100-Year Old Wagon Wheel Becomes Dynamometer
If you want to dyno test your tuner car, you can probably find a couple of good facilities in any nearby major city. If you want to do similar testing at a smaller scale, though, you might find it’s easier to build your own rig, like [Lou] did.
[Lou’s] dynamometer is every bit a DIY project, relying on a 100-year-old wagon wheel as the flywheel installed in a simple frame cobbled together from 6×6 timber beams. As you might imagine, a rusty old wagon wheel probably wouldn’t be in great condition, and that was entirely true here. [Lou] put in the work to balance it up with some added weights, before measuring its inertia with a simple falling weight test. The wheel is driven via a chain with a 7:1 gear reduction to avoid spinning it too quickly. Logging the data is a unit from BlackBoxDyno, which uses hall effect sensors to measure engine RPM and flywheel RPM. With this data and a simple calibration, it’s possible to calculate the torque and horsepower of a small engine hooked up to the flywheel.
Few of us are bench testing our lawnmowers for the ultimate performance, but if you are, a build like this could really come in handy. We’ve seen other dyno builds before, too. Video after the break.
youtube.com/embed/61-e-HK6HdU?…
Half-good new Danish Chat Control proposal
Denmark, currently presiding over the EU Council, proposes a major change to the much-criticised EU chat control proposal to search all private chats for suspicious content, even at the cost of destroying secure end-to-end encryption: Instead of mandating the general monitoring of private chats (“detection orders”), the searches would remain voluntary for providers to implement or not, as is the status quo. The presidency circulated a discussion paper with EU country representatives today, aiming to gather countries’ views on the updated (softened) proposal. The previous Chat Control proposal had even lost the support of Denmark’s own government.
“The new approach is a triumph for the digital freedom movement and a major leap forward when it comes to saving our fundamental right to confidentiality of our digital correspondence”, comments Patrick Breyer (Pirate Party), a former Member of the European Parliament and digital freedom fighter. “It would protect secure encryption and thus keep our smartphones safe. However, three fundamental problems remain unsolved:
1) Mass surveillance: Even where voluntarily implemented by communications service providers such as currently Meta, Microsoft or Google, chat control is still totally untargeted and results in indiscriminate mass surveillance of all private messages on these services. According to the EU Commission, about 75% of the millions of private chats, photos and videos leaked every year by the industry’s unreliable chat control algorithms are not criminally relevant and place our intimate communication in unsafe hands where it doesn’t belong. A former judge of the European Court of Justice, Ninon Colneric (p. 34-35), and the European Data Protection Supervisor (par. 11) have warned that this indiscriminate monitoring violates fundamental rights even when implemented at providers’ discretion, and a lawsuit against the practice is already pending in Germany.
The European Parliament proposes a different approach: allowing for court orders mandating the targeted scanning of communications, limited to persons or groups connected to child sexual abuse. The Danish proposal lacks this targeting of suspects.
2) Digital house arrest: According to Article 6, users under 16 would no longer be able to install commonplace apps from app stores to “protect them from grooming”, including messenger apps such as WhatsApp, Snapchat, Telegram or Twitter, social media apps such as Instagram, TikTok or Facebook, games such as FIFA, Minecraft, GTA, Call of Duty, and Roblox, dating apps, video conferencing apps such as Zoom, Skype, and FaceTime. This minimum age would be easy to circumvent and would disempower as well as isolate teens instead of making them stronger.
3) Anonymous communications ban: According to Article 4 (3), users would no longer be able to set up anonymous e-mail or messenger accounts or chat anonymously as they would need to present an ID or their face, making them identifiable and risking data leaks. This would inhibit, for instance, sensitive chats related to sexuality, anonymous media communications with sources (e.g. whistleblowers), and political activity.
All things considered, the new Danish proposal represents major progress in terms of keeping us safe online, but it requires substantially more work. However, the proposal likely already goes too far already for the hardliner majority of EU governments and the EU Commission, whose positions are so extreme that they will rather let down victims altogether than accept a proportionate, court-proof and politically viable approach.”
The Time Of Year For Things That Go Bump In The Night
Each year around the end of October we feature plenty of Halloween-related projects, usually involving plastic skeletons and LED lights, or other fun tech for decorations to amuse kids. It’s a highly commercialised festival of pretend horrors which our society is content to wallow in, but beyond the plastic ghosts and skeletons there’s both a history and a subculture of the supernatural and the paranormal which has its own technological quirks. We’re strictly in the realm of the science here at Hackaday so we’re not going to take you ghost hunting, but there’s still an interesting journey to be made through it all.
Today: Fun For Kids. Back Then: Serious Business
Halloween as we know it has its roots in All Hallows Eve, or the day before the remembrance festivals of All Saint’s Day and All Soul’s Day in European Christianity. Though it has adopted a Christian dressing, its many trappings are thought to have their origin in pagan traditions such as for those of us where this is being written, the Gaelic Samhain (pronounced something like “sow-ain”). The boundary between living and dead was thought to be particularly porous at this time of year, hence all the ghosts and other trappings of the season you’ll see today.
Growing up in a small English village as I did, is to be surrounded by the remnants of ancient belief. They survive from an earlier time hundreds of years ago when they were seen as very real indeed, as playground rhymes at the village school or hushed superstitions such as that it would be bad luck to walk around the churchyard in an anticlockwise manner.
As a small child they formed part of the thrills and mild terrors of discovering the world around me, but of course decades later when it was my job to mow the grass and trim the overhanging branches in the same churchyard it mattered little which direction I piloted the Billy Goat. I was definitely surrounded by the mortal remains of a millennium’s worth of my neighbours, but I never had any feeling that they were anything but at peace.
Some Unexplained Phenomena Are Just That
So as you might expect, nothing has persuaded me to believe in ghosts. I can and have walked through an ancient churchyard at night as I grew up next to it, and never had so much as a creepy feeling. I do however believe in unexplained phenomena, but before you throw a book at your computer I mean it in the exact terms given: observable phenomena we know occur, but can’t immediately explain.
To illustrate, a good example of a believable unexplained phenomenon was those moving rocks in an American desert; they moved but nobody could explain how they did it. It’s now thought to be due to the formation of ice underneath them in certain meteorological circumstances, so that’s one that’s no longer unexplained.
As another slightly less cut-and-dried example there are enough credible reports of marsh lights to believe that they could exist, but the best explanation we have, of spontaneous combustion of high concentrations of organic decomposition products, remains for now a theory. I hope one day a scientist researching fenland ecosystems captures one on their instruments by chance, and we can at last confirm or deny it.
The trouble is with unexplained phenomena, that there are folks who would prefer to explain them in their own way because that’s what they want to believe. “I want to believe” is the slogan from the X Files TV show for exactly that reason.
People who want a marsh light or the sounds made by an old house as it settles under thermal contraction at night to be made by a ghost, are going to look for ghosts, and will clutch at anything which helps them “prove” their theories. In this they have naturally enlisted the help of technology, and thus there are all manner of gizmos taken into cemeteries or decaying mansions in the service of the paranormal. And of course in this we have the chance for some fun searching the web for electronic devices.
All The Fun Of Scam Devices
In researching this it’s been fascinating to see a progression of paranormal detection equipment over the decades, following the technological trends of the day. From early 20th century kits that resembled those used by detectives, to remote film cameras like the underwater Kodak Instamatic from a 1970s Nessie hunt we featured earlier this year, to modern multispectral imaging devices, with so much equipment thrown at the problem you’d expect at least one of them to have found something!
