2025 Component Abuse Challenge: Light an LED With Nothing
Should you spend some time around the less scientifically informed parts of the internet, it’s easy to find “Free power” stories. Usually they’re some form of perpetual motion machine flying in the face of the laws of conservation of energy, but that’s not to say that there is no free power.
The power just has to come from somewhere, and if you’re not paying for it there’s the bonus. [joekutz] has just such a project, lighting up LEDs with no power source or other active electronics.
Of course, he’s not discovered perpetual motion. Rather, while an LED normally requires a bit of current to light up properly, it seems many will produce a tiny amount of light on almost nothing. Ambient electromagnetic fields are enough, and it’s this effect that’s under investigation. Using a phone camera and a magnifier as a light detector he’s able to observe the feeble glow as the device is exposed to ambient fields.
In effect this is using the LED as the very simplest form of radio receiver, a crystal set with no headphone and only the leads, some wires, and high value resistors as an antenna. The LED is after all a diode, and it can thus perform as a rectifier. We like the demonstration even if we can’t quite see an application for it.
While we’re no longer taking new entries for the 2025 Component Abuse Challenge, we’ve still got plenty of creative hacks from the competition to show off. We’re currently tabulating the votes, and will announce the winners of this particularly lively challenge soon.
FLOSS Weekly Episode 854: The Big Daddy Core
This week Jonathan and Ben chat with Jason Shepherd about Ocre and Atym.io! That’s the lightweight WebAssembly VM that lets you run the same containers on Linux and a host of embedded platforms, on top of the Zephyr embedded OS. What was the spark that led to this project’s creation, what does Atym.io bring to the equation, and what are people actually doing with it? Watch to find out!
- lfedge.org/projects/ocre/
- lfedge.org/from-the-magical-my…
- atym.io/
- linkedin.com/company/atym-inc
- atym.io/discord
youtube.com/embed/MoN2rTCmUKI?…
Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or have the guest contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
hackaday.com/2025/11/12/floss-…
Radio Apocalypse: Survivable Low-Frequency Communication System
In the global game of nuclear brinksmanship, secrets are the coin of the realm. This was especially true during the Cold War, when each side fielded armies of spies to ferret out what the other guy was up to, what their capabilities were, and how they planned to put them into action should the time come. Vast amounts of blood and treasure were expended, and as distasteful as the whole thing may be, at least it kept armageddon at bay.
But secrets sometimes work at cross-purposes to one’s goals, especially when one of those goals is deterrence. The whole idea behind mutually assured destruction, or MAD, was the certain knowledge that swift retaliation would follow any attempt at a nuclear first strike. That meant each side had to have confidence in the deadliness of the other’s capabilities, not only in terms of their warheads and their delivery platforms, but also in the systems that controlled and directed their use. One tiny gap in the systems used to transmit launch orders could spell the difference between atomic annihilation and at least the semblance of peace.
During the height of the Cold War, the aptly named Survivable Low-Frequency Communication System was a key part of the United States’ nuclear deterrence. Along with GWEN, HFGCS, and ERCS, SLFCS was part of the alphabet soup of radio systems designed to make sure the bombs got dropped, one way or another.
Skipping the Skip
The hams have a saying: “When all else fails, there’s amateur radio.” It’s true, but it comes with a huge caveat, since hams rely on the ionosphere to bounce their high-frequency (HF) signals around the world. Without that layer of charged particles, their signals would just shoot off into space instead of traveling around the world.
For the most part, the ionosphere is a reliable partner in amateur radio’s long-distance communications networks, to the point that Cold War military planners incorporated HF links into their nuclear communications systems. But since at least the Operation Argus and Operation Hardtack tests in 1958, the United States had known about the effect of high-altitude nuclear explosions on the ionosphere. Further exploration of these effects through the Starfish Prime tests in 1962 revealed just how vulnerable the ionosphere is to direct attack, and how easy it would be to disrupt HF communications networks.
