It is a good day for design review! Today’s board is the MuBook, a Lattepanda Mu SoM (System-on-Module) carrier from [LtBrain], optimized for a NAS with 4 SATA and 2 NVMe ports. It is cheap to manufacture and put together, the changes are non-extensive but do make the board easier to assemble, and, it results in a decent footprint x86 NAS board you can even order assembled at somewhere like JLCPCB.

This board is based on the Lite Carrier KiCad project that the LattePanda team open-sourced to promote their Mu boards. I enjoy seeing people start their project from a known-working open-source design – they can save themselves lots of work, avoid reinventing the wheel and whole categories of mistakes, and they can learn a bunch of design techniques/tips through osmosis, too. This is a large part of why I argue everyone should open-source their projects to the highest extent possible, and why I try my best to open-source all the PCBs I design.

Let’s get into it! The board’s on GitHub as linked, already containing the latest changes.

Git’ting Better

I found the very first review item when downloading the repo onto my computer. It took a surprising amount of time, which led me to believe the repo contains a fair bit of binary files – something quite counterproductive to keep in Git. My first guess was that the repo had no .gitignore for KiCad, and indeed – it had the backups/ directory with a heap of hefty .zips, as well as a fair bit of stuff like gerbers and footprint/symbol cache files. I checked in with [LtBrain] that these won’t be an issue to delete, and then added a .gitignore from the Blepis project.

This won’t make the repo easier to check out in the future, sadly – the hefty auto-generated files are still in the repo history. However, at least it won’t grow further as KiCad puts new archives into the backups/ directory, and, it’s good to keep .gitignore files in your KiCad repos so you can easily steal them every time you start a new project.

Apart from that, a .gitignore also makes working with your repository way way easier! When seeing changes overview in git status or GitHub Desktop, it’s way nicer to, and you even get a shot at reviewing changes in your commits to make sure you’re not adding something you don’t want in the repository. Oh, and, you don’t risk leaking your personal details as much, since things like auto-generated KiCad lockfiles will sometimes contain your computer name or your user name.

Now that the PCB Git-ability has been improved, let’s take a look at the board, first and foremost; the schematic changes here are fairly minimal, and already reviewed by someone else.

Cheap With Few Compromises

There’s plenty of PCIe, USB3, and SATA on this board – as such, it has to be at least four layers, and this one is. The SIG-GND-GND-SIG arrangement is only slightly compromised by a VDC (12 V to 15 V) polygon on one of the layers, taking up about 30% of space, and used to provide input power to Mu and also onboard 3.3 V and 5 V regulators.

Of course, with so many interfaces, you’ll also want to go small – you’ll have to fit a lot of diffpairs on the board, and you don’t want them flowing too close to each other to avoid interference. This board uses approximately 0.1 mm / 0.1 mm clearances, which, thankfully, work well enough for JLCPCB – the diffpairs didn’t even need to be redrawn much. Apart from that, the original design used 0.4 mm / 0.2 mm vias. Problem? JLC has a $30 surcharge for such vias for a board of this size. No such thing for 0.4 mm / 0.3 mm vias, surprisingly, even though the annular ring is way smaller.

I went and changed all 0.4 mm / 0.2 mm vias to 0.4 mm / 0.3mm vias, and that went surprisingly well – no extra DRC errors. The hole-to-copper distance is set to be pretty low in this project, to 0.15 mm, because that’s inherited from LattePanda carrier files, so I do hope that JLC doesn’t balk at those vias during the pre-production review. Speaking of DRC, I also set all courtyard errors to “ignore” – not only does this category have low signal-to-noise ratio, the LattePanda module courtyard also would raise problems at all items placed under the module, even though there’s plenty of space as long as you use a DDR socket tall enough.

One thing looked somewhat critical to me, though – the VDC polygon, specifically, the way it deprived quite a few diffpairs from GND under them.

Redraw, Nudge, Compromise

Remember, you want a ground polygon all along the underside of the differential pair, from start to finish, without interruptions – that ground polygon is where ground return current flows, and it’s also crucial in reaching the right differential pair impedance. The VDC polygon did interrupt a good few pairs, however.

Most of those interruptions were fixed easily by lifting the VDC polygon. Highlighting the net (` keyboard key) showed that there’s only really 4 consumers of the VDC power input, and all of them were above the overwhelming majority of the diffpairs. REFCLKs for M.2 sockets had to be rerouted to go over ground all throughout, though, and I also added a VDC cutout to pull gigabit Ethernet IC PCIe RX/TX pairs over VDC for most of their length.

This polygon carries a fair bit of current, a whole N100 (x86) CPU’s worth and then some, and remember – inner layers are half as thick, only 0. 5oz instead of 1 oz you get for outer layers by default. So, while we can cut into it, the VDC path has to be clear enough. A lot of items on VDC, like some gigabit controller power lines, ended up being moved from the VDC polygon layer to the opposite inner layer – now, they’re technically on the layer under PCIe and gigabit Ethernet pairs, but it’s a better option than compromising VDC power delivery. I also moved some VDC layer tracks to B.Cu and F.Cu; remember, with high-speed stuff you really want to minimize the number of inner layer tracks.

Loose Ends

With the vias changed and polygon redrawn, only a few changes remained. Not all diffpair layer crossings had enough vias next to them, and not all GND pads had vias either – particularly on the Mu and M.2 slots, what’s with high-speed communications and all, you have to make sure that all GND pads have GND vias on them. Again, highlight GND net (`) and go hunting. Afterwards, check whether you broke any polygons on inner layers – I sure did accidentally make a narrow passage on VDC even more narrow with my vias, but it didn’t take much to fix. Remember, it’s rare that extra vias cost you extra, so going wild on them is generally safe.

