When we do textbook analysis, we tend to ignore the real-world concerns for the sake of learning. So, a typical theoretical voltage divider is simply two resistors. But if you examine a low-pass RC filter, you’ll see a single resistor and a capacitor. What if you combine them? That’s what [Old Hack EE] did in a recent video, and you can check it out below.

It helps if you are familiar with Thevenin equivalents and, of course, Ohm’s Law. There’s also a bit of algebra, but nothing too complicated. The example design has a lossy filter at 100 Hz.

Of course, RC filters are easy to understand if you think of them as voltage dividers with a frequency-variable resistance, which is what the math is basically saying. The load impedance, in this case, is R2 in parallel with Xc at a given frequency.

He mentions that you might find a circuit like this in a power supply. However, it is also common to see this circuit wherever a divider drives a load with capacitance or even parasitic capacitance in cables or circuit boards.

We’ve discussed Thevenin equivalence modeling before. If you want really good filters, you are probably going to need op-amps.

youtube.com/embed/7h5irBPDMrk?…

hackaday.com/2025/07/10/voltag…

Consiglio la lettura di questo libro.

Leggete l'estratto di questo libro, e poi pensate a Travaglio, a Orsini, al Fatto Quotidiano.

Poi chiedetevi perché siamo molto in basso nelle classifiche sull'informazione libera a livello mondiale.

"Secondo il sociologo della Chapman University della California, Andrea Molle, intervistato dalla RAI[76], “l’ideologia del Gruppo Wagner, che si associa alla sua dimensione per così dire aziendale, associa il neonazismo con il neopaganesimo slavo molto diffuso in Russia a partire dagli anni ‘70 del secolo scorso. Io parlerei di una forma esoterica di nazismo”. Il professore fa esplicito riferimento ad una particolare “declinazione dell’ideologia nazionalsocialista” con la quale venivano fusi gli elementi classici del nazismo con altri tipici del misticismo, occultismo ed esoterismo in voga in Germania a cavallo tra il 1800 ed il 1900. “Il Gruppo Wagner - afferma - riprende alcuni di questi contenuti nella propria estetica, come l’uso di rune sui propri mezzi, e nelle ritualità che sembrano caratterizzarlo”. Il sociologo parla anche di contatti tra Wagner e gli ambienti legati all’ultra destra e nazionalisti russi, i cui militanti sarebbero in larga parte impiegati anche nelle operazioni militari in Ucraina, ma non solo russi. Spiega anche che “abbiamo notizie di rapporti tra il gruppo Wagner e altri gruppi di estrema destra in Europa, ma anche negli Stati Uniti e in altri paesi del mondo. Alcuni ricercatori sostengono che negli ultimi anni, membri di gruppi estremisti (ad esempio tedeschi) e dei paesi dell’est Europa abbiano partecipato a sessioni di addestramento organizzate dalle PMC (private military company) russe tra le quali è ragionevole pensare anche il Gruppo Wagner”. Un ruolo determinante nella formazione e nell’addestramento delle milizie non ufficiali delle quali si avvale il Cremlino spetta, come si è visto, al Movimento Imperiale Russo, al quale ha dedicato attenzione anche il Centro per la Sicurezza e la Cooperazione Internazionale (CISAC)[77] centro di ricerca della prestigiosa Università di Stanford in California. Secondo il CISAC, il MIR “è un'organizzazione militante della supremazia bianca di estrema destra con sede a San Pietroburgo, in Russia. Fondato nel 2002, il gruppo promuove il nazionalismo etnico russo, sostiene la restaurazione del regime zarista russo e cerca di alimentare l'estremismo della supremazia bianca in Occidente. MIR (o RIM) mantiene contatti con gruppi neonazisti e suprematisti bianchi in Europa e negli Stati Uniti."

Setaccioli, Marco. Scemi di pace: Come i "pacifinti" ingannano l'Italia, diffondendo e mascherando le menzogne del Cremlino (pp.177-178). Edizione del Kindle.

#ucraina
#guerra
#mosca
#russia
#nazismo
#neonazismo
#wagner
#distopia
#disinformazione
#ilfattoquotidiano
#Orsini

Immutable distributions are slowly spreading across the Linux world– but should you care? Are they hacker friendly? What does “immutable” mean, anyway?