I’ve found that these instruments can be broadly divided into two camps: “normal” devices pressed into ghost-hunting service such as thermal cameras or audio recorders, and “special” instruments produced for the purpose. The results from either source may be digitally processed to “reveal” information, much in the manner of the famous “dead salmon paper“, which used an MRI of a dead fish to make a sarcastic comment about some research methodologies.
I’ve even discovered that I may have inadvertently reviewed one a few years ago, a super-cheap electric field meter touted as helping prevent some medical conditions, which I found to be mostly useful for detecting cables in my walls. Surprisingly I found it to be well engineered and in principle doing what it was supposed to for such an instrument, but completely uncalibrated and fitted with an alarm that denounced the mildest of fields as lethal. At least it was a lot cheaper than an e-meter.
Tomorrow night, there will be those who put on vampire costumes to be shepherded around their neighbourhoods in search of candy, and somewhere in the quiet country churchyard of an Oxfordshire village, something will stir. Is it a spectre, taking advantage of their yearly opportunity for a sojourn in the land of the living? No, it’s a solitary fox, hoping to find some prey under the moonlight in the undergrowth dividing the churchyard from a neighbouring field.
Wherever you are, may your Halloween be a quiet and only moderately scary one.
Header: Godstone, Surrey: Gravestone with skull and bones by Dr Neil Clifton, CC BY-SA 2.0.
Andrew Cuomo Uses AI MPREG Schoolhouse Rock Bill to Attack Mamdani, Is Out of Ideas#AISlop
Andrew Cuomo Uses AI MPREG Schoolhouse Rock Bill to Attack Mamdani, Is Out of Ideas
I am haunted by a pregnant bill in Andrew Cuomo’s new AI-generated attack ad against Zohran Mamdani.Cuomo posted the ad on his X account that riffed on the famous Schoolhouse Rock! song “I’m just a bill.” In Cuomo’s AI-generated cartoon nightmare, Zohran Mamdani lights money on fire while a phone bearing the ChatGPT logo explains, apparently, that Mamdani is not qualified.
The ad bears all the hallmarks of the sloppiest of AI trash: weird artifacting, strange voices that don’t sync with the mouths talking, and inconsistent animation. It feels both surreal and of the moment and completely ancient.
🎶“I’m Just A Shill” (FT. Zohran) pic.twitter.com/ga3JxnYO7B
— Andrew Cuomo (@andrewcuomo) October 30, 2025
And then there’s the pregnant bill.The Schoolhouse Rock! Bill is an iconic cartoon character that has been parodied by everyone from The Simpsons to Saturday Night Live. There are thousands, perhaps millions, of pictures of the cartoon bill online, all available to be gobbled up by scrapers and turned into training data for AI.
For some reason, the bill in Cuomo’s ad has thick red lips (notably absent in the original) and appears to be pregnant. Adding to the discordant AI jank of the image, the pregnancy is only visible when the bill is standing up. Sometimes it’s leaning against the steps and in those shots it has the slim figure characteristic of its inspiration. But when the bill stands it looks positively inflated, almost as if the video generator used to make Cuomo’s ad was trained on MPREG fetish art of the bill and not the original cartoon itself. The thick and luscious red lips are present whether the bill is leaning or standing.
Towards the end of the ad, an anthropomorphic phone with a ChatGPT logo wanders into the scene. Standing next to the pregnant bill, I could not but help but think that the phone is the father of whatever child the bill carried.
My observation led to an argument in the 404 Media Slack channel and opinions were split. “It does not seem pregnant to me,” said Emanuel Maiberg.
Jason Koebler, however, came to my defense. He circled the pregnant belly of the cartoon bill and shared it. “Baby is stored in the circle area,” he said.Perplexed by all this, I reached out to Cuomo’s campaign for an explanation. I wanted a response to the ad and to get his thoughts on AI-generated political content. More importantly, I needed to know their opinion on the pregnancy. “Does that bill look pregnant to you?” I asked. “I think it looks pregnant, but my editors are split. I would love for the Campaign to weigh in.” Out of journalist due diligence, I also reached out to Mamdani’s press office. Neither campaign has responded to my request for it to weigh in on the pregnancy of the AI-generated cartoon bill.
This is not the first time the Cuomo campaign has used AI. An ad in early October featured a deepfaked Cuomo working as a train operator, stock trader, and a stagehand. A week ago, the Cuomo campaign released a long, racist video depicting criminals endorsing Mamdani. Critics called the ad racist. The campaign deleted it shortly after it was posted and blamed the whole thing on a junior staffer.
It is worth noting that Cuomo's AI slop is being deployed most likely because the candidate has been utterly incapable of generating any authentic excitement about his campaign in New York City or on the internet, and he is facing a digitally native, younger candidate who just seems effortlessly Good At the Internet and Posting.
This is, unfortunately, how a lot of politics works in 2025. Desperate campaigns and desperate presidents are in a slop-fueled arms race to make the most ridiculous possible ads and social media content. It looks cheap, is cheap, and is the realm of politicians who are totally out of ideas, but increasingly it feels like slop is the dominant aesthetic of our time.
AI-generated imagery takes New York politics by storm
Andrew Cuomo's AI campaign ad sparked criticism.Bobby Cuza (Spectrum News NY1)
In a series of experiments, chimpanzees revised their beliefs based on new evidence, shedding light on the evolutionary origins of rational thought.#TheAbstract
Chimps Are Capable of Human-Like Rational Thought, Breakthrough Study Finds
🌘
Subscribe to 404 Media to get The Abstract, our newsletter about the most exciting and mind-boggling science news and studies of the week.Chimpanzees revise their beliefs if they encounter new information, a hallmark of rationality that was once assumed to be unique to humans, according to a study published on Thursday in Science.
Researchers working with chimpanzees at the Ngamba Island Chimpanzee Sanctuary in Uganda probed how the primates judged evidence using treats inside boxes, such as a “weak” clue—for example, the sound of a treat inside a shaken box—and a "strong" clue, such as a direct line of sight to the treat.
The chimpanzees were able to rationally evaluate forms of evidence and to change their existing beliefs if presented with more compelling clues. The results reveal that non-human animals can exhibit key aspects of rationality, some of which had never been directly tested before, which shed new light on the evolution of rational thought and critical thinking in humans and other intelligent animals.
“Rationality has been linked to this ability to think about evidence and revise your beliefs in light of evidence,” said co-author Jan Engelmann, associate professor at the department of psychology at the University of California, Berkeley, in a call with 404 Media. “That’s the real big picture perspective of this study.”
While it’s impossible to directly experience the perspective of a chimpanzee, Engelmann and his colleagues designed five controlled experiments for groups of anywhere from 15 to 23 chimpanzee participants.
In the first and second experiments, the chimps received a weak clue and a strong clue for a food reward in a box. The chimpanzees consistently made their choices based on the stronger evidence, regardless of the sequence in which the clues were presented. In the third experiment, the chimps were shown an empty box in addition to the strong and weak clues. After this presentation, the box with the strong evidence was removed. In this experiment, the chimpanzees still largely chose the weak clue over the empty box.
In the fourth experiment, chimpanzees were given a second “redundant” weak clue—for instance, the experimenter would shake a box twice. Then, they were given a new type of clue, like a second piece of food being dropped into a box in front of them. They were significantly more likely to change their beliefs if the clue provided fresh information, demonstrating an ability to distinguish between redundant and genuinely new evidence.
