There comes a time in any software developer’s life when they look at their achievements, the lines of code written and the programming languages they have relied on, before wondering whether there may be more out there. A programming language and its associated toolchains begin to feel like familiar, well-used tools after you use them for years, but that is no excuse to remain rusted in place.

While some developers like to zigzag from one language and toolset to another, others are more conservative. My own journey took me from a childhood with QuickBasic and VisualBasic to C++ with a bit of Java, PHP, JavaScript, D and others along the way. Although I have now for years focused on C++, I’m currently getting the hang of Ada in particular, both of which tickle my inner developer in different ways.

Although Java and D never quite reached their lofty promises, there are always new languages to investigate, with both Rust and Zig in particular getting a lot of attention these days. Might they be the salvation that was promised to us C-afflicted developers, and do they make you want to zigzag or ferrously oxidize?

Solving Problems

As hilarious it is to make new programming languages for the fun of it, there has to be some purpose to them if they want to be more than a gag. That’s why Whitespace and Brainf*ck are great for having some (educational) fun with, while Forth is a serious and very much commercially successful language. Meanwhile there’s still an ongoing debate about whether Python may or may not be an esoteric language, mostly on account of it granting whitespace so much relevance that would make the Whitespace developers proud.

This contrasts heavily with languages like C and consequently C++ where whitespace is not relevant and you can write everything on a single line if that’s your kink. Meanwhile in Ada, COBOL and others case sensitivity doesn’t exist, because their developers failed to see the point of adding this ‘feature’. This leads us to another distinguishing feature of languages: weakly- versus strongly-typed and super-strongly typed languages.

If one accepts that a type system is there to prevent errors, then logically the stronger the type system is, the better. This is one reason why I personally prefer TypeScript over JavaScript, why Java reflection and Objective-C messaging drove me up various walls, why my favorite scripting language is AngelScript, why I love the type system in Ada and also why I loathe whoever approved using the auto keyword in C++ outside of templates.

With those lines marked, let’s see what problems Rust and Zig will solve for me.

Getting Ziggy

The Zig language is pretty new, having only been released in early 2016. This makes it four years younger than Rust, while also claiming to be a ‘better C’. Much of this is supposed to come from ‘improved memory safety’, which is a topic that I have addressed previously, both in the context of another ‘improved C’ language called TrapC, as well as from a security red herring point of view. Here again having a very strong type system is crucial, as this allows for the compiler as well as static and dynamic analysis tools to pick up any issues.

There is also the wrinkle that C++ is already an improved C, and the C11 standard in particular addresses a lot of undefined behavior, which makes it a pretty tall order to do better than either. Fortunately Zig claims to be a practically drop-in solution for existing C and C++ code, so it should be pretty gentle to get started with.

Unfortunately, this is the part where things rapidly fell apart for me. I had the idea to quickly put together a crude port of my ncurses-based UE1 emulator project, but the first surprise came after installing the toolchain. My default development environment on Windows is the Linux-like MSYS2 environment, with the Zig toolchain available via pacman.

A feeling of dread began to set in while glancing at the Getting Started page, but I figured that I’d throw together a quick ncurses project based on some two-year old code that someone said had worked for them:
const std = @import("std");
const c = @cImport({
@cInclude("curses.h");
});

pub fn main() !void {
var e = c.initscr();
e = c.printw("Hello World !!!");
e = c.refresh();
e = c.getch();
e = c.endwin();
}
Despite the symbol soup and chronic fear of fully writing out English words, it’s not too hard to understand what this code is supposed to do. The @cImport() block allows you to include C headers, which in this case allows us to import the standard ncurses header, requiring us to only link against the system ncurses library later on. What’s not inspiring much confidence is that it’s clear at this point already that Zig is a weakly-typed language, bringing back highly unwanted embedded JavaScript flashbacks.

