La complessa infrastruttura della rete pubblicitaria fraudolenta VexTrio Viper è tornata alla ribalta dopo che i ricercatori di Infoblox hanno rivelato i dettagli di un massiccio schema di app mobile false .

Sotto le mentite spoglie di servizi legittimi – dalle VPN alle utility di pulizia della RAM, dai filtri antispam alle app di incontri – i truffatori hanno inserito programmi dannosi negli store ufficiali di Apple e Google. Questi programmi sono stati distribuiti per conto di presunti sviluppatori diversi, tra cui HolaCode, LocoMind, Hugmi, Klover Group e AlphaScale Media. Il numero totale di download ammonta a milioni.

Una volta installate, queste applicazioni costringevano gli utenti ad accettare condizioni poco trasparenti, li inducevano a fornire dati personali, bombardavano il dispositivo con pubblicità aggressive e ne rendevano difficile la disinstallazione. Ad esempio, un’applicazione chiamata Spam Shield Block, mascherata da antispam, richiedeva immediatamente il pagamento e, se l’utente rifiutava, rendeva insopportabile l’utilizzo del dispositivo a causa di inserti pubblicitari . Gli utenti si lamentavano di prezzi di abbonamento inaffidabili, addebiti multipli e l’impossibilità di disinstallazione: azioni chiaramente mirate al prelievo occulto di fondi.

Tuttavia, le app mobili sono solo la punta dell’iceberg. VexTrio gestisce una rete di attività fraudolente, tra cui sistemi di distribuzione del traffico (TDS) che reindirizzano gli utenti da siti hackerati a pagine false. Questi TDS erano camuffati tramite i cosiddetti smartlink, link intelligenti che rivelano l’indirizzo finale solo all’ultimo momento e si adattano alla vittima: alla sua posizione geografica, al tipo di dispositivo e al browser. Questo consente loro di aggirare i filtri e complica l’analisi da parte degli specialisti.

Il traffico diretto a queste trappole viene inizialmente generato attraverso siti WordPress hackerati, contenenti codice dannoso. I truffatori utilizzano questi siti per distribuire annunci pubblicitari falsi, dalle lotterie alle truffe sulle criptovalute.

È interessante notare che l’organizzazione controlla non solo la parte pubblicitaria, ma anche l’intera catena di distribuzione: invio di e-mail, elaborazione dei dati di pagamento e convalida degli indirizzi postali. Ad esempio, il servizio DataSnap verifica la validità delle e-mail e Pay Salsa riscuote i pagamenti. Lo spam e-mail viene inviato tramite domini falsi che sembrano servizi legittimi come SendGrid e MailGun.

Per nascondere i domini finali e aggirare i controlli, viene utilizzato il servizio IMKLO, che filtra il traffico in entrata e determina se mostrare una pagina ingannevole o nasconderla agli occhi dei controllori. Questa messa a punto rende la campagna praticamente impercettibile.

Gli autori del rapporto sottolineano che il successo di tali schemi è garantito non solo dalla sofisticatezza tecnica, ma anche da una zona grigia legale: i truffatori cercano di evitare virus diretti e azioni dannose, rimanendo nell’ambito dell’inganno e dell’ingegneria sociale, dove la responsabilità si verifica meno spesso.

Il problema principale di questa minaccia è la percezione di tali schemi come “meno pericolosi” delle infezioni da malware. Mentre l’attenzione pubblica è focalizzata su trojan ed exploit, le frodi di massa con abbonamenti, carte di credito e dati personali rimangono nell’ombra. Sviluppare la formazione nel campo dell’igiene digitale e riconsiderare l’atteggiamento nei confronti delle truffe “soft” è uno dei compiti chiave nella lotta contro crimini di questo tipo.

L'articolo Hai pagato per mesi una VPN che non ha fatto altro che spiarti proviene da il blog della sicurezza informatica.

Let’s say you want to build a Nixie clock. You could go out and find some tubes, source a good power supply design, start whipping up a PCB, and working on a custom enclosure. Or, you could skip all that, and just follow [Simon]’s example instead.

The trick to building a Nixie clock fast is quite simple — just get yourself a frequency counter that uses Nixie tubes for the display. [Simon] sourced a great example from American Machine and Foundry, also known as AMF, the company most commonly associated with America’s love of bowling.

