We always enjoy [FloatHeadPhysics] explaining any math or physics topic. We don’t know if he’s acting or not, but he seems genuinely excited about every topic he covers, and it is infectious. He also has entertaining imaginary conversations with people like Feynman and Einstein. His recent video on tensors begins by showing the vector form of Ohm’s law, making it even more interesting. Check out the video below.

If you ever thought you could use fewer numbers for many tensor calculations, [FloatHeadPhysics] had the same idea. Luckily, imaginary Feynman explains why this isn’t right, and the answer shows the basic nature of why people use tensors.

The spoiler: vectors and even scalars are just a special case of tensors, so you use tensors all the time, you just don’t realize it. He works through other examples, including an orbital satellite and a hydroelectric dam.

We love videos that help us have aha moments about complex math or physics. It is easy to spew formulas, but there’s no substitute for having a “feeling” about how things work.

The last time we checked in with [FloatHeadPhysics], he convinced us we were already travelling at the speed of light. We’ve looked at a simple tensor explainer before, if you want a second approach.

youtube.com/embed/k2FP-T6S1x0?…

hackaday.com/2025/07/09/no-ten…

This week Jonathan chats with Joseph P. De Veaugh-Geiss about KDE’s eco initiative and the End of 10 campaign! Is Open Source really a win for environmentalism? How does the End of 10 campaign tie in? And what does Pewdiepie have to do with it? Watch to find out!

• * End Of 10 campaign: endof10.org/
• * KDE Eco project: eco.kde.org/

youtube.com/embed/COdArYxZWgg?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/07/09/floss-…

Questo mese, gli sviluppatori Microsoft hanno corretto 137 vulnerabilità nell’ambito del Patch Tuesday. Nessuno di questi bug è stato utilizzato in attacchi, ma i dettagli di una vulnerabilità zero-day in Microsoft SQL Server sono stati resi pubblici prima del rilascio della patch.

In totale, a luglio sono state risolte 14 vulnerabilità critiche, dieci delle quali riguardavano problemi di esecuzione di codice in modalità remota, una era un problema di divulgazione di informazioni e due erano correlate ad attacchi side-channel su AMD. L’unica vulnerabilità pubblicata prima del rilascio della fix è stata scoperta in Microsoft SQL Server.

Ricordiamo che Microsoft classifica come 0-day:

• Vulnerabilità che vengono già sfruttate (“exploited in the wild”) prima che l’azienda rilasci una patch.
• Oppure vulnerabilità rese pubbliche (ad esempio da ricercatori o gruppi hacker) senza che ci sia ancora una correzione ufficiale.

E tale definizione va in contrasto con il concetto classico di vulnerabilità 0day che significa una falla di sicurezza per la quale non esiste ancora una patch ufficiale al momento in cui viene scoperta o sfruttata attivamente.

Il CVE-2025-49719 è un problema di divulgazione di informazioni in Microsoft SQL Server. Il problema potrebbe consentire a un aggressore remoto e non autenticato di accedere ai dati da una memoria non inizializzata. “Una convalida impropria degli input in SQL Server potrebbe consentire a un aggressore non autorizzato di divulgare informazioni”, ha spiegato Microsoft. Gli amministratori possono mitigare la vulnerabilità installando la versione più recente di Microsoft SQL Server e Microsoft OLE DB Driver 18 o 19.

Si noti inoltre che questo mese Microsoft ha corretto una serie di bug RCE critici in Microsoft Office (tra cui CVE-2025-49695 , CVE-2025-49696 , CVE-2025-49697 e CVE-2025-49702 ) che possono essere sfruttati semplicemente aprendo un documento creato appositamente o tramite il riquadro di anteprima. Gli sviluppatori sottolineano che le patch per questi problemi non sono ancora disponibili in Microsoft Office LTSC per Mac 2021 e 2024 e dovrebbero essere rilasciate a breve.

