that keyboard — [John] started this project with two incomplete keyboards that each had a couple of broken switches. Since the two keyboards were compliments of each other parts-wise, they made a great pair, and [John] only had to swap out three switches to get it up and clacking.

In order to make it work with the Pi, [John] wrote a user-mode serial driver that uses the uinput kernel module to inject key events to the kernel. But he didn’t stop there.

Although the Pi supports composite video out, the OS doesn’t provide any way to turn off the chroma color signal that’s modulated on top of the basic monochrome NTSC signal, which makes the picture look terrible. To fix that, he wrote a command-line app that sets up the video controller to properly display a monochrome NTSC signal. Happy AVRing on your amazing setup, [John]!

Check Out This Refreshingly Small Keyboard

Image by [AnnaRooks] via redditUsually when we see keyboards this small, they have tiny keys that are fully intended for thumb presses and thumb presses only. But what about something ultra-portable that has full-size keys?

Although it might be hard to believe, [AnnaRooks] only uses about 20 of the 24 keys that make up this mint tin keyboard. She has a keymap for typing, gaming, and Diablo II.

Personally, and my feelings about layers aside, I don’t think I could use a keyboard without thumb clusters at this point. Although you know what? It would make a great traveling macropad.

The Centerfold: A Close Look At Force Curves

Image by [ThereminGoat] via redditWell, boys and girls, we’ve got a smart beauty this time around. This here is an industrial key switch force tester. [ThereminGoat] is gonna tell you all about force curves and how to read them.

What even is a force curve, and why is it so important? It refers to the graphical representation of the force required to press a key to the actuation point (y) versus the distance traveled during the press (x). So, it’s only critical to evaluating key switch performance. Key points along the force curve include the starting force, the actuation point, the tactile bump if present, the bottom-out force, and the return curve.

So, why does it actually matter? Force curves help us understand how light or heavy a switch feels, the actuation behavior, and help with customization. I’ll let [ThereminGoat] take it from here.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: My IBM Wheelwriter 5

You know, I kind of can’t believe that I’ve now gone 47 Keebins without spotlighting my daily driver, which takes up most of my second desk. She may not look like much, but she types like the wind, and has that legendary buckling-spring keyboard to boot.

Sure, the Selectrics get all the love, and rightfully so. But if you actually want to use a typewriter day in and day out, you really can’t beat its successor, the Wheelwriter. IBM produced these machines from 1984 to 1991, and Lexmark took over, cranking them out until 2001. Mine shows an install date of 4/22/85.

The Wheelwriter was IBM’s first daisy wheel typewriter, which replaced the golf ball type element that signified the Selectric. Arguably even easier to swap than the golf ball, these slim cartridges lay flat for easy storage.

Whereas the Selectric used a mainspring and an escapement like traditional machines, the Wheelwriter has a stepper motor that moves the print head and a solenoid that strikes the daisy wheel against the paper. It makes a delightfully frightening noise on startup as it tests the stepper and solenoid and spins the daisy wheel with alarming swiftness. I love this machine!
hackaday.com/wp-content/upload…

ICYMI: Updated Mouse Ring Now Uses Joystick

Are you tired of traditional mouse and keyboard input, even though you’ve got a sweet ergo split and a trackball? Maybe you’re just looking to enhance your VR setup. Whatever you’re into, consider building [rafgaj78]’s Mouse Ring.

As you might be able to discern from the picture, this baby is based on the Seeed Xiao nRF52840 and uses a tiny battery pack. This is version two of the ring mouse, so if you prefer buttons to a joystick, then the first iteration may be more your style. Keep in mind that version two is easier to assemble and comes in more ring sizes.

There are two modes to this mouse ring. In the first mode, the joystick does left and right mouse click and wheel up-down, and pushing will wake it from deep sleep. In the second mode, the joystick acts as the mouse pointer, and you push down to left click.

I love the elegant design of the ring itself, and it looks great in yellow. Hmm, maybe I need one of these…

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

hackaday.com/2024/12/16/keebin…

Gli specialisti Microsoft registrano il blocco di circa 7mila attacchi utilizzando password ogni secondo, quasi il doppio rispetto a un anno fa. Questi risultati evidenziano l’urgente necessità di metodi di sicurezza degli account più robusti.

