Can you use brake cleaner for flux removal on PCBs? According to [Half Burnt Toast], yes you can. But should you? Well, that’s another matter.

In our experience, flux removal seems to be far more difficult than it should be. We’ve seen plenty of examples of a tiny drop of isopropyl alcohol and a bit of light agitation with a cotton swab being more than enough to loosen up even the nastiest baked-on flux. If we do the same thing, all we get is a gummy mess embedded with cotton fibers smeared all over the board. We might be doing something wrong, or perhaps using the wrong flux, but every time we get those results, we have to admit toying with the idea of more extreme measures.
The LED bar graphs were not a fan of the brake cleaner.
[Toast] went there, busting out a fresh can of brake cleaner and hosing down some of the crustier examples in his collection. The heady dry-cleaner aroma of perchloroethylene was soon in the air, and the powerful solvent along with the high-pressure aerosol blast seemed to work wonders on flux. The board substrate, the resist layer, and the silkscreen all seemed unaffected by the solvent, and the components were left mostly intact; one LED bar graph display did a little melty, though.

So it works, but you might want to think twice about it. The chlorinated formula he used for these tests is pretty strong stuff, and isn’t even available in a lot of places. Ironically, the more environmentally friendly stuff seems like it would be even worse, loaded as it is with acetone and toluene. Whichever formula you choose, proceed with caution and use the appropriate PPE.

What even is flux, and what makes it so hard to clean? Making your own might provide some answers.

youtube.com/embed/ViLTSRl3sek?…

hackaday.com/2024/12/26/blast-…

[Den Delimarsky] had a Stream Deck and wanted to be free of the proprietary software, so he reverse-engineered it. Now, he has a Stream Deck Plus, and with the same desire, he reverse-engineered it as well.

The device has eight buttons, a narrow screen, and four encoder dials. The device looks like a generic HID device to the host machine, and once it has been configured, doesn’t need any special software to function. By configuring the device using the official software in a virtual machine under the watchful eye of Wireshark, it was possible to figure out how that initial setup worked and recreate it using a different software stack.

If you’ve never done this kind of thing before, there is a lot of information about how to find USB data and draw inferences from it. The buttons send messages when pressed, of course. But they also accept a message that tells them what to display on their tiny screen. The device screen itself isn’t very big at 800×100.

[Den] packages everything up in the DeckSurf SDK, an open source project that lets you control Stream Decks. So if you just want to control the Deck, you don’t need to know all these details. But, for us, that’s where the fun is.

Way back in 2015, we covered some guy who had sniffed out a USB signal generator. That was easy since it was a serial port. However, you can go pretty far down the rabbit hole.

hackaday.com/2024/12/26/stream…

It’s a fair bet that most of us have a ton of wireless doo-dads around the house, from garage door remotes to wireless thermometers. Each of these gadgets seems to have its own idea about how to encode data and transmit it, all those dedicated receivers seem wasteful. Wouldn’t it be great to use existing RF infrastructure to connect your wireless stuff?

[Malte Pöggel] thinks so, and this LoRa rain gauge is the result. The build starts with a commercially available rain transmitter, easily found on the cheap as an accessory for a wireless weather station and already equipped with an ISM band transmitter. The rain-collection funnel and tipping-bucket mechanism were perfectly usable, and the space vacated by the existing circuit boards left plenty of room to play, not to mention a perfectly usable battery compartment. [Malte] used an ATmega328P microcontroller to count the tipping of the bucket, either through the original reed switch or via Hall Effect or magnetoresistive sensors. An RFM95W LoRa module takes care of connecting into [Malte]’s LoRaWAN gateway, and there’s an option to add a barometric pressure and temperature sensor, either by adding the BMP280 chip directly to the board or by adding a cheap I2C module, for those who don’t relish SMD soldering.

[Malte] put a lot of work into power optimization, and it shows. A pair of AA batteries should last at least three years, and the range is up to a kilometer—far more than the original ISM connection could have managed. Sure, this could have been accomplished with a LoRa module and some jumper wires, but this looks like a fantastic way to get your feet wet in LoRa design. You could even print your own tipping bucket collector and modify the electronics if you wanted.

hackaday.com/2024/12/26/a-lora…

There was a brief period through the 1960s into the 1970s when the last word in electronics was the calculator. New models sold for hundreds of dollars, and owning one made you very special indeed. Then the price of the integrated circuit at their heart fell to the point at which anyone could afford one, and a new generation of microcomputers stole their novelty for ever. But these machines were by no means the first calculators, and [What Will Makes] shows us in detail the workings of a mechanical calculator.

His machine is beautifully made with gears hand-cut from plywood, and follows a decimal design in which the rotation of a gear with ten teeth represents the numbers 0 to 9. We’re taken through the mechanical processes behind addition, subtraction, multiplication, and division, showing us such intricacies as the carry lever or a sliding display mechanism to implement a decimal equivalent of a bitwise shift multiplication.

We have to admit to be particularly impressed by the quality of the work, more so because these gears are hand made. To get such a complex assembly to work smoothly requires close attention to tolerance, easy with a laser cutter but difficult by hand. We heartily recommend watching the video, which we’ve placed below the break.

Meanwhile if you’d like more mechanical calculators, take a look at one of the final generation of commercial models.

youtube.com/embed/E0pJST5mL3A?…

hackaday.com/2024/12/26/a-mech…

What do you do when a crowdfunded product you really liked gets cancelled? Naturally, you take the idea and build your own version of it. That’s what [Salim Benbouziyane] did when the Focus Dial project on Kickstarter saw its launch cut short. This device allows you to set a ‘no distractions’ timer, during which notifications on one’s phone and elsewhere are disabled, making it something similar to those Pomodoro timers. What this dial also is supposed to do is integrate with home automation to set up clear ‘focus’ periods while the timer runs.

A quick prototype was set up using an ESP32 and other off-the-shelf components. The firmware has to run the timer, toggle off notifications on iOS and trigger firewall traffic rules to block a batch of social media addresses. Automating this with iOS was the hardest part, as Apple doesn’t make such automation features easy at all, ultimately requiring a Bluetooth audio board just to make iOS happy.