Inoltre, Microsoft ha corretto una vulnerabilità RCE critica in Microsoft SharePoint (CVE-2025-49704) che potrebbe essere sfruttata su Internet semplicemente avendo un account sulla piattaforma. Il punteggio CVSS più alto di questo mese (9,8 punti) è stato ottenuto da un altro bug critico: CVE-2025-47981. Questo errore viola i protocolli di sicurezza Microsoft Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) utilizzando un overflow del buffer heap, che consente l’esecuzione di codice remoto.

Un bug nei componenti del file system NTFS ha permesso a un aggressore di aggirare i meccanismi di difesa di Windows. Una potenziale vittima avrebbe dovuto solo aprire un disco virtuale appositamente predisposto affinché l’aggressore potesse sfruttare la vulnerabilità e ottenere il pieno controllo del sistema. “Per sfruttare la vulnerabilità CVE-2025-49686, un aggressore non avrebbe bisogno di aumentare i privilegi di sistema o di ottenere diritti di accesso speciali. Basterebbe indurre l’utente a eseguire un programma dannoso che sfrutta una vulnerabilità nel driver che garantisce la comunicazione tra i dispositivi in rete. Poiché l’errore ha causato l’accesso tramite un puntatore errato, potrebbe causare una chiusura anomala del programma e, di conseguenza, un errore di sistema. Di conseguenza, l’accesso alle risorse aziendali sarebbe limitato, il che potrebbe potenzialmente compromettere le operazioni dell’organizzazione”.

L'articolo Microsoft Corregge 137 Vulnerabilità nel Patch Tuesday di Luglio. Nessuna sotto attacco attivo proviene da il blog della sicurezza informatica.

It should probably come as no surprise to anyone that the images which we look at every day – whether printed or on a display – are simply illusions. That cat picture isn’t actually a cat, but rather a collection of dots that when looked at from far enough away tricks our brain into thinking that we are indeed looking at a two-dimensional cat and happily fills in the blanks. These dots can use the full CMYK color model for prints, RGB(A) for digital images or a limited color space including greyscale.

Perhaps more interesting is the use of dithering to further trick the mind into seeing things that aren’t truly there by adding noise. Simply put, dithering is the process of adding noise to reduce quantization error, which in images shows up as artefacts like color banding. Within the field of digital audio dithering is also used, for similar reasons. Part of the process of going from an analog signal to a digital one involves throwing away data that falls outside the sampling rate and quantization depth.

By adding dithering noise these quantization errors are smoothed out, with the final effect depending on the dithering algorithm used.

The Digital Era

Plot of a quantized signal and its error. (Source: Wikimedia)
For most of history, humanity’s methods of visual-auditory recording and reproduction were analog, starting with methods like drawing and painting. Until fairly recently reproducing music required you to assemble skilled artists, until the arrival of analog recording and playback technologies. Then suddenly, with the rise of computer technology in the second half of the 20th century we gained the ability to not only perform analog-to-digital conversion, but also store the resulting digital format in a way that promised near-perfect reproduction.

Digital optical discs and tapes found themselves competing with analog formats like the compact cassette and vinyl records. While video and photos remained analog for a long time in the form of VHS tapes and film, eventually these all gave way to the fully digital world of digital cameras, JPEGs, PNGs, DVDs and MPEG. Despite the theoretical pixel- and note-perfect reproduction of digital formats, considerations like sampling speed (Nyquist frequency) and the aforementioned quantization errors mean a range of new headaches to address.

That said, the first use of dithering was actually in the 19th century, when newspapers and other printed media were looking to print phots without the hassle of having a woodcut or engraving made. This led to the invention of halftone printing.