The SATA connector footprint from Digikey was faulty – instead of plated holes for through-hole pins, it had non-plated holes. Not the kind of error I’ve ever seen with easyeda2kicad, gotta say. As an aside, it was quite a struggle to find the proper datasheet on Digikey – I had to open like five different PDFs before I found one with footprint dimension recommendations.

A few nets were NC – as it turned out, mostly because some SATA ports had conflicting names; a few UART testpoints were present in the schematic but not on the board, so I wired them real quick, too. DRC highlighted some unconnected tracks – always worth fixing, so that KiCad can properly small segments into longer tracks, and so that your track moves don’t then result in small track snippets interfering with the entire plan. Last but not least, the BIOS sheet in the schematic was broken for some reason; KiCad said that it was corrupted. Turned out that instead of BIOS.kicad_sch, the file was named bios.kicad_sch – go figure.

Production Imminent

These changes helped [LtBrain] reduce PCB manufacturing cost, removed some potential problems for high-speed signal functioning, and fixed some crucial issues like SATA port mounting pins – pulling an otherwise SMD-pad SATA port off the board is really easy on accident! They’re all on GitHub now, as you’d expect, and you too can benefit from this board now.

Boston Police (BPD) continue their efforts rollout more surveillance tools. This time on social media.

On August 19th, the Boston Public Safety Committee will hold a hearing on the Boston 2024 Surveillance Technology Report including police usage of three new tools to monitor social media posts. Any tool BPD uses will feed into the Boston Regional Information Center (BRIC) and Federal agencies such as ICE, CBP and the FBI.

If you want to tell the Boston Public Safety committee to oppose this expansion of surveillance, please show up on the 19th virtually. Details are posted, but to sign up to speak, email ccc.ps@boston.gov and they will send you a video conference link. We especially encourage Boston Pirates to attend and speak against this proposal. The Docket # is 1357.

masspirates.org/blog/2025/08/1…

[porchlogic] had a problem. The desire was to print a crystal-like case for an ESP32 project, reminiscent of so many glorious game consoles and other transparent hardware of the 1990s. However, with 3D printing the only realistic option on offer, it seemed difficult to achieve a nice visual result. The solution? Custom G-code to produce as nice a print as possible, by having the hot end trace a single continuous path.

The first job was to pick a filament. Transparent PLA didn’t look great, and was easily dented—something [porchlogic] didn’t like given the device was intended to be pocketable. PETG promised better results, but stringing was common and tended to reduce the visual appeal. The solution to avoid stringing would be to stop the hot end lifting away from the print and moving to different areas of the part. Thus, [porchlogic] had to find a way to make the hot end move in a single continuous path—something that isn’t exactly a regular feature of common 3D printing slicer utilities.

The enclosure itself was designed from the ground up to enable this method of printing. Rhino and Grasshopper were used to create the enclosure and generate the custom G-code for an all-continuous print. Or, almost—there is a single hop across the USB port opening, which creates a small blob of plastic that is easy to remove once the print is done, along with strings coming off the start and end points of the print.

Designing an enclosure in this way isn’t easy, per se, but it did net [porchLogic] the results desired. We’ve seen some other neat hacks in this vein before, too, like using innovative non-planar infill techniques to improve the strength of prints.

youtube.com/embed/2Sy50BrlDMo?…

Thanks to [Uxorious] and [Keith Olson] for the tip!

hackaday.com/2025/08/12/contin…

Many people have looked Death in the eye sockets and survived to tell others about it, but few situations speak as much to the imagination as situations where there’s absolutely zero prospect of rescuers swooping in. Top among these is the harrowing tale of the Apollo 13 moon mission and its crew – commanded by James “Jim” Lovell – as they found themselves stranded in space far away from Earth in a crippled spacecraft, facing near-certain doom.

Lovell and his crew came away from that experience in one piece, with millions tuning into the live broadcast on April 17 of 1970 as the capsule managed to land safely back on Earth, defying all odds. Like so many NASA astronauts, Lovell was a test pilot. He graduated from the US Naval Academy in Maryland, serving in the US Navy as a mechanical engineer, flight instructor and more, before being selected as NASA astronaut.

On August 7, 2025, Lovell died at the age of 97 at his home in Illinois, after a dizzying career that saw a Moon walk swapped for an in-space rescue mission like never seen before.

Joining The Navy

The USS Shangri-La underway in 1970. (Credit: US Navy)
James Arthur Lovell Jr. was born in Cleveland, Ohio, on March 25, 1928. He was the sole child, with his father dying in a car accident when he was five years old. After this he and his mother lived with a relative in Indiana, before moving to Wisconsin where Lovell attended Juneau High School. He attained the Boy Scouts’ highest rank of Eagle Scout, while also displaying an avid interest in rocketry including the building of flying models.

After graduating from high school, Lovell studied engineering under the US Navy’s Flying Midshipman program from 1946 to 1948, which focused on training new naval aviators. This was a sponsored program by the US Navy, with the student required to enlist as Apprentice Seaman and to serve in the Navy for five years, including one year of active duty.

