IT'S MONDAY, AND THIS IS DIGITAL POLITICS. I'm Mark Scott, and I bring you an exclusive first look at the latest Star Wars epic coming to a cinema near you later this year.

— The United States has a deal to shift ownership of TikTok's US unit to American owners — or does it?

— Some of the biggest social media companies are speaking out of both sides of their mouths when it comes to online safety.

— Artificial intelligence is expected to boost global trade by at least a third by 2040, according to estimates from the World Trade Organization.

Let's get started

digitalpolitics.co/newsletter0…

If you read “Jenny’s Daily Drivers” or “Linux Fu” here on Hackaday, you know we like Linux. Jenny’s series, especially, always points out things I want to try on different distributions. However, I have a real tendency not to change my distro, especially on my main computer. Yet I know people “distro hop” all the time. My question to you? How do you do it?

The Easy but Often Wrong Answer

Sure, there’s an easy answer. Keep your /home directory on a separate disk and just use it with a new boot image. Sounds easy. But the truth is, it isn’t that easy. I suppose if you don’t do much with your system, that might work. But even if you don’t customize things at the root level, you still have problems if you change desktop environments or even versions of desktop environments. Configuration files change over time. Good luck if you want to switch to and from distros that are philosophically different, like systemd vs old-school init; apparmor vs SELinux. So it isn’t always as simple as just pointing a new distro at your home directory.

One thing I’ve done to try out new things is to use a virtual machine. That’s easy these days. But it isn’t satisfying if your goal is to really switch to a new distro as your daily driver.

The Reason

Not a cuddly logo, but a good distro nonetheless.
The reason this came up is that I generally like KDE and was using Kubuntu for a number of years. They tend to lag a bit on the KDE desktop, so when KDE came out with Neon, I was sold. However, since they were both based on Ubuntu/Debian, there was a mostly working upgrade path to convert a Kubuntu installation to Neon.

Fast forward to today. Neon has been suffering lately. I hear there is one volunteer keeping it running. KDE has decided to shift focus to a new distro that does things I’m not crazy about (immutable system; Wayland). So it was time to hop again.

I’d heard that OpenSUSE was good at keeping up with KDE, and the rolling release of Tumbleweed appeals to me. So I made the switch.

The Hard Way

I am in no way suggesting you do this. It was a bad idea, and while it worked, it was a lot of effort. Even so, it only worked because I have way more disk storage than I need: my root file system is way under 3 TB, and I have about 9 TB of RAID as my primary hard drive. Of course, you should be backed up. But if you’ve ever had to restore from a backup, you know that’s no fun. Better to have it and not need it.

So what did I do? I used kvm to stand up a virtual machine, and then I installed Tumbleweed on it. I turned off the btrfs features since I didn’t plan to use them. Then I set about matching my Neon desktop. All the KDE settings. All the strange systemd services and timers I have set up. The systems I use to run my own dynamic DNS. As much of everything as I could think of.

I got to the point where working in the VM was comfortable. My browsers and all my other tools were ready and configured.

You know I forgot something. I knew too, so I wanted to save things for reference. First, I booted from a live image and made a copy of my entire root file system under /NEON. Then I rebooted and created a new virtual machine and booted a “live” ISO file on it.

A Hard Day’s Night

The next step was to copy the snapshot of the /NEON directory into the VM. Sure, I could have used LVM snapshots or, if I were still using btrfs, a snapshot from that. But I have plenty of disk space, especially after pruning off some very large directories from the copy.

The key to this, by the way, is using the nbd program to mount the VM’s disk image. You do need the nbd module loaded, if you have it as a module, and then you export it using nbd. From there, you get a device you can mount just like any other. I’d explain it, but you really shouldn’t be taking this as instructions. Still, if you need to do it, [shamil] has a good, concise explanation.

Of course, the new VM won’t boot. You have to bind mount all the running directories (like /run and /proc) to the right mountpoint and then chroot into the mounted file system. Once there, you can rebuild your init image and run grub. After that, you should be able to boot into the old Neon system in the new VM.

The Beauty of It…

It has been a while since I’ve installed Linux from a CD, but you still have an ISO file.
So at this point, I had not made any changes to my main OS. I had a copy of it for backup purposes, and I was able to boot into a clone of it using a VM. I could also boot into the target system with a different VM.