Polka Dots

Left: halftone dot pattern with increasing size downwards, Right: how the human eye would see this, when viewed from a sufficient distance. (Source: Wikimedia)
With early printing methods, illustrations were limited to an all-or-nothing approach with their ink coverage. This obviously meant serious limitations when it came to more detailed illustrations and photographs, until the arrival of the halftone printing method. First patented in 1852 by William Fox Talbot, his approach used a special screen to break down an image into discrete points on a photographic plate. After developing this into a printing plate, these plates would then print this pattern of differently sized points.

Although the exact halftone printing methods were refined over the following decades, the basic principle remains the same to this day: by varying the size of the dot and the surrounding empty (white) space, the perceived brightness changes. When this method got extended to color prints with the CMYK color model, the resulting printing of these three colors as adjoining dots allowed for full-color photographs to be printed in newspapers and magazines despite having only so few ink colors available.

While it’s also possible to do CMYK printing with blending of the inks, as in e.g. inkjet printers, this comes with some disadvantages especially when printing on thin, low-quality paper, such as that used for newspapers, as the ink saturation can cause the paper to rip and distort. This makes CMYK and monochrome dithering still a popular technique for newspapers and similar low-fidelity applications.

Color Palettes

In an ideal world, every image would have an unlimited color depth. Unfortunately we sometimes have to adapt to a narrower color space, such as when converting to the Graphics Interchange Format (GIF), which is limited to 8 bits per pixel. This 1987-era and still very popular format thus provides an astounding 256 possible colors -albeit from a full 24-bit color space – which poses a bit of a challenge when using a 24-bit PNG or similar format as the source. Simply reducing the bit depth causes horrible color banding, which means that we should use dithering to ease these sharp transitions, like the very common Floyd-Steinberg dithering algorithm:
From left to right: original image. Converted to web safe color. Web safe with Floyd-Steinberg dithering. (Source: Wikipedia)
The Floyd-Steinberg dithering algorithm was created in 1976 by Robert W. Floyd and Louis Steinberg. Its approach to dithering is based on error diffusion, meaning that it takes the quantization error that causes the sharp banding and distributes it across neighboring pixels. This way transitions are less abrupt, even if it means that there is noticeable image degradation (i.e. noise) compared to the original.

This algorithm is quite straightforward, working its way down the image one pixel at a time without affecting previously processed pixels. After obtaining the current pixel’s quantization error, this is distributed across the subsequent pixels following and below the current one, as in the below pseudo code:
for each y from top to bottom do
for each x from left to right do
oldpixel := pixels[x]
[y] newpixel := find_closest_palette_color(oldpixel)
pixels[x][y] := newpixel
quant_error := oldpixel - newpixel
pixels[x + 1][y ] := pixels[x + 1][y ] + quant_error × 7 / 16
pixels[x - 1][y + 1] := pixels[x - 1][y + 1] + quant_error × 3 / 16
pixels[x ][y + 1] := pixels[x ][y + 1] + quant_error × 5 / 16
pixels[x + 1][y + 1] := pixels[x + 1][y + 1] + quant_error × 1 / 16

The implementation of the find_closest_palette_color() function is key here, with for a greyscale image a simple round(oldpixel / 255) sufficing, or trunc(oldpixel + 0.5) as suggested in this CS 559 course material from 2000 by the Universe of Wisconsin-Madison.

As basic as Floyd-Steinberg is, it’s still commonly used today due to the good results that it gives with fairly minimal effort. Which is not to say that there aren’t other dithering algorithms out there, with the Wikipedia entry on dithering helpfully pointing out a number of alternatives, both within the same error diffusion category as well as other categories like ordered dithering. In the case of ordered dithering there is a distinct crosshatch pattern that is both very recognizable and potentially off-putting.

Dithering is of course performed here to compensate for a lack of bit-depth, meaning that it will never look as good as the original image, but the less obnoxious the resulting artefacts are, the better.