As this program was being rolled back in the wake of the end of WW2, Lovell saw himself and others like him pressured to transfer out, with Lovell applying at the US Naval Academy in Annapolis, Maryland. Here he would continue his engineering studies, graduating with a Bachelor of Science degree in the Spring of 1952.

After graduation he was commissioned as an ensign in the US Navy, got selected for naval aviation training and was later assigned to the Essex-class aircraft carrier USS Shangri-La during the 1950s where he flew many missions, racking up a reported total of 107 carrier landings. Once back ashore he became a flight instructor for Navy pilots.

To Space And Beyond

With NASA selecting its future astronauts from the military’s test pilots for a variety of reasons, it was only a matter of time before Lovell would be in the running for the first group of astronauts considering his performance in the Navy. Although he got put on the list of potential astronauts for Project Mercury, he narrowly missed joining the Mercury Seven. After applying for the second group, however, he ended up being selected for Mercury’s successor project: Project Gemini.
The Pacific Ocean as seen from the Gemini 7 capsule on 8 December 1965 by astronauts Borman and Lovell. (Credit NASA)
Lovell would fly on two Gemini missions, Gemini 7 and Gemini 12, with the latter seeing Lovell being joined by Edwin “Buzz” Aldrin as the pilot. Before embarking on Gemini 7, Lovell and his fellow astronaut Frank F. Borman were given the advice by Pete Conrad – who had previously spent eight days on Gemini 5 – to take books along for the ride. Considering that Gemini 7 was an endurance mission lasting nearly two weeks, this turned out to be very good advice, indeed.
Edwin “Buzz” Aldrin performing an EVA during the first day of the 4-day Gemini 12 mission. (Credit: NASA, James Lovell)
The four-day Gemini 12 mission would be the last mission in the project, taking place during November of 1966. During this mission Aldrin demonstrated a number of extra-vehicular activities (EVAs), showing that humans could perform activities outside of the spacecraft, thus clearing the way for Project Apollo.

Lucky Apollo 13

Although Lovell is generally associated with Apollo 13, his third spaceflight was on Apollo 8 which launched on December 21st of 1968. This was the first manned Apollo mission to make it to the Moon following Apollo 7 which stayed in Earth’s orbit. During Apollo 8 the crew of three – Borman, Lovell and Anders – completed ten orbits around Earth’s companion, making it the first time that humans had laid eyes on the far side of the Moon and were able to observe an Earthrise.
The famous ‘Earthrise’ photo by William Anders taken during Apollo 8. (Source: NASA)
With the Apollo program in constant flux, Apollo 8’s mission profile was changed from a more conservative Earth orbit-bound test with the – much delayed lunar module (LM) – to the very ambitious orbiting of the Moon. This put the Apollo program back on track, however, as it skipped a few intermediate steps. After Apollo 9 demonstrated the full lunar EVA suit in space as well as docking with the LM in Earth orbit, Apollo 10 was the wet dress rehearsal for the first true Moon landing with Neil Armstrong and Buzz Aldrin taking the honors.

After Apollo 12 delivered its second batch of astronauts to the lunar surface, it was finally time for Lovell as the commander and Fred Haise as the LM pilot to add their footprints to the lunar regolith as part of the Apollo 13 mission. After two successful Moon landings, when Apollo 13 took off from the landing pad on April 11, 1970, it seemed that this was going to be mostly a routine mission.

After making it about 330,000 km from Earth, the Apollo 13 crew was going through their well-practiced schedule, with only one active issue bothering them and ground control in Houston. This issue involved the pressure sensor in one of the service module (SM) oxygen tanks. Ground control requested that the crew try activating the stirring fans in the oxygen tanks to see whether de-stratifying the contents of the affected oxygen tank might fix the odd readings.

Ninety-five seconds after Command Module (CM) pilot John Swigert activated these fans the three astronauts heard a loud bang, accompanied by electrical power fluctuations and the attitude control thrusters automatically engaging. After briefly losing communications with Earth, Swigert called back to Houston with the now famous “Houston, we have had a problem.” phrase.

youtube.com/embed/MdvoA-sjs0A?…

As indicated by the resulting investigations, one of the oxygen tanks (Oxygen Tank 2) that fed the fuel cells for power generation had turned into a bomb owing to manufacturing and handling defects years prior. The resulting explosion also caused the loss of Oxygen Tank 1 and ultimately putting all of the CM’s fuel cells out of commission. With the CM’s batteries rapidly draining, the Apollo 13 astronauts only had minutes to put a plan together with Houston, to use the LM as their lifeboat and to devise a way to plan a course back to Earth after a fly-by of the Moon.

As these immediate concerns were addressed and Apollo 13 found itself on a course that should take it safely back to Earth, two new issues cropped up. The first was that of potable water, as normally the CM’s fuel cells would create all the water that they’d need during the mission. With the CM and its fuel cells out of commission, they had to strictly ration their limited supply, all the way down to 200 mL per person per day.
The adapted carbon dioxide scrubber on Apollo 13. (Credit: NASA)
The other issue concerned the carbon dioxide levels. Although the LM carried sufficient oxygen, CO₂ scrubbers were required to keep the levels of this gas at healthy levels, even as the crew kept adding to it with their breathing. The lithium hydroxide pellet-based scrubbers in the CM and LM were up to their individual tasks, but the LM was equipped only for the 45 hours that two astronauts would spend on the lunar surface, not keep three astronauts alive for the time that it’d take to travel back to Earth.