Immutable means “not subject or susceptible to change” according to Merriam-Webster, which is not 100% accurate in this context, but it’s close enough and the name is there so we’re stuck with it. Immutable distributions are subject to change, it’s just that how you change them is quite a bit different than bog-standard Linux. Will this matter to you? Read on to find out! (Or, if you know the answers already, read on to find out how angry you should be in the comments section.)

Immutability is cloud-based thinking: the system has a known-good state, and it’s always in it. Everything that is not part of the core system is containerized and controlled. I’m writing this from a KDE-based distribution called Aurora, part of the Universal Blue project that builds on Fedora’s Atomic Desktop work. It bills itself as being for “lazy developers”.

The advantage to this hypothetical lazy dev is that the base system is already built, and you can’t get distracted messing around with it. It works, and it isn’t at all likely to break. Every installation is essentially identical to every other installation, which means reproducibility is all but guaranteed. No more faffing about arguing on forums to figure out which library is conflicting with which. In an immutable system, they’ve all been selected to play well together, and anything else is safely containerized. (Again, a cloud ideal.) If the devs make a mistake during an update, well, just roll back!

50 Shades of Immunability

The different flavours of immutable linux differ in how they accomplish that, but all have rollbacks as a basic capability. Each change to the system becomes a new, indivisible image; that’s why we talk about atomic updates. You create a new system image when you update, but you don’t start using it until you reboot the system. (This has some advantages to stability, as you might imagine, although the rebooting can get old.) The old image is maintained on your system, just in case you happen to need it.

MicroOS and its descendants (like Aeon) use a system based on BRTFS snapshots to provide rollbacks. Fedora’s atomic desktops, like Silverblue, and the Universal Blue downstreams that are based on Fedora like Bazzite or Aurora use a system called OSTree, which is considerably more complex and more interesting. You can do something similar with Nix, of course, but that is a whole other kettle of fish.

OSTree bills itself as “Git for operating system binaries”. Every update, or every package installed is layered onto the tree and can be rolled back if needed– en masse, or individually. You can package up that tree of commits, and deploy it onto a new system, making devising new “distros” so trivial they don’t really deserve the name. In theory, you can install everything via OSTree, but the further you take your system from the base image, the less you have that “every system is identical” easy-problem-solving that the immutable guys like to talk about.

Of course you do want to install applications, and you do it the same way you might on a server: in containers. What sort of containers can vary by taste, but typically that means Flatpak for GUI applications. Fedora-based immutable distributions like Silverblue or Aurora use Flatpak, as does OpenSuse. (AppImage and snap are also options, technically speaking, but who likes snaps?) The Universal Blue team adds in Homebrew for those terminal applications that don’t tend to get Flatpaks. I admit that I was surprised at first to see Homebrew when I started using Aurora, since I knew it as “the missing package manager for MacOS” but its inclusion makes perfect sense when you think about it.

MacOS is the First Immutable UNIX

MacOS, you see, is the first immutable UNIX. As much as we in the Linux community don’t like to talk about it, Macs aren’t just POSIX compatible– they run Certified UNIX(). And Curputino has been moving towards this “immutable” thing for a long time, until Catalina finally sealed the system folders away completely on a read-only volume. Updates for MacOS also come as snapshots to replace that system volume– you could certainly call them “atomic”. Since the system volume is locked down, traditional package managers won’t be able operate. Homebrew was created to solve that problem. It works just as well on a Linux system that has the same lockdown applied to its system folders.

If Homebrew isn’t your cup of tea – and it seems to not be everyone’s, since I think Universal Blue is the only distro set to ship with it – you can go more hard-core into containerization with docker or podman. Somewhere in between, you could use something like Distrobox. If you haven’t heard of it, Distrobox is a framework for deploying traditional linux systems inside containers. For devs, it’s great for testing, even if you aren’t basing it on top of an immutable distribution. If you’ve never worked in the cloud, this may all sound like rube-goldberg gobbbly-gook, (“linux in a box on my linux!?”) but once you adapt to it, it’s not so bad.