After this prototyping phase, the enclosure and assembly with the modules were drawn up in Autodesk Fusion 360 before the plastic parts were printed with a resin printer. The end result looks about as good as the Kickstarter one did, but with a few changes, because as [Salim] notes, if you are going to DIY such a failed crowdfunding project, why not make it work better for you?

youtube.com/embed/nZa-Vqu-_fU?…

hackaday.com/2024/12/26/the-fo…

When ships moved from muscle- and wind power to burning coal and other fossil fuels for their propulsion, they also became significantly faster and larger. Today’s cargo ships and ferries have become the backbone of modern civilization, along with a range of boat types. Even though tugs and smaller pleasure vessels are a far cry from a multi-thousand ton cargo or cruise ship, one would be hard-pressed to convert these boats back to a pure muscle or wind-based version. In short, we won’t be going back to the Age of Sail, but at the same time the fossil fuel-burning engines in these boats and ship come with their own range of issues.

Even if factors like pollution and carbon emissions are not something which keep you up at night, fuel costs just might, with these and efficiency regulations increasing year over year. Taking a page from alternative propulsions with cars and trucks, the maritime industry has been considering a range of replacements for diesel and steam engines. Here battery-electric propulsion is somewhat of an odd duck, as it does not carry its own fuel and instead requires on-shore recharging stations. Yet if battery-electric vehicles (BEVs) can be made to work on land with accompanying low ‘refueling’ costs, why not ships and boats?

A recent study by Lawrence Berkeley National Laboratory (LBNL) researchers Hee Seung Moon et al. as published in Nature Energy claims that a significant part of US maritime traffic can be electrified this way. Yet as a theoretical model, how close does it hit to the harsh realities imposed by this physical world which we live in?

Different Scales

Justine McAllister (IMO 8107878), a tug boat in New York Harbor. (Credit: Eric Baetscher, Wikimedia)
An important aspect with any battery-powered craft is matching the battery capacity with the expected range. For BEVs like cars, the goal is to put as much battery capacity into the vehicle as possible, constrained mostly by factors such as the cost per kWh and how much physical volume is available in the vehicle for batteries without intruding on the driver and passengers. This is how we ended up with a range of BEVs that can cover a sizeable chunk of daily usage cases, as well as specific cases like buses where the daily range requirement is planned in advance and thus very easy to optimize for. Even so, a number of road-bound vehicles are hard to electrify with just batteries, such as cross-country trucks due to the sheer weight of the batteries required in most scenarios. Unlike a fuel tank, these batteries also do not lose weight as they become more empty.

In the case of boats, these smaller vessels tend to have pretty limited range. For example: tugs put in a lot of work, but either remain bound to a specific harbor or slowly follow a set watercourse like a river with a gaggle of barges in tow. Here you can have recharging infrastructure set up and charging points ready to go with relatively little difficulty in the harbor or at mooring spots along the route. More challenging are vessels with more erratic routes, not to mention ships with routes that are so long that no reasonable amount of batteries could power it without recharging or swapping batteries. The main case in point here is container ships.

In a 2022 study by Jessica Kersey et al. in Nature Energy it was found that for routes of less than 1,500 km electrification would be economical, assuming a battery price of $100 per kWh. At that point the main question remains how many batteries you can fit into the ship without negatively impacting the cargo load that it can carry. A container ship can travel around 540 km per day at its average cruising speed, with a shipping route like Los Angeles to Yokohama of 7,792 km (4,207.6 nautical miles) taking over two weeks:Putting enough batteries on cargo ships to allow them to travel these routes without recharging in between is too much to ask. This is why the focus with battery-electric propulsion for ships and boats is on these shorter routes, where the total volume of batteries combined with electric motor(s) does not significantly exceed the volume (and weight) previously taken up by the diesel engine(s) and fuel tanks. As modelled by Kersey et al., for a small neo-Panamax container ship this would be the case if the route is kept below 3,000 km. Yet if the route is extended to something like 20,000 km the batteries would take up 32% of the containership’s carrying capacity.

Using batteries with higher energy density could help here, but as seen with today’s favorite battery chemistries using the higher density Li-ion comes with fewer charge cycles and worse stability, while LiFePO₄ with its common use in especially BEVs and grid-storage and solar-storage batteries has much better longevity and safety record, at the cost of more weight per kWh.

Removable Batteries

Currently a number of battery-electric boats and ships are in service, with ferries being one of the first to be outfitted with such propulsion, case in point being the Norwegian Bastø Electric ferry. This 600 passenger and 200 car ferry uses its 4.3 MWh battery as well as a diesel generator to travel the 10 kilometer route between Moss and Horten. While docked the batteries are charged up when a charging point is available. This makes it not a pure battery-electric boat, but rather a hybrid.
The Zhongyuan Haiyun Lu Shui 01 battery-electric 700 TEU containership. (Credit: COSCO Shipping)
More interesting are the two battery-electric containerships owned by China’s COSCO Shipping which recently began carrying shipping containers along the approximately 500 km route between Nanjing and Shanghai’s Yangshan Port. The Lu Shui (Green Water) 1 and 2 vessels are 700 TEU container ships that can travel at 10.4 knots over the Yangtze river. Perhaps most interesting about them is that they don’t have a battery bank integrated into their hulls, but rather take swappable batteries, with a standard capacity of 57.6 MWh, but with optional connection points for additional battery packs.

In the aforementioned LBNL study by Hee Seung Moon et al. the assumption was made that existing vessels would be retrofitted with batteries and electric motors, which would place a range of restrictions relative to newly designed and built vessels like COSCO’s newly commissioned ones. Being able to swap out battery packs along with shipping containers allows freshly charged packs to be ready when the containership docks and avoids the hassles of quick charging after each trip and replacing batteries after their approximately decade-long useful lifespan, for LiFePO₄.

Practical Within Limits

It’s clear that for shorter routes the use of battery-electric propulsion can make sense. Depending on the local grid this can also be less polluting than burning low-sulfur diesel fuel, and conceivably be cheaper, though it all has to be worked out on a case-by-case basis. In the case of COSCO the reasoning appears to have been that these custom container ships are perfect for such a shorter route, with cost savings to be expected over the use of direct-driven diesel or diesel-electric propulsion. Ultimately the success of battery-electric propulsion will come down to simple economics, especially in the cut-throat shipping business.

Featured image & thumbnail: Containership MSC Texas. (Source: Wikimedia Commons)

hackaday.com/2024/12/26/batter…

Gli sviluppatori del popolare strumento di analisi della sicurezza delle applicazioni mobili Mobile Security Framework (MobSF) hanno risolto una vulnerabilità scoperta da uno specialista di PT SWARM.

La vulnerabilità, registrata come CVE-2024-31215 ( BDU:2024-03055 ), ha ricevuto un punteggio CVSS 3.1 pari a 6,3. Per prevenire potenziali attacchi, si consiglia agli utenti di aggiornare la piattaforma alla versione 3.9.8 o successiva.