While prodding at writing a standard Makefile to compile this code, the reality of the Zig build system began to hit. You can only use the zig command, which requires a special build file written in Zig, so you have to compile Zig to compile Zig, instead of using Make, CMake, Ninja, meson, etc. as is typical. Worse is that Zig’s API is being changed constantly, so that the sample build.zig code that I had copied no longer worked and had to be updated to get the following:
const std = @import("std");

pub fn build(b: *std.Build) void {
const target = b.standardTargetOptions(.{});
const optimize = b.standardOptimizeOption(.{});
const exe = b.addExecutable(.{
.name = "ncurses",
.root_source_file = b.path("main.zig"),
.target = target,
.optimize = optimize,
});

exe.linkSystemLibrary("c");
exe.linkSystemLibrary("ncurses");
b.installArtifact(exe);
}
With this change in place, I no longer got compile errors for the build file, but even after deleting the .zig-cache folder that the toolchain creates I kept getting the same linker errors:

While I’m sure that all of this is solvable, I was looking for a solution to my problems, not to get new problems. Instead I got a lack of strong typing, an oddly verbose syntax, ever-shifting APIs, being strong-armed into giving up the build tools of one’s choosing and finally some weird linker errors that probably require constant nuking of caches as one has to already suffer through with CMake and Gradle.

It is time to zigzag out of dodge to the next language.

Rusted Expectations

As mentioned earlier, Rust is a few years older than Zig, and in addition it has seen a lot more support from developers and companies. Its vibrant community is sure to remind you of these facts at any opportunity they get, along with how Rust cures all ills. Ignoring the obvious memory safety red herring, what problems can Rust solve for us?

Following the same pattern as with Zig, we first have to set up a development environment with the Rust toolchain and the ability to use ncurses. Unlike with Zig, we apparently cannot use C (or C++) code directly, so the recommendation is to use a wrapper. From its code we can worryingly tell that it is also a weakly-typed language by the use of type inference, and the fact that the unsafe keyword is required to cooperate with C interfaces gives even great cause for concern. Ideally you’d not do the equivalent of hammering in raw assembly when writing C either, as this bypasses so many checks.

Regardless, the task is to figure out how to use this ncurses-rs wrapper, despite it already being EOL-ed. Rather than dealing with this ‘cargo’ remote repository utility and reliving traumatic memories of remote artefact repositories with NodeJS, Java, etc., we’ll just copy the .rs files of the wrapper directly into the source folder of the project. It’s generally preferred to have dependencies in the source tree for security reasons unless you have some level of guarantee that the remote source will be available and always trustworthy.

Although you can use the rustc compiler directly, it provides an extremely limited interface compared to e.g. Clang and GCC. After trying to understand and massage dependency paths for the included files (modules) for a while, the sad result is always another fresh series of errors, like:
The frustrating end to trying out Rust.
At this point any enthusiasm for doing more with Rust has already rapidly oxidized and decayed into sad shards of ferrous oxide.

Workflow Expectations

Most of my exposure to Rust and Zig prior to this experience had been from a theoretical and highly academical perspective, but actually trying to use a language is when you really begin to develop feelings that tell you whether the language is something you’re interested in. In my case these feelings were for both languages primarily frustration, mixed with an urge to get away from the whole thing as soon as possible.

This contrasts heavily with my recent experiences with COBOL, which saw me working for days on code and figuring out the language, but with a feeling of almost giddy joy at grasping yet another concept or mechanism. What helped a lot here is that the COBOL toolchains are just typical GCC compilers with the whole feature set, which means that you can use them with any build system of your choice.

Even with the Ada toolchain and its multi-step process of module dependency resolving, compiling and linking you can use these tools any way you like. It’s this kind of freedom that is at least in my view an essential part of a good development environment, as it gives the developer the choice of how to integrate these into their workflow.

The workflow with Zig and Rust reminds me mostly of the harrowing struggle with Android development and its Gradle-based environment. You get similar struggles with just getting the basic thing off the ground, are always dealing with baffling errors that may or may not be related to a component that’s a few versions too old or new, and basically it’s just a gigantic waste of time.

Even ignoring whether Zig and Rust are or can become good languages, it is this complete disregard for individual workflow preferences that’s probably the most off-putting to me, and reason to avoid these ecosystems at all cost. Something which I wish I could do with Gradle as well, but I digress.

In the end I think I’ll be sticking with C++, with a bit of C and an increasing amount of Ada and Fortran on the side. Unless you’re being paid big bucks, there is no reason to put yourself through the suffering of a workflow you loathe.

hackaday.com/2025/07/01/c-enco…

People have been coming up with clever ways to bring light to the darkness since we lived in caves, so it’s no surprise we still love finding interesting ways to illuminate our world. [Michael] designed a simple, but beautiful, book lamp that’s easy to assemble yourself.