Dithering With Audio

Although at first glance dithering with digital audio seems far removed from dithering the quantization error with images, the same principles apply here. When for example the original recording has to be downsampled to CD-quality (i.e. 16-bit) audio, we can either round or truncate the original samples to get the desired sample size, but we’d get distortion in either case. This distortion is highly noticeable by the human ear as the quantization errors create new frequencies and harmonics, this is quite noticeable in the 16- to 6-bit downsampling examples provided in the Wikipedia entry.

In the sample with dithering, there is clearly noise audible, but the original signal (a sine wave) now sounds pretty close to the original signal. This is done through the adding of random noise to each sample by randomly rounding up or down and counting on the average. Although random noise is clearly audible in the final result, it’s significantly better than the undithered version.

Random noise distribution is also possible with images, but more refined methods tend to give better results. For audio processing there are alternative noise distributions and noise shaping approaches.

Regardless of which dither method is being applied, it remains fascinating how the humble printing press and quantization errors have led to so many different ways to trick the human eye and ear into accepting lower fidelity content. As many of the technical limitations that existed during the time of their conception – such as expensive storage and low bandwidth – have now mostly vanished, it will be interesting to see how dithering usage evolves over the coming years and decades.

Featured image: “JJN Dithering” from [Tanner Helland]’s great dithering writeup.

hackaday.com/2025/07/09/dither…

If you are a certain age, you probably remember the ads and publicity around Chisanbop — the supposed ancient art of Korean finger math. Was it Korean? Sort of. Was it faster than a calculator? Sort of. [Chris Staecker] offers a great look at Chisanbop, not just how to do it, but also how it became such a significant cultural phenomenon. Take a look at the video below. Long, but worth it.

Technically, the idea is fairly simple. Your right-hand thumb is worth 5, and each finger is worth 1. So to identify 8, you hold down your thumb and the first three digits. The left hand has the same arrangement, but everything is worth ten times the right hand, so the thumb is 50, and each digit is worth 10.

With a little work, it is easy to count and add using this method. Subtraction is just the reverse. As you might expect, multiplication is just repeated addition. But the real story here isn’t how to do Chisanbop. It is more the story of how a Korean immigrant’s system went viral decades before the advent of social media.

You can argue that this is a shortcut that hurts math understanding. Or, you could argue the reverse. However, the truth is that this was around the time the calculator became widely available. Math education would shift from focusing on getting the right answer to understanding the underlying concepts. In a world where adding ten 6-digit numbers is easy with a $5 device, being able to do it with your fingers isn’t necessarily a valuable skill.

If you enjoy unconventional math methods, you may appreciate peasant multiplication.

youtube.com/embed/Rsaf4ncxlyA?…

hackaday.com/2025/07/09/kids-v…

Il CERT-AgID recentemente aveva avvertito che molte istanze pubbliche non sono ancora state aggiornate e tra queste 70 sono relative a banche, assicurazioni e pubbliche amministrazioni italiane.

Ora la situazione si fa più seria in quanto gli exploit PoC per la vulnerabilità critica Citrix Bleed 2 (CVE-2025-5777) stanno comparendo diffusamente su internet e la caccia ha davvero inizio. I ricercatori avvertono che la vulnerabilità può essere facilmente sfruttata e che i token di sessione utente possono essere rubati.

Il bug di sicurezza Citrix NetScaler ADC e NetScaler Gateway è stata denominata Citrix Bleed 2 perché è simile a un problema del 2023 che consentiva ad aggressori non autenticati di dirottare i cookie della sessione di autenticazione sui dispositivi vulnerabili.

Come ha spiegato Kevin Beaumont, noto esperto di sicurezza informatica che ha dato il nome al nuovo problema, si tratta di una vulnerabilità simile a quella di Citrix Bleed (CVE-2023-4966),support.citrix.com/article/CTX…sfruttata attivamente dagli hacker, tra cui gruppi ransomware e “governativi”, diversi anni fa .