The next step was to boot to a live image again and nuke nearly everything on the root file system except for /NEON, and the VMs, of course, which were on separate drives.

I thought about running the Tumbleweed installer and then copying files from the VM, but instead I decided to just do it by hand. I copied the files from the new VM over to the real root drive, using nbd again. Then I had to do the whole bind/mount/chroot/reinstall steps again.

Did It Boot?

It did, in fact, boot up. There were a few glitches, mostly due to self-inflicted problems. When I restored some large directories and some SSD-based temporary directories, I created some SELinux problems that were fun to track down. I had, of course, forgotten a few things installed deeply, too. But that wasn’t a problem. I could still go grab stuff from /NEON or even boot the Neon install up in the VM to compare things.

I am about to the point where I will delete the extra copies of things. I’ve already released the Tumbleweed VM. But it occurs to me: I won’t do this again. That leads to my question for you. If you distro hop, how do you do it? Let us know in the comments. Then again, current thinking is to have a minimal system and then put everything in its own container anyway.

Again, I beg you, don’t follow my example. This was way too much work and risk. But I’m also crazy enough to relocate /usr.

hackaday.com/2025/09/29/ask-ha…

If there’s one thing that has come to define the generations after the baby boom, it’s probably nostalgia. It’s heavily marketed and weaponized by the market: yearning for better, simpler times seems to be a core thread of the consumer economy these days. [Makerneer] combined his xilennial love of LEGO bricks with the flat tires on his log splitter to produce a 10″ TPU tyre will never go flat, and provide a dopamine release every time he sees it.

The tyre is a custom model to fit his particular rims, but he does provide STEP and F3D files if you’d like to try modifing it for your own purpose — they’re at Step 6 of the Instructable. Props to [Makerneer] for truly open-sourcing the design instead of just tossing STL files online. His build log also takes the time to point out the ways he had to modify the LEGO tyre profile to make it amenable to 3D printing: notably chamfering some of the tread pattern to eliminate bridging, which is a bit of a no-no with TPU.

As you can see in the (unfortunately vertical) demo video below, it’s a bit quite a bit squishier than a regular run-flat tyre, but that was part of [Makerneer]’s design goal. He didn’t like how rigid the non-pneumatic tyres he’d tried were, so endevoured to design something himself; the whole LEGO thing was just for fun. If you wanted to replicate this tyre with a bit less skoosh, you need only tune the infill on your print.

While only time will tell how long this LEGO-inspired add-on will continue adding whimsy to [Makerneer]’s log-splitting, we have tests to show it will outperform any other plastic he might have printed. This project is probably more practical than a 3D printed bicycle tyre, which doesn’t even have the side benefit of whimsy.

youtube.com/embed/_iNaEs9MEEw?…

hackaday.com/2025/09/29/10-leg…

I think most of us who make or build things have a thing we are known for making. Where it’s football robots, radios, guitars, cameras, or inflatable textile sculptures, we all have the thing we do. For me that’s over the years been various things but has recently been camera hacking, however there’s another thing I do that’s not so obvious. For the last twenty years, I’ve been interested in computational language analysis. There’s so much that a large body of text can reveal without a single piece of AI being involved, and in pursuing that I’ve created for myself a succession of corpus analysis engines. This month I’ve finally been allowed to try one of them with a corpus of Hackaday articles, and while it’s been a significant amount of work getting everything shipshape, I can now analyse our world over the last couple of decades.

The Burning Question You All Want Answered

Battle of the Boards, over the decades.
A corpus engine is not clever in its own right, instead it will simply give you straightforward statistics in return for the queries you give it. But the thing that keeps me coming back for more is that those answers can sometimes surprise you. In short, it’s a machine for telling you things you didn’t know. To start off, it’s time to settle a Hackaday trope of many years’ standing. Do we write too much about Arduino projects? Into the engine goes “arduino”, and for comparison also “raspberry”, for the Raspberry Pi.

What comes out is a potted history of experimenter’s development boards, with the graph showing the launch date and subsequent popularity of each. We’re guessing that the Hackaday Arduino trope has its origins in 2011 when the Italian board peaked, while we see a succession of peaks following the launch of the Pi in 2012. I think we are seeing renewals of interest after the launch of the Pi 3 and Pi 4, respectively. Perhaps the most interesting part of the graph comes on the right as we see both boards tail off after 2020, and if I had to hazard a guess as to why I would cite the rise of the many cheap dev boards from China.