This build really outshines its origins as an assembly of conductive tape, paper, resistors, LEDs, button cells, and a binder clip. With a printable template for the circuit, this project seems perfect for a makerspace workshop or school science project kids could take home with them. [Michael] walks us through assembling the project in a quick video and even has additional information available for working with conductive tape which makes it super approachable for the beginner.

The slider switch is particularly interesting as it allows you to only turn on the light when the book is open using just conductive tape and paper. We can think of a few other ways you could control this, but they quickly start increasing the part count which makes this particularly elegant. By changing the paper used for the shade or the cover material for the book, you can put a fun spin on the project to match any aesthetic.

If you want to build something a little more complex to light your world, how about a 3D printed Shoji lamp, a color-accurate therapy lamp, or a lamp that can tell you to get back to work.

youtube.com/embed/ggw1bmISklU?…

hackaday.com/2025/07/01/diy-bo…

The Hack The Promise Festival in Basel has firmly established itself as a pivotal platform where international experts, activists, and engaged communities come together for interdisciplinary discussions on the social, political, and technical challenges of digital transformation. The 2024 festival revolved around the theme “fact/fake/fiction,” exploring how truth, fiction, and manipulation increasingly intertwine in digital spaces and what this means for democratic societies.

At last year’s event, Schoresch Davoodi delivered his lecture in German, titled „Fakten und Fiktionen – Wie die Gesellschaft durch Unsicherheit gestresst wird“ (“Facts and Fictions – How Society is Stressed by Uncertainty”). His presentation moved beyond a mere description of digital phenomena, analyzing how overlapping global crises—such as pandemics, wars, and economic challenges—create a collective societal stress that heightens vulnerability to misinformation and manipulation.

Davoodi critically assessed current political responses as often symptomatic, addressing surface issues rather than the underlying causes like diffuse social anxieties and psychological strain. His approach combines technical perspectives with socio-psychological insights, offering a holistic analysis that remains relatively uncommon in the programmatic discussions of many Pirate Parties.

He also reflected critically on the role of NGOs in political discourse, cautioning against the risk that NGO-affiliated structures might act more as instruments of control than as independent actors, potentially limiting democratic pluralism and open debate. This perspective encourages important discussions regarding the influence of civil society organizations in net politics and democratic participation.

Philosophically, Davoodi’s lecture drew on Immanuel Kant’s Enlightenment theory and critiques of dogmatic thinking, emphasizing the necessity of independent thought and the rejection of authoritarian mentalities. This normative framing adds depth, extending beyond purely technical or political considerations.

The Hack The Promise Festival is widely recognized for fostering critical and interdisciplinary dialogue. Within this context, Davoodi’s lecture provides valuable programmatic impulses for Pirate Parties internationally. It signals a strategic shift away from solely activist-driven approaches towards a more reflective and mature political stance that emphasizes education, resilience, and a pluralistic discourse culture.

By addressing current challenges in digital society and highlighting the necessary evolution in net politics, this contribution holds significant relevance for Pirate Parties worldwide. The festival thus plays an important role in advancing the international debate on democracy and digital freedom, helping to strengthen it for the future.

Looking Ahead: Hack The Promise Festival 2025

The next Hack The Promise Festival is scheduled for October 3–5, 2025, and will take place at the Padelhalle Klybeck in Basel. The upcoming edition will explore hacking as a socio-technical practice. This goes beyond computer specialists, focusing on opening up systems to challenge and change societal structures—be they technological, political, epistemic, or social. The aim is to disrupt power dynamics and envision new futures beyond imposed limitations.

Author: Schoresch Davoodi

pp-international.net/2025/07/h…

Gli esperti hanno scoperto una nuova campagna malware chiamata Silver Fox (nota anche come Void Arachne) che utilizza falsi siti web. Le risorse presumibilmente distribuiscono software popolari (WPS Office, Sogou e DeepSeek), ma in realtà vengono utilizzate per diffondere il RAT Sainbox e il rootkit open source Hidden.