Una vulnerabilità di lettura fuori limite interessa i dispositivi NetScaler configurati come gateway: server virtuale VPN, proxy ICA, VPN clientless (CVPN), proxy RDP o server virtuale AAA. La vulnerabilità consente agli aggressori di ottenere il contenuto della memoria semplicemente creando richieste POST malformate durante i tentativi di accesso.

Gli sviluppatori di Citrix hanno rilasciato patch e hanno vivamente raccomandato agli amministratori di terminare tutte le sessioni ICA e PCoIP attive dopo l’aggiornamento per impedire a potenziali aggressori di accedere a sessioni dirottate. Citrix ha fornito consigli simili per il Citrix Bleed originale.

Come spiegano ora gli esperti di watchTowr e Horizon3, che hanno pubblicato analisi tecniche della vulnerabilità, il problema può essere sfruttato inviando richieste di accesso malformate in cui il parametro login= viene modificato in modo da essere passato senza segno di uguale o valore. Di conseguenza, il dispositivo NetScaler visualizza il contenuto della memoria fino al primo byte zero nella sezione del corpo della risposta.

Secondo i ricercatori, il bug è causato dall’utilizzo della funzione snprintf insieme a una stringa di formato contenente %.*s, che causa una perdita di memoria. Ogni richiesta perde circa 127 byte. Tuttavia, gli aggressori possono effettuare richieste ripetute per estrarre dati aggiuntivi. I ricercatori di Horizon3 hanno dimostrato in un video che la vulnerabilità può essere sfruttata per rubare i token delle sessioni utente, sebbene i ricercatori di watchTowr non abbiano avuto successo nei loro tentativi.

Le dichiarazioni dell’azienda sono contestate anche dal già citato Kevin Beaumont. Il ricercatore scrive che la vulnerabilità è stata sfruttata attivamente da metà giugno e che gli aggressori la utilizzano per estrarre dati dalla memoria e intercettare le sessioni. “Il supporto di Citrix non rivela alcun indicatore di compromissione e afferma erroneamente (di nuovo, come nel caso del Citrix Bleed originale) che non ci sono exploit. Citrix deve intervenire, sta danneggiando i suoi clienti”, ha scritto Beaumont.

L'articolo Gli Exploit per Citrix Bleed2 sono online! Aggiornare immediatamente, la caccia è iniziata proviene da il blog della sicurezza informatica.

Do you ever look at the news, and wonder about the process behind the news cycle? I did, and for the last couple of decades it’s been the subject of one of my projects. The Raspberry Pi on my shelf runs my word trend analysis tool for news content, and since my journey from curious geek to having my own large corpus analysis system has taken twenty years it’s worth a second look.

How Career Turmoil Led To A Two Decade Project

This is very much a minority spelling. Colin Smith, CC BY-SA 2.0.
In the middle of the 2000s I had come out of the dotcom crash mostly intact, and was working for a small web shop. When they went bust I was casting around as one does, and spent a while as a Google quality rater while I looked for a new permie job. These teams are employed by the search giant through temporary employment agencies, and in loose terms their job is to be the trained monkeys against whom the algorithm is tested. The algorithm chose X, and if the humans also chose X, the algorithm is probably getting it right. Being a quality rater is not in any way a high-profile job, but with the big shiny G on my CV I soon found myself in demand from web companies seeking some white-hat search engine marketing expertise. What I learned mirrored my lesson from a decade earlier in the CD-ROM business, that on the web as in any other electronic publishing medium, good content well presented has priority over any black-hat tricks.