MobSF viene utilizzato attivamente sia da ricercatori indipendenti che da aziende che sviluppano applicazioni mobili e conducono penetration test. Questo strumento è incluso nelle più diffuse distribuzioni di test di penetrazione come BlackArch e ti aiuta a creare processi di sviluppo sicuri.

In assenza di un aggiornamento, la vulnerabilità ha consentito a un utente malintenzionato di sferrare un attacco caricando un’applicazione mobile dannosa in MobSF. Questa situazione potrebbe verificarsi, ad esempio, durante un’indagine su un incidente, quando gli specialisti della sicurezza informatica analizzano programmi che potrebbero rappresentare una minaccia.

Le app mobili utilizzano spesso i database cloud Firebase, forniti da Google come modello backend-as-a-service. Il sistema MobSF ne verifica la sicurezza durante il processo di analisi, compreso l’accesso senza autorizzazione. Un utente malintenzionato potrebbe configurare un’applicazione dannosa in modo che, invece di accedere al database Firebase, l’analizzatore MobSF invii una richiesta a un collegamento dannoso appositamente predisposto. Tale collegamento potrebbe reindirizzare verso risorse interne al circuito di rete dell’azienda o del ricercatore.

Le potenziali conseguenze variavano a seconda del software utilizzato nella rete. Le possibili minacce includevano l’esecuzione di codice dannoso, il furto di dati sensibili o altre violazioni.

Come ha osservato Oleg Surnin, capo del gruppo di ricerca sulla sicurezza delle applicazioni mobili PT SWARM, tali vulnerabilità appaiono dovute alla mancanza di meccanismi per verificare la legittimità delle risorse a cui vengono inviate le richieste. Tali errori evidenziano l’importanza di controlli rigorosi durante l’elaborazione dei dati negli strumenti di analisi della sicurezza.

L'articolo Penetration Tester contro Penetration Tester. Aggiornare subito MobSF proviene da il blog della sicurezza informatica.

Having a good set of (working) headlights is a crucial feature of any motor vehicle, assuming you want to be able to see the road ahead of you when there’s a lack of sunshine. Headlights are also essential to be noticed by other cars and traffic participants, but if installed improperly they can end up blinding an opposing driver with potentially fatal results. This is a major worry with LED lamps that are increasingly being installed in cars, often replacing the old-style halogen bulbs that have a very different color spectrum and beam patterns, to the dismay of fellow road participants.

This headlight glare can also be simulated in driving simulators, as in a 2019 article by [B.C. Haycock] et al. where the effect is of course diminished because displays can only get so bright. Of note is that it’s not just LED lights themselves, but also taller vehicles and misaligned headlights, all of which makes it important that the angle of your car’s headlights is proper. You want to see the road in front of you, after all, not illuminate every house in the nearest settlement two klicks away.

Compounding the problem is that the shorter wavelength, blue-ish light of LED headlights is more energetic than the more reddish, longer wavelength of halogens and are generally perceived as more intense by our eyes. Ultimately the solution appears to be adaptive driving beam headlights (ADB), a technology that constantly adjusts the headlights to the circumstances. ADB has been common in e.g. Europe already for the past 15 years, and is allowed in Canada since 2018 and in the US since 2022 after a rule change by the NHTSA.

With plenty of improper headlights on vehicles in North America still, it’s best to practice defensive driving, with a brighter dashboard illumination, anti-glare coatings and safety squinting when a miniature solar system passes by during an night-time drive.

hackaday.com/2024/12/26/blinde…

While they are dying out, you can still find incandescent bulbs. While these were once totally common, they’ve been largely replaced by LEDs and other lighting technology. However, you still see a number of them in special applications or older gear. If you are above a certain age, you might be surprised that youngsters may have never seen a standard incandescent lightbulb. Even so, the new bulbs are compatible with the old ones, so — mechanically, at least — the bulbs don’t look different on the outside.
You might have learned in school that Thomas Edison invented the light bulb, but the truth is much stranger (public domain)
It has been known for a long time that passing a current through a wire creates a glow. The problem is, the wire — the filament — would burn up quickly. The answer would be a combination of the right filament material and using an evacuated bulb to prevent the filament degrading. But it took over a century to get a commercially successful lightbulb.

We were all taught in school that Thomas Edison invented the light bulb, but the truth is much more complicated. You can go back to 1761 when Ebenezer Kinnersley first caused a wire to glow. Of course, wires would quickly burn up in the air. By the early 19th century, limelight was fairly common in theaters. Limelight — also known as the Drummond light — heated a piece of calcium oxide using a gas torch — not electric, but technically incandescence. Ships at sea and forts in the U.S. Civil War used limelights to illuminate targets and, supposedly, to blind enemy troops at night. Check out the video below to see what a limelight looks like.

youtube.com/embed/HIC7B3vt9ZE?…

Sir Humphry Davy demonstrated a dim, impractical light that used a huge battery and a thin strip of platinum. More practical was Davy’s electric arc lamp, which, after being refined by others, became common in some applications.

Arc lights had issues, though. They hissed and flickered. The carbon rods emitted carbon monoxide and ultraviolet light. They were extremely harsh and bright, and the rods burned up quickly. Everyone knew a better light bulb would be a winner, but no one knew how to create it.

Getting Closer

Starting around 1835, there were many experiments and demonstrations, but none of them really caught on. A Belgian, Marcellin Jobard, was on the right track in 1838 with a lightbulb in a vacuum with a carbon filament, but nothing really came of it. He also came up with what amounts to early emojis, but that took a long time to catch on, too.

Since platinum has a high melting point, it was a popular filament candidate. In the 1840s and 1870s, many inventors used platinum or carbon with varying degrees of success. During that same time period, there were many patents and demonstrations, but none were successfully commercialized. However, a Russian named Alexander Lodygin did patent a working bulb with carbon rods in nitrogen gas.

It isn’t clear if Henry Woodward and Mathew Evans knew of the Russian patent. In 1874, they filed a Canadian patent for a similar bulb. Ultimately, they failed to commercialize it, but they sold their patent to Thomas Edison.

Edison

Edison got serious about electric lighting in 1878. He experimented with different carbonized materials and platinum but finally settled on carbon fed by platinum wires. Using carbonized threads resulted in a bulb that lasted just over 13 hours. However, he would discover that carbonized bamboo could last 1200 hours. You can see one of the oldest surviving Edison bulbs at the Port Huron Museum and in the video below.

youtube.com/embed/dS-5CgNDgrs?…

Many people worked on the problem throughout the 1800s. Edison arrived at a practical solution and had the mechanism in place to exploit it. However, others had light bulb patents. Albon Man and William Sawyer had bulbs that didn’t last as long as Edison’s but formed the basis for the United States Electric Lighting Company. That company’s chief engineer was Hiram Maxim, a name familiar to most ham radio operators, but this particular Hiram Maxim was the famous ham radio operator’s father.