Secondo Netskope Threat Labs, i siti di phishing (come wpsice[.]com) distribuiscono programmi di installazione MSI dannosi in cinese, il che significa che questa campagna è rivolta a utenti di lingua cinese. “Il payload del malware include Sainbox RAT, una variante di Gh0st RAT e una variante del rootkit open source Hidden”, hanno affermato i ricercatori.

Non è la prima volta che Silver Fox usa questa tattica. Ad esempio, nell’estate del 2024, eSentire ha descritto una campagna rivolta agli utenti cinesi di Windows tramite siti che presumibilmente erano progettati per scaricare Google Chrome e distribuire il RAT Gh0st. Inoltre, nel febbraio 2025, gli analisti di Morphisec scoprirono un’altra campagna su un sito web falso che distribuiva ValleyRAT (noto anche come Winos 4.0) e un’altra versione di Gh0st RAT.

Come riportato da Netskope, questa volta gli installer MSI dannosi scaricati da siti falsi sono progettati per avviare un file eseguibile legittimo shine.exe, che carica la DLL dannosa libcef.dll utilizzando una tecnica di caricamento laterale. Il compito principale di questa DLL è estrarre ed eseguire lo shellcode dal file di testo 1.txt presente nel programma di installazione, che alla fine porta all’esecuzione di un altro payload DLL: il trojan di accesso remoto Sainbox.

“La sezione .data del payload studiato contiene un altro binario PE che può essere eseguito a seconda della configurazione del malware”, osservano gli esperti. “Il file incorporato è un driver rootkit basato sul progetto open source Hidden“

Il suddetto Trojan Sainbox ha la capacità di scaricare payload aggiuntivi e rubare dati, mentre Hidden fornisce agli aggressori una serie di funzionalità per nascondere processi e chiavi correlati al malware nel registro di Windows sugli host compromessi.

L’obiettivo principale del rootkit è nascondere processi, file, chiavi e valori di registro. Come spiegano i ricercatori, utilizza un mini-filtro e callback del kernel per raggiungere questo obiettivo. Hidden può anche proteggere se stesso e processi specifici e contiene un’interfaccia utente accessibile tramite IOCTL.

“L’utilizzo di varianti di RAT commerciali (come Gh0st RAT) e rootkit open source (come Hidden) offre agli aggressori controllo e furtività senza richiedere molto sviluppo personalizzato”, afferma Netskope.

L'articolo Nuova campagna malware Silver Fox: diffonde RAT e rootkit tramite falsi siti web proviene da il blog della sicurezza informatica.

There are all manner of musical myths, covering tones and melodies that have effects ranging from the profound to the supernatural. The Pied Piper, for example, or the infamous “brown note.”

But what about a song that could crash your laptop just by playing it? Even better, a song that could crash nearby laptops in the vicinity, too? It’s not magic, and it’s not a trick—it was just a punchy pop song that Janet Jackson wrote back in 1989.

Rhythm Nation

As told by Microsoft’s Raymond Chen, the story begins in the early 2000s during the Windows XP era. Engineers at a certain OEM laptop manufacturer noticed something peculiar. Playing Janet Jackson’s song Rhythm Nation through laptop speakers would cause the machines to crash. Even more bizarrely, the song could crash nearby laptops that weren’t even playing the track themselves, and the effect was noted across laptops of multiple manufacturers.

youtube.com/embed/OAwaNWGLM0c?…

Rhythm Nation was a popular song from Jackson’s catalog, but nothing about it immediately stands out as a laptop killer.

