sondaggio noyb: solo il 7% degli utenti vuole che Meta utilizzi i propri dati personali per l'IA Mentre quasi il 75% degli utenti ha sentito parlare dei piani di Meta, solo il 7% vuole effettivamente che i propri dati vengano utilizzati per l'addestramento dell'intelligenza artificiale mickey07 August 2025
OpenAI Releases gpt-oss AI Model, Offers Bounty For Vulnerabilities
OpenAI have just released gpt-oss, an AI large language model (LLM) available for local download and offline use licensed under Apache 2.0, and optimized for efficiency on a variety of platforms without compromising performance. This is their first such “open” release, and it’s with a model whose features and capabilities compare favorably to some of their hosted services.
OpenAI have partnered with ollama for the launch which makes onboarding ridiculously easy. ollama is an open source, MIT-licensed project for installing and running local LLMs, but there’s no real tie-in to that platform. The models are available separately: gpt-oss-20b can run within 16 GB of memory, and the larger and more capable gpt-oss-120b requires 80 GB. OpenAI claims the smaller model is comparable to their own hosted o3-mini “reasoning” model, and the larger model outperforms it. Both support features like tool use (such as web browsing) and more.
LLMs that can be downloaded and used offline are nothing new, but a couple things make this model release a bit different from others. One is that while OpenAI have released open models such as Whisper (a highly capable speech-to-text model), this is actually the first LLM they have released in such a way.
The other notable thing is this release coincides with a bounty challenge for finding novel flaws and vulnerabilities in gpt-oss-20b. Does ruining such a model hold more appeal to you than running it? If so, good news because there’s a total of $500,000 to be disbursed. But there’s no time to waste; submissions need to be in by August 26th, 2025.
2025 One Hertz Challenge: An Animated Ferrofluid Display
Ferrofluid is fun. You’ve probably seen all kinds of demos with it bouncing around in response to magnetic fields, or dancing near a speaker. [beastie417] decided to turn the entertaining fluid into a display.
The concept is straightforward enough. First, construct a tank of ferrofluid with a white panel behind it for contrast. Then, place it in front of a grid of electromagnets. Now you have many “pixels” you can turn on and off. You turn a magnet on to attract ferrofluid to that point, and turn it off to let it fall away. Since the ferrofluid contrasts with the white background, you have a viable display!
[beastie417] notes that while the concept is simple, the execution is hard. Ferrofluid can be very difficult to work with, instantly staining many materials like acrylic and even glass that isn’t properly prepared. It can also be quite expensive to construct a display like this, with [beastie417] noting their 16×12 pixel design costing approximately $700 thus far. Then you have to figure out how to drive all the pixels—this project uses DRV8908 coil driver ICs running off a microcontroller which controls the display and handles animations.
We’ve seen some great ferrofluid displays before, like this neat build that could even create readable glyphs. Meanwhile, if you’re doing rad things with the coolest fluid of the new millennium, don’t hesitate to let us know!
MORIS and I.R.I.S. was designed for Sheriff's Offices to identify known persons with their iris. Now ICE says it plans to buy the tech.
MORIS and I.R.I.S. was designed for Sheriffx27;s Offices to identify known persons with their iris. Now ICE says it plans to buy the tech.#News #ICE
ICE Is Buying Mobile Iris Scanning Tech for Its Deportation Arm
Immigration and Customs Enforcement (ICE) is looking to buy iris scanning technology that its manufacturer says can identify known persons “in seconds from virtually anywhere,” according to newly published procurement documents.Originally designed to be used by sheriff departments to identify inmates or other known persons, ICE is now likely buying the technology specifically for its Enforcement and Removal Operations (ERO) section, which focuses on deportations.
Upgrade to continue reading
Become a paid member to get access to all premium content
UpgradeICE Is Buying Mobile Iris Scanning Tech for Its Deportation Arm
MORIS and I.R.I.S. was designed for Sheriff's Offices to identify known persons with their iris. Now ICE says it plans to buy the tech.Joseph Cox (404 Media)
djpanini reshared this.
America’s scandalous president is teaming up with its most disreputable AI company to make a search engine.#News
Trump Is Launching an AI Search Engine Powered by Perplexity
Donald Trump’s media company is teaming up with Perplexity to bring AI search to Truth Social, the President’s X.com alternative.Truth announced the endeavor in a press release on Wednesday. Anyone using the browser version of Truth can now use Perplexity to search the web. “We’re proud to partner with Perplexity to launch our public Beta testing of Truth Social AI, which will make Truth Social an even more vital element in the Patriot Economy,” Devin Nunes, Trump Media's CEO and Chair of the President's Intelligence Advisory Board, said in the press release.
playlist.megaphone.fm?p=TBIEA2…
“We’re excited to partner with Truth Social to bring powerful AI to an audience with important questions. Curiosity is the engine of change, and Perplexity’s AI is developed to empower curiosity by delivering direct, reliable answers with transparent citations that allow anyone to dig deeper,” Perplexity’s chief business officer Dmitry Shevelenko said in the press release.According to the announcement, “the mission of Trump Media is to end Big Tech’s assault on free speech by opening up the Internet and giving people their voices back.” Which is a funny thing to put in an announcement about Trump partnering with a company whose investors include Jeff Bezos, Nvidia, and the former CEO of GitHub.
Perplexity’s Truth Social search engine will be powered by stolen content. Earlier this week, Cloudflare reported Perplexity used stealth and undeclared crawlers to evade websites that explicitly set themselves up to avoid being catalogued by LLMs. Perplexity has a long history of using scrapers that ignore the Robots Exclusion Protocol. Perplexity started as a demo that scraped Twitter with fake academic accounts backed by AI-generated research proposals.
Forbes, the New York Times, New York Post, and the Dow Jones have all accused Perplexity of plagiarism. News Corp‘s Dow Jones & Co., publisher of the Wall Street Journal, and the New York Post sued Perplexity in 2024 for copyright infringement, claiming in the federal lawsuit that Perplexity is “engaging in a massive amount of illegal copying of publishers’ copyrighted works and diverting customers and critical revenues away from those copyright holders.” In 2024, WIRED reported on the accusations of Perplexity’s plagiarism and Perplexity almost immediately plagiarized the story. When New York Times tech workers went on strike last year, Perplexity CEO Aravind Srinivas offered to help the Times keep the paper going.
Big Tech has aligned itself with the Trump administration since before the election, seeing an alliance of opportunity for deregulation of AI in particular.
But is the Perplexity-powered AI aggregation machine “woke?” I asked a few questions to find out. I wanted to know: Is Trump in the Epstein files?“There is no evidence in the recently reviewed and released government ‘Epstein Files’ of a ‘client list” or documentation placing Donald Trump as implicated in Jeffrey Epstein's criminal actions,” it said. “While Trump’s name, like many other prominent individuals, appears in public records of Epstein’s social and business contacts (such as guest lists or flight logs, widely reported over the years), there is no mention in current official documents or filings that directly implicates Trump as a criminal participant in Epstein’s sex trafficking activities.”
How does Truth Social’s search engine think the American economy is doing?
“The American economy is currently facing significant headwinds, with signs of slowdown—most notably by a contraction in GDP, rising inflation, and softening labor market conditions—though some leaders still emphasize areas of resilience,” Truth Search AI said.
Are the tariffs to blame?“Recent tariff increases in the United States have generally had a negative effect on economic growth and employment, raising costs for businesses and consumers while providing only limited benefits to some manufacturing sectors,” Truth Search AI said.
Damn. It’s woke as hell.
Big Tech Backed Trump for Acceleration. They Got a Decel President Instead
Effective accelerationists didn’t just accidentally shoot themselves in the foot. They methodically blew off each of their toes with a .50 caliber sniper rifle.Emanuel Maiberg (404 Media)
Part of Article I Section 8, and all of Sections 9 and 10, which address things like habeas corpus, nobility, and militias, are gone from Congress's website for the Constitution.
Part of Article I Section 8, and all of Sections 9 and 10, which address things like habeas corpus, nobility, and militias, are gone from Congressx27;s website for the Constitution.#archiving #websites #Trumpadministration
Constitution Sections on Due Process and Foreign Gifts Just Vanished from Congress' Website
Congress’ website for the U.S. Constitution was changed to delete the last two sections of Article I, which include provisions such as habeas corpus, forbidding the naming of titles of nobility, and forbidding foreign emoluments for U.S. officials.The last full version of the webpage, archived by the Internet Archive on July 17, still included the now-deleted sections. Parts of Section 8 of Article I, as well as all of Sections 9 and 10 of Article I are now gone from the live site. The deletions, as of August 6, are also archived here. The change was spotted by users on Lemmy, an open-source aggregation platform and forum.