The elder Maxim is one of several people who claimed they had actually invented the incandescent light before Edison. The courts eventually decided that some of Edison’s claims were preempted by William Sawyer’s patents, but that Edison still had other valid patent claims.

Modern Types

These early bulbs had little in common with modern bulbs. The inside of the bulb had to have very little oxygen and moisture, or the filament would oxidize or burn out. Initially, mercury vapor pumps and phosphoric anhydride were used, but this added expense to bulbs. Arturo Malignani found that red phosphorus would allow for a drier vacuum with cheaper pumps. Edison was quick to buy the patent.

However, Lodygin and others were on the right track, and using a metal filament and an inert gas to replace the oxygen would be more effective. This prevents the filament from burning and also reduces the evaporation of the filament. (See the video below if you want to see the effect of air on a tungsten filament.) He invented a process for forming thin metal filaments and sold the patent to General Electric in 1902.

youtube.com/embed/ZOM8Kkm62jM?…

The truly modern bulb is the result of a 1904 invention by Sándor Just and Franjo Hanaman. They created a tungsten filament that worked better in an argon or nitrogen atmosphere. The Hungarian company Tungsram sold these, and they could practically pass for a modern clear-glass bulb.

A modern bulb has a glass envelope and a tungsten filament, although they add a few impurities to increase the filament life. The bulb contains a low pressure of a gas like argon, nitrogen, krypton, or xenon. Modern glass bulbs are either clear or coated with kaolin clay from the inside. Some bulbs have pigments to change color or different glass to produce different colors. Bulbs used for heating sometimes have special glass or even fused quartz.

Real World Considerations

Light bulbs are one of those circuit elements we pretend are perfect, but they aren’t. Tungsten filaments have a low resistance when cold, which causes a bulb to draw a lot of current when it first turns on. As the filament gets hot, the resistance goes up, and the current goes down. Oddly enough, carbon filaments have the opposite problem. They draw more power as they get hot, which also makes them sensitive to power surges, since if they get hot, they draw more current, which causes them to draw even more current, which makes them even hotter, and the cycle repeats.

In high-reliability circuits, designers often highly derate a bulb’s specifications to get a dimmer light that lasts longer. A 5% reduction in voltage will roughly double a bulb’s lifetime but also make it about 16% dimmer. Some will also pass a small current through the bulb even when it is off to keep the filament warm. This reduces the current draw and heating associated with turning on a cold filament.

The other big problem with incandescent lights is that they are relatively inefficient since most of the energy produces heat and infrared light. A typical bulb is around 5% efficient in terms of visible light, and the best halogens come in around 10%.

Of course, this inefficiency is why there’s been a move to ban incandescent bulbs in favor of LEDs, fluorescents, and other technologies. LED lights, in contrast, can reach 30-40% efficiency. Still more light than heat, but almost an order of magnitude more efficient than plain-old incandescents.

So Much More

There’s a lot more to learn about light bulbs. In 1885, the U.S. had an estimated 300,000 carbon filament bulbs. By 1914, there were 88.5 million. In 1945, the market was around 795 million. When you deal with that kind of scale there are many innovations both in the technology and the machinery used to build them. Want to see how lightbulbs were made? Check out the video below.

youtube.com/embed/TPc7Dspn1_8?…

We’ve talked about the early lighting market and one of its pioneers, Lewis Latimer, a few years ago. We’ve looked at the checkered history many times.

Featured image: “Yellow Bulb” by [Daniel Reche]

hackaday.com/2024/12/26/tech-i…

La Apache Software Foundation ha rilasciato aggiornamenti di sicurezza per risolvere una vulnerabilità critica nel sistema di controllo del traffico. Il difetto rilevato ha ricevuto la valutazione molto alta: 9,9 punti su 10 possibili sulla scala CVSS.

La vulnerabilità, indicizzata CVE-2024-45387, consente agli aggressori di eseguire comandi SQL arbitrari nel database. Il problema riguarda le versioni di Apache Traffic Control 8.0.1 e precedenti.

Secondo gli sviluppatori, per sfruttare la vulnerabilità, l’aggressore necessita di diritti di accesso privilegiati con i ruoli “admin”, “federation”, “operazioni”, “portale” o “steering”. Un utente malintenzionato può effettuare un attacco inviando una richiesta PUT appositamente predisposta.

Apache Traffic Control è un’implementazione open source di una rete per la distribuzione di contenuti (CDN). Nel giugno 2018, il sistema ha ricevuto lo status di progetto di primo livello all’interno della Apache Software Foundation.

La vulnerabilità è stata scoperta dal ricercatore di sicurezza Yuan Luo del Tencent Security Lab. Per proteggersi da possibili attacchi, si consiglia agli utenti di aggiornare Apache Traffic Control alla versione 8.0.2.

La Apache Foundation ha inoltre corretto una vulnerabilità di bypass dell’autenticazione nel server Apache HugeGraph ( CVE-2024-43441 ) che interessa le versioni da 1.0 a 1.3. La correzione è stata rilasciata nella versione 1.5.0. Inoltre, gli sviluppatori hanno recentemente rilasciato una patch per una vulnerabilità critica in Apache Tomcat ( CVE-2024-56337 ), che in determinate condizioni può portare all’esecuzione di codice in modalità remota.

L'articolo Grave falla in Apache Traffic Control: rischio di SQL injection per gli amministratori! proviene da il blog della sicurezza informatica.

Lo so, lo sento; lo sono.
Ci provo a dare amore
Lento pesante ma senza far rumore
oggi si trascina il tempo mio; qual vecchio treno
fuori orario che ansa controvoglia
su binari da cambiare
Il telefono
ormai fuori uso
pure, sembra dir qualcosa
ma era falso allarme
La carrozza del pensiero
oggi davvero non parte

L’apparenza bugiarda riveste le cose
L’essenza rivela molto di più
La paranoia
nei volti delusi si rimira
e poi ancorara;
piega le labbra della gente all'ingiù
Io rimugino fantasie
mi fosse toccata un’altra sorte
Ho perso a carte con mezz’ora di pc
Oggi ho poca fame
e del resto
se non posso averti qui

La vita come Penelope
tesse e disfa una tela di notte
Talvolta s’eclissa, vile come ombra
all'accendersi del giorno. E per la strada
un’ombra
col biglietto già timbrato
per un’avventura
senza garanzia di ritorno
che mi faccia sentire ancora
Il grande gatto immobile della volta azzurra
Lo Spirito dell’Essere
prende a calci il tempo

"... attacchi avanzati, capaci di sfruttare la manipolazione psicologica per indurre le vittime a installare malware sui propri dispositivi autonomamente. Ciò avviene attraverso CAPTCHA falsi, finti tutorial e aggiornamenti, il tutto condito da tecniche avanzate di social engineering."

ilsoftware.it/attacchi-scam-yo…

Everyone likes something cheap, and when that cheap thing is a router that’s supported by OpenWRT, it sounds like a win. [Hennung Paul] ordered a Wavlink WL-WN586X3 for the princely sum of 39 Euros, but was disappointed to find his device a rev. 2 board rather than the rev.1 board supported by the Linux distribution. Toss it on the failed projects pile and move on? Not at all, he hacked together a working OpenWRT for the device.