After extensive testing and process of elimination, the culprit was identified as the audio frequencies within the song itself. It came down to the hardware of the early 2000s laptops in question. These machines relied on good old mechanical hard drives. Specifically, they used 2.5-inch 5,400 RPM drives with spinning platters, magnetic heads, and actuator arms.
The story revolves around 5,400 RPM laptop hard drives, but the manufacturer and model are not public knowledge. No reports have been made of desktop PCs or hard disks suffering the same issue. Credit: Raimond Spekking, CC BY-SA 4.0
Unlike today’s solid-state drives, these components were particularly susceptible to physical vibration. Investigation determined that something in Rhythm Nation was hitting a resonant frequency of some component of the drive. When this occurred, the drive would be disturbed enough that read errors would stack up to the point where it would trigger a crash in the operating system. The problem wasn’t bad enough to crash the actual hard drive head into the platters themselves, which would have created major data loss. It was just bad enough to disrupt the hard drive’s ability to read properly, to the point where it could trigger a crash in the operating system.
A research paper published in 2018 investigated the vibrational characteristics of a certain model of 2.5-inch laptop hard drive. It’s not conclusive evidence, and has nothing to do with the Janet Jackson case, but it provides some potentially interesting insights as to why similar hard drives failed to read when the song was played. Credit: Research paper
There was a simple workaround for this problem, that was either ingenious or egregious depending on your point of view. Allegedly, the OEM simply whipped up a notch filter for the audio subsystem to remove the offending frequencies. The filter apparently remained in place from the then-contemporary Windows XP up until at least Windows 7. At this point, Microsoft created a new rule for “Audio Processing Objects” (APO) which included things like the special notch filter. The rule stated that all of these filters must be able to be switched off if so desired by the user. However, the story goes that the manufacturer gained a special exception for some time to leave their filter APO on at all times, to prevent users disabling it and then despairing when their laptops suddenly started crashing unexpectedly during Janet Jackson playlists.

As for what made Rhythm Nation special? YouTuber Adam Neely investigated, and came up with a compelling theory. Having read a research paper on the vibrational behavior of a 2.5-inch 5,400 RPM laptop hard disk, he found that it reported the drive to have its largest vibrational peak at approximately 87.5 Hz. Meanwhile, he also found that Rhythm Nation had a great deal of energy at 84.2 Hz. Apparently, the recording had been sped up a touch after the recording process, pushing the usual low E at 82 Hz up slightly higher. The theory being that the mild uptuning in Rhythm Nation pushed parts of the song close enough to the resonant frequency of some of the hard drive’s components to give them a good old shaking, causing the read errors and eventual crashes.

It’s an interesting confluence of unintended consequences. A singular pop song from 1989 ended up crashing laptops over a decade later, leading to the implementation of an obscure and little-known audio filter. The story still has holes—nobody has ever come forward to state officially which OEM was involved, and which precise laptops and hard drives suffered this problem. That stymies hopes for further research and recreation of this peculiarity. Nevertheless, it’s a fun tech tale from the days when computers were ever so slightly more mechanical than they are today.

hackaday.com/2025/07/01/one-la…

It’s been awhile since we checked in with Canada’s Edison Motors, so let’s visit [DeBoss Garage] for an update video. To recap, Edison Motors is a Canadian company building diesel-electric hybrid semi-trucks and more.
The last interesting thing to happen in Donald, BC was when it burned down in the 1910s.
Well, they’ve thankfully moved out of the tent in their parents’ back yard where the prototype was built. They’ve bought themselves a company town: Donald, British Columbia, complete with a totally-not-controversial slogan “Make Donald Great Again”.

More interesting is that their commercial-off-the-shelf (COTS), right-to-repair centered approach isn’t just for semi-trucks: they’re now a certified OEM manufacturer of a rolling heavy truck chassis you can put your truck cab or RV body on, and they have partnered with three coach-builders for RVs and a goodly number of manufacturing partners for truck conversion kits. The kits were always in the plan, but selling the rolling chassis is new.

One amazingly honest take-away from the video is the lack of numbers for the pickups: top speed, shaft horsepower, torque? They know what all that should be, but unlike the typical vaporware startup, Edison won’t tell you the engineering numbers on the pickup truck kits until it has hit the race track and proved itself in the real world. These guys are gear-heads first and engineers second, so for once in a long time the adage “engineers hate mechanics” might not apply to a new vehicle.

The dirt track is the first thing under construction in Donald, so hopefully the next update we hear from Edison Motors will include those hard numbers, including pesky little things like MSRP and delivery dates. Stay tuned.

In our last post about an electric truck, a lot of you in the comments wanted something bigger, heavier duty, not pure battery, and made outside the USA. Well, here it is.

youtube.com/embed/DnmCvAZIW38?…

Thanks to [Keith Olson] for the tip. Remember, the lines are always open!

hackaday.com/2025/07/01/move-o…

Avvocata Filomena Gallo: “ASUGI continua a negare l’esistenza di trattamenti di sostegno vitale e conferma il divieto di accesso alla morte medicalmente assistita, ignorando le sentenze della Corte costituzionale. Così facendo, infligge a Martina un trattamento disumano che equivale a una forma di tortura”.