This webpage, maintained by the U.S. government, hasn’t changed significantly in the entire time it’s been saved by the Internet Archive’s Wayback Machine—since 2019. The page for the Constitution on the National Archives website remains unchanged, and shows the entire document.
The removed portion begins halfway through Section 8. It includes:
To provide and maintain a Navy;
To make Rules for the Government and Regulation of the land and naval Forces;
To provide for calling forth the Militia to execute the Laws of the Union, suppress Insurrections and repel Invasions;
To provide for organizing, arming, and disciplining, the Militia, and for governing such Part of them as may be employed in the Service of the United States, reserving to the States respectively, the Appointment of the Officers, and the Authority of training the Militia according to the discipline prescribed by Congress;
To exercise exclusive Legislation in all Cases whatsoever, over such District (not exceeding ten Miles square) as may, by Cession of particular States, and the Acceptance of Congress, become the Seat of Government of the United States, and to exercise like Authority over all Places purchased by the Consent of the Legislature of the State in which the Same shall be, for the Erection of Forts, Magazines, Arsenals, dock-Yards, and other needful Buildings;–And
To make all Laws which shall be necessary and proper for carrying into Execution the foregoing Powers, and all other Powers vested by this Constitution in the Government of the United States, or in any Department or Officer thereof.
Section 9
The Migration or Importation of such Persons as any of the States now existing shall think proper to admit, shall not be prohibited by the Congress prior to the Year one thousand eight hundred and eight, but a Tax or duty may be imposed on such Importation, not exceeding ten dollars for each Person.The Privilege of the Writ of Habeas Corpus shall not be suspended, unless when in Cases of Rebellion or Invasion the public Safety may require it.
No Bill of Attainder or ex post facto Law shall be passed.
No Capitation, or other direct, Tax shall be laid, unless in Proportion to the Census or enumeration herein before directed to be taken.
No Tax or Duty shall be laid on Articles exported from any State.
No Preference shall be given by any Regulation of Commerce or Revenue to the Ports of one State over those of another: nor shall Vessels bound to, or from, one State, be obliged to enter, clear, or pay Duties in another.
No Money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law; and a regular Statement and Account of the Receipts and Expenditures of all public Money shall be published from time to time.
No Title of Nobility shall be granted by the United States: And no Person holding any Office of Profit or Trust under them, shall, without the Consent of the Congress, accept of any present, Emolument, Office, or Title, of any kind whatever, from any King, Prince, or foreign State.
Section 10
No State shall enter into any Treaty, Alliance, or Confederation; grant Letters of Marque and Reprisal; coin Money; emit Bills of Credit; make any Thing but gold and silver Coin a Tender in Payment of Debts; pass any Bill of Attainder, ex post facto Law, or Law impairing the Obligation of Contracts, or grant any Title of Nobility.No State shall, without the Consent of the Congress, lay any Imposts or Duties on Imports or Exports, except what may be absolutely necessary for executing it's inspection Laws: and the net Produce of all Duties and Imposts, laid by any State on Imports or Exports, shall be for the Use of the Treasury of the United States; and all such Laws shall be subject to the Revision and Controul of the Congress.
No State shall, without the Consent of Congress, lay any Duty of Tonnage, keep Troops, or Ships of War in time of Peace, enter into any Agreement or Compact with another State, or with a foreign Power, or engage in War, unless actually invaded, or in such imminent Danger as will not admit of delay.
As people in the Lemmy forum conversation note, this could be a glitch, or some kind of error with the site. But considering the page doesn’t include many dynamic elements, and is mainly a text reprinting of the Constitution, a nearly 240-year-old document that hasn’t changed since the addition of the 27th Amendment in 1992—and that the page itself has barely changed at all in the six years it’s been archived—it’s a noteworthy and sudden move.
The Trump administration does not have any control over Congressional websites, but the sudden disappearance of important parts of the Constitution is happening in the context of a broader government war on information.
Since the Trump administration took office, official federal government websites with public information have come under attack, being taken offline entirely or altered to reflect this administration’s values. This has included critical information promoting vaccines, HIV care, reproductive health options including abortion, and trans and gender confirmation healthcare being purged from the CDC’s live website, thousands of datasets disappearing from Data.gov, and the scrubbing of various documents, employee handbooks, Slack bots, and job listings across government agencies. Some deleted pages across the government were restored following a court order, but the administration then added a note rejecting “gender ideology” to some of them.
Habeas corpus, which is among the now-deleted provisions on the Constitution webpage, allows people to challenge their imprisonment before a judge. In May, Homeland Security Secretary Kristi Noem said before a congressional committee that Trump can remove the Constitutional provision of habeas corpus, calling it “a constitutional right that the president has to be able to remove people from this country and suspend their rights.” Trump has said he’s considering suspending habeas corpus for people detained by ICE.
“That’s incorrect,” Democratic Sen. Maggie Hassan replied to Noem, calling habeas corpus “the foundational right that separates free societies like America from police states like North Korea.”
Trump Admin Adds Note Rejecting ‘Gender Ideology’ on Sites Court Ordered Them to Restore
FDA and HHS sites now note that “The Trump Administration rejects gender ideology and condemns the harms it causes to children.”Emanuel Maiberg (404 Media)
Stone tools found on the Indonesian island of Sulawesi reveal a long-lost population of human relatives; their identity, and how they crossed the sea, is a mystery.#TheAbstract #science
Million-Year-Old Evidence of Epic Journey Near ‘Hobbit’ Island Discovered by Scientists
Scientists have discovered million-year-old artifacts made by a mysterious group of early humans on the Indonesian island of Sulawesi, according to a breakthrough study published on Wednesday in Nature.The extraordinary find pushes the archaeological record of Sulawesi back by about 800,000 years, and confirms that hominins, the broader family to which humans belong, crossed treacherous ocean passages to reach the island, where they crafted simple tools.
The tool-makers may have been related to a group of archaic humans—nicknamed “hobbits” for their short stature—that lived on nearby Flores Island. But while the hobbits left behind skeletal remains, no fossils from the Sulawesi group have been unearthed. The tools, found at a site called Calio in South Sulawesi, are the only record of their existence for now.
“The discovery of these ancient stone tools at Calio is another important piece of the puzzle in our understanding of the movements of early hominins from the edge of the Asian landmass into the isolated zone of islands known as Wallacea,” said Adam Brumm, a professor of archaeology at Griffith University and a co-author of the new study, in an email.
“A major question remaining is the identity of the archaic humans of Sulawesi,” he added, noting that they might be Homo erectus, or descendents of this influential early human species that migrated from Africa to Asia. ”But until we have their fossils, who they were will remain a mystery.”
Stone tools dated to over 1.04 million-years-old, scale bars are 10mm. Image: M W Moore
The discovery was made by Budianto “Budi” Hakim, an Indonesian archaeologist who has spent decades searching for traces of archaic humans in Sulawesi. Hakim spotted one of the artifacts while scouring the region’s sandstone outcrops, prompting an excavation that unearthed a total of seven flaked tools crafted from chert rock. The remains of extinct elephants and pigs were also found in the sedimentary layers at the site, hinting at an ancient origin.The team used two independent methods to date the tools, both of which placed their age at a minimum of 1.04 million years old, making the artifacts the earliest evidence for hominin occupation of Sulawesi by far.
“Budi has been searching for this evidence for much of his life, so it is very exciting indeed,” said Brumm. “But it is not so surprising that we now have evidence for hominins on Sulawesi by one million years ago; we have long suspected that there had been a very deep history of human occupation of this island based on the discovery (in 2010) of stone tools on Flores to the south that date to at least a million years ago. Sulawesi was probably where the first hominins to set foot on Flores actually came from, so it made sense to us that the human presence on Sulawesi would go back at least as far as a million years, if not considerably earlier.”
“And personally, it did not surprise me that Budi unearthed this new find,” he continued. “He is a renowned figure in Indonesian archaeology and undoubtedly has the ‘golden touch.’”
The tools are sharp-edged flakes that were probably cut from larger rocks obtained from a nearby river channel. Like many tools made by hominins across time and regions, they would have been useful for cutting and scraping materials, though their exact purpose is unknown.
playlist.megaphone.fm?p=TBIEA2…
The tools “can’t tell us very much about the behaviour or cognitive capacities of these early humans, other than that they were tool-makers who clearly understood how to choose stones with suitable properties and to fracture them in a controlled way to produce a supply of usable tools,” explained Brumm. “Over the past 2.5 million years, many different hominin species (including our own, Homo sapiens) have made stone tools that are essentially indistinguishable from the Sulawesi tools.”In addition to their mysterious identity, it is unclear how these early humans crossed ocean waters to reach these island shores, given that the shortest distance between the Asian mainland and Sulawesi would have been 30 miles, at minimum.