The frequency counter does one thing, it counts the number of pulses in a second. Thus, if you squirt the right number of pulses to represent the time — say, 173118 pulses to represent 5:31 PM and 18 seconds — the frequency counter effectively becomes a clock. To achieve this, [Simon] just hooked an ESP32 up to the frequency counter and programmed it to get the current time from an NTP time server. It then spits out a certain number of pulses every second corresponding to the current time. The frequency counter displays the count… and there you have your Nixie clock!

It’s quick, dirty, and effective, and a sweet entry to our 2025 One Hertz Challenge. We’ve had some other great entries, too, like this nifty hexadecimal Unix clock, and even some non-horological projects, too!

youtube.com/embed/Wd4AiFQjkqA?…

hackaday.com/2025/08/07/2025-o…

These days the president of the United States files frivolous lawsuits at an alarming clip, including against news outlets that displease him. He’s far from the only prominent public figure abusing the federal court system in this way, steering scarce judicial resources away from meritorious lawsuits by ordinary people who have suffered serious damages.

And yet, Congress has not seen fit to pass a federal “anti-SLAPP” law to stop billionaires and politicians from pursuing strategic lawsuits against public participation. But powerless prisoners? That’s another story. If they want access to the federal courts they need to navigate the Prison Litigation Reform Act — a maze of onerous procedural requirements. It’s supposedly intended to stop the courts from being burdened by inmates’ frivolous lawsuits.

We held a webinar to discuss the PLRA’s impact on incarcerated journalists and the journalists on the outside who cover the prison system, featuring Jeremy Busby, a journalist and Freedom of the Press Foundation (FPF) columnist who is incarcerated in Texas, and American Civil Liberties Union attorneys Nina Patel and Corene Kendrick. Patel is senior policy counsel at the ACLU Justice Division and Kendrick is the deputy director of the ACLU’s National Prison Project.

As Kendrick explained, the PLRA originated as one of the Clinton administration’s “tough on crime” initiatives as it pivoted right in preparation for the 1996 presidential election. The law was enacted despite a lack of evidence that incarcerated people file baseless lawsuits any more frequently than anyone else, presidents or otherwise. She said the law “singles out one disfavored group of people and categorically denies them equal access to the courts.”

youtube.com/embed/wiGxxwp8byI?…

She described how the harm extends beyond the impacted litigants, as the kinds of court filings foreclosed by the PLRA are “oftentimes the best way that information about conditions in our nation’s prisons and jails reach the public and members of the media.”

“The PLRA has, in practice, served as a real barrier for journalists to get any sort of information” about facilities that “get billions and billions of dollars a year to lock up human beings,” Kendrick said. “The ability to communicate with the outside world is so circumscribed and is monitored and recorded. And you know, once something gets to a federal court and it’s filed on the docket, it is out there.”

But when the court dismisses a case for procedural reasons without any consideration of whether the claims are true, all journalists are left with are untested allegations that they rarely have the resources to corroborate. “That happens all the time, and unfortunately, and it adversely affects journalists greatly,” Kendrick said.

Lawsuits are also the only recourse available to incarcerated journalists, who often report relentless retaliation when their work upsets prison officials. That’s what happened to Busby when he helped expose deplorable conditions inside the prison where he was housed when the COVID-19 pandemic hit in 2020. Busby said he was transferred to four prisons, each overcrowded with people sick with COVID, before landing in a cell without a mattress or sheets, where he was kept for six weeks. His property was damaged or seized, and he was written bogus disciplinary charges that were later overturned.

He brought a federal lawsuit, but because he was retaliated against in four different prisons, the judge said the PLRA required four separate lawsuits in four different courts. “I wasn’t able to successfully keep up with four active litigations in four different courts in four different counties, from the solitary confinement cell that I was being held in,” Busby explained, resulting in his lawsuits each being dismissed on procedural grounds before the merits of his claims could be adjudicated.

Busby is a college graduate and accomplished writer — if he can’t navigate the PLRA, it is all the more difficult for an average member of the prison population to do so. Even the experienced lawyers on the webinar acknowledged how challenging it can be to comply with the PLRA when representing their incarcerated clients. Incarcerated litigants, Busby noted, must also pay court fees — in his case, a $400 fee became $1,600 when his lawsuit was split into four.

“You don’t get paid for work here in Texas, and so most guys, they don’t even want the $400 thing against their account because their family members can maybe send $20 for toothpaste and deodorant every month or so, or every two or three months, and they don’t want to sacrifice their deodorant and toothpaste money to pursue this lawsuit,” he said.

