For a lot of us, soldering just seems to come naturally. But if we’re being honest, none of us was born with a soldering iron in our hand — ouch! — and if we’re good at soldering now, it’s only thanks to good habits and long practice. But what if you’re a company that lives and dies by the quality of the solder joints your employees produce? How do you get them to embrace the dark art of soldering?
If you’re Tektronix in the late 1970s and early 1980s, the answer is simple: make in-depth training videos that teach people to solder the Tek way. The first video below, from 1977, is aimed at workers on the assembly line and as such concentrates mainly on the practical aspects of making solid solder joints on PCBs and mainly with through-hole components. The video does have a bit of theory on soldering chemistry and the difference between eutectic alloys and other tin-lead mixes, as well as a little about the proper use of silver-bearing solders. But most of the time is spent discussing the primary tool of the trade: the iron. Even though the film is dated and looks like a multi-generation dupe from VHS, it still has a lot of valuable tips; we’ve been soldering for decades and somehow never realized that cleaning a tip on a wet sponge is so effective because the sudden temperature change helps release oxides and burned flux. The more you know.
The second video below is aimed more at the Tek repair and rework technicians. It reiterates a lot of the material from the first video, but then veers off into repair-specific topics, like effective desoldering. Pro tip: Don’t use the “Heat and Shake” method of desoldering, and wear those safety glasses. There’s also a lot of detail on how to avoid damaging the PCB during repairs, and how to fix them if you do manage to lift a trace. They put a fair amount of emphasis on the importance of making repairs look good, especially with bodge wires, which should be placed on the back of the board so they’re not so obvious. It makes sense; Tek boards from the era are works of art, and you don’t want to mess with that.
If you read Japanese, you might have seen the book “Design and Implementation of Microkernels” by [Nu Tian Sheng]. An appendix covers how to write your own operating system for RISC-V in about 1,000 lines of code. Don’t speak Japanese? An English version is available free on the Web and on GitHub.
The author points out that the original Linux kernel wasn’t much bigger (about 8,500 lines). The OS allows for paging, multitasking, a file system, and exception handling. It doesn’t implement interrupt handling, timers, inter-process communication, or handling of multiple processors. But that leaves you with something to do!
The online book covers everything from booting using OpenSBI to building a command line shell. Honestly, we’d have been happier with some interrupt scheme and any sort of crude way to communicate and synchronize across processes, but the 1,000 line limit is draconian.
Since the project uses QEMU as an emulation layer, you don’t even need any special hardware to get started. Truthfully, you probably won’t want to use this for a production project, but for getting a detailed understanding of operating systems or RISC-V programming, it is well worth a look.
Diverse metodologie aiutano a garantire la sicurezza dell'IA. Ecco un approccio olistico alla valutazione dei LLM applicati ai sistemi critici che va oltre la precisione
Una nuova campagna malevola del malware Vidar sta prendendo di mira gli utenti italiani sfruttando caselle PEC compromesse e nuove tecniche di offuscamento per bypassare i sistemi di controllo. Ecco tutti i dettagli e le raccomandazioni per mitigare il rischio
La costellazione di satelliti in orbita bassa gestita da SpaceX rappresenta un sistema innovativo, ma il confronto con altre tecnologie terrestri e marittime richiede un'analisi approfondita in termini di sicurezza, resilienza e funzionalità. L'elemento di sicurezza rappresenta, però, una questione delicata
La Corte UE dei diritti dell'uomo sulla protezione dei dati personali fa il punto dopo il caso dell'accesso abusivo al sistema informatico fiscale italiano, noto come "Serpico", che ha innescato l'iter giudiziario che ha coinvolto autorità nazionali e istituzioni UE. Ecco cosa emerge dalla pronuncia sull'illecito italiano, a partire dal ruolo centrale del Garante Privacy
L'aspetto interessante di questa cyber minaccia è che FireScam per Android utilizza come "cavallo di Troia" una finta applicazione Telegram che, come prima azione, ruba le credenziali della piattaforma d'instant messaging dell'utente. Ecco come mitigare il rischio
L’uso in azienda dell’intelligenza artificiale al di fuori di processi autorizzati espone le organizzazioni a rischi di sicurezza: ecco come limitare i pericoli del fenomeno shadow AI
Come ogni anno, la Polizia Postale del dipartimento sulla sicurezza cibernetica ha diffuso il report annuale che fotografa la lotta al cybercrime. Uno spaccato del 2024 a tratti preoccupante. Eccone i dati che ci ricordano l’importanza di adottare azioni efficaci di difesa
L'importanza di Privacy Badger consiste nell'affrontare una delle sfide più pressanti dell'era digitale: il tracciamento pervasivo delle attività online. Un tracciamento che non solo lede la privacy, ma può anche portare a discriminazioni, manipolazione del comportamento e potenziali violazioni della sicurezza. Ecco a cosa serve questa estensione del browser e perché è cruciale
@Informatica (Italy e non Italy 😁) L'aspetto interessante di questa cyber minaccia è che FireScam per Android utilizza come "cavallo di Troia" una finta applicazione Telegram che, come prima azione, ruba le credenziali della piattaforma d'instant messaging dell'utente.