The vulnerability of the ionosphere to attack was very much in the minds of U.S. Air Force commanders during the initial design sessions that would eventually lead to SLFCS. They envisioned a system based on the propagation characteristics of the EM spectrum at lower frequencies, in the low-frequency (LF) and very-low-frequency (VLF) bands. While wavelengths in the HF part of the spectrum are usually measured in meters, LF and VLF waves are better measured in kilometers, ranging between 1 and 100 kilometers.
At these wavelengths, radio behaves very differently than they do further up the dial. For LF signals (30 to 300 kHz), the primary mode of propagation is via ground waves, in which signals induce currents in the Earth’s surface. These currents tend to hug the surface, bending with its curvature and propagating long distances. For VLF signals (3 to 30 kHz), Earth-ionosphere waveguide propagation dominates. Thanks to their enormous wavelengths, which are comparable to the typical altitude of the lowest, or D-layer, of the ionosphere, the waves “see” the space between the ground and the ionosphere as a waveguide, which forms a low-loss path that efficiently guides them around the globe.
Critically for the survivability aspect of SLFCS, both of these modes are relatively immune to the ionospheric effects of a nuclear blast. That’s true even for VLF, which would seem to rely on an undisturbed ionosphere to form the “roof” of the necessary waveguide, but the disruption caused by even a large blast is much smaller than their wavelengths, rendering any changes to the ionosphere mostly invisible to them.
Big Sticks
Despite the favorable propagation modes of LF and VLF for a communications system designed to survive a nuclear exchange, those long wavelengths pose some challenges. Chief among these is the physical size of the antennas necessary for these wavelengths. In general, antenna size is proportional to wavelength, which makes the antennas for LF and VLF quite large, at least on the transmitting side. For SLFCS, two transmission sites were used, one at Silver Creek, Nebraska, and another in the middle of the Mojave Desert in Hawes, California. Since ground wave propagation requires a vertically polarized signal, each of these sites had a guyed mast radiator antenna 1,226 feet (373 meters) tall.
While the masts and guy wire systems were as reinforced as possible, there’s only so much that can be done to make a structure like that resist a nuke. Still, these structures were rated for a “moderate” nuclear blast within a 10-mile (16-km) radius. That would seem to belie the “survivable” goal of the system, since even at the time SLFCS came online in the late 1960s, Soviet ICBM accuracy was well within that limit. But the paradox is resolved by the fact that SLFCS was intended only as a backup method of getting launch orders through to ICBM launch facilities, to be used to launch a counterattack after an initial exchange that hit other, more valuable targets (such as the missile silos themselves), leaving the ionosphere in tatters.
The other challenge of LF/VLF communications is the inherently low data transfer rates at these frequencies. LF and VLF signals only have perhaps a kilohertz to as few as a few hertz of bandwidth available, meaning that they can only encode data at the rate of a few tens of bits per second. Such low data rates preclude everything but the most basic modulation, such as frequency-shift keying (FSK) or its more spectrally efficient cousin, minimum-shift keying (MSK). SLFCS transmitters were also capable of sending plain old continuous wave (CW) modulation, allowing operators to bang out Morse messages in a pinch. When all else fails, indeed.
No matter which modulation method was used, the idea behind SLFCS was to trade communications speed and information density for absolute reliability under the worst possible conditions. To that end, SLFCS was only intended to transmit Emergency Action Messages (EAMs), brief alphanumeric strings that encoded specific instructions for missile commanders in their underground launch facilities.
Buried Loops
While the transmitting side of the SLFCS equation was paradoxically vulnerable, the receiving end of the equation was anything but. These missile alert facilities (MAFs), sprinkled across the upper Midwest, consisted of ten launch facilities with a single Minuteman III ICBM in an underground silo, along with one underground launch control center, or LCC. Above ground, the LCC sports a veritable antenna farm representing almost the entire RF spectrum, plus a few buried surprises, such as the very cool HFGCS antenna silos, which can explosively deploy any of six monopole antennas up from below ground to receive EAMs after the LCC has gotten its inevitable nuking.