So what’s the point of the PLRA? As Patel noted, “The courts are well equipped to throw out lawsuits that are frivolous,” and do so every day in cases involving non-incarcerated people. Patel believes the real problem the PLRA is meant to address isn’t that incarcerated people file so many invalid claims — it’s that they file so many valid ones.

With around two million people incarcerated in the United States, “a functional system where someone can go to the courts and have their constitutional violations in prison litigated and then compensated would break most prison systems in this country,” Patel explained. “That is the dirty truth of the PLRA.”

She added, “Everyone knows, and it’s not a secret, that it would bankrupt the system, and it would break it, and that we couldn’t do what we do in this country, which is lead the world in mass incarceration.”

Watch the full webinar here, and subscribe to our newsletters to get notice of future events.

Note: FPF Advocacy Director Seth Stern, who authored this article and moderated the webinar, is on the board of Busby’s nonprofit organization, JoinJeremy.

freedom.press/issues/federal-l…

Many of us have boiled an egg at some point or another in our lives. The conventional technique is relatively straightforward—get the water boiling, drop the egg in, and leave it for a certain period of time based on the desired consistency. If you want the yolk soft, only leave it in for a few minutes, and if you want it hard, go longer.

Ultimately, though, this is a relatively crude system for controlling the consistency of the final product. If you instead study the makeup of the egg, and understand how it works, you can elicit far greater control over the texture and behavior of your egg with great culinary benefits.

Knockin’ On 64

Traditional boiled eggs cooked for 4 minutes, 7 minutes, and 9 minutes. When cooking in boiling water, temperatures are high enough to create a fully firm white in just a few minutes. Credit: Wikisearcher, CC BY-SA 3.0
It all comes down to the physical basics of what goes on when we cook an egg. Whether frying, poaching, or simply boiling, one thing is the same—the liquid contents of the egg turn more solid with heat. This is because the heat causes the proteins in the egg white and egg yolk to denature—they untangle and unravel from their original folded structure into a new form which is the one we prefer to eat.

Physical chemist Hervé This is widely credited as revolutionizing the way we think about cooking eggs, through his careful study of how temperature affected the cooking process of a “boiled” egg. He invented the idea of the “6X °C egg”—a method of cooking eggs to generate a pleasant, smooth consistency by carefully controlling how the proteins denature. His work has since been expanded upon by many other researchers eager to untangle the mysteries of how egg proteins behave with heat.

Different purveyors of these theories each have their own ideals—but it’s common to hear talk of the “64-degree egg” or “65-degree egg.” To create such an egg, one typically uses a sous vide water bath set at a very precise temperature, in order to cook the egg in as controlled a manner as possible. The process is a relationship between time and temperature, and so the cooking times used are a lot longer than with boiling water at 100 C—immersing the eggs for 60 minutes or more is typical. This also helps to ensure the eggs are safe to eat, with the lower temperature needing a longer time to quash potentially harmful bacteria.

Sous Vide Eggs
byu/passswordistaco insousvide

Enthusiasts share cooking times and temperatures along with qualitative results, ever searching for the ideal egg.

The results of such a process? Eggs cooked in this manner are prized for their tender yolks and an overall consistency not dissimilar to custard. The process denatures the yolk and white proteins just enough to create an incredibly smooth egg with luxurious mouthfeel, and they’re often cited as melting in the mouth.
The onsen egg from Japan is a traditional egg dish cooked at approximately 70 C for 30 to 40 minutes, similarly creating an egg with a luxurious consistency. Credit: Blue Lotus, CC BY 2.0
The only real drawback? It’s typical to get some runny whites left over, since the low cooking temperature isn’t enough to fully denature the proteins in that part of the egg. These eggs were once a neat science experiment from the world of molecular gastronomy, with the cooking method since becoming widespread with restaurants and sous vide enthusiasts around the world.

There are even more advanced techniques for those committed to egg perfection. A research team from the University of Naples, Italy, determined that cycling an egg between two pans—one with boiling water, the other at 30 C—allowed both the yolk and the white to each reach target doneness. To get the whites to around 85 C while holding the yolk at 65 C, the team used the technique of swapping between pans to get both to their ideal temperature by modelling heat transfer through the egg. This controls the amount of heat transferred to the yolk deeper inside the egg, ensuring that it’s not overcooked in the effort to get the whites to set. Ultimately, though, this process requires a great deal of work swapping the egg back and forth for a full 30 minutes.

Few make that sort of commitment to eggcellence.