@Informatica (Italy e non Italy 😁) Un annuncio criminale parla dell'esposizione online di 5,5 milioni di dati di clienti dalla struttura Infocert. L'origine potrebbe essere una vulnerabilità di un sistema di assistenza mediante ticketing online L'articolo
Bluesky rumoured to be valued at 700M USD, adds Trending Topics, Graze talks about how to monetise custom feeds, and a persistent bot problem on Bluesky.
The year has only just started, and already the owners of the current Big Tech social networks have made it abundantly clear why open social networks matter. While it was never really true that networks, such as Twitter, were neutral platforms, we could at least collectively agree to that polite fiction. But in 2025, social networks are political, and have political alignments. Over the holidays I’ve taken some time away from all of my socials, and it’s been nice to have some space for reflection. Two articles came out this week that touch on some of my thoughts. The first is Henry Farrell’s ‘We’re getting the social media crisis wrong’, in which Farrell says: “The fundamental problem, as I see it, is not that social media misinforms individuals about what is true or untrue but that it creates publics with malformed collective understandings.” He takes the perspective of information and how it shapes beliefs, but his core observation is powerful and worth repeating. In effect, social media is a tool of collective sense-making. We have let a few tech billionaires control our tools that we globally use to collectively make sense of the world, and it turns out that has some negative consequences, to put it mildly.
This is why I care about social networks, because they are one of the main tools that we use in 2025 to come to a collective understanding of how the world works. I think that it is bad that these extraordinary powerful tools are in the hands of a few fascist billionaires, allowing them unprecedented control over how society sees and understands the world. The value of open social networks is in creating new forms of governance for our collective sense making tools.
Bluesky Won’t Save Us by Katharina Alejandra Cross touches on more of the risks that having access to collective sense making tools bring, as well as the issues that Bluesky has to truly be a different place. I agree with all the major points here: Being on X is a severe risk for many reasons, but a major one is that it warps your perspective of collective thought, shaped by a fascist billionaire. Bluesky has struggled to adapt to what it wants to be exactly, and while it is clearly a much better place than X, it has not yet provided a good answer to the tension between building a safe (centralised) platform and a decentralised open protocol. Cross writes: “Our best hope, then, is that Bluesky acts as a halfway house—most especially for politicians, journalists, academics, influencers, and other people who clearly spend way too much time online to their detriment.” I also hope that Bluesky acts as a halfway house, although maybe in a slightly different way than Cross is talking about here. I think we need to invent new types of social networks that better serve their role as collective tools for sense-making. Bluesky is a good step in the right direction, but I think we can do more than ‘decentralised microblogging’. ATProto can provide a powerful substrate for people to experiment on with new forms of social networking, and I’m excited to see what 2025 will bring for that.
The News
Business Insider reports that Bluesky is now valued at 700 million USD, and that they are close to finishing another funding round, this time led by Bain Capital Ventures. It is not known how much money Bluesky would raise in this new round. The previous funding round, the series A, was led by Blockchain Capital for 15 million, just barely 3 months ago. The series A did not provide a valuation for Bluesky. The series A also was just before the massive inflow of new users following the results of the US election, and Bluesky has doubled its user base in the 3 months since, from 13 million to 26 million. The new inflow of users also led to significant extra costs for Bluesky, which quadrupled its moderation team from 25 to 100 people, as well as the additional technical costs that comes with the growing user base. Bluesky got critiqued during the previous funding round for Blockchain Capital’s ties with cryptocurrency. In Blockchain Capital’s investment thesis they describe investing in a ‘vision of social infrastructure’ more than investing into a specific product. Crypto-themed VC funds tend to be more open to investing into lower-level internet infrastructure. Bain Capital Ventures seems to be a more generic VC fund: it does not have the connections to crypto that a significant part of the Bluesky user base finds noxious, but does not have a clear indication of a willingness to invest in social infrastructure over products either.