The other subterranean radio surprise at LCCs is the buried SLFCS antenna. The buried antenna takes advantage of the induced Earth currents in ground wave propagation, and despite the general tendency for LF antennas to be large is actually quite compact. The antennas were a magnetic loop design, with miles of wire wrapped around circular semi-rigid forms about 1.5 meters in diameter. Each antenna consisted of two loops mounted orthogonally, giving the antenna a globe-like appearance. Each loop of the antenna was coated with resin to waterproof and stiffen the somewhat floppy structure a bit before burying it in a pit inside the LCC perimeter fence. Few examples of the antenna exist above ground today, since most were abandoned in place when SLFCS was decommissioned in the mid-1980s. One SLFCS antenna was recently recovered, though, and is currently on display at the Titan Missile Museum in Arizona.
youtube.com/embed/VkNHlF6pEmM?…
Sign of the Times
Like many Cold War projects, the original scope of SLFCS was never fully realized. The earliest plans called for around 20 transmit/receive stations, plus airplanes equipped with trailing wire antennas over a mile long, and more than 300 receive-only sites across the United States and in allied countries. But by the time plans worked their way through the procurement process, technology had advanced enough that military planners were confident that they had the right mix of communications modes for the job. In the end, only the Nebraska and California transmit/receive sites were put into service, and even the airborne transmitters idea was shelved thanks to excessive drag caused by that long trailing wire. Still, the SLFCS towers and the buried loop antennas stayed in service until the mid-1980s, and the concept of LF and VLF as a robust backup for strategic comms lives on with the Air Force’s Minimum Essential Emergency Communications Network.
Conflitti meridiani: il Sud? Una postura politica, femminista e plurale
@Giornalismo e disordine informativo
articolo21.org/2025/11/conflit…
Nel tempo della depoliticizzazione globale, Fabio de Nardis e Angelo Galiano raccontano la rinascita dei conflitti territoriali e la soggettivazione politica dal
Giornalismo e disordine informativo reshared this.
Breve Storia dei malware: l’evoluzione delle specie dalle origini ai nostri giorni
All’inizio si parlava di “virus” poi sono comparsi i “worm” seguiti poi dai “macro virus”.
A questi si sono presto affiancati altri tipi di software ostili come i keylogger o i locker.
Ad un certo punto abbiamo tutti iniziato a chiamarli più genericamente malware.
E proprio come i virus biologici, i malware si sono evoluti nel tempo; alcuni, sono altamente opportunisti, compaiono per sfruttare opportunità a breve termine mentre altri si sono evoluti per sfruttare difetti e problemi più fondamentali presenti nei sistemi IT che non sono ancora stati risolti.
Da Creeper a moderni Ransomware
I primi virus della storia informatica risalgono agli anni 70/80. Il primo malware della storia informatica è stato Creeper, un programma scritto per verificare la possibilità che un codice potesse replicarsi su macchine remote.
Il programma chiamato Elk Cloner è invece accreditato come il primo virus per computer apparso al mondo. Fu creato nel 1982da Rich Skrenta sul DOS 3.3 della Apple e l’infezione era propagata con lo scambio di floppy disk: il virus si copiava nel settore di boot del disco e veniva caricato in memoria insieme al sistema operativo all’avvio del computer.
Nel corso degli anni ottanta e nei primi anni novanta, Con la proliferazione dei floppy disk si ebbe una notevole diffusione dei virus, infatti una pratica assai comune era lo scambio di floppy in ogni ambito lavorativo .Bastavano pochi floppy infetti per far partire un attacco su vasta scala
Dalla metà degli anni novanta, invece, con la diffusione di internet, i virus ed i cosiddetti malware in generale, iniziarono a diffondersi assai più velocemente, usando la rete e lo scambio di e-mail come fonte per nuove infezioni.
Il primo virus informatico che si guadagnò notorietà a livello mondiale venne creato nel 1986 da due fratelli pakistani proprietari di un negozio di computer per punire, secondo la loro versione, chi copiava illegalmente il loro software. Il virus si chiamava Brain, si diffuse in tutto il mondo, e fu il primo esempio di virus che infettava il settore di avvio del DOS.