It’s fair to say that a majority of Hackaday readers will have familiarity with Linux, but that’s something which runs on a sliding scale from “Uses Ubuntu a bit” all the way to “Is at one with the kernel”. We’d rate ourselves somewhere around halfway along that scale in terms of having an in-depth knowledge of userland and a working knowledge of some of the internals which make the operating system tick even if we’re apprehensive about tinkering at that level. [Henning] has no such limitations, and proceeds to take the manufacturer’s distribution, itself a heavily modified OpenWRT, and make it his own. Booting over tFTP we’re used to, and we’re particularly impressed to see him using a Raspberry Pi as a surrogate host for the desoldered Flash chip over SPI.

It’s a long path he takes to get the thing working and we’re not sure we could follow it all, but we hope that the result will be a new device added to OpenWRT’s already extensive support list. It’s sometimes a shock to find this distro is now over two decades old.

hackaday.com/2024/12/26/openwr…

Sono state scoperte più di una dozzina di vulnerabilità, comprese quelle critiche, in due plugin WordPress necessari per il tema premium WPLMS, che conta oltre 28.000 vendite.

I bug consentono a un utente malintenzionato remoto non autenticato di caricare file arbitrari sul server, eseguire codice arbitrario, aumentare i privilegi al livello di amministratore ed eseguire iniezioni SQL.

WPLMS è un sistema LMS WordPress utilizzato principalmente da istituti scolastici, società di formazione e così via. Il tema offre anche l’integrazione di WooCommerce per la vendita di corsi.

In totale, gli esperti di Patchstack hanno scoperto 18 problemi nei plugin WPLMS e VibeBP e in un recente rapporto hanno evidenziato i 10 più pericolosi.

Le seguenti vulnerabilità interessano WPLMS:

• CVE-2024-56046 (punteggio CVSS 10): consente agli aggressori di caricare file dannosi senza autenticazione, portando potenzialmente all’esecuzione di codice in modalità remota (RCE);
• CVE-2024-56050 (punteggio CVSS 9,9): gli utenti autenticati con privilegi di abbonato possono caricare file ignorando le restrizioni.
• CVE-2024-56052 (punteggio CVSS 9.9): simile alla vulnerabilità precedente, ma può essere sfruttata anche dagli utenti con il ruolo studente;
• CVE-2024-56043 (punteggio CVSS 9,8): gli aggressori possono accedere senza autenticazione in qualsiasi ruolo, incluso quello di amministratore;
• CVE-2024-56048 (punteggio CVSS 8,8): gli utenti con privilegi limitati possono aumentare i propri privilegi a privilegi più elevati sfruttando i problemi di convalida del ruolo;
• CVE-2024-56042 (punteggio CVSS 9,3): gli aggressori possono utilizzare query SQL dannose per estrarre dati sensibili e compromettere il database;
• CVE-2024-56047 (punteggio CVSS 8.5): gli utenti con privilegi limitati possono eseguire query SQL, compromettendo potenzialmente l’integrità o la riservatezza dei dati.

I seguenti problemi rappresentano una minaccia per VibeBP:

• CVE-2024-56040 (punteggio CVSS 9,8): gli aggressori possono accedere come utenti privilegiati senza autenticazione;
• CVE-2024-56039 (punteggio CVSS 9,3): gli utenti non autenticati possono eseguire SQL injection sfruttando la sanificazione impropria dei dati in entrata.
• CVE-2024-56041 (punteggio CVSS 8.5): gli utenti autenticati con privilegi minimi possono eseguire SQL injection per compromettere ed estrarre informazioni da un database.

Si consiglia ora agli utenti WPLMS di eseguire l’aggiornamento alla versione 1.9.9.5.3 e VibeBP alla versione 1.9.9.7.7 o successiva il prima possibile.

Nel loro rapporto gli esperti sottolineano di aver scoperto le vulnerabilità già nella primavera di quest’anno e di averne informate il 31 marzo la società Vibe Themese dietro allo sviluppo di WPLMS. Tuttavia, il rilascio delle correzioni ha richiesto molto tempo, poiché da aprile a novembre il produttore ha testato diverse patch fino a quando tutti i bug non sono stati risolti.

L'articolo 18 Vulnerabilità critiche scoperte in WPLMS e VibeBP: un rischio per oltre 28.000 siti WordPress! proviene da il blog della sicurezza informatica.

l cittadino ucraino Mark Sokolovsky è stato condannato da un tribunale americano a cinque anni di prigione per aver partecipato a un’operazione di criminalità informatica legata al malware Raccoon Stealer.

Come risulta dagli atti del caso, Sokolovsky, noto anche con gli pseudonimi di Photix e black21jack77777, insieme ai suoi complici, ha affittato malware ad altri criminali informatici secondo il modello “Malware as a Service” (MaaS). L’affitto era di 75 dollari a settimana o 200 dollari al mese.

Raccoon Stealer è stato utilizzato per rubare dati sensibili da dispositivi infetti. Il programma ha rubato credenziali, portafogli di criptovaluta, dati di carte di credito, e-mail e altre informazioni da decine di applicazioni.

Nel marzo 2022, Sokolovsky è stato arrestato nei Paesi Bassi. Nello stesso periodo, l’FBI, insieme alle forze dell’ordine nei Paesi Bassi e in Italia, ha smantellato l’infrastruttura di Raccoon Stealer, cessandone temporaneamente le operazioni.

In seguito all’arresto dello sviluppatore, il gruppo criminale Raccoon Stealer ha annunciato la sospensione del suo lavoro, citando, in particolare, la morte di uno degli sviluppatori chiave durante gli eventi in Ucraina. Tuttavia, il malware ha ripreso più volte la sua attività, aggiungendo nuove funzionalità per rubare dati.