Featured image, the imaginatively named “Selective Photography of Breakfast in Plate” by [Krisztina Papp].

hackaday.com/2025/08/07/the-64…

It’s a well-known factoid that batteries keep getting cheaper while capacity increases. That said, as with any market that is full of people who are hunting for that ‘great deal’, there are also many shady sellers who will happily sell you a product that could be very dangerous. Especially in the case of large LiFePO₄ (LFP) batteries, considering the sheer amount of energy they can contain. Recently [Will Prowse] nabbed such a $125, 100 Ah battery off Amazon that carries no recognizable manufacturer or brand name.
Cheap and cheerful, and probably won’t burn down the place. (Credit: Will Prowse, YouTube)
If this battery works well, it could be an amazing deal for off-grid and solar-powered applications. Running a battery of tests on the battery, [Will] found that the unit’s BMS featured no over-current protection, happily surging to 400 A, with only over-temperature protection keeping it from melting down during a discharge scenario. Interestingly, under-temperature charge protection also worked on the unit.

After a (safe) teardown of the battery the real discoveries began, with a row of missing cells, the other cells being re-sleeved and thus likely salvaged or rejects. Fascinatingly, another YouTuber did a similar test and found that their (even cheaper) unit was of a much lower capacity (88.9 Ah) than [Will]’s with 98 Ah and featured a completely different BMS to boot. Their unit did however feature something of a brand name, though it’s much more likely that these are all just generic LFP batteries that get re-branded by resellers.

What this means is that these LFP batteries may be cheap, but they come with cells that are likely to be of questionable quality, featuring a BMS that plays it fast and loose with safety. Although [Will] doesn’t outright say that you shouldn’t use these batteries, he does recommend that you install a fuse on it to provide some semblance of over-current protection. Keeping a fire extinguisher at hand might also be a good idea.

youtube.com/embed/r9Ob5kk3qoQ?…

hackaday.com/2025/08/07/buying…

Ahoy Pirates,

Our next PPI board meeting will take place on 26.08.2025 at 14:00 UTC / 16:00 CEST.

All official PPI proceedings, Board meetings included, are open to the public. Feel free to stop by. We’ll be happy to have you.

Where:jitsi.pirati.cz/PPI-Board

Minutes of the meeting: wiki.pp-international.net/wiki…

Agenda: Pad: etherpad.pp-international.net/…

All of our meetings are posted to our calendar: pp-international.net/calendar/

We look forward to seeing visitors.

Thank you for your support,

The Board of PPI

pp-international.net/2025/08/n…

La fiducia degli americani nell’intelligenza artificiale sta diminuendo, nonostante l’accelerazione dei progressi globali in questo campo. Ciò indica un potenziale problema di sicurezza nazionale: legislatori di ogni partito, leader del settore, think tank e altri hanno avvertito che rimanere indietro rispetto alla Cina in materia di intelligenza artificiale metterebbe gli Stati Uniti in una posizione di svantaggio. Un sentimento pubblico negativo potrebbe minare il sostegno del Congresso e finanziario alla ricerca e allo sviluppo in questo campo.

Ma alcune aziende di intelligenza artificiale stanno modificando i loro prodotti per dare ai clienti governativi un maggiore controllo sul comportamento dei modelli, sull’input dei dati e persino sulla fonte di energia che alimenta il sistema.

Questo potrebbe placare l’opinione pubblica?

Un recente accordo dimostra fino a che punto le aziende siano disposte a spingersi per soddisfare le esigenze del governo. Per miliardi di persone, ChatGPT è un’astrazione visualizzata tramite il browser web. Ma all’inizio di questo mese, il chatbot basato sull’intelligenza artificiale ha assunto una forma fisica quando OpenAI ha consegnato diversi hard disk contenenti i pesi del modello o3 al Los Alamos National Laboratory. Il laboratorio mira a utilizzarli per esaminare dati classificati alla ricerca di informazioni sulla fisica delle particelle che potrebbero rimodellare la ricerca di energia e lo sviluppo di armi nucleari.

Quei dischi rigidi erano i “più preziosi” sulla Terra, l’incarnazione fisica della valutazione di 300 miliardi di dollari di OpenAI, ha detto a Defense One Katrina Mulligan, responsabile governativa dell’azienda, in occasione di un recente evento sull’intelligenza artificiale a Washington, DC. “Stiamo perdendo soldi con il nostro accordo con i laboratori nazionali”, ha detto Mulligan.