The Year of Immutable on the Desktop?

The question is: do you want to adapt to it? Is cloud-based thinking necessary on the desktop? Well I’d say it depends on who is using the desktop. I would absolutely steer Windows users who are thinking of switching to Linux in the wake of the Windows 10 EOL to a Universal Blue distribution, and probably Aurora since KDE is more windows-y than Gnome. Most of those ex-Windows users are people who just want to use a computer, not play with it. If that describes you, then maybe an immutable distribution could be to your liking.

MacOS has shown that very few desktop users will ever notice if they can access the system folders or not; they are most interested in having a stable, reproducible environment to work in. Thus, immutable Linux may be the way to bring Linux mainstream – certainly Steam thinks so, with SteamOS. For their use case, it’s hard to argue the benefits: you need a stable base system for the stack of cards that is gaming on Linux, and tech support is much simplified for a locked-down operating system that you cannot install packages on. The rising popularity of Bazzite, Universal Blue’s gaming-centric distribution, also speaks to this.

There are downsides to this kind of system, of course, and it is important to recognize that. Some people really, really hate containerization because Flatpaks, and other similar options, use more memory, both on disk and in RAM. Of course not everything is available as a Flatpak, or on Homebrew if the system uses that. If you want to use Toolbox or Distrobox to get a distro-specific set of packages, well, of course running a whole extra Linux system in a container is going to have overhead.

From an aesthetic perspective, it’s not as elegant as a traditional Linux environment, at least to some eyes, mine included. Those of us who switched to Linux because we wanted absolute control over our computers might not feel too great about the “do not touch” label implicitly scrawled across the system folders, even if we do get something like rpm-ostree to make changes with. Even with a package manager, there are customizations and tweaks you simply cannot make on a read-only system. For those of us who treat Linux as a hobby, that’s probably a no-go.

For the “Lazy Developer” Aurora sells itself to, well, that’s perhaps a different story. Speaking of lazy, I’ve been using Aurora for a few months now, almost in spite of myself. I initially loaded it as the last step on a distro-hopping jaunt to see if I could find a good Windows 10 replacement for my parents. (I think this is it, to be honest.) It’s still on my main laptop simply because it’s so unobtrusively out of the way that I can think of no reason to install anything else.

At some point that may change, and when it does I might just overcorrect and do a Linux From Scratch build or try out like NixOS like I’ve been meaning to. Something like that would let me regain the sense of agency I have forfeited to the Universal Blue dev team while running Aurora. (There have been times where I can feel the ghostly hand of an imaginary sysadmin urging me not to mess with my own system.)

After seeing how well containerization can work on desktop, Nix looks extra appealing – it can do most of what this article talks about with the immutable distros, but without trusting configuration of any facet of the system to anyone else. What do you think? Are the touted benefits to stability, reproducibility, and security worth the hassle of an immutable distribution? Is the grass greener in the land of Nix? If you’ve tried one of the immutable Linux distributions out there, we’d love to hear what you think in the comments.

hackaday.com/2025/07/10/person…

While we know that many of you are reading Hackaday via our Really Simple Syndication (RSS) feed, we suspect that most people on the street wouldn’t know that it underlies a lot of the modern internet. [A. McNamee] and [A. Service] have created an illustrated history of RSS that proudly proclaims RSS is (not) dead (yet)!

While tens of millions of users used Google Reader before it was shut down, social media and search companies have tried to squeeze independent blogs and websites for an increasingly large part of their revenue, making it more and more difficult to exist outside the walled gardens of Facebook, Apple, Google, etc. Despite those of you that remember, RSS has been mostly forgotten.

RSS has been the backbone of the podcast industry, however, quietly serving feeds to millions of users everywhere with few of them aware that an open protocol from the 90s was serving up their content. As with every other corner of the internet where money could be made, corporate raiders have come to scoop up creators and skim the profits for themselves. Spotify has been the most egregious actor here, but the usual suspects of Apple, Google, and Amazon are also making plays to enclose the podcast commons.