Bluesky has recently added Trending Topics as a new feature to their app. When you hit search on the app, you’ll now see a list of the most talked about topics. The feature is also visible in the Discover feed. Trending Topics has been a long-requested feature, and especially the Brazilian community was asking for it a lot during their time on Bluesky in fall 2024. The technological underpinning of how Trending Topics work on Bluesky is noteworthy: every trending topic is a custom feed. Every time a new topic is trending, a new custom feed gets created, giving the team better control over the topic. It also allows for new possibilities that have not yet been explored, such as archiving and documenting feeds after the trend is over, or other options that have not yet been explored. One of the more interesting trends on Bluesky is the emergence of (some) custom feeds as digital places, with Blacksky as the most notable example. I am interested in seeing how Trending Topics also being custom feeds interacts with that dynamic.
Graze is a tool for people to create their own custom feeds on ATProto. It has an extensive feature set allowing for a great amount of customisability, complex logic and the ability to moderate content that appears in a feed. Graze recently published their plans for monetisation. Graze says that the project is experiencing explosive growth, and is escalating quickly from a small gamble, with the tool now serving over 170k unique people every day. Graze expects that they can host 90-95% of custom feeds for free, and view it as a priority to keep making feeds as accessible as possible. Operating the infrastructure for custom feeds is not free however, and Graze plans to make money as follows: they will allow feed operators to run sponsored posts in their Graze feeds, at a cost specified by the feed operator. Feed operators are free to run their own sponsored content or find their own sponsors. If feed operators decide to monetise their custom feed, Graze will take a cut of the transaction. Graze has not specified yet how that transaction cost will be determined.
Bluesky has seen a large increase in the number of bot and spam accounts in recent weeks. There are roughly three groups of bots active: porn and romance scams, inauthentic accounts posing as Democratic defenders, content farms, and Russian disinformationnetworks. The Bluesky team has finally managed to crack down on the current spam wave. As spam is an eternal cat-and-mouse game between spammers and moderation, the reprieve is likely temporarily however. The spam has significant impact on how community moderation functions, as the tools that are available are not up to the task of handling such a massive inflow of reports. More automod functions are needed for community labeling projects to deal with the spam.
The Analysis
There are multiple connections between these four different news stories. Early in 2024, Bluesky CEO Jay Graber gave an interview with The Verge, in which she talked about potential ways for Bluesky to make money. She described the idea of marketplaces that Bluesky could operate, such as marketplaces for algorithms. While she did not go into much detail on this, the basic idea seemed to be that people could create valuable systems (algorithms, moderation layers, custom feeds) and sell access to those systems to other people. Bluesky could then potentially operate these marketplaces, take a cut of every transaction as payment for providing the infrastructure, and make money this way. What we are seeing now with Graze is some version of this idea: Graze provides a marketplace for custom feed operators to put sponsored content in their feed, and Graze takes a cut of every transaction as payment for operating the infrastructure. It shows the interesting challenge for Bluesky PBC that is ahead: in an open system it is not actually guaranteed to be the first one to build marketplaces and become the default/largest operator of such a marketplace. If the potential is high enough, other organisations might just get there first.
There has been a lot of conversation about whether or not Bluesky will have advertisement in the future. The large majority of these conversations, and even remarks by Bluesky CEO Graber herself, imply a direct connection between people seeing advertisement when they open the Bluesky app, and the actions of Bluesky PBC. People assume that if they were to see ads on Bluesky, that is because Bluesky PBC put those ads there. The plans by Graze however show that this assumption is not always correct. In the near future, any ads people will see on the Bluesky app will likely be outside of the control of Bluesky PBC. Instead, the trend is towards ads being connected to the community/place/feed that shows the advertisement. I think this has a lot of implications for how we conceptualise advertisements on social networks that are hard to fully grasp right now, but certainly something I’m keeping an eye on.
One factor that has contributed to the bot spam in recent weeks is the inflow of a specific type of accounts, often called resistlibs in a derogatory manner. This is a group of people who identify as Democrat, and want to resist the Trump presidency by being active on social media. A defining characteristic is that they tend to engage in follow-back campaigns such as the ‘NoDemocratUnder1k‘ hashtag, where they follow all accounts that have that hashtag. Using Starter Packs this group can very quickly build up accounts that are followed and follow tens of thousands of people. This behaviour is easily hijacked by bad actors however, it is easy for spam networks to make accounts that look similar to resistlibs. Following Starter Packs, participating in follow-back culture and using the right hashtags makes it particularly easy for spam networks or other bad actors to build up large accounts on Bluesky. This has contributed to the influx of spam and bots on Bluesky recently, although it is far from the only factor.