A febbraio 2024, Sokolovsky è stato estradato negli Stati Uniti, dove è stato accusato di frode, riciclaggio di denaro e furto d’identità. In precedenza aveva ammesso la sua colpevolezza e aveva accettato di pagare un risarcimento per un importo di almeno 910.844 dollari.

Secondo l’FBI, il malware collegato a Sokolovsky ha compromesso più di 52 milioni di account che sono stati utilizzati per ulteriori frodi, furti di identità e attacchi ransomware.

Dopo aver disattivato l’infrastruttura Raccoon Stealer nel 2022, l’FBI ha creato un sito Web in cui gli utenti potevano verificare se le loro informazioni erano state rubate da questo malware.

La storia di Raccoon Stealer dimostra come il crimine informatico possa lasciare una scia di distruzione diffusa non solo nello spazio digitale, ma anche nella vita delle persone reali. La condanna di Mark Sokolovsky non segna solo la fine delle sue attività di criminalità informatica, ma anche un segnale che la cooperazione internazionale nella lotta contro le minacce informatiche sta diventando sempre più efficace.

Tuttavia, la recrudescenza del malware dimostra che tali minacce non stanno scomparendo, ma stanno solo cambiando, richiedendo al mondo di essere ancora più vigili.

L'articolo Raccoon Stealer: La Fine di un’Operazione Criminale Digitale? proviene da il blog della sicurezza informatica.

In this era of cheap turn-key machines, the idea of actually building your own desktop 3D printer might seem odd to some. But if you’re looking for a challenge, and want to end up with a printer that legitimately sets itself apart from what they’re stocking on Amazon these days, then take a look at the Lemontron.

We’ve been keeping tabs on the development of this open source 3D printer for some time now, and just before Christmas, the files finally were released for anyone who wants to try putting one together themselves. There’s currently no formal kit available, but once you’ve printed out all the parts, there’s a very nice Bill of Materials you can find on the website which will tell you everything you need to complete the assembly — and critically — where you can get it.

The hotend and heated bed come from KB-3D, while the bulk of the rest of the components are sourced from AliExpress with a bit of DigiKey sprinkled in. There’s also a custom PCB you’ll want to pick up from your favorite board house. All told, building the Lemontron should cost you somewhat north of $400 USD. Of course, that assumes your time is free. But since you’re reading this on Hackaday, that probably a safe bet.

You can check out the video below for an expedited look at assembling the printer. It’s not a step-by-step guide exactly, but it should give you a good idea of what to expect before you commit to building the thing. It also provides a look at the design philosiphy behind the Lemontron, which largely eschews custom components and relies on off-the-shelf bits to tie all the printed parts together.

If you’re wondering were these upside-down 3D printers came from, the Lemontron is ultimately evolved from the Positron that we first covered back in 2021.

youtube.com/embed/n6l3GvkE4QU?…

hackaday.com/2024/12/26/open-s…

Il negozio online ufficiale dell’Agenzia spaziale europea (ESA) è stato violato. Nel sito è stato inserito del codice JavaScript, creando una falsa pagina di pagamento dell’ordine tramite Stripe.

Secondo i ricercatori di Sansec, lo script dannoso è apparso sul sito all’inizio di questa settimana. Raccoglieva le informazioni sui clienti, compresi i dettagli della carta di pagamento, forniti dagli utenti nella fase finale dell’acquisto.

Sansec ha informato i funzionari dell’ESA che il negozio era compromesso e poteva rappresentare una minaccia per i dipendenti dell’agenzia perché era integrato con i sistemi ESA. Il negozio attraverso il quale viene venduta la merce dell’ESA non è attualmente disponibile e si dice che sia “temporaneamente uscito dall’orbita” per aggiornamenti.

I ricercatori hanno notato che il dominio attraverso il quale sono trapelate le informazioni aveva lo stesso nome del negozio legittimo, ma si trovava in una zona di dominio diversa.

Pertanto, il negozio ufficiale dell’ESA si trova su esaspaceshop.com e gli hacker hanno utilizzato lo stesso nome nella zona .pics (esaspaceshop[.]pics).

Lo script degli aggressori conteneva codice HTML offuscato proveniente dall’SDK di Stripe, che caricava una pagina di pagamento falsa quando i clienti tentavano di completare un acquisto. Allo stesso tempo, la pagina falsa non sembrava affatto sospetta.

Come notato da Bleeping Computer, i rappresentanti dell’ESA hanno affermato che il negozio non è ospitato sull’infrastruttura dell’organizzazione, l’ESA non gestisce i dati in esso contenuti e non possiede la risorsa.

L'articolo ESA Space Shop “fuori orbita”: attacco hacker compromette i pagamenti online proviene da il blog della sicurezza informatica.

Phreesia, un’azienda specializzata in soluzioni SaaS per il settore sanitario, ha segnalato una fuga su larga scala di dati personali e medici. L’incidente ha colpito più di 910mila persone ed è avvenuto a causa dell’hacking della piattaforma affiliata ConnectOnCall nel maggio 2024.

ConnectOnCall, acquisito da Phreesia nell’ottobre 2023, è un servizio di telemedicina e una piattaforma per la gestione delle chiamate dei pazienti fuori orario con monitoraggio automatico delle comunicazioni. Secondo la società, l’accesso non autorizzato è durato quasi tre mesi, dal 16 febbraio al 12 maggio 2024.

Il problema è stato scoperto il 12 maggio, dopodiché ConnectOnCall ha condotto un’indagine interna e ha adottato misure per proteggere il sistema. Di conseguenza, è risultato che terzi hanno avuto accesso ai dati riservati contenuti nei messaggi scambiati tra pazienti e personale medico.

I dati trapelati includevano nomi, numeri di telefono, date di nascita e numeri medici dei pazienti. Potrebbero essere state divulgate anche informazioni su condizioni mediche, trattamenti prescritti e prescrizioni. In un numero limitato di casi, gli aggressori hanno avuto accesso ai numeri di previdenza sociale.

Dopo aver scoperto la violazione, Phreesia ha immediatamente informato le forze dell’ordine federali e ha incaricato esperti esterni di sicurezza informatica di condurre un’analisi dettagliata dell’incidente. La piattaforma ConnectOnCall è stata temporaneamente disabilitata e l’azienda ha iniziato a ripristinare il servizio in un ambiente più sicuro.

Secondo la dichiarazione, ConnectOnCall opera separatamente dagli altri prodotti Phreesia. L’azienda ha assicurato che altri servizi, inclusa la piattaforma per gli appuntamenti dei pazienti, non sono stati compromessi a seguito dell’hacking.