“This is too far to swim (in any case the ocean currents are too strong),” Brumm explained. “It is also very unlikely these archaic hominins had the cognitive ability to develop watercraft that were capable of making sea voyages, or indeed of the advanced planning required to gather resources and set sail over the horizon to an unseen land.”
“Most likely, they crossed to Sulawesi from the Asian mainland in the same way rodents and monkeys are suspected to have done; that is, by accident, perhaps as castaways on natural ‘rafts’ of floating vegetation,” he concluded.
It’s incredible to imagine these early humans getting caught up in tides or currents, perhaps stranded at sea for days, only to serendipitously wash up on a vast island that would become home to untold generations. Hakim, Brumm, and their colleagues hope to find more evidence of this long-lost population in the coming years, but for now, the stone tools offer a rare window into the lives of these accidental seafarers and their descendants.
Hominins on Sulawesi during the Early Pleistocene - Nature
Early Pleistocene artefacts at Calio suggest that Sulawesi was populated by hominins at around the same time as Flores, if not earlier.Nature
A Robot Controller With The Compute Module 5
The regular Raspberry Pi line is a flexible single-board computer, but sometimes you might find yourself wishing for a form factor that was better designed for installation into a greater whole. This is why the Compute Module variants exist. Indeed, leveraging that intention, [Hans Jørgen Grimstad] has used the powerful Compute Module 5 as the heart of his “Overlord” robot controller.
The Compute Module 5 offers a powerful quad-core 64-bit ARM chip running at 2.4 GHz, along with anywhere from 2 to 16GB of RAM. You can also get it with WiFi and Bluetooth built in onboard, and it comes with a wide range of I2C, SPI, UART, and GPIO pins to serve whatever ends you envision for them. It’s a whole lot of capability, but the magic is in what you do with it.
For [Hans], he saw this as a powerful basis for a robot controller. To that end, he built a PCB to accept the Compute Module 5, and outfit it with peripherals suited to robotics use. His carrier board equips it with an MCP2515 CAN controller and a TJA1051 CAN transceiver, ideal for communicating in a timely manner with sensors or motor controllers. It also has a 9-axis BNO055 IMU on board, capable of sensor fusion and 100Hz updates for fine sensing and control. The board is intended to be easy to use with hardware like Xiaomi Cybergear motors and Dynamixels servos. As a bonus, there is power circuitry on board to enable it to run off anything from 5 to 36V. While GPIOs aren’t exposed, [Hans] notes that you can even pair it with a second Pi if you want to use GPIOs or camera ports or do any other processing offboard.
If you’re looking for a place to start for serious robot development, the Overlord board has plenty of capability. We’ve explored the value of the Compute Module 5 before, too. Meanwhile, if you’re cooking up your own carrier boards, don’t hesitate to let the tipsline know!
Joe Vinegar reshared this.
2025 One Hertz Challenge: Square Waves The Way You Want ‘Em
On an old fashioned bench a signal generator was once an indispensable instrument, but has now largely been supplanted by the more versatile function generator. Sometimes there’s a less demanding need for a clock signal though, and one way that might be served comes from [Rupin Chheda]’s square wave generator. It’s a small PCB designed to sit at the end of a breadboard and provide handy access to a range of clocks.
On the board is a crystal oscillator running at the usual digital clock frequency of 32.768 kHz, and a CMOS divider chain. This provides frequencies from 2048 Hz down to 0.5 Hz for good measure. It’s a simple but oh-so-useful board, and we can imagine more than a few of you finding space for it on your own benches.
This project is part of our awesome 2025 One Hertz Challenge, celebrating all the things which strut their stuff once a second. It’s by no means the first to feature a 32.768 kHz divider chain, and if you have a similar project there’s still time to enter.
Jenny’s Daily Drivers: FreeDOS 1.4
When I was a student, I was a diehard Commodore Amiga user, having upgraded to an A500+ from my Sinclair Spectrum. The Amiga could do it all, it became my programming environment for electronic engineering course work, my audio workstation for student radio, my gaming hub, and much more.
One thing that was part of my course work it couldn’t do very well, which was be exactly like the PCs in my university’s lab. I feel old when I reflect that it’s 35 years ago, and remember sitting down in front of a Tulip PC-XT clone to compile my C code written on the Amiga. Eventually I cobbled together a 286 from cast-off parts, and entered the PC age. Alongside the Amiga it felt like a retrograde step, but mastering DOS 3.3 was arguably more useful to my career than AmigaDOS.
It’s DOS, But It’s Not MS-DOS
I don’t think I’ve used a pure DOS machine as anything but an occasional retrocomputing curio since some time in the late 1990s, because the Microsoft world long ago headed off into Windows country while I’ve been a Linux user for a very long time. But DOS hasn’t gone away even if Microsoft left it behind, because the FreeDOS project have created an entirely open-source replacement. It’s not MS-DOS, but it’s DOS. It does everything the way your old machine did, but in a lot of cases better and faster. Can I use it as one of my Daily Drivers here in the 2020s? There is only one way to find out.
With few exceptions, an important part of using an OS for this series is to run it on real hardware rather than an emulator. To that end I fished out my lowest-spec PC, a 2010 HP Mini 10 netbook that I hold onto for sentimental reasons. With a 1.6 GHz single core 32 bit Atom processor and a couple of gigabytes of memory it’s a very slow machine for modern desktop Linux, but given that FreeDOS can run on even the earliest PCs it’s a DOS powerhouse. To make it even more ridiculously overspecified I put a 2.5″ SSD in it, and downloaded the FreeDOS USB installer image.
Installing FreeDOS is simple enough, just a case of booting from the install drive and following the instructions. There’s no automatic disk partitioning, but fortunately due to all that practice in the ’90s I’m a DOS FDISK wizard. I went for the full installation of every FreeDOS package, because with a machine this powerful, why not!
Booting into FreeDOS on a machine this much faster than a DOS-era PC is so fast as to feel almost instantaneous. The tiny size of the executables, the miniscule amount of resources required, and the speed of the SSD ncompared to an MFM or IDE hard drive makes it like no other OS I have tested, not even RiscOS on the Raspberry Pi. It almost doesn’t feel like the DOS I remember!
DOS has two config files for drivers and configuration, and while CONFIG.SYS and AUTOEXEC.BAT have morphed into FDCONFIG.SYS and FDAUTO.BAT they are exactly the same. Yet again, all that experience from the ’90s paid off, and I was immediately at home editing out all the default items relating to things such as a CD-ROM that I just don’t have.
I Wasn’t Networked When I Last Used DOS, And I’m Not This Time Round Either
Navigating around the DOS command line I found all the different software that had been installed. There’s a package manager called FDIMPLES to manage it all, though since I had everything on my install medium I used it mostly to see what I had. Yes, it comess with DOOM, in fact in two different versions. I’m most interested for my work in using it with an internet connection though, so before I could try Arachne or Dillo to browse the web I needed to set up a network connection. And here I hit my first FreeDOS snag. It comes witht he excellent Crynwyr colelction of DOS network card drivers, but sadly the RealTek chip or the Broadcom wireless card in the HP are both too new to even have a DOS driver. So I could look at Arachne, but not do anything with it.
If I can’t write for Hackaday in a browser on this machine, can I use a word processor? Sadly there’s none included in the package list, but the FreeDOS website suggests Ability Plus. This is a former commercial package now freeware, so I downloaded it and transferred it to the HP. Sadly no matter what memory configurations I tried, I couldn’t get it to run. For a laugh I also tried Microsoft Word 5.5 which also refused to run, but given Microsoft’s shenanigans with DR DOS back in the day, that was hardly a surprise. I’m not giving up though, so this is being written in the FreeDOS editor.
A Distraction-Free Writing Powerhouse
For the past couple of months then, this quaint old laptop with a space-helmeted Wrencher sticker on the front has been my occasional companion. It’s been on the road with me, on the Eurostar through the Channel Tunnel, and into more than one hackerspace. Using DOS again has been an interesting experience, and sometimes frustrating when it comes to mixing up the forward slash and the back slash on returning to Linux, but it’s not been an unpleasant one. For a start, this is probably the fastest-responding computer I own, then there’s the distraction-free aspect of it, with no networking and a single-tasking user interface I have nothing to get in the way of my writing. Oddly I don’t remember my old 286 being like this, but the truth is I must never have appreciated what I had. Getting your work off a DOS machine with no network, floppy, or serial port is a little inconvenient and involves booting from a USB installation medium, but being honest that’s probably less of a chore than using a LapLink serial cable was back in the day.