Martina Oppelli, malata di sclerosi multipla da oltre 20 anni, lo scorso 4 giugno ha ricevuto il terzo diniego da parte della azienda sanitaria locale ASUGI in merito alla procedura di verifica delle condizioni per accedere al suicidio medicalmente assistito: non avrebbe alcun trattamento di sostegno vitale in corso.

Nonostante le sue condizioni cliniche siano in costante peggioramento e nonostante la sua completa dipendenza da una assistenza continuativa e da presidi medici (farmaci e macchina della tosse), la commissione medica ha nuovamente escluso la sussistenza del trattamento di sostegno vitale, necessario per poter accedere legalmente alla morte volontaria assistita in Italia, sulla base della sentenza 242/2019 della Corte costituzionale.

Per questo motivo, lo scorso 19 giugno Martina Oppelli, assistita dal team legale coordinato da Filomena Gallo, avvocata e Segretaria nazionale dell’Associazione Luca Coscioni e coordinatrice del collegio legale di Martina Oppelli, ha presentato un’opposizione al diniego, accompagnata da una diffida e messa in mora nei confronti dell’azienda sanitaria. Alla diffida, che invitava ASUGI a riesaminare la posizione di Martina Oppelli alla luce delle indicazioni fornite dalla Corte costituzionale, l’azienda sanitaria ha risposto che sarà “immediatamente avviata una nuova procedura di valutazione” di Martina Oppelli da parte della commissione medica.

“Ammetto di non aver considerato di essere obbligata a subire l’ennesima insostenibile estate. Eppure, ho tutti i requisiti previsti dalla norma e dalle sentenze a ora presenti in Italia per poter usufruire di questo diritto. Un diritto al quale avrei preferito non dovermi mai appellare io, quella della resistenza a oltranza con un po’ di esuberanza. Io che, come altre creature con diagnosi nefaste, adoro la vita fino a succhiarne anche l’ultima goccia di linfa vitale. Ciò che mi rimane è solo una grande stanchezza e lo sconforto per aver creduto nel senso civico di uno Stato laico che dovrebbe concedere al cittadino consapevole, autodeterminato, allo stremo delle proprie forze, di porre fine a una sofferenza per la quale nessuno è in grado di proporre soluzioni plausibili che io non abbia già sperimentato. Probabilmente saranno altri a poterne usufruire, a poterne gioire. E io, chissà, dovrò intraprendere un ultimo faticosissimo viaggio verso un paese non troppo lontano che ha già recepito la supplica di compassione di chi è stato condannato a soffrire a oltranza”, ha dichiarato Martina Oppelli.

“Con questo terzo diniego, ASUGI dimostra di avere una posizione immotivatamente ostruzionistica nella valutazione delle condizioni di Martina Oppelli, che contrasta apertamente con la giurisprudenza costituzionale. Oppelli vive una condizione di totale dipendenza da caregiver per lo svolgimento di ogni singola attività quotidiana, comprese le funzioni biologiche primarie, utilizza quotidianamente la macchina della tosse per evitare il soffocamento ed è sottoposta a una terapia farmacologica con innegabile funzione salvavita. Secondo la sentenza della Corte costituzionale 135 del 2024, questi sono presidi che costituiscono ‘trattamenti di sostegno vitale’ perché ‘la loro sospensione determinerebbe la morte del paziente in un breve lasso di tempo’. ASUGI, ignorando tutto ciò, sta infliggendo a Martina un trattamento che si traduce in tortura”, ha dichiarato Filomena Gallo.

Intanto, è partita la raccolta firme promossa dall’Associazione Luca Coscioni per la legge di iniziativa popolare sul fine vita. L’obiettivo è quello di raccogliere 50mila firme entro il 15 luglio per poi approdare con la legge in Senato il 17 luglio, data in cui inizierà la discussione del testo proposto dalla maggioranza di governo. La proposta di legge dell’Associazione punta a legalizzare tutte le scelte di fine vita, inclusa l’eutanasia, con il pieno coinvolgimento del Servizio sanitario nazionale, dando tempi certi ai malati.