Pochi giorni dopo, OpenAI ha annunciato un contratto da 200 milioni di dollari con il Pentagono per “prototipare come l’intelligenza artificiale di frontiera possa trasformare le sue operazioni amministrative, dal miglioramento del modo in cui i militari e le loro famiglie ricevono assistenza sanitaria, alla semplificazione del modo in cui analizzano i dati di programma e acquisizione, fino al supporto alla difesa informatica proattiva. Tutti i casi d’uso devono essere coerenti con le politiche e le linee guida di OpenAI”.

All’AI Expo dello Special Competitive Studies Project a Washington, DC, un rappresentante di OpenAI ha dimostrato come gli strumenti dell’azienda possano essere utili per compiti di sicurezza nazionale: geolocalizzazione di immagini senza indizi evidenti, scansione dei registri di Telegram alla ricerca di indicatori di attività informatica o identificazione dell’origine di parti di droni recuperate dal campo di battaglia.

Il responsabile della demo ha affermato che i più recenti modelli di ragionamento dell’azienda non solo superano le versioni precedenti, ma ora consentono anche l’inserimento sicuro di dati classificati in conformità con le linee guida del Dipartimento della Difesa. A differenza di ChatGPT, rivolto al pubblico, la versione governativa mostra anche agli utenti come il modello prioritizza le fonti di dati, offrendo una trasparenza che consente agli analisti di perfezionare la logica e comprendere come il programma sia giunto alle conclusioni a cui è giunto.

Questa visibilità è essenziale per l’uso ai fini della sicurezza nazionale, ha affermato Mulligan, molto più che per i consumatori che vogliono risposte e raramente chiedono come vengono realizzati.

“Produce una catena di pensiero piuttosto dettagliata che ti dice come è arrivato alla sua conclusione, quali informazioni ha preso in considerazione che non erano possibili nel paradigma precedente”, ha detto, aggiungendo che le persone hanno creduto a lungo che tali modelli semplicemente non potessero essere spiegati, pensando che “questi modelli sarebbero sempre stati una scatola nera”.

La spiegabilità, la portabilità dei dati e il controllo delle infrastrutture locali, che consentono ai laboratori di eseguire modelli sui propri supercomputer, stanno emergendo come requisiti di base per l’uso dell’intelligenza artificiale nella pubblica amministrazione. Dare agli utenti maggiore autonomia crea fiducia.

OpenAI non è l’unica. Amazon Web Services sta silenziosamente diventando un attore fondamentale nell’intelligenza artificiale per la difesa. Ha recentemente rilasciato una versione del suo servizio Bedrock, che consente agli utenti di creare applicazioni di intelligenza artificiale generativa con un menu di modelli fondamentali, con sicurezza di livello classificato per i clienti del Dipartimento della Difesa.

Ma mentre la fiducia tra governo e Silicon Valley si sta rafforzando attorno all’obiettivo comune di progredire nell’implementazione dell’intelligenza artificiale, l’opinione pubblica si sta muovendo nella direzione opposta.

Un sondaggio condotto da Edelman a marzo ha mostrato che la fiducia nell’IA è scesa dal 50% al 35% dal 2019. E la sfiducia attraversa tutti gli schieramenti politici: solo il 38% dei democratici si fida dell’IA, rispetto al 25% degli indipendenti e al 24% dei repubblicani. Questo segue altri sondaggi che hanno mostrato un sentimento pubblico sempre più negativo nei confronti dell’IA, nonostante i professionisti che hanno integrato l’IA nel loro lavoro segnalino livelli di prestazioni più elevati.

Ma la vera divergenza è geopolitica. “La fiducia nell’intelligenza artificiale negli Stati Uniti e in tutto il mondo occidentale è bassa, mentre in Cina e nel resto del mondo in via di sviluppo si attesta intorno al 75%.”, ha affermato Mulligan.

Teme che queste disparità si traducano in reali divari nell’adozione, con la Cina in vantaggio in termini di produttività, crescita economica e qualità della vita.

L'articolo La fiducia degli americani nell’AI sta diminuendo ed è una questione di sicurezza nazionale proviene da il blog della sicurezza informatica.

You don’t have to be a Snow Crash or Tron fan to be familiar with the 3D craze that characterized the rise of the Internet and the World Wide Web in particular. From phrases like ‘surfing the information highway’ to sectioning websites as if to represent 3D real-life equivalents or sorting them by virtual streets like Geocities did, there has always been a strong push to make the Internet a more three-dimensional experience.