If you need no-frills and no distraction computing and don’t mind forgoing drivers for all but the most ancient peripherals, then try FreeDOS. If it’s not quite the DOS for you but you still want to put a toe in the open-source DOS water, an alternative might be the DR-DOS derived SvarDOS, and if you want the real thing but don’t mind the version everyone hated, there’s always MS-DOS version 4. For myself though, I think I’ll stick with FreeDOS. Of all the operating systems in this series so far it’s the only one I’m going to hang on to; this little HP will come out of the drawer whenever I need to just go away and write something.
A Portable 12 VDC Water Chiller for the Chemistry Lab
Having a chiller is often essential for the chemistry laboratory, but what if you’re somewhere without easy access to water, nevermind a mains outlet to plug your usual chiller into? In that case you can build a portable one that will happily run off the 12 VDC provided by a mobile source like the accessory outlet in a car while reusing the water from its reservoir, as demonstrated by [Markus Bindhammer] in a recent video.
The build uses a compressor-based freezer as the base, which is significantly more capable than the typical Peltier-cooled refrigerators that cannot cool as fast or efficiently. The changes he made involve running in- and outlet tubing into the freezer’s compartment, with a submerged 12 VDC water pump providing the water to the outlet. This pump is controlled by a variable speed controller board that’s put in a box on the outside with the power lead also sneaking into the freezer. With these modifications in place the freezer’s functionality isn’t significantly impacted, so it can be used as normal.
After filling the compartment with water, the lid is closed and the freezer engaged. The pump controller is then switched on, with the water flow adjusted to fit the distillation job at hand. Although in this case a fairly small freezer was modified, nobody is saying that you cannot also do it with a much larger freezer, and fill it with ice cream and other treats to help it and lab critters cool down faster.
youtube.com/embed/eRXgIcXboKU?…
Australia’s Space Program Finally Gets Off The Pad, But Only Barely
Australia is known for great beaches, top-tier coffee, and a laidback approach to life that really doesn’t square with all the rules and regulations that exist Down Under. What it isn’t known for is being a spacefaring nation.
As it stands, a startup called Gilmour Space has been making great efforts to give Australia the orbital launch capability it’s never had. After numerous hurdles and delays, the company finally got their rocket off the launch pad. Unfortunately, it just didn’t get much farther than that.
You Will Not Go To Space Today
Gilmour Space was founded back in 2013, and established its rocketry program two years later. The company has a straightforward mission—it aims to provide Australian-made launch vehicles for putting satellites into orbit. Over the past decade, the company has been working hard on establishing a spaceport and building a series of ever-larger rockets, inching its way towards its stated goal.
The company aims to reach space with the Eris rocket. The 23-meter-long, 30-tonne vehicle came about after years of engineering work, and stands as Australia’s only realistic bid to join the exclusive club of nations capable of orbital launches. The three-stage rocket uses four hybrid rocket motors in the first stage, one in the second stage, and a liquid rocket engine in the third stage. It’s intended to carry payloads up to 300 kg into orbit. The Eris was first assembled and staged on the company’s launch pad in Bowen, Queensland, in early 2024, and even fully fueled up for a dress rehearsal in September last year. However, local aviation authority CASA was not yet satisfied with preparations, and had not provided the required permits for launch. Since then, the wait has continued, with an expected launch date in March 2025 passing by without fanfare. Even with CASA approval, the Australian Space Agency was still not satisfied with Gilmour’s preparations.
Ultimately, the company would wait long eighteen months for complete regulatory approval to launch their Eris rocket from the Bowen orbital spaceport. Ultimately, everything finally fell into place, with the company set to launch on July 30.
youtube.com/embed/4H7Lw8vuS1Q?…
The launch began as so many do, with smoke billowing from the pad as the four first-stage rocket motors ignited. Seconds later, Eris began to inch into the sky… only to falter at low altitude. Having barely cleared the top of the launch structure, the rocket began to fall back to Earth, toppling over sideways while creating a relatively small fireball in its failure. One presumes the payload—a jar of Vegimite sandwich spread—was lost.
Speaking after the event to ABC News, Gilmour Space founder Adam Gilmour speculated as to what happened. “From the videos, it looks like we lost one of the main engines a few seconds into the flight,” he stated. “I’m hoping the next rocket goes to orbit, and if it does, then the next rocket after that will be our first commercial one that takes satellites up.”
It may not have been much to look at, but the company was nonetheless positive about finally making forward steps towards its eventual goal. “Today, Eris became the first Australian made orbital launch vehicle to lift off from Australian soil — achieving around 14 seconds of flight,” stated the company. “For a maiden test flight, this is a strong result and a major step forward for Australia’s sovereign space capability.” Gilmour Space noted its multiple successes—all four rocket engines igniting successfully, the rocket clearing the tower, and the positive operation of its flight software and control systems. While the launch failed to get far off the pad—for reasons yet to be fully determined—the company was ultimately upbeat, and looks towards its second test flight of the Eris rocket.
youtube.com/embed/hWUQrFSYZqA?…
Indeed, this result has long been expected by Gilmour Space founder, Adam Gilmour. In interviews earlier this year, he noted that the complexities of large scale rocketry meant he didn’t expect grand achievements from the first test flight. “It’s very hard to test an orbital rocket without just flying it,” he told the Sydney Morning Herald in March this year. “We don’t have high expectations we’ll get to orbit… I’d personally be happy to get off the pad.”
Gilmour Space still has a long way to go to reach orbit—roughly 100 km or so, given the rocket only just got off the pad. Still, it’s hardly the first space program to face early failures on its way to the heavens. If anything, the test launch actually happening has reignited interest in the project, bringing renewed attention to the Australian effort to finally join the space club.
Bitchat, l’app di messaggistica indipendente da internet di Jack Dorsey genera dubbi sulla Privacy
La nuova app di Jack Dorsey, Bitchat, è improvvisamente sbarcata sull’App Store e ha suscitato grande scalpore, non tanto per la sua innovazione quanto per il suo creatore.
Il fondatore di Twitter e Block ha scritto personalmente il codice core dell’app in un weekend di inizio luglio, per poi renderla disponibile per il download su iOS. L’attenzione era rivolta alla semplicità e alla privacy, ma quel minimalismo nascondeva rischi che stanno già iniziando a emergere.
La caratteristica principale di Bitchat è la sua totale indipendenza da Internet. Il programma funziona sulla base di una rete mesh Bluetooth, consentendo agli utenti di scambiare messaggi senza Wi-Fi e comunicazioni mobili, se si trovano entro un raggio d’azione di circa 100 metri. Questo approccio rende l’applicazione particolarmente utile in condizioni di segnale debole, ad esempio durante festival, in montagna o durante calamità naturali. Esempi di soluzioni simili sono già esistiti: ad esempio, l’applicazione Bridgefy è stata utilizzata attivamente durante le proteste di Hong Kong, quando era fondamentale non essere intercettati tramite Internet.
L’interfaccia di Bitchat è estremamente essenziale: niente registrazione, login o profilo. L’utente accede immediatamente alla chat e può impostare un nome a piacere, modificabile a piacimento. Tutto ciò rende l’esperienza di comunicazione semplice e pressoché anonima, ma allo stesso tempo si apre a possibili abusi.
Il ricercatore di sicurezza Alex Radosha ha affermato che il sistema potrebbe essere facilmente falsificato perché l’identificazione dell’utente manca a livello architetturale. Ha sottolineato che “i dettagli contano in crittografia”, suggerendo che l’apparenza di sicurezza in questo caso non garantisce una vera protezione. Lo stesso Dorsey ha detto che il programma non era stato sottoposto a verifica indipendente e potrebbe contenere vulnerabilità. Allo stesso tempo, continua a presentarlo come una piattaforma di comunicazione privata.
La situazione è aggravata dal fatto che decine di app false con lo stesso nome sono già apparse sul Google Play Store, raccogliendo migliaia di download. In assenza di una versione ufficiale per Android, questo apre la strada agli aggressori che possono sostituire l’app e iniettare codice dannoso sotto le mentite spoglie di Bitchat.