Annoyingly, the CM and LM scrubber canisters had different dimensions that prevented the astronauts from simply availing themselves of the CM scrubbers. This was fortunately nothing that some solid arts and crafts experience can’t fix, and the CM canisters were made to work using plastic manual covers, duct tape and whatever else was needed to bridge the gaps.

With all the essentials dealt with as well as possible considering the circumstances, the three astronauts set in for a very long and very cold wait. As most systems were shut down to preserve every bit of energy there was little any of them could do against the cold of space itself seeping into the LM even as moisture condensed on all surfaces.

Before nearing Earth, Lovell and his crew were tasked with configuring the LM’s navigation computer in preparation for final approach, as well as starting the CM up from its cold shutdown. With every step of this re-entry and required separation of the SM, CM and ultimately the LM being completely unlike the normal procedure that they had trained for, there existed significant uncertainty about how well it all would work.

Fortunately everything went off relatively without any issues and on April 17 of 1970 all three Apollo 13 astronauts made a soft splash back on Earth. This would also be Lovell’s fourth and final spaceflight.

Retirement

Apollo 13’s capsule splashing down on April 17 1970. (Credit: NASA)
Lovell would retire from the Navy and the space program on March 1, 1973. For decades afterwards he’d serve as CEO, president and similar roles for a range of companies before retiring in 1991, only staying on the board of directors for a number of corporations including the Astronautics Corporation of America. With the fame that Apollo 13 had brought him and his two fellow astronauts none of them ever fully left the public eye.

A number of films and documentaries were made about the Apollo 13 mission, which was termed a ‘successful failure’. Lovell would make a number of cameos, with the 1995 film Apollo 13 based on Lovell’s book Lost Moon being one of the most notable examples.

With Lovell’s death, Fred Haise is now the last remaining member of Apollo 13 to still be alive, after Jack Swigert died from cancer in 1982.

Although a lot has been said already about Apollo 13 nearly ending in tragedy, including its auspicious number in many Western cultures, it’s impossible to deny that this mission’s crew were among the luckiest imaginable. In the dark and cold of Space, trapped between Earth and the Moon, they found themselves among the best friends imaginable to together solve a puzzle, even as their own lives were on the line.

If the oxygen tank had exploded on the return trip from the Moon, all astronauts would have likely perished. Similarly, if any of the other events during the mission had played out slightly differently, or if another emergency had occurred on top of the existing ones, things might have turned out very differently.

If there’s anything to be learned from Lovell’s life, it is probably that ‘luck’ is relative, and that team work goes a very long way.

hackaday.com/2025/08/12/rememb…

Come era prevedibile, il famigerato bug scoperto su WinRar, viene ora sfruttato attivamente dai malintenzionati su larga scala, vista la diffusione e la popolarità del software.

Gli esperti di ESET hanno segnalato che la vulnerabilità di WinRAR (CVE-2025-8088) recentemente risolta è stata utilizzata come 0-day negli attacchi di phishing ed è stata utilizzata per installare il malware RomCom.

La vulnerabilità era correlata al directory traversal ed è stata risolta a fine luglio con il rilascio di WinRAR versione 7.13. Il problema consentiva l’utilizzo di archivi appositamente preparati e la decompressione dei file lungo un percorso specificato dagli aggressori.

“Durante la decompressione di un file, le versioni precedenti di WinRAR, le versioni Windows di RAR, UnRAR, il codice sorgente di UnRAR portatile e la libreria UnRAR.dll potevano utilizzare il percorso di un archivio appositamente preparato anziché quello specificato dall’utente”, hanno spiegato gli sviluppatori dell’archiviatore . “Le versioni Unix di RAR, UnRAR, il codice sorgente di UnRAR portatile e la libreria UnRAR, così come RAR per Android, non erano vulnerabili.

Pertanto, sfruttando questo bug, gli aggressori potrebbero creare archivi che decomprimono file eseguibili dannosi nella cartella di avvio di Windows situata in:

• %APPDATA%\Microsoft\Windows\Start Menu\Programmi\Esecuzione automatica (locale per l’utente);
• %ProgramData%\Microsoft\Windows\Start Menu\Programmi\Esecuzione automatica (per tutti gli utenti).

Dopo il successivo accesso, tale file viene eseguito automaticamente, consentendo all’aggressore di eseguire codice sull’host remoto.

Questo problema è stato scoperto dagli esperti ESET nel luglio 2025 e ora segnalano che, anche prima del rilascio della patch, CVE-2025-8088 è stato utilizzato negli attacchi come vulnerabilità zero-day.

Secondo i ricercatori, la vulnerabilità è stata sfruttata in attacchi di phishing mirati volti a diffondere malware del gruppo di hacker RomCom (noto anche come Storm-0978, Tropical Scorpius e UNC2596), tra cui varianti di SnipBot, RustyClaw e Mythic.

Secondo quanto riferito, la campagna aveva come obiettivo aziende finanziarie, manifatturiere, della difesa e della logistica in Canada e in Europa.

Il gruppo RomCom è stato precedentemente collegato ad attacchi ransomware, furto di dati a scopo di riscatto e campagne di furto di credenziali. RomCom è noto per lo sfruttamento di vulnerabilità zero-day e l’utilizzo di malware personalizzati per rubare dati e persistere nei sistemi.

ESET sottolinea che la stessa vulnerabilità è stata recentemente sfruttata da un altro aggressore ed è stata scoperta in modo indipendente dalla società russa BI.ZONE. Inoltre, il secondo aggressore ha iniziato a sfruttare la vulnerabilità CVE-2025-8088 pochi giorni dopo il RomCom.