L'articolo Suicidio Assistito: Terzo diniego della ASUGI per Martina Appelli proviene da Associazione Luca Coscioni.

Mercoledì 2 luglio, dalle 18.45 presso Làbas in Vicolo Bolognetti 2, dibattito pubblico su eutanasia e suicidio medicalmente assistito.

Nel corso dell’iniziativa si raccoglieranno anche firme per la proposta di legge popolare Eutanasia Legale. Se vuoi firmare online con SPID o Carta d’Identità Elettronica, clicca qui!

Modera l’incontro:

Iole Benetello, Cellula Coscioni Bologna

Interverranno:

Pierfrancesco Bresciani, phd Diritto Costituzionale

Matteo Mainardi, Responsabile iniziative fine vita Associazione Luca Coscioni

Andrea Mariano, Laboratorio di Salute Popolare

Con la testimonianza di Andrea Ridolfi, fratello di Fabio Ridolfi

L’ingresso è libero e gratuito. Dopo il dibattito seguirà serata musicale.

L'articolo Dibattito “La libertà di scelta nel fine vita: diritti, limiti e proposte” proviene da Associazione Luca Coscioni.

Cisco ha segnalato due vulnerabilità RCE critiche che non richiedono autenticazione e interessano Cisco Identity Services Engine (ISE) e Passive Identity Connector (ISE-PIC). Alle vulnerabilità sono stati assegnati gli identificatori CVE-2025-20281 e CVE-2025-20282 e hanno ottenuto il punteggio massimo di 9,8 punti su 10 sulla scala CVSS. Il primo problema riguarda le versioni 3.4 e 3.3 di ISE e ISE-PIC, mentre il secondo riguarda solo la versione 3.4.

La causa principale dell’errore CVE-2025-20281 era l’insufficiente convalida dell’input utente in un’API esposta. Ciò consentiva a un aggressore remoto e non autenticato di inviare richieste API contraffatte per eseguire comandi arbitrari come utente root. Il secondo problema, CVE-2025-20282, era causato da una convalida dei file insufficiente nell’API interna, che consentiva la scrittura di file in directory privilegiate. Questo bug consentiva ad aggressori remoti non autenticati di caricare file arbitrari sul sistema di destinazione ed eseguirli con privilegi di root.

La piattaforma Cisco Identity Services Engine (ISE) è progettata per gestire le policy di sicurezza di rete e il controllo degli accessi e in genere funge da motore di controllo degli accessi alla rete (NAC), gestione delle identità e applicazione delle policy. Questo prodotto è un elemento chiave della rete aziendale ed è spesso utilizzato da grandi aziende, enti governativi, università e fornitori di servizi.

Gli esperti Cisco segnalano che finora non si sono verificati casi di sfruttamento attivo di nuove vulnerabilità (né exploit resi pubblici), ma si consiglia a tutti gli utenti di installare gli aggiornamenti il prima possibile. Gli utenti dovrebbero aggiornare alla versione 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4) e alla versione 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1) o successive. Non esistono soluzioni alternative per risolvere i problemi senza applicare patch.

E’ ovvio che con vulnerabilità di tale entità, sia necessario procedere con urgenza all’aggiornamento delle patch, al fine di prevenire possibili tentativi di violazione. Il fornitore raccomanda pertanto di effettuare tempestivamente gli aggiornamenti necessari.

L'articolo Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector proviene da il blog della sicurezza informatica.

Le sentenze Meta e Anthropic stabiliscono (per ora) che risucchiare l'intera Internet per "addestrare" le loro fottute IA non costituisce violazione del copyright. E poi arriva CreativeCommons che vuole "segnalare" come i detentori dei diritti preferiscono essere spolpati.

spreaker.com/episode/dk-9x35-t…

pixelfed.uno/nobollo
Shorts

peertube.uno/c/moments_of_life…
Video

mastodon.uno/@nobollo
Spizzichi...

Ci metto la faccia.
...quel che c'è dietro in fondo, conta quasi esclusivamente per me.

Qualche domanda adesso.

Come ti chiami?
- Silvio Domenico.
...ma qualcuno mi chiama anche stronzo...dipende.

Sei credente?
- Si...aspetta!
...a cosa ti riferisci esattamente?

In cosa sei veramente competente?
- Dipende chi ho di fronte.