This is perhaps not so strange considering that we humans are ourselves 3D beings used to interacting in a 3D world. Surely we could make this fancy new ‘Internet’ technology do something more futuristic than connect us to text-based BBSes and serve HTML pages with heavily dithered images?

Enter VRML, the Virtual Reality Modelling Language, whose 3D worlds would surely herald the arrival of a new Internet era. Though neither VRML nor its successor X3D became a hit, they did leave their marks and are arguably the reason why we have technologies like WebGL today.

Inspired By Wheels

View of CyberTown’s VRML-based Plaza and interface.
With an internet-based virtual reality a highly topic concept, David Raggett from Hewlett Packard Laboratories submitted a paper back in 1994 titled Extending WWW to support Platform Independent Virtual Reality. This imagined a virtual reality layer to the WWW by the end of the millennium featuring head-mounted displays (HMDs) and tracking of a user’s limbs to fully integrate them into this virtual world with potentially realistic physics, sound, etc.

Describing these virtual worlds would be at the core of this VR push, with SGML (standardized general markup language) forming the basis of such world definitions, much like how HTML is a specialized form of SGML to define the structure and layout of a document. The newly minted VRML would thus merely define 3D worlds rather than 2D documents, with both defining elements and their positioning.

Although nothing revolutionary by itself – with games and 3D modeling software by then having done something similar with their own file formats to define 3D models and worlds for years already – VRML would provide a cross-platform, fully open and independent format that was specifically made for the purpose of this online VR experience.

All Starts With Polygons

The interesting thing about VRML is perhaps that it was pushing for a shared online 3D experience years before the first commercially successful MMORPG came onto the scene in 1999 in the form of EverCra^WEverQuest. VRML was pitched in 1994 and by 1995 the very RPG-like MMO experience called Colony City (later CyberTown) was launched. This created a virtual world in which members could hold jobs, earn virtual currency and purchase 3D homes and items that were all defined in VRML.

CyberTown endured until 2012 when the company behind it shut down, but there’s an ongoing push to revive CyberTown, with the revival project‘s GitHub project giving a glimpse at the preserved VRML-based worlds such as the home world. These .wrl files (short for ‘world’) use the VRML version 2.0 standard, which was the 1997 version of VRML that got turned into an ISO standard as ISO/IEC 14772:1997, with the specification itself being readily available over at the Web3D website.

As defined in part 1 of the specification, each VRML file:

1. implicitly establishes a world coordinate space for all objects defined in the file, as well as all objects included by the file;
2. explicitly defines and composes a set of 3D and multimedia objects;
3. can specify hyperlinks to other files and applications;
4. can define object behaviors.

VRML got combined with the Humanoid Animation (HAnim) standard to make realistic humanoid articulation and movement possible. Much like HTML documents, it are often the external resources like textures that determines the final look, but basic materials can be defined in VRML as well.

A very basic example of VRML is provided on the Wikipedia entry for a simple triangle:
#VRML V2.0 utf8

Shape {
geometry IndexedFaceSet {
coordIndex [ 0, 1, 2 ]
coord Coordinate {
point [ 0, 0, 0, 1, 0, 0, 0.5, 1, 0 ]
}
}
}

The interesting part comes when the material and texture appearance properties are set for a shape, albeit with basic lighting, no shaders and similar advanced features. All of these would see major improvements by the late 90s as consumer graphic cards became commonplace, especially during 1999 when we saw not only NVidia’s impressive RIVA TNT2, but especially its revolutionary Geforce 256 GPU with its hardware transform and lighting engine.

At this point video games began to look ever more realistic – even on PC – and with the release of new MMORPGs like 2004’s World of Warcraft and EverQuest II, the quirky and very dated look of VRML-based worlds made it clear that the ‘3D WWW’ dream in the browser was effectively dead and the future was these MMORPGs and kin.

It also seems fair to say that the fact that these games came with all of the assets on installation discs was a major boon over downloading hundreds of megabytes worth of assets via an anemic dial-up or crippled cable internet connection of the late 90s and early 2000s.

A Solution In Search Of A Problem

Virtual Environment Reality workstation technology in 1989 (helmet & gloves) (Credit: NASA)
One could argue that science-fiction like Snow Crash provides us with the most ideal perspective of a VR layer on top of the Internet, where its Metaverse provides a tangible addition to reality. This same concept of a metaverse where the mind is no longer constrained by the limitations of the body is found in animated features like Ghost in the Shell and Serial Experiments Lain, each of which feature digitalized, virtual worlds that unchain the characters while creating whole new worlds previously considered impossible.