Il primo file infector invece apparve nel 1987. Si chiamava #Lehigh e infettava solo il file command.com. Nel 1988 Robert Morris Jr. creò il primo #worm con diffusione su internet, il Morris worm. L’anno seguente, nel 1989, fecero la loro comparsa i primi virus polimorfi, con uno dei più famosi: Vienna, e venne diffuso il trojan AIDS (conosciuto anche come Cyborg), molto simile al trojan dei nostri giorni chiamato PGPCoder. Entrambi infatti codificano i dati del disco fisso chiedendo poi un riscatto all’utente per poter recuperare il tutto( il funzionamento è lo stesso degli attuali #Ransomware).
Nel 1995 il primo macrovirus, virus scritti nel linguaggio di scripting di programmi di Microsoft come Word ed Outlook che infettano soprattutto le varie versioni dei programmi Microsoft attraverso lo scambio di documenti. Concept fu il primo macro virus della storia.
Nel 2000 il famosoI Love Youche diede il via al periodo degli script virus.
Sono infatti i più insidiosi tra i virus diffusi attraverso la posta elettronica perché sfruttano la possibilità, offerta da diversi programmi come Outlook e Outlook Express di eseguire istruzioni attive (dette script), contenute nei messaggi di posta elettronica scritti in HTML per svolgere azioni potenzialmente pericolose sul computer del destinatario.
I virus realizzati con gli script sono i più pericolosi perché possono attivarsi da soli appena il messaggio viene aperto per la
lettura. I Love You si diffuse attraverso la posta elettronica in milioni di computer di tutto il mondo, al punto che per l’arresto del suo creatore, un ragazzo delle Filippine, dovette intervenire una squadra speciale dell’FBI.
Era un messaggio di posta elettronica contenente un piccolo programma che istruiva il computer a rimandare il messaggio appena arrivato a tutti gli indirizzi contenuti nella rubrica della vittima, in questo modo generando una specie di catena di sant’Antonio automatica che saturava i server di posta.
Dal 2001 si è registrato un incremento di worm che, per diffondersi, approfittano di falle di programmi o sistemi operativi senza bisogno dell’intervento dell’utente. L’apice nel 2003 e nel 2004: SQL/Slammer, il più rapido worm della storia – in quindici minuti dopo il primo attacco, Slammer aveva già infettato metà dei server che tenevano in piedi internet mettendo fuori uso i bancomat della Bank of America, spegnendo il servizio di emergenza 911 a Seattle e provocando la cancellazione per continui inspiegabili errori nei servizi di biglietteria e check-in di alcune compagnie aeree; ed i due worm più famosi della storia: Blaster e Sasser.
Nel gennaio 2004 compare MyDoom, worm che ancora oggi detiene il record di velocità di diffusione nel campo dei virus. Anche in questo caso il vettore di contagio è la posta elettronica: MyDoom, infatti, altro non è che un tool appositamente sviluppato (su commissione) per inviare spam. E, stando alle statistiche, ha svolto molto bene il suo lavoro.
Nel 2007, invece, nascono e si diffondono Storm Worm e Zeus. Il primo è un trojan horse altamente virale (si pensa che abbia infettato decine di milioni di macchine) che permette ad un hacker di prendere il controllo del computer infetto e aggiungerlo alla rete botnet Storm.
Il secondo, invece, colpisce sistemi informatici basati su Microsoft Windows ed è ideato per rubare informazioni di carattere bancario (credenziali per accedere al conto corrente e dati della carta di credito).
Dal 2010 in poi, gli anni della #cyberwar. La sempre maggiore diffusione di computer e altri dispositivi informatici rende i virus e i malware delle vere e proprie armi a disposizione delle maggiori potenze mondiali. Lo dimostra il virus Stuxnet, un trojan che si diffonde nella seconda parte dell’anno e da molti ritenuto un’arma per colpire i sistemi informatici delle centrali nucleari iraniane. Nel 2012 viene scoperto Flame, malware utilizzato, probabilmente, in azioni di spionaggio in alcuni Paesi del Medio Oriente e scoperto da alcuni informatici iraniani.