Finally, in the fifth experiment, the chimpanzees were presented with a so-called “defeater” that undermined the strong clue, such as a direct line of sight to a picture of food inside the box, or a shaken box containing a stone, not a real treat. The chimps were significantly more likely to revise their choice about the location of the food in the defeater experiments than in experiments with no defeater. This experiment showcased an ability to judge that evidence that initially seems strong can be weakened with new information.
“The most surprising result was, for sure, experiment five,” Engelmann said. “No one really believed that they would do it, for many different reasons.”
For one thing, he said, the methodology of the fifth experiment demanded a lot of attention and cognitive work from the chimpanzees, which they successfully performed. The result also challenges the assumption that complex language is required to update beliefs with new information. Despite lacking this linguistic ability, chimpanzees are somehow able to flexibly assign strength to different pieces of evidence.
Speaking from the perspective of the chimps, Engelmann outlined the responses to experiment five as: “I used to believe food was in there because I heard it in there, but now you showed me that there was a stone in there, so this defeats my evidence. Now I have to give up that belief.”
“Even using language, it takes me ten seconds to explain it,” he continued. “The question is, how do they do it? It’s one of the trickiest questions, but also one of the most interesting ones. To put it succinctly, how to think without words?”
To hone in on that mystery, Engelmann and his colleagues are currently repeating the experiment with different primates, including capuchins, baboons, rhesus macaques, and human toddlers and children. Eventually, similar experiments could be applied to other intelligent species, such as corvids or octopuses, which may yield new insights about the abundance and variability of rationality in non-human species.
“I think the really interesting ramification for human rationality is that so many people often think that only humans can reflect on evidence,” Engelmann said. “But our results obviously show that this is not necessarily the case. So the question is, what's special about human rationality then?”
Engelmann and his colleagues hypothesize that humans differ in the social dimensions of our rational thought; we are able to collectively evaluate evidence not only with our contemporaries, but by consulting the work of thinkers who may have lived thousands of years ago. Of course, humans also often refuse to update beliefs in light of new evidence, which is known as “belief entrenchment” or “belief perseveration” (many such cases). These complicated nuances add to the challenge of unraveling the evolutionary underpinnings of rationality.
That said, one thing is clear: many non-human animals exist somewhere on the gradient of rational thought. In light of the recent passing of Jane Goodall, the famed primatologist who popularized the incredible capacities of chimpanzees, the new study carries on a tradition of showing that these primates, our closest living relatives, share some degree of our ability to think and act in rational ways.
Goodall “was the first Western scientist to observe tool use in chimpanzees and really change our beliefs about what makes humans unique,” Engelmann said. “We're definitely adding to this puzzle by showing that rationality, which has so long been considered unique to humans, is at least in some forms present in non-human animals.”
🌘
Subscribe to 404 Media to get The Abstract, our newsletter about the most exciting and mind-boggling science news and studies of the week.
Everyone loses and nobody wins if America decides to resume nuclear testing after a 30 year moratorium.#News #nuclear
Trump Orders Nuclear Testing As Nuke Workers Go Unpaid
Last night Trump directed the Pentagon to start testing nukes again. If that happens, it’ll be the first time the US has detonated a nuke in more than 30 years. The organization that would likely be responsible for this would be the National Nuclear Security Administration (NNSA), a civilian workforce that oversees the American nuclear stockpile. Because of the current government shutdown, 1,400 NNSA workers are on furlough and the remaining 375 are working without pay.America detonated its last nuke in 1992 as part of a general drawn down following the collapse of the Soviet Union. Four years later, it was the first country to sign the Comprehensive Nuclear-Test Ban Treaty (CTBT) which bans nuclear explosions for civilian or military purposes. But Congress never ratified the treaty and the CTBT never entered into force. Despite this, there has not been a nuke tested by the United States since.
playlist.megaphone.fm?p=TBIEA2…
Trump threatened to resume nuclear testing during his first term but it never happened. At the time, officials at the Pentagon and NNSA said it would take them a few months to get tests running again should the President order them.The NNSA has maintained the underground tunnels once used for testing since the 1990s and converted them into a different kind of space that verifies the reliability of existing nukes without blowing them up in what are called “virtual tests.” During a rare tour of the tunnel with journalists earlier this year, a nuclear weapons scientist from Los Alamos National Laboratory told NPR that “our assessment is that there are no system questions that would be answered by a test, that would be worth the expense and the effort and the time.”
Right now, the NNSA might be hard pressed to find someone to conduct the test. It employs around 2,000 people and the shutdown has seen 1,400 of them furloughed and 375 working without pay. The civilian nuclear workforce was already having a tough year. In February, the Department of Government Efficiency cut 350 NNSA employees only to scramble and rehire all but 28 when they realized how essential they were to nuclear safety. But uncertainty continued and in April the Department of Energy declared 500 NNSA employees “non-essential” and at risk of termination.
That’s a lot of chaos for a government agency charged with ensuring the safety and effectiveness of America’s nuclear weapons. The NNSA is currently in the middle of a massive project to “modernize” America’s nukes, an effort that will cost trillions of dollars. Part of modernization means producing new plutonium pits, the core of a nuclear warhead. That’s a complicated and technical process and no one is sure how much it’ll cost and how dangerous it’ll be.
And now, it may have to resume nuclear testing while understaffed.
“We have run out of federal funds for federal workers,” Secretary of Energy Chris Wright said in a press conference announcing furlough on October 20. “This has never happened before…we have never furloughed workers in the NNSA. This should not happen. But this was as long as we could stretch the funds for federal workers. We were able to do some gymnastics and stretch it further for the contractors.”
Three days later, Rep. Dina Titus (D-NV) said the furlough was making the world less safe. “NNSA facilities are charged with maintaining nuclear security in accordance with long-standing policy and the law,” she said in a press release. “Undermining the agency’s workforce at such a challenging time diminishes our nuclear deterrence, emboldens international adversaries, and makes Nevadans less safe. Secretary Wright, Administrator Williams, and Congressional Republicans need to stop playing politics, rescind the furlough notice, and reopen the government.”
Trump announced the nuclear tests in a post on Truth Social, a platform where he announces a lot of things that ultimately end up not happening. “The United States has more Nuclear Weapons than any other country. This was accomplished, including a complete update and renovation of existing weapons, during my First Term in office. Because of the tremendous destructive power, I HATED to do it, but had no choice! Russia is second, and China is a distant third, but will be even within 5 years. Because of other countries testing programs, I have instructed the Department of War to start testing our Nuclear Weapons on an equal basis. That process will begin immediately. Thank you for your attention to this matter! PRESIDENT DONALD J. TRUMP,” the post said.
Matt Korda, a nuclear expert with the Federation of American Scientists, said that the President’s Truth social post was confusing and riddled with misconceptions. Russia has more nuclear weapons than America. Nuclear modernization is ongoing and will take trillions of dollars and many years to complete. Over the weekend, Putin announced that Russia had successfully tested a nuclear-powered cruise missile and on Tuesday he said the country had done the same with a nuclear-powered undersea drone. Russia withdrew from the CTBT in 2023, but neither recent test involved a nuclear explosion. Russia last blew up a nuke in 1990 and China conducted its most recent test in 1996. Both have said they would resume nuclear testing should America do it. Korda said it's unclear what, exactly, Trump means. He could be talking about anything from test firing non-nuclear equipped ICBMs to underground testing to detonating nukes in the desert. “We’ll have to wait and see until either this Truth Social post dissipates and becomes a bunch of nothing or it actually gets turned into policy. Then we’ll have something more concrete to respond to,” Korda said.