The Perils Of The Corpus Maintainer

The astute among you might wonder why the figures on the graph above are not higher, because surely we have featured more Arduino or Raspberry Pi projects than that. And here we touch on a problem faced by anyone working with data. It comes down to this: are we looking at spotting the trends from the data, or absolute figures? When I built this corpus, I had to make two choices, one over how much I was allowed to stress Hackaday’s infrastructure, and the other in how much computing power and physical storage space I was prepared to give the project on my bench. I lack a computing cloud for my work, instead I have to rely on silicon and spinning rust I own, and to that there’s a finite limit.

Thus in building this corpus I reasoned that the more important words pertaining to each story would be nearer the start, and restricted myself to the title and first paragraph of each Hackaday piece, or about a hundred words. It’s definitely enough for trend analysis, but for obvious reasons if the word you are looking for is way down in the third or fourth paragraph, you’ll be disappointed. Furthermore if this technique angers you, don’t look too closely at how your oscilloscope samples higher frequency waveforms.

World Events Playing Out On Our 3D Printers

We’re not a world news site, but there are times when events intrude upon our world. Perhaps the greatest of these was the COVID pandemic, when for many people the world stopped. Hackaday kept going, but unsurprisingly there was a lot of discussion of the pandemic and the projects which surrounded it.

Do you remember the period in which governments were in a panic about not having enough ventilators? We had quite a few stories on the subject at the time, and they appear in the corpus. Fortunately it was pretty soon understood that home made ventilators would be dangerous so we were right to be cautious covering such projects.

Language Evolving Before Our Very Eyes

Rise Of The Retrocomputers!
When I started on my corpus software projects, I was interested in the relationships between words because I had spent a while working in the search engine business. Later on I became interested in using the same techniques to spot trends in news content which is what has sustained my interest, but there’s another use for these techniques.

In the dictionary business, lexicographers use corpus engines to track developments in language, and we can see that in action in Hackaday too. When did you first hear the term “Retrocomputer”? We’ve all been fooling around with old computers for years now, but in our corpus it first appeared in 2012. Since then it’s had a few ups and downs, but it remains on an upward trajectory. For the graph I combined all the various forms of the word, “retrocomputer”, “retrocomputing”, and so on.

So What’s Under The Hood?

Computers are not clever in themselves, they are merely very good at repetitively doing something you tell them to, for many hours without complaint. In this case, my computer is analysing and indexing a large body of text, and the way I’m doing it was arrived at over quite a few iterations. It’s a product of the hardware I had when i started work on it, an Intel Core laptop which was quite flashy for the mid-2000s, and then later a pair of always-on Raspberry Pi boards with USB hard drives. My problem was that if I tried to use any of the available databases to store my index they would quickly become unusable due to its immense size, so I arrived at a technique using flat files instead.
We Brits only use the word “soccer” when Americans play it. From my UK news corpus, not from Hackaday.
You can run a version of my software yourself, it can be found in my GitHub repository. The processing script takes the text and splits it into sentences and words, then stores frequency and collocate data as a huge tree of small JSON files on a hard disk volume, the reasoning being that the filesystem is an extremely fast way to retrieve data categorised by directory and filename.

The version I’ve used only deals in single word phrases, but other versions have extended the directory tree based index to support multi-word phrases. You can also plumb in a part-of-speech tagger if you wish. The result is a fully functional corpus engine that can run on an original Raspberry Pi 1, not bad considering that it can mine multi-million-word corpora in an instant. Mine has the task of continually updating a corpus of news data, allowing me to watch events unfold in real time.

Now. Over To You

I have spent a lot of time over the last month getting the Hackaday corpus together and ready for analysis, and then more time gathering the data for and writing this story. I’ve only been able to show you a small amount of what’s in this trove of data, so perhaps there are trends you’d like to see explored. Use the comments below to request, and maybe I can show them in a follow-up.

hackaday.com/2025/09/29/two-de…

These days, you rarely have to build your own Linux kernel. You just take what your distribution ships, and it usually works just fine. However, [Andrei] became enamored with a friend’s cyberdeck and decided that he’d prefer to travel with a very small laptop. The problem is, it didn’t work well with a stock kernel. So, time to build the kernel again.