But what makes good content? Forget an obsession with stuffing bogus keywords in the text, and instead talk about the right things, and do it authoritatively. What are the right things in this context? If you are covering a subject, you need to do so using the right language; that which the majority uses rather than language only you use. I can think of a bunch of examples which I probably shouldn’t talk about, but an example close to home for me comes in cider. In the UK, cider is a fermented alcoholic drink made from apples, and as a craft cidermaker of many years standing I have a good grasp of its vocabulary. The accepted spelling is “Cider”, but there’s an alternate spelling of “Cyder” used by some commercial producers of the drink. It doesn’t take long to realise that online, hardly anyone uses cyder with a Y, and thus pages concentrating on that word will do less well than those talking about cider.
We Brits rarely use the word “soccer” unless there’s a story about the Club World Cup in America.
I started to build software to analyse language around a given topic, with the aim of discerning the metaphorical cider from the cyder. It was a great surprise a few years later to discover that I had invented for myself the already-existing field of computational linguistics, something that would have saved me a lot of time had I known about it when I began. I was taking a corpus of text and computing the frequencies and collocates (words that appear alongside each other) of the words within it, and from that I could quickly see which wording mattered around a subject, and which didn’t. This led seamlessly to an interest in what the same process would look like for news data with a time axis added, so I created a version which harvested its corpus from RSS feeds. Thus began my decades-long project.

From Project Idea, To Corpus Appliance

In 2005 I knew how to create websites in the manner of the day, so I used the tools I had. PHP5, and MySQL. I know PHP is unfashionable these days, but at the time this wasn’t too controversial, and aside from all the questionable quality PHP code out there it remains a useful scripting language. Using MySQL however would cause me immense problems. I had done what seemed the right thing and created a structured database with linked tables, but I hadn’t fully appreciated just how huge was the task I had taken on. Harvesting the RSS firehose across multiple media outlets brings in thousands of stories every week, so queries which were near-instantaneous during my first development stages grew to take many minutes as my corpus expanded. It was time to come up with an alternative, and I found it in the most basic of OS features, the filesystem.
I have no idea why British news has more dog stories than cat stories.
Casting back to the 1990s, when you paid for web hosting it was given in terms of the storage space it came with. The processing power required to run your CGI scripts or later server-side interpreters such as ASP or PHP, wasn’t considered. It thus became normal practice to try to reduce storage use and not think about processing, and I had without thinking followed this path.

But by the 2000s the price of storage had dropped hugely while that of processing hadn’t. This was the decade in which cloud services such as AWS made an appearance, and as well as buying many-gigabyte hard disks for not a lot, you could also for the first time rent a cloud bucket for pennies. My corpus analysis system didn’t need to spend all its time computing if I could use a terabyte hard drive to make up for less processor usage, so I turned my system on its head. When collecting the RSS stories my retrieval script would pre-compute the final data and store it in a vast tree of tiny JSON files accessible at high speed through the filesystem, and then my analysis software could simply retrieve them and make its report. The system moved from a hard-working x86 laptop to a whisper-quiet and low powered Raspberry Pi with a USB hard disk, and there it has stayed in some form ever since.

Just What Can This Thing Do?

No prizes for guessing what happened this week.
So I have a news corpus that has taken me a long time to build. I can take one or more words, and I can compare their occurrence over time. I can watch the news cycle, I can see stories build up over time. I can even see trends which sometimes go against received opinion, such as spotting that the eventual winner of the 2016 UK Labour leadership race was likely to be Jeremy Corbyn early on while the herd were looking elsewhere. Sometimes as with the performance of the word “Brexit” over the middle of the last decade I can see the great events of our times in stark relief, but perhaps it’s in the non-obvious that there’s most value. If you follow a topic and it suddenly dries up for a couple of days, expect a really big story on day three, for example. I can also see which outlets cover one story more than another, something helpful when trying to ascertain if a topic is being pushed on behalf of a particular lobby.

My experiment in text analysis then turned into something much more, even dare I say it, something I find of help in figuring out what’s really going on in turbulent times. But from a tech point of view it’s taught me a huge amount, about statistics, about language, about text parsing, and even about watching the number of available inodes on a hard drive. Believe me, many millions of tiny files in a tree can become unwieldy. But perhaps most of all, after a lifetime of mucking about with all manner of projects but generating little of lasting significance, I can look at this one and say I created something useful. And that is something to be happy about.

hackaday.com/2025/07/09/crunch…

In un periodo in cui si parla molto di “terre rare” e “minerali critici” appare di interesse il documento redatto nel maggio 2025 dal Research and Trend Analysis Branch dell’United Nations Office on Drugs and Crime (UNODC), ovvero l’Ufficio delle Nazioni Unite contro la Droga e il Crimine dal titolo Global Analysis on Crimes that Affect the Environment – Part 2b: Minerals Crime: Illegal Gold Mining.