Worse, he thinks the resumption of testing would be bad for US national security. “It actually puts the US at a strategic disadvantage,” Korda said. “This moratorium on not testing nuclear weapons benefits the United States because the United States has, by far, the most advanced modeling and simulation equipment…by every measure this is a terrible idea.”
The end of nuclear detonation tests has spurred 30 years of innovation in the field of computer modeling. Subcritical computer modeling happens in the NNSA-maintained underground tunnels where detonations were once a common occurrence. The Los Alamos National Laboratories and other American nuclear labs are building massive super computers that are, in part, the result of decades of work spurred by the end of detonations and the embrace of simulation.
Detonating a nuclear weapon—whether above ground or below—is disastrous for the environment. There are people alive in the United States today who are living with cancer and other health conditions caused by American nuclear testing. Live tests make the world more anxious, less safe, and encourage other nuclear powers to do their own. It also uses up a nuke, something America has said it wants to build more of.
“There’s no upside to this,” Korda said. He added that he felt bad for the furloughed NNSA workers. “People find out about significant policy changes through Truth social posts. So it’s entirely possible that the people who would be tasked with carrying out this decision are learning about it in the same way we are all learning about it. They probably have the exact same kinds of questions that we do.”
Opinion | America Is Updating Its Nuclear Weapons. The Price: $1.7 Trillion.
The $1.7 trillion overhaul is already underway.W.J. Hennigan (The New York Times)
Breaking News Channel reshared this.
The leaked slide focuses on Google Pixel phones and mentions those running the security-focused GrapheneOS operating system.#cellebrite #Hacking #News
Someone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Details
Someone recently managed to get on a Microsoft Teams call with representatives from phone hacking company Cellebrite, and then leaked a screenshot of the company’s capabilities against many Google Pixel phones, according to a forum post about the leak and 404 Media’s review of the material.The leak follows others obtained and verified by 404 Media over the last 18 months. Those leaks impacted both Cellebrite and its competitor Grayshift, now owned by Magnet Forensics. Both companies constantly hunt for techniques to unlock phones law enforcement have physical access to.
This post is for subscribers only
Become a member to get access to all content
Subscribe now
Breaking News Channel reshared this.
Why it might have been and may continue to be harder to get new releases from your local library.#News #libraries #Books
Libraries Scramble for Books After Giant Distributor Shuts Down
This story was reported with support from the MuckRock foundation.One of the largest distributors of print books for libraries is winding down operations by the end of the year, a huge disruption to public libraries across the country, some of which are warning their communities the shut down will limit their ability to lend books.
“You might notice some delays as we (and more than 6,000 other libraries) transition to new wholesalers,” the Jacksonville Public Library told its community in a Facebook post. “We're keeping a close eye on things and doing everything we can to minimize any wait times.”
The libraries that do business with the distributor learned about the shut down earlier this month via Reddit.
Upon learning of her company’s closure, Jennifer Kennedy, a customer services account manager with Baker & Taylor, broke the news on October 6 on r/Libraries Reddit community.
“I just wanted the libraries to know,” Kennedy told 404 Media. “I didn’t want them to be held hostage waiting for books that would never come. I respect them too much for all this nonsense.”
Kennedy’s post prompted other current and former B&T employees to confirm the announcement and express concern for the competitors about to be inundated with requests from the libraries who would be scrambling for new suppliers.
B&T in Memoriam
Baker & Taylor has been in the book business just short of 200 years. Its primary focus was distributing physical copies of books to public libraries. The company also provided librarians with tools that helped them do their jobs more effectively related to collection development and processing.But the company has spent decades being acquired by and divested from private equity firms, served as a revolving door for senior leadership, and was sued by a competitor earlier this year for alleged data misuse and was almost acquired again in September, this time by a distributor that works with mass-market retailers like Walmart and Target. That deal fell through.
On October 7, Publishers Weekly reported B&T let go of more than 500 employees the day the internal announcement was made. At least one law firm is currently investigating B&T for allegedly violating the federal Worker Adjustment and Retraining Notification (WARN) Act, and it took the company weeks to let account holders know.
Since the internal announcement, Kennedy says customer service staff at B&T have not received guidance on how to respond to inquiries from libraries, leaving them on the frontline and in the dark on issues ranging from whether existing orders would be fulfilled to securing refunds for materials they may have already paid for.
“Some libraries didn’t realize we are much closed as of right now,” Kennedy added.
B&T did not respond when asked for comment.
Kennedy has been with B&T for 16 years. At a time when it's uncommon to remain with one company more than a few years, that’s exactly what many of B&T’s employees have been able to do, until now. The same was true of the libraries who did business with them. Andrew Harant, director of Cuyahoga Falls Library had to consider the library's longstanding business relationship with the company against the roughly 20 percent of books the library had ordered from the beginning of the year they had never received.
“For us, that was about 1,500 items,” which Harant told 404 Media that for a small library is a lot of books they were ordering and not receiving.
Release dates for new books come and go on B&T’s main software platform for viewing and managing orders, Title Source 360. Better known as TS360, Harant realized the platform was updating preordered books never received to on backorder, which was “not sustainable”.
In September, Cuyahoga Falls Library canceled all outstanding orders with B&T.
“We needed to step up and make sure that we’re getting the books for our patrons that they needed,” he said.
Cuyahoga Falls Library was fortunate to have an existing account with the other main distributor on the scene, Ingram Content Group. This has been true for many of the libraries 404 Media reached out to for this story.
“The easier part is re-ordering the book,” Shellie Cocking, Chief of Collections and Technical Services for the San Francisco Public Library, told 404 Media. “The harder part is replacing the tools you use to order books.”
Integrated Fallout
Of the ancillary services B&T offered customers, TS360 was Cocking’s favorite. It helped her streamline collection development tasks, for instance, anticipating how popular a title might be or determining how many quantities of a book to purchase, which for larger libraries with dozens of branches, could be complicated to figure out manually. Once titles were ordered in TS360, B&T shared a Machine-Readable Cataloging (MARC) record that was automatically shared with the library’s API integration using data derived from B&T’s record set. This product, BTCat, was the subject of a lawsuit brought by OCLC earlier this year.OCLC owns WorldCat, the global union catalog of library collections that lets anyone see what libraries own what items. OCLC alleged in a U.S. district court filing that B&T misused their proprietary bibliographic records to populate its own competing cataloguing database. OCLC also accused B&T of inserted clauses into its contracts where there was overlap with the businesses and customers, requiring libraries to grant B&T access to their cataloging records so the libraries could then license the records back to B&T for BTCat. B&T has denied these claims, accusing OCLC of stifling fair competition in an already consolidated marketplace.
Marshall Breeding, an independent consultant who monitors library vendor mergers has been following all of this rather closely. He says B&T's closure creates a number of bottlenecks for libraries, the primary one being whether suppliers like Ingram or Brodart can absorb thousands of libraries as customers all at once.
“Maybe, maybe not,” Breeding told 404 Media. “It’s going to take them a while to set up the business relationships and technical things that have to be set up for libraries to automatically order books from the providers.”
But one thing is evident.
“Libraries are kind of in a weaker position just scrambling to find a vendor at all,” he added.
Less competition in the market makes for more challenging working conditions all around. Just ask Erin Hughes, director of the Wood Ridge Memorial Library in New Jersey, made the move over to Ingram after a series of negative experiences with B&T in 2021 from late and damaged deliveries to customer service calls that went poorly, to say the least. Hughes worries her experience with B&T will happen again, only this time with Ingram.