Pertanto, il tentativo di lanciare un’applicazione di messaggistica radicalmente decentralizzata e semplice si è scontrato con questioni fondamentali di sicurezza e autenticazione. Quello che sembrava un nuovo passo verso la comunicazione privata e offline si è rivelato una dimostrazione di quanto facilmente l’atmosfera delle “giuste vibrazioni” possa trasformarsi in una vulnerabilità se le basi tecniche non sono protette in modo sicuro.
L'articolo Bitchat, l’app di messaggistica indipendente da internet di Jack Dorsey genera dubbi sulla Privacy proviene da il blog della sicurezza informatica.
L’Intelligenza Artificiale non riduce i costi, li aumenta! Dalla Silicon Valley la nuova realtà
Nel 2025 continua l’ondata di licenziamenti nella Silicon Valley.
I CEO della Silicon Valley gridano che l’intelligenza artificiale porterà una nuova rivoluzione in termini di efficienza e che sarà anche la luce del futuro per rimodellare la produttività. Tuttavia, quando questo dividendo tecnologico ricade sulle teste dei lavoratori comuni, spesso c’è solo una ragione apparentemente valida per i licenziamenti.
Il risparmio economico ottenuto grazie all’uso dell’intelligenza artificiale sembra essere diventato un elemento importante nei report finanziari aziendali, ma affinché funzioni davvero e venga utilizzata in modo stabile, sempre più aziende devono aumentare gli investimenti nella successiva manutenzione, nella revisione dei contenuti, nella sicurezza e nella conformità e in altri aspetti.
Di conseguenza, è emersa silenziosamente una nuova professione: ripulire i problemi causati dall’IA.
Si tratta principalmente di rilavorazioni, risanamenti e supporto ai clienti, riparando i siti compromessi dall’IA.
Il denaro risparmiato dall’intelligenza artificiale viene speso per la “rielaborazione”
Gli strumenti di intelligenza artificiale hanno invaso i processi aziendali interni e rappresentano la tendenza aziendale più evidente degli ultimi due anni.
OpenAI, Google Gemini, Anthropic Claude... I modelli emergono uno dopo l’altro e prodotti/funzioni sono sempre più incentrati sul posto di lavoro, lo scenario più produttivo: scrivere testi, modificare codice, generare script per il servizio clienti, l’intelligenza artificiale è utilizzata come uno strumento magico per il lavoro, come se il suo utilizzo potesse ridurre i costi e aumentare l’efficienza da un giorno all’altro.
Il CEO di Anthropic, Dario Amodei, ha dichiarato in un’intervista rilasciata a maggio che nei prossimi uno-cinque anni metà dei posti di lavoro entry-level saranno sostituiti dall’intelligenza artificiale e il tasso di disoccupazione negli Stati Uniti potrebbe salire al 10-20%.
Ma un recente rapporto della BBC, ha rivelato l’altro lato di questo “impiego” dell’IA: molte aziende che hanno risparmiato sul budget grazie all’IA stanno spendendo più soldi in rilavorazioni e conseguenze. Sarah Skidd è una copywriter freelance che lavora negli Stati Uniti. A maggio di quest’anno, ha ricevuto un incarico urgente da un’agenzia di contenuti: modificare il copywriting basato sull’intelligenza artificiale di tutte le pagine del sito web di un hotel.
20 ore di lavoro, con una tariffa oraria di 100 dollari, per un totale di 2.000 dollari: il denaro che “originariamente si intendeva risparmiare” è stato speso nuovamente sotto forma di tariffe più elevate.
Inizialmente, il cliente sperava che usare ChatGPT per scrivere i testi gli avrebbe fatto risparmiare una notevole quantità di denaro. Tuttavia, il testo insipido, vuoto e privo di appeal commerciale non solo non è riuscito a coinvolgere gli utenti, ma ha anche indebolito l’immagine del marchio. Ha dichiarato senza mezzi termini: “A prima vista è ovvio che sia stato scritto da un’intelligenza artificiale. È completamente poco convincente”.
Questi testi generati dall’intelligenza artificiale presentano strutture sintattiche monotone, ritmi rigidi e mancanza di emotività. Sono quasi impossibili da riparare e possono solo essere demoliti e ricominciati da capo.
Naturalmente lei non fa eccezione
Skidd ha notato che la principale fonte di reddito per molti dei suoi colleghi si è spostata dalla creazione di contenuti alla correzione di ciò che l’intelligenza artificiale scrive. “Ora il 90% dei documenti forniti dai clienti è scritto dall’intelligenza artificiale, ma quasi sempre dobbiamo rivederli”, ha ammesso un collega.
Fenomeni simili di rielaborazione dell’IA hanno iniziato a diffondersi anche nei settori tecnici, come lo sviluppo e le operazioni.
Nel Regno Unito, Sophie Warner, fondatrice dell’azienda di marketing digitale Create Designs, ha recentemente ricevuto il maggior numero di richieste da clienti “ingannati” da ChatGPT. Un cliente ha seguito il tutorial sull’intelligenza artificiale per modificare il codice, ma il sito web si è bloccato ed è stato hackerato, rimanendo paralizzato per tre giorni, con una conseguente perdita di 360 sterline.
Non sono cadute nella trappola solo le piccole e medie imprese, ma anche i grandi clienti sono stati colpiti.
Warner ha affermato che ora applica una “tariffa per la risoluzione dei problemi” per individuare bug causati dall’intelligenza artificiale, problemi che avrebbero potuto essere evitati in anticipo. Come dice il proverbio cinese, tracciare una linea vale meno di un dollaro; sapere dove tracciarla vale 10.000 dollari.
Se le aziende utilizzano l’intelligenza artificiale, devono esserne responsabili
L’intenzione originaria della maggior parte delle aziende di introdurre l’intelligenza artificiale non è complicata: ridurre i costi e aumentare l’efficienza.
Potrebbe sembrare un dividendo tecnologico da non perdere, ma il sondaggio “State of AI Survey” pubblicato a marzo dalla società di consulenza gestionale globale McKinsey & Company mostra che, lo scorso anno, il 78% delle aziende utilizzava l’intelligenza artificiale in almeno un processo aziendale, una percentuale significativamente superiore al 55% previsto per il 2023. Tuttavia, la riduzione media dei costi è stata inferiore al 10% e la crescita del fatturato inferiore al 5%.
Data questa disparità, la sua reale fruibilità è secondaria; la chiave è far vedere agli altri che la si sta utilizzando. Anche se l’implementazione è frettolosa e il processo è macchinoso, dare l’impressione di aver risolto il problema è molto più importante che risolverlo effettivamente.
L'articolo L’Intelligenza Artificiale non riduce i costi, li aumenta! Dalla Silicon Valley la nuova realtà proviene da il blog della sicurezza informatica.
Italiani in vacanza, identità in vendita: soggiorno 4 stelle… Sono in 38.000, ma sul dark web
Mentre l’ondata di caldo e il desiderio di una pausa estiva spingono milioni di persone verso spiagge e città d’arte, i criminali informatici non vanno in vacanza. Anzi, approfittano proprio di questo periodo per intensificare le loro attività, puntando su bersagli che in questo momento gestiscono una quantità enorme di dati sensibili: gli hotel, in particolare quelli di lusso.
Di recente, sui forum clandestini del dark web, è apparso un post che ha sollevato un’allerta significativa tra gli esperti di sicurezza informatica.
Un utente ha messo in vendita una “ampia collezione di 38.000 immagini scansionate ad alta risoluzione di documenti d’identità e passaporti degli ospiti” di un hotel a 4 stelle situato a Venezia. L’autore dell’annuncio ha specificato che i dati sono stati ottenuti tramite un “accesso non autorizzato nel luglio 2025”, sottolineando la loro freschezza.
Il post, pubblicato sulla nota piattaforma underground DarkForums, includeva anche degli esempi (debitamente censurati nell’immagine sottostante) di documenti d’identità dei clienti dell’hotel, molti dei quali appartenenti a cittadini italiani.
La vendita di questi dati rappresenta una minaccia concreta e multifattoriale.
Con l’identità digitale di una persona a disposizione, i criminali possono compiere una serie di attività illecite, tra cui:
- Furto di identità: Le informazioni contenute nei documenti (nome, cognome, data di nascita, luogo di residenza e, in alcuni casi, codice fiscale) possono essere usate per aprire conti bancari fraudolenti, richiedere prestiti a nome della vittima o stipulare contratti di telefonia e altri servizi.
- Accesso a servizi finanziari: Le copie dei documenti possono essere utilizzate per superare le verifiche “Know Your Customer” (KYC) richieste da molte banche e piattaforme di scambio di criptovalute.