Questo rapporto fa parte di una serie di analisi globali sui crimini che colpiscono l’ambiente. In particolare, la Parte 2b si concentra sul crimine minerario, con un focus sull’estrazione illegale dell’oro. Il documento è stato redatto in risposta alla crescente preoccupazione per:

- l’aumento della domanda di minerali critici per la transizione energetica,

- l’infiltrazione di gruppi criminali organizzati nelle catene di approvvigionamento minerario,

- i gravi impatti ambientali e sociali dell’estrazione illegale,

- e le lacune normative e di enforcement a livello globale.

Il documento si basa su:

- una revisione di oltre 160 fonti aperte,

- analisi di dati commerciali (UN Comtrade),

- casi giudiziari,

- e contributi di esperti internazionali.

Il rapporto analizza i crimini legati al settore minerario, con particolare attenzione all’estrazione illegale dell’oro. Questi crimini includono attività illecite lungo tutta la catena di approvvigionamento dei minerali: dall’esplorazione all’estrazione, raffinazione, commercio e produzione finale. L’obiettivo è comprendere le dinamiche criminali, i danni ambientali e sociali, e proporre risposte politiche efficaci.

In particolare:

Domanda crescente e vulnerabilità: la transizione energetica globale aumenta la domanda di minerali critici (rame, litio, cobalto, ecc.). Questa pressione crea opportunità per attività criminali, corruzione e instabilità nelle catene di approvvigionamento.

L’oro come caso emblematico: l’oro è particolarmente vulnerabile a traffici illeciti per via del suo alto valore, facilità di trasporto e difficoltà di tracciabilità dopo la raffinazione. Le raffinerie internazionali sono punti critici per l’intervento normativo.

Attori coinvolti: gruppi criminali organizzati (OCGs), aziende legittime coinvolte in pratiche illecite, commercianti, raffinerie e minatori artigianali. Le OCGs usano l’oro per finanziare altre attività criminali e mantenere il controllo territoriale.

Impatto ambientale e sociale: uso di mercurio e sostanze tossiche, deforestazione, inquinamento di acqua e suolo.

Violazioni dei diritti umani: lavoro forzato, sfruttamento sessuale, lavoro minorile, violenza e sfollamenti.

Corruzione e riciclaggio: frodi documentali, concessioni ottenute illegalmente, uso di società di comodo per riciclare proventi illeciti. Le lacune normative e la scarsa trasparenza facilitano l’infiltrazione criminale.

Dall’analisi emergono alcune Raccomandazioni Politiche:

Transizione energetica giusta: risposte mirate per ogni tipo di minerale e contesto geografico.

Due diligence e trasparenza: rafforzare i controlli nelle raffinerie e nei centri di commercio. Sistemi di tracciabilità, audit indipendenti e divulgazione pubblica dei dati.
Risposte adattate al contesto locale

Distinguere tra attività illegali e informali: incentivare la formalizzazione dei minatori artigianali.

Responsabilità aziendale: le aziende devono garantire il rispetto dei diritti umani e ambientali lungo tutta la catena.

Rafforzare l’applicazione della legge: maggiore cooperazione internazionale, uso di tecnologie (droni, AI, blockchain), formazione e risorse per le forze dell’ordine.

Migliorare la raccolta dati: standardizzazione dei dati, criminalizzazione uniforme dei reati minerari, cooperazione tra Stati.