Of course, he tried to simply install Linux. The installer showed a blank screen. You might guess that you need to add ‘nomodeset’ to the kernel options. But the screen was still a bit wacky. [Andrei] likens troubleshooting problems like this to peeling an onion. There are many layers to peel back, and you are probably going to shed some tears.

He did turn to ChatGPT for some help, but found there were many hallucinations, so it was sometimes helpful and sometimes not. What follows is a detective story with many twists and turns.

He finally decided he needed a custom kernel and had to learn the steps. If you haven’t done it, it really isn’t that hard. If you are trying to get “close” to another existing kernel, you can read /proc/config.gz to get a list of how the person who built your kernel set it up (even if that someone was you).

The custom kernel worked. Sort of. The screen finally turned on, but it was rotated 90 degrees. Not too convenient. A few more options paid off. Along the way, he mentions a few common debugging procedures, like divide and conquer or testing kernels on a virtual machine before moving to real hardware.

The culprit turned out to be an errant video module. But… there was still no sound or touchpad. That caused even more detective work that uncovered some confusing documentation. At the end, he has a mostly working machine, although he didn’t have sleep mode, and the machine tends to run hot. He’s ok with that. We often find that we have similar problems with things like orientation sensors, although the situation is improving.

Of course, building the kernel is a far cry from writing new code for it. If you want to get your feet wet, maybe start with an old version. You can even find some automation scripts that help you get straight to debugging your code.

youtube.com/embed/6iqRg_rB6lQ?…

hackaday.com/2025/09/29/mini-l…

I ricercatori di WatchTowr Labs hanno segnalato attacchi attivi a una vulnerabilità di elevata gravità nel sistema di gestione del trasferimento file GoAnywhere MFT di Fortra. Il problema, identificato come CVE-2025-10035, è un errore di deserializzazione nel componente License Servlet che consente l’iniezione di comandi non autenticati. Lo sfruttamento richiede una risposta di licenza contraffatta con una firma valida.

Fortra ha informato i propri clienti dell’interruzione il 18 settembre, ma ne è venuta a conoscenza circa una settimana prima e non ha specificato come avesse ricevuto l’informazione o se fosse già a conoscenza dell’exploit.

Nel frattempo, un rapporto di WatchTowr cita “conferme attendibili” di attacchi a partire dal 10 settembre, otto giorni prima della pubblicazione dell’avviso ufficiale. Per questo motivo, i ricercatori hanno sollecitato un cambiamento nella valutazione del rischio e il riconoscimento del fatto che gli aggressori spesso sfruttano i bug molto prima che vengano emessi gli avvisi di sicurezza.

L’analisi delle tracce di hacking ha rivelato che, dopo aver sfruttato la vulnerabilità, gli aggressori hanno eseguito comandi sul server senza autorizzazione, creato un account amministratore nascosto chiamato “admin-go” e lo hanno utilizzato per creare un utente web con diritti di accesso legittimi.

Questo utente ha quindi scaricato e avviato componenti aggiuntivi. Tra i file scoperti c’erano “zato_be.exe” e “jwunst.exe”. Quest’ultimo è un binario legittimo per il programma di amministrazione remota SimpleHelp, ma in questo caso è stato utilizzato per il controllo persistente sui sistemi infetti.

Gli aggressori hanno anche eseguito il comando “whoami/groups”, salvando i risultati in un file chiamato test.txt per una successiva trasmissione. Ciò ha permesso loro di determinare i privilegi dell’utente corrente e di mappare i percorsi all’interno dell’infrastruttura.

Al momento della pubblicazione, Fortra non aveva ancora commentato i risultati di WatchTowr. Il fornitore ha rilasciato correzioni nella versione corrente 7.8.4 e nel ramo di supporto 7.6.3. Si consiglia vivamente agli specialisti di aggiornare i propri sistemi e, come misura temporanea, di limitare l’accesso a Internet alla console di amministrazione. Inoltre, lo sviluppatore consiglia di controllare i log per individuare eventuali errori contenenti la stringa “SignedObject.getObject”, che potrebbe indicare tentativi di exploit.

L'articolo Vulnerabilità critica in GoAnywhere MFT di Fortra: CVE-2025-10035 proviene da il blog della sicurezza informatica.