Since the Reddit announcement, she's noticed it's a little more difficult to get a rep on the phone and the number of shipments to the library is smaller. But the other way Hughes is seeing the problem play out involves the consortium her library belongs to. While she may have foregone B&T years ago, her network hasn't, which affects the operability of InterLibrary Loan lending.
“The resource sharing is going to be off for a bit,” Hughes told 404 Media.
Amazon Incoming
If Ingram’s service stagnates due to the B&T cluster, Hughes says she'll use Amazon, which recently launched its own online library hub, offering competitive pricing. One downside, says Hughes, is that it's Amazon.“No, we do have a little bit of pause around Amazon,” she added. “But we’re at a point now where Ingram actually does supply most of the books for Amazon. So we’re already in the devil’s pocket. It’s all connected. It’s all integrated. And as much as I personally don’t care for the whole thing, I don’t really see a lot of other options.”
It's hard not to think this outcome was predictable and also preventable. We know what happens when private equity gets involved with businesses not expected to generate high growth or returns, as well as what happens when there's too little market competition in any given sector. It can't be a cautionary tale because market consolidation is in itself a cautionary tale.
But it’s also worth acknowledging how the timing could not be worse. Library use is way up right now, which is indicative of the times. People are buying less for various reasons. People also seem to like the idea of putting a little friction between their media consumption habits and Big Brother, even at the expense of a little convenience.
“We kind of made our own bed a little bit because we didn’t branch out,” said Hughes. “We didn’t find other solutions to this, and we were relying essentially on two giant companies, one of which folded so quick it was not even funny.”
Key findings about Americans and data privacy
71% of adults say they are very or somewhat concerned about how the government uses the data it collects about them, up from 64% in 2019.Beshay (Pew Research Center)
reshared this
Sudan: il satellite racconta ciò che il mondo ignora
Le immagini pubblicate dalla Yale University documentano massacri di massa nella città sudanese di El-Fasher, conquistata dalle Forze di Supporto Rapido (RSF) domenica scorsa al termine di un assedio durato oltre 18 mesi. Pozze di sangue e cumuli di corpi testimoniano l’avvio di un processo sistematico e intenzionale di pulizia etnica delle comunità non arabe.
“Le azioni delle RSF documentate in questo rapporto potrebbero configurare crimini di guerra e crimini contro l’umanità e potrebbero raggiungere il livello di genocidio”, si legge.
Quella che sconvolge il Sudan dall’aprile 2023 non è però una guerra dimenticata. È diventata la più grave catastrofe umanitaria mondiale, con oltre 30 milioni di persone bisognose di assistenza e civili trasformati in bersagli di una violenza indiscriminata.
Oggi si assiste a una nuova escalation genocidiaria. Le condizioni che rendono possibili tragedie come l’eccidio di El-Fasher non sorgono dunque per caso. Sono il risultato del ridimensionamento incessante della diplomazia e della cooperazione internazionale, del cinismo di fronte a gravi violazioni dei diritti umani e del diritto umanitario, e della costante anteposizione del profitto dei mercanti di armi alla costruzione della pace. Da chi, insomma, si trincera dietro il principio per cui il diritto internazionale valga fino ad un certo punto.
Invece, la sicurezza e la pace si costruiscono guardando nella direzione opposta, quella dei diritti fondamentali. Prima di tutto.
L'articolo Sudan: il satellite racconta ciò che il mondo ignora proviene da Possibile.
Su #Sicurnauti è online la sezione sulle minacce digitali più avanzate, dedicata a #studenti e #genitori. Scopri i contenuti su #Unica.
Qui il video ➡ youtube.com/watch?v=9GLq2EyFyx…
Qui l’infografica ➡ unica.istruzione.gov.
Ministero dell'Istruzione
Su #Sicurnauti è online la sezione sulle minacce digitali più avanzate, dedicata a #studenti e #genitori. Scopri i contenuti su #Unica. Qui il video ➡ https://www.youtube.com/watch?v=9GLq2EyFyxM Qui l’infografica ➡ https://unica.istruzione.gov.Telegram
Iconic Xbox Prototype Brought to Life
When Microsoft decided they wanted to get into the game console market, they were faced with a problem. Everyone knew them as a company that developed computer software, and there was a concern that consumers wouldn’t understand that their new Xbox console was a separate product from their software division. To make sure they got the message though, Microsoft decided to show off a prototype that nobody could mistake for a desktop computer.
The giant gleaming X that shared the stage with Bill Gates and Seamus Blackley at the 2000 Game Developers Conference became the stuff of legend. We now know the machine wasn’t actually a working Xbox, but at the time, it generated enormous buzz. But could it have been a functional console? That’s what [Tito] of Macho Nacho Productions wanted to find out — and the results are nothing short of spectacular.
The key to this project is the enclosure itself, but this is no simple project box we’re talking about here. Milled from a solid block of aluminum, the original prototype’s shell reportedly cost Microsoft $18,000 to have produced, which would be around $36,000 when adjusted for inflation. Luckily, the state of the art has moved forward a bit in the intervening two decades. So after working with [Wesk] to create a 3D model from reference images (including some that [Tito] took himself of one of the surviving prototypes on display in New York), the design was sent away to PCBWay for production. It still cost the better part of $6 K to be produced, but that’s a hell of a savings compared to the original. Though [Tito] still had to polish the aluminum himself to recreate the original’s mirror-like shine.
Some of the original parts, like the power supply, were simply too large to use. That’s where [Redherring32] came in. He designed a custom USB-C power supply that could satisfy the original console’s energy needs in a much smaller footprint. There’s also a modern SSD in place of the 8 GB of spinning rust that the console shipped with back in 2001. But overall, it’s still real Xbox hardware — no emulation or other funny tricks here.
At this point, the team had already exceeded what Microsoft pulled off in 2000, but they weren’t done yet. Wanting to really set this project apart, [Tito] decided to replace the center jewel with something a bit more modern. The original was little more than a backlit piece of plastic, but on this build it’s a circular LCD driven by a Raspberry Pi Pico, capable of showing a number of custom full-motion animations thanks to the efforts of [StuckPixel].
The end result of this team effort is a machine that’s not only better looking than Microsoft’s original, but also more functional. It’s a project that’s destined for a more than just sitting on a shelf collecting dust, so we’re happy to hear that [Tito] plans on taking it on a tour of different gaming events to give the public a chance to see it in person. He’s even had a custom crate made so he can transport it around in style and safety.
youtube.com/embed/0OMP8JvGWNY?…
Build Your Own Force-Feedback Joystick
Force feedback joysticks are prized for creating a more realistic experience when used with software like flight sims. Sadly, you can’t say the same thing about using them with mech games, because mechs aren’t real. In any case, [zeroshot] whipped up their own stick from scratch for that added dose of realistic feedback in-game.
[zeroshot] designed a simple gimbal to allow the stick to move in two axes, relying primarily on 3D-printed components combined with a smattering of off-the-shelf bearings. For force feedback, an Arduino Micro uses via TMC2208 stepper drivers to control a pair of stepper motors, which can apply force to the stick in each axis via belt-driven pulleys. Meanwhile, the joystick’s position on each axis is tracked via magnetic encoders. The Arduino feeds this data to an attached computer by acting as a USB HID device.
We’ve seen some other great advanced joystick projects over years, too. Never underestimate how much a little haptic feedback can add to immersion.
youtube.com/embed/YdNP5jIJ0dU?…
Why You Shouldn’t Trade Walter Cronkite for an LLM
Has anyone noticed that news stories have gotten shorter and pithier over the past few decades, sometimes seeming like summaries of what you used to peruse? In spite of that, huge numbers of people are relying on large language model (LLM) “AI” tools to get their news in the form of summaries. According to a study by the BBC and European Broadcasting Union, 47% of people find news summaries helpful. Over a third of Britons say they trust LLM summaries, and they probably ought not to, according to the beeb and co.