If you’d like to learn more about how big tech is sucking the life out of the internet (and possibly how to reverse the enshittification) check out Cory Doctorow’s keynote from our very own Supercon.

hackaday.com/2025/07/10/long-l…

We love 3D printing. We’ll print brackets, brackets for brackets, and brackets to hold other brackets in place. Perhaps even a guilty-pleasure Benchy. But 3D printed shoes? That’s where we start to have questions.

Every few months, someone announces a new line of 3D-printed footwear. Do you really want your next pair of sneakers to come out of a nozzle? Most of the shoes are either limited editions or fail to become very popular.

First World Problem

You might be thinking, “Really? Is this a problem that 3D printing is uniquely situated to solve?” You might assume that this is just some funny designs on some of the 3D model download sites. But no. Adidas, Nike, and Puma have shoes that are at least partially 3D printed. We have to ask why.

We are pretty happy with our shoes just the way that they are. But we will admit, if you insist on getting a perfect fitting shoe, maybe having a scan of your foot and a custom or semi-custom shoe printed is a good idea. Zellerfield lets you scan your feet with your phone, for example. [Stefan] at CNC Kitchen had a look at those in a recent video. The company is also in many partnerships, so when you hear that Hugo Boss, Mallet London, and Sean Watherspoon have a 3D-printed shoe, it might actually be their design from Zellerfield.

youtube.com/embed/4id0-vvu-u0?…

Or, try a Vivobiome sandal. We aren’t sold on the idea that we can’t buy shoes off the rack, but custom fits might make a little sense. We aren’t sure about 3D-printed bras, though.

Maybe the appeal of 3D-printed shoes lies in their personalizability? Creating self-printed shoes might make sense, so you can change their appearance or otherwise customize them. Maybe you’d experiment with different materials, colors, or subtle changes in designs. Nothing like 30 hours of printing and three filament changes to make one shoe. And that doesn’t explain why the majors are doing it.

Think of the Environment!

There is one possible plus to printing shoes. According to industry sources, more than 20 billion pairs of shoes are made every year, and almost all will end up in landfills. Up to 20% of these shoes will go straight to the dump without being worn even once.

So maybe you could argue that making shoes on demand would help reduce waste. We know of some shoe companies that offer you a discount if you send in an old pair for recycling, although we don’t know if they use them to make new shoes or not. Your tolerance for how much you are willing to pay might correlate to how much of a problem you think trash shoes really are.

But mass-market 3D-printed shoes? What’s the appeal? If you’re desperate for status, consider grabbing a pair of 3D-printed Gucci shoes for around $1,300. But for most of us, are you planning on dropping a few bucks on a pair of 3D-printed shoes? Why or why not? Let us know in the comments.

If you are imagining the big guys printing shoes on an Ender 3, that’s probably not the case. The shoes we’ve seen are made on big commercial printers.

hackaday.com/2025/07/10/ask-ha…

ChatGPT si è rivelato ancora una volta vulnerabile a manipolazioni non convenzionali: questa volta ha emesso chiavi di prodotto Windows valide, tra cui una registrata a nome della grande banca Wells Fargo. La vulnerabilità è stata scoperta durante una sorta di provocazione intellettuale: uno specialista ha suggerito che il modello linguistico giocasse a indovinelli, trasformando la situazione in un aggiramento delle restrizioni di sicurezza.

L’essenza della vulnerabilità consisteva in un semplice ma efficace bypass della logica del sistema di protezione. A ChatGPT 4.0 è stato offerto di partecipare a un gioco in cui doveva indovinare una stringa, con la precisazione che doveva trattarsi di un vero numero di serie di Windows 10.

Le condizioni stabilivano che il modello dovesse rispondere alle ipotesi solo con “sì” o “no” e, nel caso della frase “Mi arrendo”, aprire la stringa indovinata. Il modello ha accettato il gioco e, seguendo la logica integrata, dopo la frase chiave ha effettivamente restituito una stringa corrispondente alla chiave di licenza di Windows.

L’autore dello studio ha osservato che la principale debolezza in questo caso risiede nel modo in cui il modello percepisce il contesto dell’interazione. Il concetto di “gioco” ha temporaneamente superato i filtri e le restrizioni integrati, poiché il modello ha accettato le condizioni come uno scenario accettabile.