Nel medesimo anno cominciò a diffondersi nel 2012. Basato sul trojan Citadel (che era a sua volta basato sul trojan Zeus), il suo payload mostrava un avviso che sembrava provenire dalla polizia federale (da cui prese il nome “trojan della polizia”), affermando che il computer era stato utilizzato per attività illegali (ad esempio per il download di software pirata o di materiale pedopornografico).
L’avviso informava l’utente che per sbloccare il loro sistema avrebbe dovuto pagare una multa usando un voucher di un servizio di credito prepagato anonimo, per esempio
o Paysafecard. Per rendere maggiore l’illusione che il computer fosse sotto controllo della polizia federale, lo schermo mostrava anche l’Indirizzo IP della macchina, e alcune versioni mostravano addirittura dei filmati della webcam del PC per far sembrare che l’utente fosse anche ripreso dalla polizia.
Nonostante l’apertura di un nuovo fronte, i normali internauti restano i bersagli preferiti dei creatori di virus. Lo dimostra il malware Cryptolocker, comparso per la prima volta nel 2013 e ancora attivo , anche se con altre forme e altri nomi .
Nel 2014 si è assistito alla proliferazione del trojan Sypeng che era in grado di rubare i dati delle carte di credito, di accedere al registro delle chiamate, alla messaggistica, ai segnalibri del browser e ai contatti. Il malware è stato inizialmente diffuso nei paesi di lingua russa, ma a causa della particolare dinamica della sua distribuzione, ha messo a rischio milioni di pagine web che utilizzano AdSense per visualizzare messaggi pubblicitari. Diffuso via Internet, dà modo agli hacker di crittografare tutti i dati contenuti nel disco rigido e chiedere un riscatto vero e proprio per ottenere il codice di sblocco.
Evoluzione dei Ransomware – Sophos 2020 Threat Report – sophos.com/threatreport2020
Non solo Ransomware!
Dopo i fatti di cronaca del 2019 il ransomware è diventato sicuramente il tipo di malware più noto e più temuto. Mentre molte persone potrebbero non sapere esattamente che un Bot o un RAT lo sono, praticamente tutti hanno sentito storie orribili di interi comuni, aziende o fornitori di servizi sanitari bloccati da ransomware. Potrebbero non sapere esattamente di cosa si tratta, ma sanno che è un problema attuale per qualche motivo.
Anche se i ransomware occupano la maggior parte del palcoscenico (in particolare sulla stampa generalista) non sono l’unica minaccia. Anche Keylogger, Data Stealer, RAM crapers, Bot, Banking Trojan e RAT continuano ad essere protagonisti di molti incidenti di sicurezza e provocare danni rilevanti.
Keyloger
I keyloggers sono sorprendentemente semplici ed allo stesso tempo estremamente efficaci e pericolosi. Si agganciano al flusso di dati provenienti dalle nostre tastiere, questo permette di intercettare tutto ciò che viene scritto. Il bersaglio principale sono solitamente le credenziali di accesso, ma questi malware possono intercettare anche altri tipi di informazione.
Possono essere implementati in molti modi diversi sia hardware che software. Ad esempio ne esistono alcuni progettati per essere nascosti nel connettore USB del cavo della tastiera.
DATA STEALERS
“Data Stealers”, è il nome generico utilizzato per definire qualsiasi malware che entra nella nostra macchina e va a caccia nel nostro disco rigido, e forse anche in tutta la nostra rete, se possibile, alla ricerca di file che contengano dati che valgono qualcosa per i criminali.
RAM SCRAPERS
I malware non riescono sempre a trovare ciò che vogliono nei file presenti sul nostro computer, anche se il malware ha accesso come amministratore o root. Questo perché i dati utili potrebbero esistere solo temporaneamente nella memoria prima di essere deliberatamente cancellati senza mai essere scritti su disco.
Ad esempio la memorizzazione permanente di alcuni dati è ora vietata da regolamenti come PCI-DSS, che è lo standard di sicurezza dei dati del settore delle carte di pagamento.