Phreesia ha consigliato alle vittime di prendere precauzioni e di segnalare attività sospette alle compagnie assicurative o agli istituti finanziari. Sebbene al momento non vi siano prove di uso improprio dei dati, la società ha chiesto una maggiore vigilanza.

Secondo le informazioni fornite al Dipartimento americano della salute e dei servizi umani, l’incidente ha colpito 914.138 persone. Phreesia ha sottolineato che stanno lavorando per ripristinare ConnectOnCall il più rapidamente possibile, comprendendo l’importanza del servizio per i clienti.

L'articolo Un Milione di Americani Hackerati! Dati medici e numeri di previdenza sociale online proviene da il blog della sicurezza informatica.

Il 20 dicembre, il nuovo sistema di intelligenza artificiale di OpenAI, o3, ha raggiunto un traguardo importante. Il modello ha ottenuto un punteggio dell’85% nel test di pensiero ARC-AGI, che è lo stesso del punteggio umano medio. Oltre a questo, eccelleva nei problemi di matematica complessi.

Il test ARC-AGI e la logica del campionamento

Fino ad ora, il miglior risultato tra sviluppi simili non ha superato il 55%. Molti ricercatori ritengono che o3 abbia compiuto un importante passo avanti verso l’intelligenza artificiale generale (AGI), anche se gli scettici dubitano ancora dell’importanza di questo risultato.

Qui è importante comprendere le caratteristiche del test ARC-AGI. L’indicatore principale in esso è “l’efficienza del campionamento”, ovvero la capacità di adattarsi alle nuove condizioni, avendo un minimo di esempi. In poche parole, il test determina quanti campioni di una nuova situazione sono necessari per comprenderne il funzionamento.

I modelli linguistici moderni come ChatGPT basati su GPT-4 non possono vantare un’elevata efficienza di campionamento. Durante l’allenamento, esaminano milioni di frammenti di testi umani e, sulla base di essi, ricavano le combinazioni di parole più probabili. Questo metodo aiuta a far fronte alle attività tipiche, ma fallisce in situazioni non standard, semplicemente perché non ci sono abbastanza esempi simili nel database.

Per ora, l’intelligenza artificiale può essere utilizzata solo dove i compiti vengono ripetuti o dove gli errori casuali non portano a conseguenze gravi. Il problema principale è che i modelli non sanno come apprendere rapidamente e adattarsi alle nuove circostanze.

E’ una questione di “generalizzazione”

La capacità di trovare soluzioni corrette a problemi non familiari sulla base di un insieme limitato di informazioni è chiamata generalizzazione da parte degli scienziati. Nella comunità scientifica questo tratto è considerato un segno necessario e fondamentale dell’intelligenza. L’ARC-AGI consiste in problemi a griglia di quadrati simili ai test del QI scolastico. Sullo schermo appaiono due immagini: lo schema iniziale e un esempio dello stato a cui dovrebbe arrivare dopo determinate manipolazioni. Il programma deve comprendere il modello di trasformazione dello stato iniziale nello stato finale.

Ogni attività viene fornita con tre esempi didattici. Dopo averli studiati, l’algoritmo deve derivare le regole e applicarle nella pratica. Questo approccio consente di verificare la rapidità con cui avviene l’adattamento.

Quando si ricercano modelli, è importante non fare supposizioni inutili o entrare in dettagli non necessari. In teoria, se si riescono a trovare le regole più semplici che siano sufficienti per una soluzione, il programma sarà in grado di adattarsi meglio alle nuove situazioni.

Le “regole semplici” di solito possono essere descritte con frasi brevi. Ad esempio, in un problema con una griglia di quadrati, la regola potrebbe essere: “La figura con la linea sporgente si sposterà fino alla fine di questa linea e coprirà tutte le figure sul suo percorso”.

Il modo esatto in cui funziona o3 è ancora sconosciuto, ma è improbabile che le sia stato specificamente insegnato a cercare “regole semplici”. OpenAI ha preso come base una versione generica del modello in grado di riflettere più a lungo su questioni complesse, quindi l’ha addestrata ulteriormente per superare il test ARC-AGI.

O3 lavora attraverso catene di ragionamento

Il ricercatore francese sull’intelligenza artificiale Francois Chollet, che ha creato il test, suggerisce che o3 itera attraverso diverse “catene di ragionamento”, ovvero sequenze di passaggi per raggiungere un obiettivo. Quindi l’opzione migliore viene selezionata in base a determinati suggerimenti sulle regole.

Tuttavia, è troppo presto per dire quanto questo ci avvicini alla creazione dell’AGI. I meccanismi di base per lavorare con la lingua potrebbero rimanere gli stessi, solo che ora sono adattati in modo più efficace per risolvere un tipo specifico di problema.

OpenAI mantiene segrete quasi tutte le informazioni sul suo sviluppo. L’azienda si è limitata ad alcune presentazioni mediatiche e ha permesso che o3 venisse testato solo da alcuni ricercatori, laboratori e organizzazioni che lavorano sulla sicurezza dell’IA.

L'articolo OpenAI O3 Batte Tutti I Record! Un passo avanti verso l’AGI? proviene da il blog della sicurezza informatica.

This one isn’t clickbait, but it is cheating. [Brian Haidet], the guy behind Alpha Phoenix, has managed to assemble movie footage of a laser beam crossing his garage, using a rig he put together for just a few hundred dollars. How, you ask? Well, for the long version, you’re going to want to watch the video, also embedded below. But we’ll give you the short version here.

Light travels about a foot in a nanosecond. What have you got that measures signals on a nanosecond scale pretty reliably? Of course, it’s your oscilloscope. The rest of [Brian]’s setup includes a laser that can pull off nanosecond pulses, a sensor with a nanosecond-ish rise time, and optics that collect the light over a very small field of view.

He then scans the effective “pinhole” across his garage, emitting a laser pulse and recording the brightness over time on the oscilloscope for each position. Repeating this many thousands of times and putting them all together relative to the beginning of each laser pulse results in a composite movie with the brightness at each location resolved accurately enough to watch the light beam fly. Or to watch different time-slices of thousands of beams fly, but as long as they’re all the same, there’s no real difference.

Of course, this isn’t simple. The laser driver needs to push many amps to get a fast enough rise time, and the only sensor that’s fast enough to not smear the signal is a photomultiplier tube. But persistence pays off, and the results are pretty incredible for something that you could actually do in your garage.