Le chiavi esposte includevano non solo chiavi predefinite disponibili al pubblico, ma anche licenze aziendali, tra cui almeno una registrata a Wells Fargo. Ciò è stato possibile perché avrebbe potuto causare la fuga di informazioni sensibili che avrebbero potuto finire nel set di addestramento del modello. In precedenza, si sono verificati casi di informazioni interne, incluse le chiavi API, esposte pubblicamente, ad esempio tramite GitHub, e di addestramento accidentale di un’IA.

Screenshot di una conversazione con ChatGPT (Marco Figueroa)

Il secondo trucco utilizzato per aggirare i filtri era l’uso di tag HTML . Il numero di serie originale veniva “impacchettato” all’interno di tag invisibili, consentendo al modello di aggirare il filtro basato sulle parole chiave. In combinazione con il contesto di gioco, questo metodo funzionava come un vero e proprio meccanismo di hacking, consentendo l’accesso a dati che normalmente sarebbero stati bloccati.

La situazione evidenzia un problema fondamentale nei modelli linguistici moderni: nonostante gli sforzi per creare barriere protettive (chiamati guardrail), il contesto e la forma della richiesta consentono ancora di aggirare il filtro. Per evitare simili incidenti in futuro, gli esperti suggeriscono di rafforzare la consapevolezza contestuale e di introdurre la convalida multilivello delle richieste.

L’autore sottolinea che la vulnerabilità può essere sfruttata non solo per ottenere chiavi, ma anche per aggirare i filtri che proteggono da contenuti indesiderati, da materiale per adulti a URL dannosi e dati personali. Ciò significa che i metodi di protezione non dovrebbero solo diventare più rigorosi, ma anche molto più flessibili e proattivi.

L'articolo Hai bisogno di una Product Key per Microsoft Windows? Nessun problema, chiedilo a Chat-GPT proviene da il blog della sicurezza informatica.

Il plugin @docusaurus/plugin-content-docs, vanta numeri impressionanti: oltre 1,36 milioni di download solo nell’ultimo mese, più di 56.000 stelle su GitHub e circa 8.560 fork, a dimostrazione di una community globale estremamente attiva.

Lanciato quasi quattro anni fa, oggi conta 85 pacchetti che lo utilizzano come dipendenza, più di 14.800 repository che lo includono e addirittura 2,7 milioni di download Docker, segno di una crescente adozione anche in ambienti containerizzati.

Nel mondo dei plugin open source, anche un singolo errore può trasformarsi in una falla catastrofica. È il caso di docusaurus-plugin-content-gists, un plugin che permette di mostrare in una pagina del proprio sito tutti i gist pubblici di un utente GitHub.

Secondo la CVE-2025-53624 (score 10/10, severity: CRITICAL), nelle versioni precedenti alla 4.0.0 è stata scoperta una vulnerabilità gravissima: il GitHub Personal Access Token, pensato solo per essere usato in fase di build, veniva incluso per errore nei bundle JavaScript distribuiti sul sito.

Risultato? Chiunque poteva leggere il token direttamente dal codice sorgente del sito pubblicato online, con rischi enormi per la sicurezza. Il problema, corretto nella release 4.0.0, riguarda un errore banale ma letale nella gestione della configurazione: un campo contenente la chiave privata non veniva filtrato correttamente e finiva nel codice client.

Con una complessità di attacco bassa, bastava semplicemente visitare il sito e aprire la console del browser per rubare la chiave. Questo caso dimostra, ancora una volta, quanto sia fondamentale trattare con cura ogni informazione sensibile nelle configurazioni, soprattutto in plugin open source e ambienti come WordPress o Docusaurus, che spesso vengono dati per scontati ma gestiscono dati critici.

La popolarità del plugin rende ancora più preoccupante la recente scoperta di una vulnerabilità critica (score 10/10) nel plugin docusaurus-plugin-content-gists per WordPress, che poteva esporre GitHub Personal Access Tokens nei bundle JavaScript destinati al client, rendendoli visibili a chiunque visualizzasse il codice sorgente del sito.

L'articolo Il plugin per WordPress Docusaurus ha una RCE da 10 su 10 di score ed espone le chiavi segrete proviene da il blog della sicurezza informatica.