- Truffe mirate: I criminali possono sfruttare queste informazioni per creare truffe di “phishing” o “smishing” (via SMS) estremamente convincenti, in cui si fingono enti governativi o istituzioni finanziarie per estorcere ulteriori dati o denaro.
- Ricatto: La conoscenza dei dati personali può essere usata per minacciare o ricattare le vittime.
Il fatto che il furto sia avvenuto in un hotel di lusso aggiunge un ulteriore livello di preoccupazione. Gli ospiti di strutture di questo tipo sono spesso persone facoltose o di alto profilo, rendendole bersagli ancora più appetibili per i criminali, che puntano a un guadagno maggiore e a un potenziale accesso a reti di contatti e informazioni sensibili.
Questo incidente è un monito che la sicurezza dei dati non va in vacanza.
Per i viaggiatori, è fondamentale essere consapevoli dei rischi e, per quanto possibile, verificare le politiche di sicurezza delle strutture ricettive. Per gli operatori del settore alberghiero, è un richiamo urgente a rafforzare le proprie difese informatiche, in un’epoca in cui un singolo attacco può mettere a rischio la reputazione e la sicurezza di migliaia di persone.
L'articolo Italiani in vacanza, identità in vendita: soggiorno 4 stelle… Sono in 38.000, ma sul dark web proviene da il blog della sicurezza informatica.
Due Vulnerabilità Android Sfruttate Attivamente: Google Rilascia Patch Critiche
Google ha rilasciato gli aggiornamenti di sicurezza di agosto per Android, che contengono patch per sei vulnerabilità. Due di queste sono legate ai componenti Qualcomm e sono già state sfruttate in attacchi mirati. Le vulnerabilità sotto attacco sono state identificate con gli identificatori CVE-2025-21479 e CVE-2025-27038 e il team di sicurezza di Android ne è venuto a conoscenza già nel gennaio 2025.
Il primo problema (CVE-2025-21479) è correlato a un’autorizzazione non corretta nel framework grafico, che può causare il danneggiamento della memoria a causa dell’esecuzione di comandi non autorizzati nel micromodulo GPU in base a una determinata sequenza di comandi.
Il secondo problema (CVE-2025-27038) è un bug di tipo use-after-free che causa il danneggiamento della memoria quando si utilizzano i driver GPU Adreno per il rendering in Chrome.
È importante notare che Google ha incluso le patch annunciate da Qualcomm nell’aggiornamento già a giugno di quest’anno. All’epoca, il produttore aveva avvertito che, secondo le informazioni del Google Threat Analysis Group, le vulnerabilità CVE-2025-21479, CVE-2025-21480 e CVE-2025-27038 potevano essere sfruttate “nell’ambito di attacchi mirati limitati”.
“A maggio, ai partner OEM sono state fornite le correzioni per i problemi che riguardavano il driver dell’unità di elaborazione grafica (GPU) Adreno, insieme alla forte raccomandazione di distribuire l’aggiornamento ai dispositivi interessati il prima possibile”, ha affermato Qualcomm all’epoca.
Inoltre, con il rilascio degli aggiornamenti di agosto, Google ha corretto una vulnerabilità critica nel componente di sistema (CVE-2025-48530). Questo problema poteva essere sfruttato per l’esecuzione di codice remoto senza privilegi, ma solo se combinato con altri bug. Non era richiesta alcuna interazione da parte dell’utente.
Tradizionalmente, gli sviluppatori di Google rilasciavano due livelli di aggiornamento: 2025-08-01 e 2025-08-05. Quest’ultimo include tutte le patch del primo, oltre a correzioni per componenti closed-source e sottosistemi del kernel che potrebbero non essere applicabili a tutti i dispositivi Android.
L'articolo Due Vulnerabilità Android Sfruttate Attivamente: Google Rilascia Patch Critiche proviene da il blog della sicurezza informatica.
Teure Arzttermine serviert: Bundesregierung wird auf Doctolib aufmerksam
netzpolitik.org/2025/teure-arz…
Un Anno di Silenzio! Scoperto Plague, il Malware Linux che Nessuno Aveva Visto
I ricercatori di Nextron Systems hanno scoperto un nuovo malware per Linux rimasto inosservato per oltre un anno. Consente agli aggressori di ottenere un accesso SSH persistente e di bypassare l’autenticazione sui sistemi compromessi. Il malware si chiama Plague ed è un PAM (Pluggable Authentication Module) dannoso. Utilizza tecniche di offuscamento e mascheramento multilivello per eludere il rilevamento da parte delle soluzioni di sicurezza.
Plague è in grado di resistere al debug e all’analisi, nasconde le sue stringhe e i suoi comandi, utilizza password hardcoded per l’accesso nascosto e può anche nascondere tracce di sessioni che potrebbero rivelare l’attività degli aggressori. Una volta caricato, il malware ripulisce l’ambiente dalla sua attività: reimposta le variabili ambientali relative a SSH e reindirizza la cronologia dei comandi su /dev/null per nascondere il registro delle azioni, i metadati e cancellare le tracce digitali dai registri di sistema.
“Plague è profondamente radicato nello stack di autenticazione, può sopravvivere agli aggiornamenti di sistema e non lascia praticamente alcuna traccia. In combinazione con l’offuscamento e la modifica dell’ambiente, questo rende Plague quasi impercettibile agli strumenti di sicurezza tradizionali”, afferma Pierre-Henri Pezier, ricercatore di Nextron Systems. “Il malware pulisce attivamente il suo ambiente di esecuzione per nascondere le sessioni SSH. Variabili come SSH_CONNECTION e SSH_CLIENT vengono rimosse tramite unsetenv e HISTFILE viene reindirizzato a /dev/null per evitare la registrazione.”
Analizzando i campioni, i ricercatori hanno trovato artefatti di compilazione che indicano uno sviluppo attivo e a lungo termine del malware utilizzando diverse versioni di GCC e per diverse distribuzioni Linux. Inoltre, nonostante diverse versioni di questo malware siano state caricate più volte su VirusTotal nel corso dell’ultimo anno, nessun motore antivirus le ha rilevate come dannose.
“Plague è una minaccia avanzata e in continua evoluzione per Linux. Utilizza meccanismi di autenticazione di base per mantenere una presenza furtiva e persistente sul sistema“, aggiunge Pezier. “Offuscamenti sofisticati, credenziali statiche e manipolazione dell’ambiente di esecuzione lo rendono praticamente invisibile alle difese standard.”
L'articolo Un Anno di Silenzio! Scoperto Plague, il Malware Linux che Nessuno Aveva Visto proviene da il blog della sicurezza informatica.
Mauro Ferri 🇺🇦 🇮🇪 reshared this.
Avs denuncia il silenzio sul Media Freedom Act
@Giornalismo e disordine informativo
articolo21.org/2025/08/avs-den…
Ieri Alleanza Verdi-Sinistra ha lanciato una pietra nello stagno, alzando il sipario dell’European Media Freedom Act, approvato il 13 marzo del 2024 ed entrato già in vigore in molte sue parti nella disattenzione generale. Il prossimo
like this
Le “spine” lasciate dal torturatore Almasri hanno a che fare (anche) col diritto all’informazione
@Giornalismo e disordine informativo
articolo21.org/2025/08/le-spin…
Che l’accompagnamento con aereo di Stato di Osama Almasri Njeem in Libia e relativa
Con l’adesione al Safe l’Italia si allinea agli impegni con la Nato. L’analisi di Marrone (Iai)
@Notizie dall'Italia e dal mondo
La conferma si è fatta attendere ma è decisiva: l’Italia aderirà al Safe – Security Action for Europe – il fondo Ue per la difesa da 150 miliardi. Con l’aggiunta di Roma, sono diciotto gli Stati membri dell’Ue che hanno deciso di ricorrere ai prestiti comunitari per finanziare spese
Hiroshima, veglia per la pace a Sant’Egidio
@Giornalismo e disordine informativo
articolo21.org/2025/08/hiroshi…
La mattina di lunedì 6 agosto 1945, mentre a New York era ancora la sera di domenica, la prima bomba atomica fu sganciata dall’Aeronautica statunitense sulla città di Hiroshima. Tre giorni dopo, la mattina di giovedì 9 agosto, la seconda — ancora
ShadowSyndicate: l’infrastruttura MaaS dietro ai maggiori attacchi ransomware
L’infrastruttura ShadowSyndicate, nota anche come Infra Storm, è finita sotto i riflettori dei ricercatori di sicurezza dopo che questi ultimi hanno identificato significative sovrapposizioni con alcuni dei più grandi programmi ransomware. Attivo da metà 2022, il gruppo è associato a marchi come AlphaV/BlackCat, LockBit, Royal, Play, Cl0p, Cactus e RansomHub. A differenza dei tradizionali broker di primo accesso (IaB), opera più come partecipante ai RaaS di alto livello , fornendo servizi o infrastrutture a vari partner criminali.