Però i computer DEVONO, ad esempio, disporre di una chiave privata nella RAM per eseguire la decodifica. I dati segreti DEVONO esistere temporaneamente nella RAM, anche se solo per un breve periodo. Perciò ,cose come chiavi di decrittazione, password in chiaro e token di autenticazione di siti Web sono i tipici bersagli dei RAM scrapers.
BOT
Il bot è un programma che accede alla rete attraverso lo stesso tipo di canali utilizzati dagli utenti umani (per esempio che accede alle pagine Web, invia messaggi in una chat, si muove nei videogiochi, e così via). Programmi di questo tipo sono diffusi in relazione a molti diversi servizi in rete, con scopi vari, ma in genere legati all’automazione di compiti che sarebbero troppo gravosi o complessi per gli utenti umani.Fondamentalmente un bot stabilisce una backdoor semi-permanente in un computer in modo che gli attaccanti possano inviare comandi ovunque si trovino.
Una raccolta di bot viene chiamata botnet. L’altro termine popolare per “Bot” è “Zombi” perché possono anche agire un po ‘come agenti dormienti. I bot comprendono l’invio di carichi di spam dal tuo indirizzo IP, la ricerca di file locali, l’annullamento delle password, l’esplosione di altre macchine su Internet con inondazioni di traffico e persino il clic sugli annunci online per generare entrate pay-per-click.
BANKING TROJANS
I Trojan bancari meritano la loro sottoclasse di malware a causa della loro specializzazione. Si rivolgono esclusivamente alle informazioni bancarie online della vittima. I trojan bancari in genere includono un componente keylogger, per catturare le password mentre vengono immesse e un componente di furto di dati trovare password non crittografate o dettagli dell’account.
RATS
Il RAT – abbreviazione di Remote Access Trojan – ha molto in comune con un “bot”, ma differisce da questo perchè non fa parte di una massiccia campagna per vedere quanti “bot” possono essere richiamati e gestiti per eventi di attacco di massa .
Solitamente i RAT sono impiegati in attacchi più mirati e potenzialmente per eseguire un intrusione dannosa. Possono catturare screenshot, ascoltare l’audio delle nostre stanze attraverso il microfono del PC e accendere le nostre webcam.
youtube.com/embed/iqF3t7ym3xo?…
L'articolo Breve Storia dei malware: l’evoluzione delle specie dalle origini ai nostri giorni proviene da Red Hot Cyber.
Disuguaglianza sociale vs comunicazione politica
@Giornalismo e disordine informativo
articolo21.org/2025/11/disugua…
In questi giorni si discute sulla proposta della sinistra e del sindacato di applicare una tassa patrimoniale “una tantum” ai grandi patrimoni. Vedremo perché, secondo il mio parere, tale proposta sia condivisibile in termini
Giornalismo e disordine informativo reshared this.
Kansas county pays $3M for forgetting the First Amendment
Press freedom just scored a $3 million win in Kansas. The county that participated in an illegal raid on the Marion County Record in 2023 is cutting big checks to journalists and a city councilor to settle their lawsuits.
As part of the settlement, the Marion County Sheriff’s Office also made a statement of “regret” for the raid, saying, “This likely would not have happened if established law had been reviewed and applied prior to the execution of the warrants.”
You think? Any police officer or judge with half an understanding of the First Amendment should’ve known better than to ask for or sign off on the raid on the Record and the home of owners Eric and Joan Meyer.
But apparently, police don’t always read the law, and judges may need a refresher, too. Let’s break down the flashing red lights any judge or cop should heed before storming a newsroom.
The First and Fourth amendments strongly protect against searches of journalists and newsrooms.
Under the Fourth Amendment, a search warrant must be supported by probable cause, which means a likelihood that contraband or evidence of a crime will be found at a particular place. The government must also specify the place to be searched and the thing to be seized.
When a search warrant targets materials protected by the First Amendment — like notes, recordings, drafts, and materials used or created by journalists — the Fourth Amendment’s requirements must be scrupulously followed, the Supreme Court has said.