In these worlds characters can find information much faster, move through digital currents like fish in water, inhibit the digital brains of Internet-connected devices, and so on. Meanwhile back in reality the way we humans interact with virtual worlds has barely changed from the 1980s when NASA and others were experimenting with VR interface technologies.

Why move clumsily through a faux 3D environment with cumbersome input devices strapped to your body and perhaps a display pushed up to your noggin when you can just use mouse and keyboard to tappity-tap in some commands, click a hyperlink or two and observe the result on your very much 2D monitor?

As around 2003 the latest web-based VR world hype came in the form of Second Life, it followed mostly the same trajectory as CyberTown before it, while foregoing anything like VRML. After some companies briefly had a presence in Second Life before leaving, it became a ghost town just in time for Facebook to rename itself into Meta and try its hand at the very creatively named Metaverse. Despite throwing billions of dollars at trying to become at least as popular as CyberTown, it mostly left people with the feeling of what the point of such a ‘metaverse’ is.

Never Stop Dreaming

The Web3D Consortium was set up in 1997 along with the standardization of VRML, when it was called the VRML Consortium. Its stated goal is to develop and promote open standards for 3D content and services on the web. It currently pushes the somewhat newer X3D standard, which among other things supports multiple syntax types ranging from XML to classical VRML. It also supports modern physically based rendering (PBR), which puts it at least somewhat in the same ballpark as modern 3D graphic renderers.

Meanwhile there is the much more significant WebGL, which was originally created by Mozilla, but has since found a loving home at Khronos. This uses the canvas feature of HTML 5 to render 2D and 3D graphics using OpenGL ES, including support for shaders. The proposed WebGPU would merge the web browser and GPUs tighter still, albeit with its own shader language instead of the standard OpenGL ES one.

With these new technologies it would seem that rendering prettier 3D worlds in browsers has become easier than ever, even as the dream of bringing 3D worlds to the WWW seems as distant as the prospect of VR games taking the world of gaming by storm. Barring major human-computer interface advances, the WWW will remain at its optimum with keyboard and mouse, to browse through 2D documents. This alongside 3D game worlds controlled with the same keyboard and mouse, with said worlds rendered on a very much 2D surface.

Here’s to dreaming that maybe some of those exciting aspects of sci-fi will one day become science-fact, and to those who strive to make those dreams reality, in lieu of simply being given a nanotech-based Primer as a shortcut.

hackaday.com/2025/08/07/vrml-a…

Un bollettino di sicurezza urgente è stato diramato da Trend Micro al fine di informare i propri clienti circa delle vulnerabilità critiche, sfruttate attivamente dai malintenzionati, riguardanti l’esecuzione di codice remoto nella console di gestione Apex One on-premise.

Le falle di sicurezza, identificate come CVE-2025-54948 e CVE-2025-54987, interessano la Trend Micro Apex One Management Console in esecuzione sui sistemi Windows. Entrambe le vulnerabilità derivano da debolezze nell’iniezione di comandi che consentono ad aggressori remoti pre-autenticati di caricare codice dannoso ed eseguire comandi arbitrari sulle installazioni interessate.

L’azienda ha confermato che è stato osservato almeno un caso di sfruttamento attivo, il che rende urgente l’adozione di misure di protezione immediate. Queste vulnerabilità prendono di mira specificamente Trend Micro Apex One 2019 Management Server versione 14039 e precedenti.

Il secondo CVE rappresenta essenzialmente la stessa vulnerabilità, ma prende di mira un’architettura di CPU diversa, ampliando la potenziale superficie di attacco per gli autori di attacchi dannosi che cercano di compromettere l’infrastruttura di sicurezza aziendale.

Riconoscendo la natura critica di queste falle, Trend Micro ha rilasciato uno strumento di mitigazione di emergenza denominato “FixTool_Aug2025” per fornire una protezione immediata contro gli exploit noti.

Tuttavia, questa soluzione a breve termine presenta un compromesso operativo significativo: disabilita la funzione Remote Install Agent, impedendo agli amministratori di distribuire gli agenti direttamente dalla console di gestione .

I metodi di distribuzione alternativi, come il percorso UNC o i pacchetti agent, rimangono inalterati.