L'articolo Come previsto, il bug di WinRAR è diventato un’arma devastante per i cyber criminali proviene da il blog della sicurezza informatica.

The largest European hacker camp this year was in the Netherlands — What Hackers Yearn (WHY) 2025 is the latest in the long-running series of four-yearly events from that country, and 2025 saw a move from the Flevoland site used by SHA2017 and MCH2021, back to just north of Alkmaar in Noord-Holland, where the OHM2013 event took place. WHY has found itself making the news in the Dutch technical media for all the wrong reasons over the last few days, after serious concerns were raised about the fire safety of its badge.
This is the cell supplied with the WHY badge, complete with manufacturer’s warning.
The concerns were raised from the RevSpace hackerspace in Leidschendam, and centre around the design of the battery power traces on the PCB between the battery holders and the power supply circuitry. Because the 18650 cells supplied with that badge lack any protection circuitry, bridging the power traces could be a fire risk.

In short: their report names the cell holders as having tags too large for their pads on the PCB, a too-tight gap between positive and negative battery traces, protected only by soldermask, and the inadequacy of the badge’s short circuit protection. In the event that metal shorted these battery tags, or wore through the soldermask, the batteries would be effectively shorted, and traces or components could get dangerously hot.

The WHY organizers have responded with a printed disclaimer leaflet warning against misuse of the cells, and added a last-minute epoxy coating to the boards to offer additional protection. Some people are 3D-printing cases, which should also help reduce the risk of short-circuiting due to foreign metal objects. A powerbank with short-circuit protection would solve the problem as well. Meanwhile a group of hackers collecting aid for Ukraine are accepting the batteries as donations.

It’s understood that sometimes bugs find their way into any project, and in that an event badge is no exception. In this particular case, the original Dutch badge team resigned en masse at the start of the year following a disagreement with the WHY2025 organizers, so this badge has been a particularly hurried production. (Editor’s note: the group that brought the 18650 concerns to light has some overlap with the group that left the WHY2025 badge project.) Either way, we are fortunate that the issue was spotted before any regrettable incidents occurred.

hackaday.com/2025/08/12/when-a…

Il Governo della Repubblica Popolare Cinese (“Cina”) e il Governo degli Stati Uniti d’America (“USA”), secondo quanto riportato da l’agenzia di stampa Xinhua di Pechino del 12 agosto e sulla base della dichiarazione congiunta Cina-Stati Uniti sui colloqui economici e commerciali di Ginevra raggiunta il 12 maggio 2025, si sono accordati a sospendere l’applicazione della tariffa del 24% sui dazi per 90 giorni a partire dal 12 agosto 2025,

Le due parti hanno ricordato i loro impegni assunti nell’ambito della Dichiarazione congiunta di Ginevra e hanno concordato di adottare le seguenti misure dal 12 agosto 2025:

1. Gli Stati Uniti continueranno a modificare l’attuazione delle tariffe ad valorem aggiuntive sui beni cinesi (inclusi i beni provenienti dalla Regione amministrativa speciale di Hong Kong e dalla Regione amministrativa speciale di Macao) come stabilito nell’Ordine esecutivo n. 14257 del 2 aprile 2025 e sospenderanno nuovamente l’applicazione della tariffa del 24% per 90 giorni a partire dal 12 agosto 2025, mantenendo al contempo la restante tariffa del 10% imposta su tali beni come stabilito nell’Ordine esecutivo.

2. La Cina continuerà a (i) modificare l’attuazione delle tariffe ad valorem sui beni statunitensi come previsto dall’annuncio della Commissione fiscale n. 4 del 2025, sospendendo la tariffa del 24% per altri 90 giorni a partire dal 12 agosto 2025, mantenendo al contempo la restante tariffa del 10% su tali beni; e (ii) adottare o mantenere le misure necessarie per sospendere o annullare le contromisure non tariffarie contro gli Stati Uniti, come concordato nella Dichiarazione congiunta di Ginevra.

Questa dichiarazione congiunta si basa sugli incontri svolti durante i Colloqui economici e commerciali di Stoccolma tra Cina e Stati Uniti.

I colloqui si sono svolti nell’ambito della Dichiarazione congiunta di Ginevra. Il rappresentante cinese era il Vice Primo Ministro He Lifeng, mentre i rappresentanti statunitensi erano il Segretario al Tesoro Scott Besant e il Rappresentante per il Commercio degli Stati Uniti Jamison Greer.

L'articolo Basta Dazi per 90 Giorni! Cina e USA raggiungono un accordo economico temporaneo proviene da il blog della sicurezza informatica.

La Johns Hopkins University nel Maryland si sta preparando ad aggiornare i suoi strumenti di wargame basati sull’intelligenza artificiale per aiutare il Pentagono a identificare i punti deboli degli avversari nei conflitti reali. Il lavoro, condotto presso l’ Applied Physics Laboratory (APL) dell’università , prevede l’aggiornamento di due sistemi, Generative Wargaming (GenWar) e Strategic AI Gaming Engine (SAGE), utilizzando dati proprietari per i programmi del Dipartimento della Difesa.

Il wargaming, utilizzato per mettere in pratica le decisioni in ambienti complessi e incerti, rimane uno strumento chiave per analizzare il comportamento umano in contesti complessi e incerti attraverso l’apprendimento esperienziale. Tuttavia, il wargaming tradizionale richiede facilitatori esperti e una progettazione complessa, il che riduce la velocità e la scalabilità del processo.