It’s a problem we’ve discussed before: as OpenAI researchers themselves admit, hallucinations are unavoidable. This more recent BBC-led study took a microscope to LLM summaries in particular, to find out how often and how badly they were tainted by hallucination.
Not all of those errors were considered a big deal, but in 20% of cases (on average) there were “major issues”–though that’s more-or-less independent of which model was being used. If there’s good news here, it’s that those numbers are better than they were when the beeb last performed this exercise earlier in the year. The whole report is worth reading if you’re a toaster-lover interested in the state of the art. (Especially if you want to see if this human-produced summary works better than an LLM-derived one.) If you’re a luddite, by contrast, you can rest easy that your instincts not to trust clanks remains reasonable… for now.
Either way, for the moment, it might be best to restrict the LLM to game dialog, and leave the news to totally-trustworthy humans who never err.
Self-Driving Cars and the Fight Over the Necessity of Lidar
If you haven’t lived underneath a rock for the past decade or so, you will have seen a lot of arguing in the media by prominent figures and their respective fanbases about what the right sensor package is for autonomous vehicles, or ‘self-driving cars’ in popular parlance. As the task here is to effectively replicate what is achieved by the human Mark 1 eyeball and associated processing hardware in the evolutionary layers of patched-together wetware (‘human brain’), it might seem tempting to think that a bunch of modern RGB cameras and a zippy computer system could do the same vision task quite easily.
This is where reality throws a couple of curveballs. Although RGB cameras lack the evolutionary glitches like an inverted image sensor and a big dead spot where the optical nerve punches through said sensor layer, it turns out that the preprocessing performed in the retina, the processing in the visual cortex and analysis in the rest of the brain is really quite good at detecting objects, no doubt helped by millions of years of only those who managed to not get eaten by predators procreating in significant numbers.
Hence the solution of sticking something like a Lidar scanner on a car makes a lot of sense. Not only does this provide advanced details on one’s surroundings, but also isn’t bothered by rain and fog the way an RGB camera is. Having more and better quality information makes subsequent processing easier and more effective, or so it would seem.
Computer Vision Things
Giving machines the ability to see and recognize objects has been a dream for many decades, and the subject of nearly an infinite number of science-fiction works. For us humans this ability is developed over the course of our development from a newborn with a still developing visual cortex, to a young adult who by then has hopefully learned how to identify objects in their environment, including details like which objects are edible and which are not.
As it turns out, just the first part of that challenge is pretty hard, with interpreting a scene as captured by a camera subject to many possible algorithms that seek to extract edges, infer connections based on various hints as well as the distance to said object and whether it’s moving or not. All just to answer the basic question of which objects exist in a scene, and what they are currently doing.
Approaches to object detection can be subdivided into conventional and neural network approaches, with methods employing convolutional neural networks (CNNs) being the most prevalent these days. These CNNs are typically trained with a dataset that is relevant to the objects that will be encountered, such as while navigating in traffic. This is what is used for autonomous cars today by companies like Waymo and Tesla, and is why they need to have both access to a large dataset of traffic videos to train with, as well as a large collection of employees who watch said videos in order to tag as many objects as possible. Once tagged and bundled, these videos then become CNN training data sets.
This raises the question of how accurate this approach is. With purely RGB camera images as input, the answer appears to be ‘sorta’. Although only considered to be a Class 2 autonomous system according to the SAE’s 0-5 rating system, Tesla vehicles with the Autopilot system installed failed to recognize hazards on multiple occasions, including the side of a white truck in 2016, a concrete barrier between a highway and an offramp in 2018, running a red light and rear-ending a fire truck in 2019.
This pattern continues year after year, with the Autopilot system failing to recognize hazards and engaging the brakes, including in so-called ‘Full-Self Driving’ (FSD) mode. In April of 2024, a motorcyclist was run over by a Tesla in FSD mode when the system failed to stop, but instead accelerated. This made it the second fatality involving FSD mode, with the mode now being called ‘FSD Supervised’.
Compared to the considerably less crash-prone Level 4 Waymo cars with their hard to miss sensor packages strapped to the car, one could conceivably make the case that perhaps just a couple of RGB cameras is not enough for reliable object detection, and that quite possibly blending of sensors is a more reliable method for object detection.
Which is not to say that Waymo cars are perfect, of course. In 2024 one Waymo car managed to hit a utility pole at low speeds during a pullover maneuver, when the car’s firmware incorrectly assessed its response to a situation where a ‘pole-like object’ was present, but without a hard edge between said pole and the road.
This gets us to the second issue with self-driving cars: taking the right decision when confronted with a new situation.
Acting On Perception
Once you know what objects are in a scene, and merge this with the known state of the vehicle and, the next step for an autonomous vehicle is to decide what to do with this information. Although the tempting answer might be to also use ‘something with neural networks’ here, this has turned out to be a non-viable method. Back in 2018 Waymo created a recursive neural network (RNN) called ChauffeurNet which was trained on both real-life and synthetic driving data to have it effectively imitate human drivers.
The conclusion of this experiment was that while deep learning has a place here, you need to lean mostly on a solid body of rules that provides it with explicit reasoning that copes better with what is called the ‘long tail’ of possible situations, as you cannot put every conceivable situation in a data set.
This thus again turns out to be a place where human input and intelligence are required, as while an RNN or similar can be trained on an impressive data set, it will never be able to learn the reasons for why a decision was made in a training video, nor provide its own reasoning and make reasonable adaptations when faced with a new situation. This is where human experts have to define explicit rules, taking into account the known facts about the current surroundings and state of the vehicle.
Here is where having details like explicit distance information to an obstacle, its relative speed and dimensions, as well as room to divert to prevent a crash are not just nice to have. Adding sensors like radar and Lidar can provide solid data that an RGB camera plus CNN may also provide if you’re lucky, but also maybe not quite. When you’re talking about highway speeds and potentially the lives of multiple people at risk, certainty always wins out.
Tesla Hardware And Sneaky Radars
One of the poorly kept secrets about Tesla’s Autopilot system is that it’s had a front-facing radar sensor for most of the time. Starting with Hardware 1 (HW1), it featured a single front-facing camera behind the top of the windshield and a radar behind the lower grille, in addition to 12 ultrasonic sensors around the vehicle.
Notable is that Tesla did not initially use the radar in a primary object detection role here, meaning that object detection and emergency stop functionality was performed using the RGB cameras. This changed after the RGB camera system failed to notice a white trailer against a bright sky, resulting in a spectacular crash. The subsequent firmware update gave the radar system the same role as the camera system, which likely would have prevented that particular crash.
HW1 used Mobileye’s EyeQ3, but after Mobileye cut ties with Tesla, NVidia’s Drive PX 2 was used instead for HW2. This upped the number of cameras to eight, providing a surround view of the car’s surroundings, with a similar forward-facing radar. After an intermedia HW2.5 revision, HW3 was the first to use a custom processor, featuring twelve Arm Cortex-A72 cores clocked at 2.6 GHz.
HW3 initially also had a radar sensor, but in 2021 this was eliminated with the ‘Tesla Vision’ system, which resulted in a significant uptick in crashes. In 2022 it was announced that the ultrasonic sensors for short-range object detection would be removed as well.