Secondo Intrinsec, le connessioni di ShadowSyndicate vanno ben oltre il tipico panorama della criminalità informatica, con tattiche e strumenti presenti nel loro arsenale che riecheggiano gli approcci di gruppi come TrickBot, Ryuk/Conti, FIN7 e TrueBot, tutti noti per le loro sofisticate tecniche di infiltrazione, la capacità di eludere il rilevamento e l’uso di una varietà di exploit.
Il punto di partenza dell’indagine è stato costituito da due indirizzi IP che utilizzavano la stessa impronta digitale SSH. Utilizzando Shodan e Fofa, lo studio è stato esteso a 138 server accomunati da caratteristiche simili. Le intersezioni identificate includono la partecipazione a un attacco che sfruttava la vulnerabilità Citrix Bleed (CVE-2023-4966), in cui sono stati sfruttati i server da LockBit e ThreeAM.
Sono state trovate corrispondenze anche con l’infrastruttura utilizzata negli attacchi MOVEit e ScreenConnect, con quest’ultimo exploit che prende di mira due vulnerabilità contemporaneamente: CVE-2024-1708 e CVE-2024-1709. I singoli server di ShadowSyndicate corrispondono a host precedentemente associati a UAC-0056 (noto anche come Cadet Blizzard) e Cl0p.
Il quadro tecnico complessivo ha inoltre rivelato collegamenti con altri gruppi che collaborano con i programmi Black Basta e Bl00dy, nonché attività sospette legate a Cicada3301, un possibile rebranding di BlackCat. Anche gli infostealer AMOS e Poseidon, distribuiti tramite falsi annunci Google e esche di phishing LLM, dimostrano un collegamento con questa infrastruttura.
Anche la configurazione tecnica della rete è di interesse. Lo studio evidenzia la presenza di un hosting a prova di bomba ( BPH ), camuffato da servizi VPN, VPS e proxy legittimi, ma che in realtà fornisce una piattaforma solida per operazioni informatiche criminali. Vengono menzionati i sistemi autonomi AS209588 (Flyservers), AS209132 (Alviva Holding) e l’ampia struttura AS-Tamatiya, che unisce 22 ASN. L’hosting opera sotto la copertura di giurisdizioni offshore, tra cui Panama, Seychelles e Isole Vergini.
Mentre il rapporto Intrinsec valuta i collegamenti confermati con attori statali con un livello di sicurezza moderato, i riferimenti a figure di alto livello e alle operazioni ibride di manipolazione delle informazioni indicano un ruolo molto più ampio per questa infrastruttura.
Lo studio menziona quindi intersezioni con DecoyDog (una variante di PupyRAT tramite tunneling DNS), nonché l’uso dei downloader dannosi Amadey e Nitol. A maggio 2025, la rete è rimasta attiva, continuando a scansionare le vulnerabilità e a distribuire componenti dannosi.
Nel complesso, questi risultati delineano il quadro di un ecosistema altamente tecnologico, resiliente e multistrato che supporta non solo i tradizionali schemi di estorsione, ma è anche strettamente legato ad attori che operano a livello di interessi nazionali.
ShadowSyndicate dimostra non solo un approccio commerciale, ma una struttura in grado di coordinare le azioni con diversi segmenti di minacce informatiche, dagli infostealer e botnet alle complesse catene di attacco che utilizzano vulnerabilità zero e loader speciali.
L'articolo ShadowSyndicate: l’infrastruttura MaaS dietro ai maggiori attacchi ransomware proviene da il blog della sicurezza informatica.
Report, la solidarietà non basta più. Ora denunciare chi molesta la libertà di informazione
@Giornalismo e disordine informativo
articolo21.org/2025/08/report-…
Riprende (ma si era mai interrotta?) la campagna contro Report. Ancora una volta la destra reclama
Difesa e industria, così il governo pensa a una regia nazionale per la sicurezza
@Notizie dall'Italia e dal mondo
Secondo Milano Finanza il governo Meloni starebbe puntando a costruire un vero e proprio consorzio nazionale della difesa a guida pubblica. L’obiettivo? Integrare capacità industriali, attrarre fondi europei e generare occupazione, sviluppando tecnologie dual-use che abbiano ricadute anche civili,
Kilopixel by Ben Holmen turns a CNC machine and a thousand wooden blocks into pixel art.#art #coolthings
Watch This Guy’s Interactive Wooden Pixel Machine Make Art in Real Time
Sitting in my office in NYC, I sent a CNC machine in a guy’s workshop in Wisconsin a 40 by 25 pixel drawing and watched it flip hand painted wooden blocks across a grid, one by one, until the glorious smiling 404 Media logo appeared—then watched it slowly erase, like a giant Etch A Sketch, moving on to the next drawing.Designer Ben Holmen created the Kilopixel, a giant grid made of 1,000 wooden blocks that a robot arm slowly turns to form user-submitted designs. “Compared to our modern displays with millions of pixels changing 60 times a second, a wooden display that changes a single pixel 10 times a minute is an incredibly inefficient way to create an image,” Holmen wrote on his blog detailing the project.
Choosing what to make the pixels from was its own hurdle: Holmen wrote that he tried ping pong balls, Styrofoam balls, bouncy balls, wooden balls, 3D printed balls, golf balls, foam balls, “anything approximately spherical and about 1-1.5in in diameter.” Some of these were too expensive; others didn’t hold up well to paint or drilling. Holmen settled on painted wooden blocks, each serving as one 40mm pixel. To be sure each block was exactly the right size, he built 25 shelves and drilled 40 holes into each, threading the blocks onto the shelves using metal wires. “This was painstaking and time consuming - I broke it down into multiple sessions over several weeks,” he wrote. “But it did create a very predictable grid of pixels and guaranteed that each pixel moved completely independently of the surrounding pixels.
youtube.com/embed/d5v3DRdMQ8U?…
From there, he used a CNC machine, which moves on the X, Y, and Z axes: across the grid, up and down, and the flipping finger that pokes inward to turn the pixel-blocks. Holmen wrote that he connected a Raspberry Pi to the CNC controller, which queries an API to get the next pixel in the design, activates the “pixel poker,” and reads a light sensor to determine whether the pixel face is painted black or raw wood.Two webcams stream the Kilopixel to Youtube, with a view of the whole grid and a view of the poker turning the blocks one by one. “The camera, USB hub, and light are hung from the ceilingwith a respectful amount of jank for the streaming phase of this project,” Holmen wrote. Anyone with a Bluesky account can connect their account and submit a pixel drawing for the machine to create, and people can upvote submissions they want to see next. Once it’s finished, the system uploads a timelapse of the painting to the site and posts it to Bluesky, tagging the submitter.
Drawn by @[url=did:plc:pt47oe625rv5cnrkgvntwbiq]Sam Cole[/url], completed in 44m39 Draw your own at kilopx.com
— kilopixel (@kilopx.com) 2025-08-05T20:33:14.719821ZI'm recording timelapses for every submission - this took 41 minutes in real time. Soon you'll be able to submit your own images to be drawn on my kilopixel! Can't wait to share this with the world and see what y'all come up with
— Ben Holmen (@benholmen.com) 2025-07-21T04:59:32.203Z
This entire process took him six years. I asked Holmen in an email what it cost him: “Probably around $1000 and hundreds of hours of my time,” he told me.And the project isn’t over: It still requires some babysitting. Sometime early Tuesday morning, the rig got misaligned while working on an elaborate pixellated American Gothic, with the flipper-finger grasping at the air between blocks instead of turning them. Holmen had to manually reset it in the morning, entering the feed to tinker with the grid.