Editors note: I’m experimenting with alternating the weekly newsletters with prioritising Bluesky and prioritising ATProto. I’ve found that especially ATProto tech needs more context. If you are an ATProto dev, here are some interesting tech to check out. And if you are not, next week I’ll give some more context on what is happening in the wider ATmosphere
Recipes.blue is a recipe manager build on ATProto.
Plonk.li is a pastebin clone that stores your pastes in your PDS, and shows a timeline of all pastes.
Atpaste is another pastebin clone, that ties in with ATFile by using the same lexicon.
Uksnowmap uses hashtags to display an interactive map of the UK to display where it is showing. The tool has been around for a while, and has now fully transitioned from Twitter to Bluesky.
BlueskyTimeline allows you to embed a Bluesky timeline on your site.
That’s all for this week, thanks for reading! You can subscribe to my newsletter to receive the weekly updates directly in your inbox below, and follow this blog @fediversereport.com and my personal account @laurenshof.online.
@Informatica (Italy e non Italy 😁) La costellazione di satelliti in orbita bassa gestita da SpaceX rappresenta un sistema innovativo, ma il confronto con altre tecnologie terrestri e marittime richiede un'analisi approfondita in termini di sicurezza, resilienza e
@Informatica (Italy e non Italy 😁) L’uso in azienda dell’intelligenza artificiale al di fuori di processi autorizzati espone le organizzazioni a rischi di sicurezza: ecco come limitare i pericoli del fenomeno shadow AI L'articolo Shadow AI, i rischi per le aziende: perché serve una strategia proviene da Cyber Security
@Informatica (Italy e non Italy 😁) La costellazione di satelliti in orbita bassa gestita da SpaceX rappresenta un sistema innovativo, ma il confronto con altre tecnologie terrestri e marittime richiede un'analisi approfondita in termini di sicurezza, resilienza e
@Informatica (Italy e non Italy 😁) La Corte UE dei diritti dell'uomo sulla protezione dei dati personali fa il punto dopo il caso dell'accesso abusivo al sistema informatico fiscale italiano, noto come "Serpico", che ha innescato l'iter giudiziario
@Informatica (Italy e non Italy 😁) Diverse metodologie aiutano a garantire la sicurezza dell'IA. Ecco un approccio olistico alla valutazione dei LLM applicati ai sistemi critici che va oltre la precisione L'articolo Le proprietà dei LLM applicati ai sistemi
Le persone che supervisionano la sicurezza del browser Chrome di Google proibiscono esplicitamente agli sviluppatori di estensioni di terze parti di provare a manipolare il modo in cui le estensioni del browser che inviano vengono presentate nel Chrome Web Store . La politica richiama specificamente le tecniche di manipolazione della ricerca come l'elencazione di più estensioni che forniscono la stessa esperienza o l'aggiunta di parole chiave vagamente correlate o non correlate alle descrizioni delle estensioni.
Mercoledì, il ricercatore di sicurezza e privacy Wladimir Palant ha rivelato che gli sviluppatori stanno palesemente violando quei termini in centinaia di estensioni attualmente disponibili per il download da Google. Di conseguenza, le ricerche di un termine o di termini specifici possono restituire estensioni non correlate, imitazioni di qualità inferiore o svolgere attività abusive come la monetizzazione occulta delle ricerche web, cosa che Google proibisce espressamente.
@Informatica (Italy e non Italy 😁) Vediamo nel dettaglio cosa è stato fatto e cosa resta da fare per la crescita delle competenze nazionali di cyber security implementate dall'ACN L'articolo Sviluppo delle capacità cyber dell’Italia. A che punto siamo proviene da Cyber Security 360.