GenWar combina intelligenza artificiale generativa, modellazione, simulazione e competenze umane per creare ed eseguire scenari in pochi giorni anziché mesi, analizzare decine di futuri alternativi e concentrare gli esperti umani sugli scenari più significativi.

Secondo Andrew Mara, direttore del National Security Analysis Office dell’APL, il Pentagono è alla ricerca di soluzioni come questa da oltre un decennio. Ora, secondo lui, necessità e tecnologia si sono incontrate, e la combinazione di tecnologie all’avanguardia e un team esperto potrebbe cambiare la natura stessa del war gaming.

SAGE, attualmente in fase di beta testing con ex alti funzionari del Pentagono, fa un ulteriore passo avanti utilizzando l’intelligenza artificiale generativa per sostituire i giocatori umani. Questo gli consente di simulare più scenari, trovare risultati inaspettati e identificare schemi ricorrenti che potrebbero sfuggire all’attenzione umana.

James Miller, vicedirettore per le politiche e l’analisi dell’APL, ha osservato che il valore dell’intelligenza artificiale nel wargame sta nell’ampliare l’orizzonte delle possibili soluzioni, comprese quelle che gli esseri umani potrebbero non prendere in considerazione. Gli esperti possono quindi concentrarsi sui risultati chiave.

GenWar integra l’intelligenza artificiale non solo nel ciclo di gioco, ma anche nei processi di simulazione, consentendo agli utenti non tecnici di lavorare tramite un’interfaccia di chat. Analisti, pianificatori e operatori possono generare e valutare rapidamente decine di possibili linee d’azione, e il sistema fornisce una verifica fisica delle decisioni, ha spiegato APL.

APL ritiene che l’introduzione dell’intelligenza artificiale nei wargame consentirà a una più ampia gamma di specialisti di accedere a sofisticati strumenti analitici e di accelerare la preparazione a potenziali scenari di conflitto.

L'articolo Verso Skynet: la Johns Hopkins University migliora le simulazioni di guerra con l’intelligenza artificiale proviene da il blog della sicurezza informatica.

Uso spesso podcast e video di persone di madrelingua inglese per migliorare la conoscenza della lingua.

Mi piacerebbe restituire il favore.

Ho pensato che magari da qualche parte sul pianeta c'è qualcuno che studia italiano a cui potrebbe fare altrettanto comodo avere uno sparring partner, quindi non podcast e video ma vere conversazioni on-line (gratuite).

Non so da che parte partire per far arrivare la notizia a chi potrebbe essere interessato, voi come fareste?

The European Commission has launched a public consultation to gather your views about the impact of data retention rules in view of adoption of legislative and non-legislative measures at EU level. Here's EDRi's guide on how to answer the tricky consultation.

The post Public consultation on ”retention of data by service providers for criminal proceedings”. Answering guide for civil society organisations and individuals. appeared first on European Digital Rights (EDRi).

At first glance, [RobBest]’s constant current source looks old school. The box is somewhat old-fashioned, featuring switches and binding posts. Most importantly, there’s a large analog meter dominating the front panel. Then you notice the OLED display, and you know something’s up.

The device can source or sink a constant current. In addition, it features a timer that calculates milliamp-hours and automatically turns off when not in use. The brain is a PIC 16F1765, which controls the screen, the buttons, and a few relays. While that might seem an odd choice for the processor, it is actually smart. The device has both a DAC and an ADC, plus an internal op amp. The analog output and a single pass transistor control the current flow, while the two relays flip it between a source and a sink.

Without that op amp, the DAC can’t produce much current. However, by passing it through the onboard amplifier, the output can drive about 100 mA, which is sufficient for this project.

This is a classic circuit, but the addition of a CPU and a display gives it capabilities that would have been very difficult to build back in the day. Want to dive into the theory behind constant current sources? Or just the practical use of a voltage regulator to make one?

youtube.com/embed/ICQmpqh1azU?…

hackaday.com/2025/08/12/curren…

In California è stata intentata una causa contro Microsoft, accusandola di aver interrotto prematuramente il supporto per Windows 10 e di aver costretto gli utenti ad acquistare nuovi dispositivi. Il querelante, Lawrence Klein, residente a San Diego, sostiene che la decisione di interrompere gli aggiornamenti di sicurezza il 14 ottobre 2025 interesserà circa 240 milioni di computer in tutto il mondo, metà dei quali non sarà in grado di aggiornare a Windows 11 a causa dei rigidi requisiti hardware.

Secondo lui, ciò costringerà milioni di persone a pagare per un “supporto esteso” (da 30 dollari all’anno per i consumatori a 244 dollari all’anno per le aziende nel terzo anno) o a sostituire i dispositivi funzionanti, creando montagne di rifiuti elettronici ed esponendo i dati ad attacchi informatici.

La causa sostiene che Microsoft stia sfruttando la sua posizione dominante nel mercato dei sistemi operativi per promuovere una nuova linea di dispositivi con Windows 11 e un assistente AI integrato chiamato Copilot, che richiede unità di elaborazione neurale (NPU) avanzate.

Questo, secondo Klein, conferisce all’azienda un vantaggio competitivo nel mercato in rapida crescita dell’intelligenza artificiale generativa, limitando al contempo la scelta degli utenti e riducendo gli incentivi per i concorrenti.