Nel mercato del lavoro IT si stanno verificando tendenze allarmanti. Sempre più laureati in informatica non riescono a trovare lavoro, nemmeno con il salario minimo.

Un tempo, una laurea in informatica era considerata un lasciapassare per una carriera ben retribuita con prospettive di rapida ascesa. Ma i licenziamenti di massa nelle principali aziende tecnologiche, insieme all’introduzione di nuovi strumenti che eliminano la necessità di conoscenze tecniche approfondite, hanno cambiato radicalmente le regole del gioco.

Le storie dei giovani professionisti sono demoralizzanti. Un laureato dell’Università dell’Oregon ha dichiarato di aver inviato quasi seimila curriculum e di aver sostenuto tredici colloqui in due anni, senza mai ricevere una sola offerta. È stato persino rifiutato da una catena di fast food perché non aveva “l’esperienza richiesta“.

Alcuni hanno affermato di aver fatto domanda per centinaia, e in diversi casi migliaia, di posizioni lavorative nel settore tecnologico presso aziende, organizzazioni non profit ed enti governativi. Ma molti laureati in informatica hanno affermato che la loro ricerca di lavoro, durata mesi, si è spesso conclusa con una profonda delusione o, peggio, con aziende che li hanno abbandonati.

Zach Taylor ha dichiarato al New York Times che, da quando si è laureato nel 2023 in informatica presso l’Oregon State University, ha presentato domanda per quasi 6.000 posizioni lavorative nel settore tecnologico, ed è stata una delle “esperienze più demoralizzanti che abbia mai dovuto affrontare”.

Taylor non è l’unica. Secondo il sito indipendente di monitoraggio dei licenziamenti Layoffs.fyi, nel 2024 sono stati licenziati oltre 150.000 dipendenti del settore tecnologico in 551 aziende tecnologiche. Al momento della stesura di questo articolo, nel 2025 erano stati licenziati 88.964 dipendenti del settore tecnologico in 199 aziende tecnologiche.

In questo contesto, molti studenti e giovani professionisti stanno iniziando a mettere in discussione la professione scelta. Secondo i sondaggi, un terzo dei laureati ritiene che la propria formazione sia stata uno spreco di denaro e metà della Generazione Z si pente della specializzazione scelta.

Grandi aziende tecnologiche come Amazon, Google, Meta, Lenovo e Intel hanno licenziato una parte considerevole della loro forza lavoro nel 2024, e i licenziamenti continueranno anche nel 2025. Microsoft, ad esempio, ha annunciato a luglio che taglierà altri 9.000 dipendenti dopo una
serie di licenziamenti avvenuti all’inizio di quest’anno.

Sebbene l’idea alla base dell’intelligenza artificiale fosse quella di automatizzare le attività manuali e aiutare i lavoratori a concentrarsi su attività a maggior valore aggiunto, alcuni lavoratori temono che li sostituirà completamente, e questo sta già accadendo.

Tuttavia, gli esperti sottolineano che la domanda di specialisti non scomparirà del tutto.

Nei prossimi anni, saranno richiesti esperti in sicurezza informatica, tecnologie cloud e analisi dei dati. Inoltre, il mercato attribuisce sempre più importanza non solo al diploma, ma anche alle competenze pratiche, comprovate da corsi, tirocini e progetti pratici.

Mentre i laureati si chiedono se l’era degli stipendi a sei cifre nel settore IT sia finita, il mercato del lavoro si sta ristrutturando e nuove regole impongono ai professionisti di essere molto più flessibili e disposti ad apprendere nel corso della loro vita.

L'articolo Laureati in informatica senza futuro! Migliaia di CV ignorati e addio stipendio a 6 cifre proviene da il blog della sicurezza informatica.

Il Dipartimento di Giustizia degli Stati Uniti ha ricevuto l’autorizzazione del tribunale per condurre un’ispezione a distanza dei server di Telegram nell’ambito di un’indagine sullo sfruttamento minorile. La mozione del pubblico ministero ha affermato che questa misura era necessaria a causa del rifiuto dell’azienda di collaborare con le forze dell’ordine e di rispondere alle indagini ufficiali.

Il giudice ha concesso l’autorizzazione all’utilizzo di una tecnica di accesso remoto specializzata che consente di inviare una serie di richieste ai server di Telegram. Queste richieste costringono il sistema a restituire informazioni sull’account di destinazione, inclusi messaggi e dati associati.