Una soluzione promettente sono le chiavi di accesso (Passkey). Utilizzano dati biometrici o codici PIN per sbloccare la chiave privata sul dispositivo dell’utente, rendendolo praticamente invulnerabile al phishing e ad altri tipi di attacchi.

L’utilizzo delle PassKey oggi

Le statistiche mostrano anche la crescente sofisticazione degli attacchi informatici. Nell’ultimo anno, il numero di attacchi man-in-the-middle è aumentato del 146%. Microsoft sta implementando attivamente le passkey come parte della transizione verso metodi di autenticazione più sicuri.

A maggio 2024, Microsoft ha annunciato il supporto per le chiavi di accesso per servizi popolari come Xbox, Microsoft 365 e Microsoft Copilot. Questo passaggio accelera notevolmente il processo di accesso agli account: le passkey sono tre volte più veloci delle password e otto volte più veloci delle combinazioni di password con autenticazione a più fattori.

Anche gli utenti accettano attivamente il nuovo approccio: il 98% di loro accede con successo utilizzando le passkey, mentre per le password questa cifra è solo del 32%.

Microsoft promuove attivamente la registrazione delle chiavi di accesso, offrendola durante la creazione di un account o la modifica di una password. Ciò ha portato a un risultato impressionante: l’aumento nell’uso delle passkey è stato del 987% dopo l’introduzione di un nuovo design di accesso per i servizi dell’azienda.

Microsoft prevede che centinaia di milioni di utenti passeranno alle passkey nei prossimi mesi. L’obiettivo finale è eliminare completamente le password e passare ad account a prova di phishing.

Il passaggio a Passkey apre una nuova era di sicurezza informatica. Iniziative come queste da parte di grandi player come Microsoft potrebbero finalmente cambiare l’approccio all’autenticazione, rendendola comoda e sicura. Questa trasformazione potrebbe essere l’inizio della fine dell’era delle password

Cosa si intende per Passkey

Le passkey rappresentano un nuovo standard per l’autenticazione digitale, progettato per sostituire le tradizionali password con un metodo di accesso più sicuro, veloce e a prova di attacco. A differenza delle password, che possono essere facilmente intercettate o rubate, le passkey utilizzano un sistema basato sulla crittografia a chiave pubblica e privata, rendendo l’autenticazione praticamente invulnerabile a tecniche di phishing o attacchi man-in-the-middle.

Le passkey si basano su un meccanismo di autenticazione che coinvolge due elementi principali:

1. Chiave pubblica: Questa è un identificativo univoco che viene condiviso con il servizio o il sito web al momento della registrazione.
2. Chiave privata: Questa viene generata e conservata esclusivamente sul dispositivo dell’utente, come uno smartphone, un computer o un dispositivo hardware dedicato. Non viene mai condivisa o trasmessa.

Quando un utente desidera accedere a un servizio, il dispositivo invia la chiave pubblica per confermare l’identità. Il servizio, a sua volta, invia una richiesta che solo la chiave privata può sbloccare, autenticando così l’utente. Le passkey eliminano alcune delle vulnerabilità più comuni legate alle password tradizionali:

• phishing: Non essendo necessario digitare una password, gli utenti non possono essere ingannati a inserirla in siti fraudolenti.
• Protezione contro attacchi man-in-the-middle: Poiché la chiave privata non viene mai trasmessa, gli hacker non possono intercettarla.
• Resistenza al furto di credenziali: Anche se un database di un servizio venisse compromesso, la chiave pubblica rubata è inutile senza la corrispondente chiave privata, custodita in modo sicuro sul dispositivo dell’utente.

Quali sono le tecnologie utilizzate per le passkey?