Photomultiplier tubes are pretty damn cool, and can not only detect very short light events, but also very weak ones, down to a single photon. Indeed, they’re cool enough that if you get yourself a few hundred thousand of them and put them in a dark place, you’re on your way to a neutrino detector.

youtube.com/embed/IaXdSGkh8Ww?…

hackaday.com/2024/12/25/taking…

It’s really never too early (or too late) to learn time management. All joking aside, carefully managing one’s time can result in some really wondrous achievements. So it’s best to learn early, when most of your time is spent generally having fun.

Let’s say you’ve just heard you have five minutes left to play, but what does that mean if you’re three years old? Not much, unless you have some visual cues to go by. That’s the idea behind [Julius Curt]’s visual timer for toddlers.

This lovely reverse progress bar uses a Wemos D1 mini to control a strip of six WS2812B LEDs at 30 LEDs/meter density. There’s a small OLED display for literate users, and the whole thing is childproof. [Julius] challenged himself to do this entire project in one day, and ended up finishing it in a little over eight hours total, including time to design the way cool knob. Be sure to check out the build video below.

If you struggle with managing your time, check out our own [Arya Voronova]’s personal account.

youtube.com/embed/89R0h5ajl-4?…

hackaday.com/2024/12/25/time-m…

Over the last few decades, electronic devices have drastically changed. Radios that once had point-to-point wiring gave way to printed circuit boards with through-hole parts, and now microscopic surface mount devices are the norm. But most of us still use probes that would have been just fine for a 1940s receiver. There are other options, of course. Among other things, you can now buy meters that have built-in tweezer probes. While not the first, the FNIRSI LCR-ST1 are affordable, and [TheHWcave] puts them to the test in the video below.

The tweezers come with two different pointy ends. It is more or less one of those testers that can identify and measure various components. Instead of the customary socket, this one has tweezer ends and, perhaps, a few extra functions.

The device can use several different voltages and frequencies while actively probing. Comparing some readings to a few other meters showed a bit of error, although nothing too drastic. The inductance reading of a very small inductor at 1 kHz was, however, too unstable to be useful.

The only downsides noted were that the probes could be a bit sharper for fine PCB work, and the display doesn’t rotate for left-handed operation. Both of those are probably fixable with a file and a firmware update. Overall, it looks like a reasonable low-cost tool.

Tools like this have been around for a while, but often at a higher cost. There are plenty of sophisticated test probes if you ever decide to look for them.

youtube.com/embed/JCvhzcUIRnc?…

hackaday.com/2024/12/25/tweeze…

Da quando una persona ha usato per errore il mio indirizzo @gmail per iscriversi a #Duolingo, ricevo decine di email che dovrebbero essere "motivanti" per non mollare il corso di lingue e riprendere le lezioni. Evidentemente Duolingo permette di usare il servizio senza prima validare l'indirizzo email, che è già un problema non da poco.

Ancora peggio, non riesco a spegnere queste email automatizzate perché quando clicco su "Unsubscribe" mi porta su una finestra dove vengo informato che non esiste un account legato al mio indirizzo email.

Ma il capolavoro è accaduto oggi, Natale 2024: ho ricevuto l'ennesima email motivazionale da Duolingo con
Oggetto: Duo sa leggere tra le righe
Testo: I promemoria insistenti di Duo non sembrano funzionare. Non te ne invierà più... per ora.

Infastidito, provo nuovamente a cliccare su Unsubscribe, dove scopro che il tono passivo/aggressivo era una precisa scelta di #marketing. Mah!

Despite the latest and greatest Intel-derived computers having multi-core 64-bit processors and unimaginably fast peripherals, at heart they all still retain a compatibility that goes back to the original 8086. This means that they can, in theory at least, still run MS-DOS. The venerable Microsoft 16-bit OS may now be long discontinued, but there is still enough need for DOS that the open-source FreeDOS remains in active development. The Register are here to remind us that there’s another open-source DOS on the block, and that it has a surprising history.

SvarDOS is an open source DOS distribution, and it’s interesting because it uses a derivative of the DR-DOS kernel, an OS which traces its roots back to Digital Research’s CP/M operating system of the 1970s. This found its way briefly into the open source domain courtesy of the notorious Caldera Inc back in the 1990s, and has continued to receive some development effort ever since. As the Reg notes, it has something FreeDOS lacks, the ability to run Windows 3.1 should you ever feel the need. They take it for a spin in the linked article, should you be curious.

It’s something which has surprised us over the years, that aside from the world of retrocomputing we still occasionally find FreeDOS being distributed, usually alongside some kind of hardware maintenance software. Even four decades or more later, it’s still of value to have the simplest of PC operating systems to hand.

It’s worth pointing out that there’s a third open-source DOS in the wild, as back in April Microsoft released MS-DOS version 4 source code. But as anyone who used it will tell you, that version was hardly the pick of the bunch.

Header: Ivan Radic, CC BY 2.0.

hackaday.com/2024/12/25/when-i…

Christmas: a good time to broach a topic of hope. We’re talking Esperanto. This language that spurred the hope it one day could hack the barriers between people, eliminating war and miscommunication. The video below unpacks the history of this linguistic marvel. Esperanto was a constructed language dreamed up in 1887 by Ludwik Zamenhof, a Polish-Russian eye doctor with a knack for linguistics and great ideals. If you’re a little into linguistics yourself, you’ll sure know the name stems from the Latin esperi: to hope.

Inspired by the chaos of multilingual strife in his hometown, Zamenhof created Esperanto to unite humanity under a single, simple, easy-to-learn tongue. With just 16 grammar rules, modular word-building, and no pesky exceptions — looking at you, English — Esperanto was a linguistic hack ahead of its time.

But Esperanto wasn’t just a novelty—it almost became the lingua franca of diplomacy. In 1920, Iran proposed Esperanto as the official language of the League of Nations, but the French vetoed it, fearing their language’s global dominance was at risk. From there, Esperanto’s journey took a darker turn as both Nazi Germany and Stalinist Russia persecuted its speakers. Despite this, Esperanto persisted, surfacing in quirky corners of culture, from William Shatner’s Esperanto-only horror film Incubus to its inclusion on NASA’s Voyager Golden Record.

Fast-forward to the digital age: Esperanto is thriving on online learning platforms, where over a million learners explore its minimalist elegance. It appears at places in various editions of Grand Theft Auto. It has even inspired modern makers to create new constructed languages, like Loglan, Toki Pona, and even Klingon. Could Esperanto—or any reimagined language—rise again to unite us? For curious minds, watch the video here.

youtube.com/embed/mcX1OF7fEas?…

hackaday.com/2024/12/25/espera…