@Informatica (Italy e non Italy 😁) Come ogni anno, la Polizia Postale del dipartimento sulla sicurezza cibernetica ha diffuso il report annuale che fotografa la lotta al cybercrime. Uno spaccato del 2024 a tratti preoccupante. Eccone i dati che ci
@Informatica (Italy e non Italy 😁) L'importanza di Privacy Badger consiste nell'affrontare una delle sfide più pressanti dell'era digitale: il tracciamento pervasivo delle attività online. Un tracciamento che non solo lede la privacy, ma può anche portare a discriminazioni, manipolazione
@Informatica (Italy e non Italy 😁) Una nuova campagna malevola del malware Vidar sta prendendo di mira gli utenti italiani sfruttando caselle PEC compromesse e nuove tecniche di offuscamento per bypassare i sistemi di controllo. Ecco tutti i dettagli e le raccomandazioni per mitigare il rischio
@Notizie dall'Italia e dal mondo Il movimento sciita e i suoi alleati, sotto pressione in Libano e a causa degli sconvolgimenti regionali, hanno dovuto accettare l'elezione a capo dello Stato del comandante delle forze armate sostenuto dagli Usa L'articolo LIBANO. Joseph Aoun presidente, anche con i
Da sola, Lockheed Martin fattura poco meno dell’intera industria europea della Difesa. Questo è quanto emerge da un report realizzato dagli analisti del Parlamento europeo. Che l’Europa sia indietro per quanto riguarda la Difesa non è un mistero,
Gli hacker stanno sfruttando attivamente la vulnerabilità CVE-2024-52875 scoperta in GFI KerioControl, un firewall per le piccole e medie imprese. Questa vulnerabilità critica CRLF Injection consente l‘esecuzione di codice remoto con un solo clic.
GFI KerioControl è una soluzione di sicurezza di rete tutto in uno che combina funzionalità firewall, VPN, gestione del traffico, antivirus e prevenzione delle intrusioni. La vulnerabilità, che colpisce le versioni 9.2.5-9.4.5, è dovuta alla gestione errata dei caratteri di avanzamento riga (LF) nel parametro “dest”, che apre la possibilità di manipolazione delle intestazioni e delle risposte HTTP.
Il 16 dicembre 2024, il ricercatore di sicurezza Egidio Romano (EgiX) ha pubblicato una descrizione dettagliata di del CVE-2024-52875. Ha mostrato come un problema inizialmente valutato come di basso livello potesse portare all’esecuzione di codice tramite risposte HTTP vulnerabili. Il JavaScript dannoso inserito nelle risposte può rubare cookie e token CSRF.
Utilizzando token di amministrazione rubati, gli aggressori possono scaricare file IMG dannosi contenenti script con diritti di root. Ciò consente di attivare la shell inversa tramite la funzionalità di aggiornamento di Kerio.
L’8 gennaio, la piattaforma di monitoraggio delle minacce Greynoise ha rilevato tentativi di sfruttamento di CVE-2024-52875 da quattro diversi indirizzi IP. Queste azioni sono considerate dannose e sono associate ad attacchi piuttosto che ad attività di ricerca.
Secondo Censys, online esistono 23.862 istanze ad accesso aperto di KerioControl, ma non si sa quante di esse siano vulnerabili.
GFI Software ha rilasciato la versione 9.4.5 Patch 1 per risolvere il problema. Si consiglia agli utenti di installare immediatamente la patch. Come misura temporanea, si consiglia di limitare l’accesso all’interfaccia web di gestione del firewall solo agli indirizzi IP attendibili, bloccare le pagine “/admin” e “/noauth” e ridurre i tempi di sessione per migliorare la sicurezza.
Il framework di riferimento per l'architettura EUDI (ARF) è basato sulla specifica eIDAS2 e il suo atto di attuazione è stato recentemente approvato dai rappresentanti degli stati membri dell'UE. La Commissione europea ne ha appena ratificato l'adozione. La motivazione alla base dell'EUDI è quella di raggiungere un'autonomia strategica per i nostri servizi pubblici e sociali, ma la sua realizzazione va nella direzione opposta, mettendo di fatto nelle mani dei produttori di sistemi operativi mobili i principali canali di interazione con le istituzioni che governano la nostra società.
The problems in the European Digital Identity (EUDI)
@jaromil's independent feedback on the dangers of the current #EUDI implementation. What it should be, and the issues it has regarding Fairness, Privacy, Security, Scalability, Obsolescence and Methodology.
EUDI as is today presents big problems and disregards criticism, warnings, and requests to review technical details, with results that harm the fairness of the system and the privacy of its participants, also limiting infrastructure security and scal…
Google's AI search feature is telling people searching for answers about using vibrating sex toys during pregnancy that they should consider it for counseling children, instead.
Googlex27;s AI search feature is telling people searching for answers about using vibrating sex toys during pregnancy that they should consider it for counseling children, instead.#Google #AI #aioverview
Google's AI search feature is telling people searching for answers about using vibrating sex toys during pregnancy that they should consider it for counseling children, instead.