Cosa ti piace in una donna?
- Che sia una donna, innazitutto.
...con dentro una persona preferibilmente a me compatibile.
Parliamo...di cosa piace a me, ovviamente!

Hai fatto il Militare?
- Si, in Marina...perchè...altrimenti non vengo assunto?

Quale genere musicale preferisci?
- La musica in genere, più quella di una volta...sembra qualunquista, ma non è così.

Cosa o chi vorresti con te su un'isola deserta?
- Un cellulare...appena mi rompo le palle chiamo qualcuno disponibile a venirmi a prendere.

Fatti una domanda e poi risponditi.
- E adesso?
Adesso, passo alla prossima domanda.

Che sorpresa vorresti ricevere?
- La prossima.

Il gusto di gelato che preferisci?
- Pistacchio.

Se tu fossi?
- Altro...non sarei questo.

Il tuo soprannome abituale?
- Nessuno abituale.

Hai mai tradito qualcuno?
- Se esiste un patto...no. Aspettative, si ne ho tradito. Ma, alle volte, quasi sempre...non sai cosa si aspettino gli altri da te...e poi, comunque, quello non lo considero un tradimento.

Sei mai stato tradito da qualcuno?
_ Non pienamente...e comunque, non c'erano patti di sorta..

La parolaccia che ripeti continuamente?
- Alcune in egual misura...forse, cazzo in misura superiore.

La posizione preferita in amore?
- Oggi sono un pò stanco...prego si accomodi...domani, magari si cambia.

Hai mai fatto l'amore con più di una donna contemporaneamente?
- Si...ma era in un sogno.

E con più uomini?
- Salta!!

Qualche aggettivo per descriverti?
- 181 cm,brizzolato,piede 43......in questo modo sono certo di non dire cazzate pseudocerebrali.

Sai essere competitivo?
- Si...se posso.

La tua trasmissione televisiva preferita?
- Serie TV, non tutte le serie, ovviamente.

Centrodestra o centrosinistra?
- Centrosinistra, quando ho voglia di votare...turandomi il naso...come ormai da tempo.

Maradona o Platinì?
- Van Basten.

Seno naturale o rifatto?
- Naturale...certo, se non è alle ginocchia sarebbe meglio...ma naturale indubbiamente.

Hai mai visto un film pornografico?
- Da adulto, mai sino alla fine.
Da ragazzi,al cinema, si arrivava alla fine, ma con un pò di lamentele ai paesi bassi...

Meglio i Beatles oppure i Rolling Stones?
- Eagles.

Il sesso...dove è meglio farlo?
- Dove si riesce.

Ti vedi bello?
- Non mi vedo...sono miope, presbite e lievemente astigmatico...

Più giovane o più vecchio?
- Nel mezzo del cammin...insomma, anche a tre quarti ormai.

Qualcosa di cui ti vergogni?
- Cos'è una terapia di gruppo?

E di cui vai fiero?
- Nonostante il necessario rapporto conflittuale...mio figlio.

Qualche persona che stimi
- Mi sforzo di partire da me...poi altre, in ordine sparso.

La tua macchina?
- Un sedile che mi porta il culo da una parte all'altra.

Cosa avresti voluto saper fare?
- Tra le tante...cantare.

Uno o due ricordi dei primi dieci anni?
- Immensamente,l e notti della vigilia natale.
Quando col mio fratellino...ci si svegliava nel cuore della notte per vedere se era già passato Gesù Bambino, Babbo natale...insomma bastava che passasse qualcuno a lasciare qualcosa di gradito.
E la meraviglia quando i doni erano già sotto l'albero....

Dei secondi?
- Versione romantica...il primo bacio.
Versione erotica...la prima...insomma quella. Questo, in positivo...
...e in negativo...la morte del mio fratellino di cui sopra.

Dei terzi?
- Il matrimonio, ma non la cerimonia o il ricevimento...
Piuttosto,la sensazione del giorno dopo...

Dei quarti?
- La nascita di mio figlio...e per antitesi...la scomparsa di mio Padre.

Dei quinti?
-...un altra immensa e dolorosissima perdita...il Fratellone.

Ricordo importante del Sesto decennio?
Nè parlerò se arriverò a terminarli...e se nè avrò voglia.