Le passkey si integrano con tecnologie biometriche e PIN locali per garantire che solo l’utente autorizzato possa accedere alla chiave privata. Ad esempio:

• Riconoscimento facciale (Face ID)
• Scanner di impronte digitali (Touch ID)
• PIN locali

Questi metodi rendono l’accesso più rapido e semplice, eliminando la necessità di ricordare e gestire lunghe sequenze di caratteri complessi. Le passkey offrono numerosi vantaggi rispetto alle password tradizionali e persino rispetto all’autenticazione a due fattori (2FA):

1. Facilità d’uso: Non c’è bisogno di ricordare password o utilizzare generatori di codici temporanei.
2. Velocità: Le passkey sono tre volte più veloci delle password e otto volte più rapide rispetto alle combinazioni di password con 2FA.
3. Maggiore sicurezza: Eliminano il rischio associato a pratiche comuni come il riutilizzo delle password.
4. Compatibilità: Le passkey sono supportate da standard internazionali come FIDO2 e WebAuthn, il che le rende interoperabili tra dispositivi e piattaforme diverse.

Il futuro senza password

Le passkey rappresentano una vera rivoluzione nel campo della sicurezza digitale. Non solo migliorano l’esperienza utente, ma offrono anche un livello di protezione senza precedenti contro le minacce informatiche. Grazie alla loro implementazione da parte dei principali attori tecnologici, possiamo immaginare un futuro in cui le password diventeranno un ricordo del passato, sostituite da metodi di autenticazione più sicuri, pratici e innovativi.

L'articolo Addio password: Microsoft rivoluziona la sicurezza con le PassKey! proviene da il blog della sicurezza informatica.

This year, we not only challenged Supercon attendees to come up with their own Simple Add-Ons (SAOs) for the badge, but to push the envelope on how the modular bits of flair work. Historically, most SAOs were little more than artistically arranged LEDs, but we wanted to see what folks could do if they embraced the largely unused I2C capability of the spec.

[Squidgeefish] clearly understood the assignment. This first-time attendee arrived in Pasadena with an SAO that was hard to miss…literally. Looking directly at the shockingly bright 128 RGB LED array packed onto the one-inch diameter PCB was an experience that would stay with you for quite some time (ask us how we know). With the “artistically arranged LEDs” aspect of the nominal SAO handled nicely, the extra work was put into the design so that the CPU could control the LED array via simple I2C commands.

Aligning the LED footprints with an imported image of the array.
Now that the dust has settled after Supercon, [Squidgeefish] took the time to write up the experience of designing and producing this gorgeous specimen for our reading pleasure. It’s a fascinating account that starts with a hat tip towards the work of [Jason Coon], specifically the Fibonacci series of densely-packed RGB art pieces. The goal was to recreate the design of the 128 LED model in SAO form, but without the design files for the original hardware, that meant spending some quality time with KiCad’s image import feature.

He designed the LED array for assembly at a board house for obvious reasons, but hand soldering was the order of the day for the SOIC-8 microcontroller, capacitors, and SAO header on the reverse side. Speaking of the MCU, [Squidgeefish] went though a couple of possible suspects before settling on the STM8S001J3, and all the code necessary to drive the LEDs and communicate with the badge over I2C are available should you consider a similar project.

Now technically, the SAO was done at this point, but in testing it out on the Vectorscope badge from Supercon 2023, a problem appeared. It turns out that whatever yahoos came up with that design pulled the power for the SAO port right off of the batteries instead of utilizing the boost converter built-in to the Pi Pico. The end result is that, you never get a true 3.3 V. Also, the voltage that the SAO does get tends to drop quickly — leading to all sorts of unexpected issues.

To solve the problem, [Squidgeefish] came up with a clever boost converter “backpack” PCB that attaches to the rear of the completed SAO. This board intercepts the connection to the badge, and takes whatever voltage is coming across the line and steps it up to the 5 V that the LEDs are actually designed for.

Of course, the irony is that since the 2024 Supercon badge actually did use the boost circuitry of the Pico to provide a true 3.3 V on the SAO connector, this modification wasn’t strictly necessary. But we still love the idea of an add-on for the add-on.

The entire write-up is a fantastic read, and serves as a perfect example of why creating your own Simple Add-On can be so rewarding…and challenging. From adding contingency hardware to deal with badges that don’t obey the spec to figuring out how to produce low-cost packaging on short notice, the production of a decent number of SAOs for the purposes of distribution is a great way to peek out from your comfort zone.

hackaday.com/2024/12/16/buildi…