Si rileva inoltre che il ciclo di supporto di Windows 10 è quasi dimezzato rispetto alle versioni precedenti del sistema operativo e che gli utenti non hanno ricevuto informazioni chiare sulla fine del supporto e sulle conseguenze al momento dell’acquisto dei dispositivi.

Oltre alle perdite finanziarie e ai problemi di compatibilità, Klein sottolinea i rischi per la sicurezza, anche per le organizzazioni che gestiscono dati sensibili. Chiede al tribunale di obbligare Microsoft a estendere il supporto gratuito per Windows 10 finché la base utenti non scenderà al di sotto di una soglia ragionevole, oppure di allentare i requisiti per Windows 11 e richiedere la divulgazione obbligatoria dei periodi di supporto e dei rischi associati al momento della vendita dei dispositivi.

L'articolo Microsoft sotto accusa in California per la fine del supporto di Windows 10 proviene da il blog della sicurezza informatica.

Perché non riusciamo a staccarci dagli schermi, anche quando abbiamo trovato quello che cercavamo? Perché continuiamo a scorrere i feed senza pensarci mentre il tempo vola? Gli scienziati stanno cercando risposte a queste domande, e forse le scimmie con gli iPad possono aiutarci.

In un esperimento condotto presso l’Istituto Centrale Giapponese di Medicina Sperimentale e Scienze della Vita, 14 scimmie sono state messe in una gabbia con tablet per 10 minuti. Sullo schermo sono stati mostrati contemporaneamente nove brevi video muti di diverse specie di primati. Se l’animale toccava uno dei video, questo si espandeva fino a riempire l’intero schermo e gli altoparlanti riproducevano il caratteristico verso delle scimmie.

Queste “sessioni di addestramento” sono state condotte due o tre volte a settimana per due mesi. L’obiettivo dell’esperimento non era confrontare esseri umani e scimmie tramite schermi, ma verificare se questi animali potessero essere utilizzati come modello per studiare l’apprendimento e gli effetti degli stimoli visivi e uditivi sul comportamento. In altre parole, se avrebbero percepito suoni e immagini come ricompense, come accade con un frutto.

I risultati sono stati promettenti. Secondo gli autori, l’esperimento ha dimostrato che il comportamento delle scimmie davanti al touchscreen poteva essere modellato e mantenuto utilizzando stimoli audiovisivi. Entro la fine dei due mesi, otto animali su dieci inclusi nell’analisi finale toccavano costantemente lo schermo, indicando un’associazione consolidata con la “ricompensa”.

Ma ciò che è stato particolarmente interessante è stata la fase successiva, il test di “estinzione”.

I ricercatori hanno disattivato la ricompensa: quando veniva toccato, lo schermo rimaneva scuro e l’audio non si attivava. Le quattro scimmie non hanno ridotto la loro attività e hanno continuato a toccare lo schermo. Questo potrebbe significare che il semplice cambiamento nell’immagine, anche minimo, può mantenere vivo l’interesse, il che in qualche modo spiega perché possiamo scorrere TikTok per ore senza avere la sensazione di aver ricevuto qualcosa di prezioso.

I ricercatori sottolineano che questo modello potrebbe aiutare a comprendere meglio come si forma e si mantiene la dipendenza delle persone dagli schermi e cosa influenza lo sviluppo della dipendenza dagli stimoli audiovisivi.

Il lavoro è stato pubblicato sull’International Journal of Comparative Psychology.

L'articolo Così le scimmie con i tablet svelano i segreti della nostra ossessione per gli smartphone proviene da il blog della sicurezza informatica.

Modern competitive games have a great deal of anti-cheat software working to make sure you can’t hack the games to get a competitive advantage. [Kamal Carter] decided to work around this by building a physical aimbot for popular FPS Valorant.

The concept is straightforward enough. [Kamal] decided to hardmount an optical mouse to a frame, while moving a mousepad around beneath it with an off-the-shelf Cartesian CNC platform, but modified to be driven by DC motors for quick response. This gave him direct control over the cursor position which is largely undistinguishable from a human being moving the mouse. Clicking the mouse is achieved with a relay. As for detecting enemies and aiming at them, [Kamal] used an object detection system called YOLO. He manually trained the classifier to detect typical Valorant enemies and determine their position on the screen. The motors are then driven to guide the aim point towards the enemy, and the fire command is then given.

The system has some limitations—it’s really only capable of completing the shooting range challenges in Valorant. The vision model isn’t trained on the full range of player characters in Valorant, and it would prove difficult to use such a system in a competitive match. Still, it’s a neat way to demonstrate how games can be roboticized and beaten outside of just the software realm. Video after the break.

youtube.com/embed/fr02fxc-5jo?…

hackaday.com/2025/08/11/physic…

Un nuovo schema per distribuire codice dannoso camuffato da immagini .svg è stato scoperto su decine di siti di contenuti per adulti stranieri. Come hanno scoperto gli esperti di Malwarebytes, gli aggressori incorporano codice JavaScript offuscato in tali file che, una volta cliccati, avviano una catena nascosta di script che termina con il download di Trojan.JS.Likejack.

Questo malware clicca silenziosamente sul pulsante “Mi piace” su un post predefinito di Facebook se la vittima ha un account aperto sul social network in quel momento. In questo modo, le pagine con contenuti espliciti ottengono maggiore visibilità e visibilità grazie ai browser compromessi.