Then in January of 2023 HW4 started shipping, with even more impressive computing specs and 5 MP cameras instead of the previous 1.2 MP ones. This revision also reintroduced the forward-facing radar, apparently the Arbe Phoenix radar with a 300 meter range, but not in the Model Y. This indicates that RGB camera-only perception is still the primary mode for Tesla cars.
Answering The Question
At this point we can say with a high degree of certainty that by just using RGB cameras it is exceedingly hard to reliably stop a vehicle from smashing into objects, for the simple reason that you are reducing the amount of reliable data that goes into your decision-making software. While the object-detecting CNN may give a 29% possibility of an object being right up ahead, the radar or Lidar will have told you that a big, rather solid-looking object is lying on the road. Your own eyes would have told you that it’s a large piece of concrete that fell off a truck in front of you.
This then mostly leaves the question of whether the front-facing radar that’s present in at least some Tesla cars is about as good as the Lidar contraption that’s used by other car manufacturers like Volvo, as well as the roof-sized version by Waymo. After all, both work according to roughly the same basic principles.
That said, Lidar is superior when it comes to aspects like accuracy, as radar uses longer wavelengths. At the same time a radar system isn’t bothered as much by weather conditions, while generally being cheaper. For Waymo the choice for Lidar over radar comes down to this improved detail, as they can create a detailed 3D image of the surroundings, down to the direction that a pedestrian is facing, and hand signals by cyclists.
Thus the shortest possible answer is that yes, Lidar is absolutely the best option, while radar is a pretty good option to at least not drive into that semitrailer and/or pedestrian. Assuming your firmware is properly configured to act on said object detection, natch.
100 pacchetti di Infostealer caricati su NPM sfruttando le allucinazioni delle AI
Da agosto 2024, la campagna PhantomRaven ha caricato 126 pacchetti dannosi su npm, che sono stati scaricati complessivamente oltre 86.000 volte. La campagna è stata scoperta da Koi Security, che ha riferito che gli attacchi sono stati abilitati da una funzionalità poco nota di npm che gli consente di aggirare la protezione e il rilevamento.
Si sottolinea che al momento della pubblicazione del rapporto erano ancora attivi circa 80 pacchetti dannosi. Gli esperti spiegano che gli aggressori sfruttano il meccanismo Remote Dynamic Dependencies (RDD).
In genere, uno sviluppatore vede tutte le dipendenze di un pacchetto in fase di installazione, scaricate dall’infrastruttura NPM attendibile. Tuttavia, RDD consente ai pacchetti di estrarre automaticamente il codice da URL esterni, anche tramite un canale HTTP non crittografato. Nel frattempo, il manifest del pacchetto non mostra alcuna dipendenza.
Quando uno sviluppatore esegue npm install, il pacchetto dannoso scarica silenziosamente un payload da un server controllato dagli aggressori e lo esegue immediatamente. Non è richiesta alcuna interazione da parte dell’utente e gli strumenti di analisi statica rimangono inconsapevoli dell’attività.
“PhantomRaven dimostra quanto possano essere sofisticati gli aggressori quando sfruttano i punti ciechi delle soluzioni di sicurezza tradizionali. Le dipendenze dinamiche remote sono semplicemente invisibili all’analisi statica”, affermano i ricercatori.
Si noti che il malware viene scaricato dal server ogni volta che il pacchetto viene installato, anziché essere memorizzato nella cache.
Questo apre le porte ad attacchi mirati: gli aggressori possono controllare l’indirizzo IP della richiesta e inviare codice innocuo ai ricercatori di sicurezza, distribuire codice dannoso per le reti aziendali e distribuire payload specializzati per gli ambienti cloud.
Una volta infettato, il malware raccoglie attentamente informazioni sul sistema della vittima:
- variabili di ambiente con configurazioni dei sistemi interni dello sviluppatore;
- token e credenziali per npm, GitHub Actions, GitLab, Jenkins e CircleCI;
- l’intero ambiente CI/CD attraverso il quale passano le modifiche al codice apportate da diversi sviluppatori.
I token rubati possono essere utilizzati per attaccare le supply chain e iniettare codice dannoso in progetti legittimi. Il furto di dati è organizzato in modo ridondante, utilizzando tre metodi: HTTP GET con dati nell’URL, HTTP POST con JSON e connessioni WebSocket.
Gli esperti scrivono che molti pacchetti dannosi sono mascherati da strumenti GitLab e Apache.
Lo slopsquatting, ovvero lo sfruttamento delle allucinazioni dell’intelligenza artificiale, gioca un ruolo speciale in questa campagna. Gli sviluppatori chiedono spesso agli assistenti LLM quali pacchetti siano più adatti a un particolare progetto. I modelli di intelligenza artificiale spesso inventano nomi inesistenti ma plausibili. Gli operatori PhantomRaven tracciano queste allucinazioni e registrano i pacchetti con questi nomi. Le vittime alla fine installano il malware da sole, seguendo le raccomandazioni di LLM.
Gli sviluppatori di LLM non comprendono ancora le cause esatte di queste allucinazioni e non sono in grado di creare modelli che le prevengano, ed è proprio questo che gli aggressori stanno sfruttando. I ricercatori ricordano di non affidarsi a LLM nella scelta delle dipendenze e di controllare attentamente i nomi dei pacchetti e le loro fonti, installando solo pacchetti provenienti da fornitori affidabili.
L'articolo 100 pacchetti di Infostealer caricati su NPM sfruttando le allucinazioni delle AI proviene da Red Hot Cyber.
Atroposia: la piattaforma MaaS che fornisce un Trojan munito di scanner delle vulnerabilità
I ricercatori di Varonis hanno scoperto la piattaforma MaaS (malware-as-a-service) Atroposia. Per 200 dollari al mese, i suoi clienti ricevono un Trojan di accesso remoto con funzionalità estese, tra cui desktop remoto, gestione del file system, furto di informazioni, credenziali, contenuto degli appunti, wallet di criptovalute, dirottamento DNS e uno scanner integrato per le vulnerabilità locali.
Secondo gli analisti, Atroposia ha un’architettura modulare. Il malware comunica con i server di comando e controllo tramite canali crittografati ed è in grado di bypassare il Controllo Account Utente (UAC) per aumentare i privilegi in Windows.
Una volta infettato, fornisce un accesso persistente e non rilevabile al sistema della vittima. I moduli chiave di Atroposia sono:
HRDP Connect avvia una sessione di desktop remoto nascosta in background, consentendo agli aggressori di aprire applicazioni, leggere documenti ed e-mail e, in generale, interagire con il sistema senza alcun segno visibile di attività dannosa. I ricercatori sottolineano che gli strumenti standard di monitoraggio dell’accesso remoto potrebbero “non rilevare” questa attività.
Il file manager funziona come un familiare Esplora risorse di Windows: gli aggressori possono visualizzare, copiare, eliminare ed eseguire i file. Il componente grabber cerca i dati per estensione o parola chiave, li comprime in archivi ZIP protetti da password e li invia al server di comando e controllo utilizzando metodi in-memory, riducendo al minimo le tracce dell’attacco sul sistema.
Stealer raccoglie dati di accesso salvati, dati del portafoglio di criptovalute e file di chat. Il gestore degli appunti intercetta tutto ciò che l’utente copia (password, chiavi API, indirizzi del portafoglio) in tempo reale e lo conserva per gli aggressori.
Il modulo di spoofing DNS sostituisce i domini con gli indirizzi IP degli aggressori a livello di host, reindirizzando silenziosamente le vittime verso server controllati dagli hacker. Questo apre le porte a phishing, attacchi MitM, falsi aggiornamenti, iniezione di adware o malware e furto di dati tramite query DNS.