Il crimine minerario, in particolare l’estrazione illegale dell’oro, rappresenta una minaccia globale che richiede risposte coordinate e multisettoriali. È essenziale garantire catene di approvvigionamento trasparenti e responsabili per sostenere una transizione energetica equa e sostenibile.

Il documento (in inglese) è reperibile qui: unodc.org/documents/data-and-a…

#CRIMINIAMBIENTALI #CRIMINEMINERARIO #ESTRAZIONEILLEGALE #ORO

@Ambiente - Gruppo sulla sostenibilità e giustizia climatica

La Wildlife Justice Commission (WJC) è una fondazione internazionale senza scopo di lucro, con sede all'Aia, nei Paesi Bassi, fondata nel 2015. La sua missione è contrastare e contribuire allo smantellamento delle reti criminali transnazionali organizzate che trafficano in specie selvatiche protette, legname e prodotti ittici.

La Wildlife Justice Commission: - Conduce indagini sotto copertura e basate su intelligence, utilizzando metodologie di polizia per raccogliere prove verificabili di crimini contro la fauna selvatica; - Fornisce queste prove a governi e forze dell’ordine per favorire arresti e processi contro i trafficanti di alto livello; - Supporta le autorità con assistenza operativa e crea pressione diplomatica sui governi riluttanti ad agire, anche organizzando audizioni pubbliche; - Collabora con enti governativi, organizzazioni intergovernative e ONG per rafforzare la capacità di contrasto ai crimini ambientali e promuovere soluzioni sostenibili.

Il traffico di specie selvatiche è una delle industrie criminali più redditizie al mondo, con un giro d’affari stimato di circa 20 miliardi di dollari l’anno, subito dopo il traffico di droga, esseri umani e armi.
La WJC si concentra sulle specie più vulnerabili, come tigri, rinoceronti ed elefanti, e sui criminali più prolifici, mirando a interrompere le reti criminali e la corruzione che le sostiene.

Nel suo Rapporto sulla attività svolta nel 2024 la Wildlife Justice Commission segnala come quello passato sia stato trasformativo per la WJC, con risultati significativi nella lotta contro il crimine ambientale e il traffico di fauna selvatica. L’organizzazione infatti ha:

- Smantellato 16 reti criminali transnazionali
- Supportato 84 arresti in Africa, Asia e Sud America
- Facilitato sequestri record, tra cui 12.214 kg di squame di pangolino (79% del totale globale)

Tra i Risultati Operativi Chiave vengono indicati:
Nigeria: Sequestrati 11.673 kg di squame di pangolino e 25 kg di avorio. Arrestati 12 sospetti, tra cui broker e spedizionieri di alto livello.
Mozambico: Condannati due noti trafficanti di corni di rinoceronte a 27 e 24 anni di carcere.
Thailandia: Sequestrati oltre 1.200 animali esotici (tartarughe, lemuri) e rimpatriati in Madagascar.
Sudafrica: Arrestato un trafficante vietnamita di grandi felini.
America Latina: Sequestrata oltre una tonnellata di cetrioli di mare e pinne di squalo.

I progetti Speciali attivati sono stati:
Project Galvanise: Rafforzata l’intelligence contro il traffico di fauna selvatica in 16 paesi. Creato l’Online Resource Center for Analysis (ORCA) per analisti di intelligence. Con riguardo alla Formazione: 16 programmi di formazione in Mozambico, Botswana, Filippine e Thailandia per rafforzare le capacità investigative locali.

La WJS ha:
- Partecipato a conferenze ONU e G20.
- Contributo a 5 politiche internazionali e alla nuova Convenzione del Consiglio d’Europa.
- Promosso il riconoscimento del traffico di fauna selvatica come crimine organizzato grave.

Il report (in inglese) è scaricabile qui: wildlifejustice.org/wp-content…

#trafficospecieprotette #wjc

@Ambiente - Gruppo sulla sostenibilità e giustizia climatica