SVG (Scalable Vector Graphics) si differenzia dai consueti .jpg e .png in quanto memorizza i dati come testo XML. Questo consente di ridimensionare l’immagine senza perdere qualità, ma consente anche di incorporare HTML e JavaScript al suo interno. Questa funzionalità ha da tempo attirato gli aggressori, poiché apre la strada ad attacchi XSS , HTML injection e attacchi DoS. In questo caso, gli autori dei file dannosi hanno utilizzato una tecnica JSFuck modificata, che codifica JavaScript in un set di caratteri, rendendo difficile l’analisi.

Dopo la decodifica iniziale, lo script carica nuovi frammenti di codice, anch’essi nascosti all’analisi. La fase finale dell’attacco è l’interazione forzata con gli elementi di Facebook, che viola le regole della piattaforma. Facebook blocca tali account, ma gli autori dello schema tornano rapidamente con nuovi profili.

Tecniche simili sono già state osservate in precedenza. Nel 2023, gli hacker hanno utilizzato il tag .svg per sfruttare una vulnerabilità XSS nel client web Roundcube e, nel giugno 2025, i ricercatori hanno registrato attacchi di phishing con una falsa finestra di accesso Microsoft, aperta anch’essa da un file SVG.

Malwarebytes ora collega i casi identificati a decine di siti WordPress che distribuiscono contenuti dannosi in modo simile.

L'articolo Malware nascosto nelle immagini SVG nei siti per adulti: il nuovo schema per nascondere Trojan proviene da il blog della sicurezza informatica.

Pechino ha annunciato un pacchetto di misure di supporto per i robot umanoidi alla World Robot Conference (WRC) 2025, con l’obiettivo di raggiungere una capacità produttiva annuale di 10.000 unità entro il 2027. La nuova politica comprende iniziative volte ad ampliare gli scenari reali da parte dei robot e ampi sussidi che copriranno l’intera catena del valore della produzione di robot umanoidi.

Nell’ambito dell’iniziativa, hanno fatto parlare il Robomall, descritto come un negozio di robot 4S, e il Robot Restaurant aperto a Pechino. I locali sono progettati per creare canali di vendita per i robot e, al contempo, offrire al pubblico l’opportunità di interagire con la tecnologia.

Morgan Stanley ha affermato in una nota: “Riteniamo che il continuo sostegno del governo sarà fondamentale per accelerare l’adozione in Cina e affermare la leadership della Cina nel settore dei robot intelligenti su scala globale”.

Le iniziative della capitale rappresentano un passo significativo negli sforzi della Cina per diventare leader mondiale nella tecnologia e nella produzione di robot umanoidi.

Le misure annunciate a Pechino segnano un’accelerazione strategica nella corsa alla leadership globale nel settore dei robot umanoidi. Con obiettivi produttivi ambiziosi, sussidi estesi e iniziative concrete, la capitale cinese sta creando un ecosistema in cui industria, ricerca e consumatori possono interagire in maniera diretta, riducendo la distanza tra sviluppo tecnologico e applicazione pratica.

Se queste politiche avranno successo, la Cina non solo potrà consolidare il proprio vantaggio competitivo, ma potrebbe anche ridefinire il panorama mondiale della robotica intelligente.

Il sostegno governativo, unito a un’adozione più rapida in scenari reali, potrebbe trasformare i robot umanoidi da curiosità tecnologiche a componenti centrali della vita quotidiana e dell’economia globale.

L'articolo La Cina punta sui robot umanoidi! Un pacchetto di misure in arrivo per 10.000 unità entro il 2027 proviene da il blog della sicurezza informatica.

Generally, you think that if you pay more for something, it must be better, right? But that’s not always true. Even if it is true at the lower end, sometimes premium brands are just barely better than the midrange. [Project Farm] looks at a bunch of different calipers — a constant fixture around the shop if you do any machining, 3D printing, or PCB layout. The price range spans from less than $10 for some Harbor Freight specials to brands like Mitutoyo, which cost well over $100. Where’s the sweet spot? See the video below to find out.

The first part of the video covers how much the units weigh, how smooth the action is, and how much force it takes to push it down. However, those are not what you probably care most about. The real questions are how accurate and repeatable they are.

If you just want a summary of the first part of the video, skip to the ten minute mark. The table there shows that the three instruments that have the most consistent force on the slide range in price from $27 to $72. The $454 pair (which, to be fair, included a micrometer) was number six by that measure. The smoothness factor, which is somewhat subjective, came in favor of the most expensive pair, but there was a $25 caliper that was nearly as good in the number two slot.

Using a calibration block and some special techniques, he attempts to see how accurate they all are. We wish he’d used millimeters instead of inches, but in the inch range, none of them are bad. Only one set had a real problem of not making consistent readings.

If you want to jump right to the tables again, jump to the 17:20 mark. With two exceptions, they were all mostly accurate and fell into three groups. We wondered if there are three different chipsets involved. The cheapest caliper in the first group cost $27 and was as good as the expensive Mitutoyo. The second group ranged from $18 to as much as $40 and were only 0.000675 inches (only 0.017145 mm) off from the higher group.

Which was the best? That table is at about the 18:00 minute mark. In all fairness, the best, by his estimation, did cost $144, so it was the second most expensive set in the review. But that’s still cheaper than the Mitutoyo, which placed third. The fourth-place set was good, too, and came in at $27. For a few bucks less, the sixth-place caliper was also good.

Do you know how to do all the measurements your calipers are capable of? Ever wonder what’s inside those things? We did too.

youtube.com/embed/z5KtKAee0jw?…

hackaday.com/2025/08/11/calipe…