He said he plans to run it 24/7, but that it might not go flawlessly at first. “I've had to restart the controller script twice in 10 hours, and restart the YouTube stream once,” he said on Monday, before the overnight error. “I am planning to run it for a few days or weeks depending on interest, then I'll move on to a different control concept. I don't want to babysit a finicky device all the time.”
playlist.megaphone.fm?p=TBIEA2…
When I checked Kilopixel’s submissions on Monday, someone had drawn the Hacker News logo—a sure sign that a hug of death was coming. I asked Holmen if he’s had issues with overload. “Just one—I undersized my web server for the attention it got,” he told me on Monday evening. “It's been #1 on Hacker News for about 10 hours, which is a lot of traffic. kilopx.com has received about 13,000 unique visitors today, which I'm very pleased with. The article has received about 70,000 unique visitors so far.”The Kilopixel experiment might also be setting a time-to-penis record: In the six hours it’s been online as of writing this, I haven’t seen anyone try to make the robot draw a dick, yet. Holmen mentioned “defensive features” built into the web app in his blog for mitigating abuse, but so far people have behaved themselves. “I expect the best and worst out of people on the internet. I built an easy way for admins to delete gross or low effort submissions and enlisted a couple of trusted friends to keep an eye on the queue with me,” Holmen told me. “I'm certain there are ways to work around things, or submit enough to make cleanup a chore, but I decided to not lock things down prematurely and just respond as things evolve.”
Time to Penis / TTP
Time to Penis, abbreviated to TTP, is a video game development metric and slang term for the time it takes players to generate a penis-shaped object via any available means.Philipp (Know Your Meme)
Shared ChatGPT indexed by Google; how Wikipedia is fighting AI slop; and the history of how we got to Steam censorship.#Podcast
Podcast: Google Is Exposing Peoples’ ChatGPT Secrets
We start this week with Joseph’s story about nearly 100,000 ChatGPT conversations being indexed by Google. There’s some sensitive stuff in there. After the break, Emanuel tells us about Wikipedia’s new way of dealing with AI slop. In the subscribers-only section, Sam explains how we got to where we are with Steam and Itch.io; that history goes way back.
playlist.megaphone.fm?e=TBIEA5…
Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
- Nearly 100,000 ChatGPT Conversations Were Searchable on Google
- Wikipedia Editors Adopt ‘Speedy Deletion’ Policy for AI Slop Articles
- The Anti-Porn Crusade That Censored Steam and Itch.io Started 30 Years Ago
The 404 Media Podcast
Tech News Podcast · Updated Weekly · Welcome to the podcast from 404 Media where Joseph, Sam, Emanuel, and Jason catch you up on the stories we published this week. 404 Media is a journalist-owned digital media company exploring the way …Apple Podcasts
È morto Vladimiro Zagrebelsky
A nome dell’Associazione Luca Coscioni, esprimiamo il nostro profondo cordoglio per la morte di un giurista straordinario e di un uomo che ha saputo mettere la sua competenza e il suo rigore al servizio della libertà e dei diritti fondamentali.
La sua voce è stata per noi un riferimento morale e culturale in molte battaglie per l’affermazione dello Stato di diritto e la tutela della dignità della persona. Con sensibilità e coraggio, ha saputo unire il pensiero giuridico più alto a un impegno civile concreto, sempre dalla parte delle persone più vulnerabili.
Per noi Vladimiro è stato anche un amico, generoso e attento, con cui abbiamo condiviso riflessioni profonde e momenti cruciali di confronto, sempre guidati da valori comuni: la laicità delle istituzioni, il rispetto dell’autonomia individuale, la difesa dei diritti civili.
Ci mancherà la sua intelligenza limpida, la sua ironia sottile, la sua determinazione gentile.
Con Marco Cappato e l’Associazione Luca Coscioni tutta, lo ricorderemo con affetto, stima e gratitudine.
Un abbraccio affettuoso alla sua famiglia.
L'articolo È morto Vladimiro Zagrebelsky proviene da Associazione Luca Coscioni.
Applicare la legge 194, garantire un servizio essenziale
Dichiarazione di Chiara Lalli, Mirella Parachini e Anna Pompili, responsabili della campagna Aborto senza ricovero
La vicenda siciliana ripropone la questione della garanzia di un servizio medico essenziale, quale l’interruzione volontaria della gravidanza (IVG), anche laddove ci siano alte percentuali di obiezione di coscienza tra i ginecologi.
L’articolo 9 della legge 194, quello che permette al personale sanitario di sollevare obiezione di coscienza, è certamente il più applicato, ma non – guardacaso – nella sua interezza. La seconda parte, infatti, impone agli “enti ospedalieri” e alle “case di cura autorizzate” di assicurare “in ogni caso l’espletamento delle procedure previste dall’articolo 7 e l’effettuazione degli interventi di interruzione della gravidanza richiesti secondo le modalità previste dagli articoli 5, 7 e 8. La regione ne controlla e garantisce l’attuazione”.
La legge stessa, dunque, fornisce gli strumenti per garantire alle donne l’accesso all’IVG. Basterebbe applicarla, il che vale anche per le strutture sanitarie con il 100% di obiettori di coscienza, che sono comunque tenute ad assicurare il percorso per l’IVG.
C’è poi l’aggiornamento delle linee di indirizzo ministeriali sulla IVG farmacologica che permettono la deospedalizzazione della procedura. Sono passati ben 5 anni, e solo in due Regioni è ammessa, con la possibilità di autosomministrazione del misoprostolo a domicilio. È evidente che, anche se non risolutiva, la deospedalizzazione limiterebbe enormemente il peso dell’obiezione di coscienza sull’accesso all’IVG. C’è da chiedersi come mai proprio nelle Regioni – come la Sicilia – dove questi ostacoli sono più pesanti e dove i bilanci della sanità sono più problematici, non si sia pensato a questa semplice soluzione.
Ecco perché abbiamo lanciato la campagna Aborto senza ricovero. Per garantire a tutte le donne di scegliere, per non sprecare risorse preziose e per chiedere ai consigli regionali di approvare procedure chiare e uniformi per l’aborto farmacologico in modalità ambulatoriale e senza ricovero.
L’aborto con il metodo farmacologico è sicuro ed efficace e il ricovero non ne aumenta la sicurezza, ma ne decuplica i costi. È il principio dell’appropriatezza delle procedure: a parità di efficacia e di sicurezza, se la persona che deve esservi sottoposta la richiede, deve essere privilegiata la modalità assistenziale che comporta minore spreco di risorse per la sanità pubblica.
È un dovere non solo per evitare lo spreco di risorse, ma anche – in questo caso – per garantire il diritto di scelta delle donne, un principio irrinunciabile e che dovrebbe essere sempre garantito.
Si può firmare QUI
L'articolo Applicare la legge 194, garantire un servizio essenziale proviene da Associazione Luca Coscioni.
La Lega ha presentato una legge per punire chi critica Israele - L'INDIPENDENTE
lindipendente.online/2025/08/0…
Ministero dell'Istruzione
Il Ministro Giuseppe Valditara ha firmato due decreti che stanziano complessivamente 45 milioni di euro, di cui 25 milioni per la #scuola in #carcere e 20 milioni per l'istruzione in #ospedale e #domiciliare, con il fine di potenziare l’offerta forma…Telegram
Cosa vuole fare la Cina con le stablecoin
L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
Dopo le novità negli Stati Uniti, la Cina si prepara a lanciare (a Hong Kong) le prime stablecoin. L'obiettivo è sfidare il dollaro attraverso l'internazionalizzazione dello yuan, ma l'iniziativa sarà limitata: Pechino non vuole rinunciare al controllo sul settore
Ho scritto il mio pensiero riguardo a come gli USA siano riusciti ad ottenere potere con le stablecoin: medium.com/@0AlexITA/il-parado…
Il Paradosso del Debito USA: Come il Dollaro Digitale Sta Espandendo l’Influenza Americana Nonostante il Declassamento
Negli ultimi anni, gli Stati Uniti si trovano in una posizione apparentemente contraddittoria. Da un lato, il loro debito pubblico continua a crescere a ritmi insostenibili. Il recente declassamento…Alex Newman (Medium)
Informa Pirata likes this.
Informa Pirata reshared this.
Altbot
in reply to storiaweb • • •L'immagine mostra la pagina di sommario di un numero del "Notiziario Storico dell'Arma dei Carabinieri" n. 4, anno X. La pagina è suddivisa in nove quadrati, ciascuno con un'immagine e un numero, che rappresentano diverse storie e temi storici.
Il testo sottostante descrive brevemente i contenuti del numero, menzionando la ferrea opposizione dei Carabinieri alla protervia nazifascista, l'annessione del Regno di Sardegna in Liguria, l'arresto e la morte dei capi banditi, l'indagine sull'uffernata rapina, il servizio di venti anni, e un giovane erede combattente per la libertà.
Fornito da @altbot, generato localmente e privatamente utilizzando Ovis2-8B
🌱 Energia utilizzata: 0.489 Wh