L’azienda ha sottolineato che, sebbene lo strumento di correzione fornisca una protezione completa contro gli exploit noti, è prevista una patch critica completa verso la metà di agosto 2025.

L'articolo Vulnerabilità critiche in Trend Micro Apex One: aggiornamento urgente proviene da il blog della sicurezza informatica.

Ora... ognuno può pensarla come vuole e in molti penseranno che quest'uomo è un pazzo.

Ma metti che domani 'sto mostro esce dall'acqua e si fa un giretto sulla terraferma a favore di fotografi.

Steve Feltham potrà sparare un "VE L'AVEVO DETTO, STRONZI!" da cento megatoni.

😁😁😁

L’uomo che da 30 anni cerca il mostro di Loch Ness: ilpost.it/2022/11/10/uomo-cerc…

L’uomo che da 30 anni cerca il mostro di Loch Ness

Steve Feltham è arrivato sul lago scozzese nel 1991 e da allora passa le sue giornate scrutando l'acqua, invano

^{Il Post}

Un ex dirigente di Google lancia l’allarme: l’intelligenza artificiale è pronta a spodestare i lavoratori e trascinarci verso una distopia. Mo Gawdat, lancia l’allarme: l’intelligenza artificiale non avrà ripercussioni solo sui lavori entry-level. Minaccia tutti i livelli del lavoro intellettuale, dagli sviluppatori ai CEO. Prevede un futuro prossimo caratterizzato da profondi sconvolgimenti sociali ed economici, guidati da un’automazione massiccia.

Mo Gawdat non si limita a sottolineare i rischi dell’IA per i lavori tecnici o ripetitivi. In un’intervista al podcast Diary of a CEO, sostiene che anche le professioni più qualificate, spesso considerate sicure, saranno spazzate via. Sviluppatori, podcaster e persino CEO sono sulla lista. “L’IA diventerà migliore degli umani in tutto. Anche nel ruolo di CEO“, avverte.

L’ex direttore vendite di Google X attinge alla propria esperienza imprenditoriale. La sua attuale startup, Emma.love, sviluppa un’intelligenza artificiale incentrata sulle relazioni emotive. È gestita da tre persone. “Prima, questo progetto avrebbe richiesto 350 sviluppatori“, sottolinea. Un esempio concreto di quanto rapidamente la capacità produttiva possa essere concentrata nelle mani di pochissimi individui, potenziata dall’automazione.

Inoltre, Mo Gawdat descrive la nostra epoca come una fase di transizione: un ‘”era di intelligenza aumentata” in cui gli esseri umani mantengono ancora un ruolo. Ma, secondo lui, questo non durerà. Questo periodo sta già cedendo il passo a una fase che lui chiama “padronanza delle macchine “, in cui l’IA occuperà ruoli interi, dagli assistenti agli architetti. Non ci sarebbe più alcuna complementarietà tra esseri umani e macchine, ma una pura e semplice sostituzione.

Lungi dall’essere un tecnofobo, l’ex dirigente di Google afferma di voler costruire un’intelligenza artificiale allineata ai valori umani. Sostiene sistemi che promuovano amore, libertà e connessione tra gli individui. Tuttavia, osserva un divario preoccupante tra questa ambizione etica e la realtà dei suoi utilizzi. Secondo lui, l’IA è attualmente impiegata da attori guidati principalmente dalla redditività e dall’ego. Questo squilibrio rende lo scenario distopico non solo possibile, ma probabile.

Pone il punto di svolta intorno al 2027. Questo momento segnerebbe l’emergere di una disoccupazione di massa, un aumento delle tensioni sociali e la disintegrazione delle classi medie. “A meno che tu non faccia parte dello 0,1% più ricco, sei un contadino”, afferma. L’attuale modello economico non sopravviverebbe a un’automazione diffusa senza una profonda trasformazione dei suoi meccanismi di redistribuzione.

Va addirittura oltre la crisi climatica. In un precedente episodio dello stesso podcast , ha definito l’IA un’emergenza più grave del cambiamento climatico, chiedendo una tassa del 98% sulle aziende che fanno ampio affidamento sull’IA per finanziare reti di sicurezza. Ha poi menzionato la probabilità “più alta” di un evento globale dirompente causato dall’IA rispetto al riscaldamento globale.

L'articolo L’intelligenza artificiale ci travolgerà! l’allarme dell’ex dirigente di Google è un futuro distopico proviene da il blog della sicurezza informatica.