La decisione è stata riportata da CourtWatch, citando documenti del tribunale; tuttavia, i link diretti non sono stati inclusi nella notizia perché i documenti contengono informazioni personali identificabili.

Secondo il documento, le informazioni scaricate devono essere archiviate sul dispositivo dell’investigatore all’interno della giurisdizione in cui si svolge il processo.

È stato inoltre sottolineato che non saranno effettuati ulteriori tentativi di accesso all’account senza un’ordinanza separata del tribunale. Pertanto, si tratta di un accesso remoto una tantum all’infrastruttura di Telegram allo scopo di scaricare la corrispondenza e altro materiale necessario per il caso.

Questo caso è un esempio lampante di come le autorità statunitensi utilizzino l’accesso diretto a server stranieri per ovviare alla mancanza di collaborazione dell’azienda.

Tali azioni stanno accendendo il dibattito sulla portata dell’autorità delle agenzie di intelligence, sulla giurisdizione transfrontaliera e sulle implicazioni per gli utenti di app di messaggistica che si dichiarano immuni al controllo esterno.

L'articolo Gli USA vogliono hackerare Telegram! Il caso che fa discutere di privacy e giurisdizione proviene da il blog della sicurezza informatica.

Windows 7 è stato uno tra i migliori sistemi operativi di casa Microsoft, e moltissimi ne decantano ancora oggi le doti di stabilità. Ma Microsoft ha interrotto il supporto di questo prodigio dei sistemi operativi da gennaio 2020.

Secondo le statistiche di Statcounter aggiornate a settembre 2025, il sistema operativo Windows 7, da tempo fuori produzione, ha raddoppiato la sua quota di mercato tra i sistemi operativi Microsoft negli ultimi due mesi.

Nel frattempo, la quota di mercato di Windows 11 è cresciuta notevolmente, trainata dai nuovi acquisti di PC e dalle migrazioni dal precedente Windows 10, il cui supporto terminerà a ottobre 2025.

Secondo StatCounter, la quota di mercato globale di Windows 11 ha superato quella di Windows 10 nel luglio 2025. A settembre, la sua quota di utilizzo era del 50,74%, rispetto al 43,09% di Windows 10.

Illustrazione: Statcounter

Lanciato nel 2009, Windows 7 ha mantenuto la sua quota di mercato per gran parte dell’anno, fino ad agosto. Il suo utilizzo è cresciuto dal 2,02% di luglio al 3,59% di agosto. E a settembre aveva raggiunto un “rivoluzionario” 5,2%.

Naturalmente, questo non significa che gli utenti di Windows 10 stiano passando in massa a Windows 7 invece di aggiornare a Windows 11. Qualunque siano i fattori che determinano l’aumento di popolarità di Windows 7, i numeri sono impressionanti, soprattutto considerando che Microsoft ha interrotto il supporto per il sistema operativo a gennaio 2020.

L'articolo Mentre Windows 10 va in pensione Windows 7 raddoppia le installazioni in due mesi proviene da il blog della sicurezza informatica.

Steve, Joe and James discuss HorizonMass/BINJ effort to use public records requests to determine if the drones over the Boston Dominican Parade and Caribbean Carnival were owned by the Boston Police Department. We also discussed the Trump administration’s recent efforts to censor free speech and an ex-Florida sheriff’s deputy attempt to spread disinformation from Russia.
youtube.com/embed/rHy8jXfhQVw?…
Sign up to our newsletter to get notified of new events or volunteer. Join us on:

• Mastodon;
• Facebook;
• Blue Sky;
• Twitter.

Some links we mentioned:

• Our Administrative Coup Memory Bank;
• Our Things to Do when Fascists are Taking Over;
• Did The BPD Fly A Surveillance Drone Over The Dominican Parade? They Won’t Tell Us.
• Disney Plus Subscribers Quit in Droves Over Jimmy Kimmel Axe;
• 2025 shootings of Minnesota legislators;
• Russian fake-news network, led by an ex-Florida sheriff’s deputy, storms back into action with 200+ new sites.

Image Credit: CC-By-2.0 image via Wikipedia Commons by Maurizio Pesce.

masspirates.org/blog/2025/09/2…