Lo scanner di vulnerabilità integrato analizza il sistema della vittima alla ricerca di vulnerabilità non corrette, impostazioni non sicure e software obsoleto. I risultati vengono inviati agli operatori di malware sotto forma di punteggio, che gli aggressori possono utilizzare per pianificare ulteriori attacchi.
I ricercatori avvertono che questo modulo è particolarmente pericoloso negli ambienti aziendali: il malware potrebbe rilevare un client VPN obsoleto o una vulnerabilità di escalation dei privilegi, che può quindi essere sfruttata per ottenere informazioni più approfondite sull’infrastruttura della vittima. Inoltre, lo scanner analizza i sistemi vulnerabili nelle vicinanze per rilevare eventuali movimenti laterali.
Varonis osserva che Atroposia prosegue la tendenza verso la democratizzazione del crimine informatico.
Insieme ad altre piattaforme MaaS (come SpamGPT e MatrixPDF), riduce la barriera tecnica all’ingresso, consentendo anche ad aggressori poco qualificati di condurre efficaci “attacchi in abbonamento”.
L'articolo Atroposia: la piattaforma MaaS che fornisce un Trojan munito di scanner delle vulnerabilità proviene da Red Hot Cyber.
Giubileo mondo educativo. Card. Tolentino de Mendonça: “L’educazione è il nuovo nome della pace. Serve un nuovo patto di futuro” - AgenSIR
Seminare futuro. “La scuola cattolica … semina futuro”: con questa citazione di Papa Leone XIV, il card.Giovanna Pasqualin Traversa (AgenSIR)
Wired and 404 Media make FOIA reporting free. Other news outlets should too
When Wired published the contents of 911 calls coming from inside Immigration and Customs Enforcement detention centers, revealing shocking reports of overcrowding and sexual assault, the story wasn’t just harrowing. It was also freely available to anyone who wanted to read it.
And when 404 Media reported that law enforcement agents were tapping into a nationwide network of license plate readers — including one Texas officer who used the system to track a woman who’d self-administered an abortion — it made sure the news story and every record it was based on were unpaywalled.
Wired and 404 Media are two of the news organizations leading the way in removing paywalls for public records-based reporting. Recently, Freedom of the Press Foundation (FPF) sat down with Katie Drummond, global editorial director of Wired and an FPF board member; Joseph Cox, co-founder of 404 Media; and FPF’s Lauren Harper to discuss why reporting based on public records should be free.
Drummond, Cox, and Harper described how unpaywalling reporting based on records obtained through the Freedom of Information Act or other public records laws not only serves democracy but also strengthens journalism itself.
youtube.com/embed/Chj__TSiC_U?…
‘A very valuable public service’
For both Wired and 404 Media, the reasons for removing paywalls for public records-based reporting are self-evident.
“It’s a very valuable public service to make people aware of what tools and tactics are being deployed to monitor and surveil people,” said Drummond, speaking about some of Wired’s public records reporting. “They should know what’s sort of happening that they may not be aware of, and to be able, again, to make that available to our audience without a paywall is important.”
Similarly, Cox described how reporting based on public records can lead to real-world reforms, especially when it’s widely available to the public and lawmakers. For instance, 404 Media’s reporting on Flock Safety, the license plate reader company, didn’t just expose surveillance abuses. It also caused Flock to make “radical changes to its product” and triggered congressional investigations, Cox said.
Additionally, by making the reporting and records about Flock freely available, 404 Media helped other journalists. The free access “created this sort of wave of local media coverage where now local journalists are doing basically the same public records request, but for their own communities or towns or cities,” Cox said.
Free access to public records-based reporting at 404 Media “created this sort of wave of local media coverage where now local journalists are doing basically the same public records request, but for their own communities or towns or cities.”
Joseph Cox, co-founder of 404 Media
Flagging new sources for future reporting
Free access to public records-based reporting also builds trust and relationships with readers and sources.
“There’s just something about being able to have a government document,” Cox said. “It’s real. You got it from the government through a FOIA request, or a lawsuit, or whatever, and you can then show that to readers. We don’t want to get in the way of that.”
Making this reporting and the records it’s based on free can also draw the attention of important sources for future reporting. Cox described how his reporting based on FOIA requests sends a signal to readers and sources that he’s interested in particular companies or topics.
Sources reading the free articles realize, Cox said, “‘Oh, this journalist is interested in Flock, in Palantir, or whatever it might be.’ And then, lo and behold, because we make it so easy for potential sources to reach us securely, on Signal or through other methods, we’ll probably end up getting a leak from one of those companies as well.”
Harper, who often writes about her FOIA requests for FPF, shared how publishing FOIA work openly can attract new sources and deepen reporting. “The more obvious I make my FOIA work, the more feedback I get from folks” about what to file future FOIA requests for, she explained.
That kind of transparency fuels better journalism, she said. “It is a virtuous cycle. The more we talk about and advertise FOIA, the better our FOIA requests become as a result.”
The economics of openness
Yet, the public records reporting that Wired and 404 Media have made freely available isn’t free to produce. Both news outlets rely on subscriptions and paywalls to fund their journalism.
As Drummond explained, “The FOIA process can often be labor-intensive, resource-intensive, time-consuming — all of the things that would increase your incentive to put a paywall up on that work,” she said.
But both Wired and 404 Media have found that removing paywalls for public records-based reporting is actually the better decision, financially.
“We made a calculated bet that our audience would show up for us when we did this,” Drummond said. “That bet paid off above and beyond what I could have possibly imagined.”
“That bet paid off above and beyond what I could have possibly imagined.”
Katie Drummond, global editorial director of Wired
After Wired announced it would unpaywall its public records-based stories, Drummond said it saw a “huge increase in subscribers” and received “hundreds of emails from people thanking us for doing it.” Far from hurting the bottom line, she said, “It has been additive to the business rather than taking anything away, from a financial point of view.”
For Cox, the same principle holds true: Transparency drives reader trust, and trust drives support. Every FOIA-based story on 404 Media’s website includes a short note explaining that it’s free but inviting readers to support the outlet’s work through a subscription or one-time donation.
“Look, we’re trying to run a business,” Cox said. “But we’re in it for the journalism. That’s literally why we wake up every single morning, to go write articles and put them on the internet.” He added, “And it does pay off, I think, journalistically, ethically, and businesswise as well.”
‘It’s very hard for me to think of a compelling reason not to do this’
If public records laws like FOIA are tools for public accountability, then journalism that relies on them should be public too. Simply put, “Public records belong to the public,” as Harper said. In a moment when the public’s access to government information is being increasingly curtailed, Wired and 404 Media are proving that openness isn’t just ethical — it’s effective.
Other news outlets should follow their lead. “It is of tremendous value for your audience,” said Drummond. “It’s very hard for me to think of a compelling reason not to do this.”
Cox echoed the sentiment: “There’s a public interest in getting those documents in front of more people. And there is, maybe counterintuitively, but there definitely is, a business benefit to it as well.”
Primi passi con Linux: corso base gratuito
pcofficina.org/primi-passi-con…
Segnalato da PCOfficina in via Pimentel 5 a #Milano e pubblicato sulla comunità Lemmy @GNU/Linux Italia
Nel corso
reshared this
Gli ultimi mammut della Terra
Un piccolo gruppo continuò a vivere per millenni su una sperduta isola nel circolo polare artico: la sua estinzione è ancora un misteroIl Post
Federico
in reply to Lawrence Francis • •