This means that judges must be extra strict in applying the Fourth Amendment’s requirements when a search impacts First Amendment rights, which it will any time it involves a journalist or newsroom. What judges should never do is allow overly broad searches where police rifle through journalists’ desks and computer files willy-nilly in the hopes of turning up something “incriminating.”
The Privacy Protection Act of 1980 forbids the use of search warrants to seize materials from journalists, with only a few narrow exceptions.
The PPA is a federal law that requires law enforcement to get a subpoena, not just a search warrant, in most cases when dealing with reporters and newsrooms. Subpoenas give journalists the chance to challenge a demand for documents or equipment in court before police can seize them. If police had sought a subpoena for the Record’s newsgathering materials, for instance, the newspaper could have successfully challenged the demand in court, meaning that the newsroom would never have been raided and the Record’s confidential sources would have been protected.
There are narrow exceptions to the PPA’s subpoena requirement, including when there is probable cause to believe a journalist has committed a criminal offense related to the material sought. But, in general, the offense cannot relate to the receipt, possession, communication, or withholding of newsgathering materials or information.
Journalists can read a guide on our website for more information about the PPA.
State shield laws are another barrier to newsroom searches.
Almost every state has a reporter’s shield law on the books that protects journalists from the compelled disclosure of their confidential sources and unpublished information, and sometimes protects against the forced disclosure of nonconfidential information, too. Courts around the country have also recognized a First Amendment and common law reporter’s privilege that can provide similar protections.
Kansas’ shield law, for instance, applies to “any information gathered, received or processed by a journalist, whether or not such information is actually published, and whether or not related information has been disseminated.” It forbids compelling a journalist from disclosing unpublished information or confidential sources until after a court hearing.
Other states’ shield laws have similar protections. Barging into a newsroom and searching it violates those laws and the established processes for law enforcement to obtain information from the press.
Accessing publicly available information or information provided by a source is not a crime, and is protected by the First Amendment.
Seems obvious, but judging by how often this comes up, maybe not.
Everyone has a First Amendment right to read, watch, or view publicly available information. It’s not a crime to access a record made publicly available by a government agency (as reporters at the Record did), to read something that someone published on a public website, even if it was published by accident, or to photograph police officers in public.
Journalists also have a right to publish information given to them by a source, even if the source obtained it illegally, as long as the journalist didn’t participate in the illegality. That means that if a source gives a journalist a document or recording that the source stole, the journalist can’t be punished for publishing it.
Because these things are not crimes, it also means that accessing publicly available information or publishing information that a source illegally obtained can’t be the basis for a raid on a newsroom or search of a journalist’s materials.
Next time, think before you raid.
The $3 million settlement is a step toward accountability, but it can’t undo the damage to the Record’s journalists or sources, and especially not to Joan Meyer, who died the day after police invaded her home.
If local communities don’t want to keep learning First Amendment law the expensive way, they must insist that law enforcement actually read the Constitution and the law before targeting the press.
Vi ricordate di NVIDIA DGX Spark? Arriva GMKtec EVO-X2, alla metà del prezzo
Il produttore cinese GMKtec ha presentato il suo nuovo mini PC EVO-X2, equipaggiato con processore Ryzen AI Max+ 395, dichiarando prestazioni paragonabili – e in alcuni casi superiori – a quelle del mini supercomputer NVIDIA DGX Spark, ma a un prezzo decisamente inferiore.
Il DGX Spark è stato ufficialmente lanciato dopo quasi un anno di sviluppo, con un prezzo di 3.999 dollari. GMKtec, invece, propone il suo EVO-X2 a meno della metà del costo del modello NVIDIA.
Nei test interni pubblicati sul blog ufficiale di GMKtec, il mini PC EVO-X2 è stato messo a confronto con il DGX Spark su diversi modelli open source di grandi dimensioni, tra cui Llama 3.3 70B, GPT-OSS 20B, Qwen3 Coder e Qwen3 0.6B.
I risultati mostrano che l’architettura eterogenea CPU+GPU+NPU e il motore XDNA 2 del processore Strix Halo offrono un vantaggio significativo nelle operazioni di inferenza in tempo reale. In particolare, EVO-X2 si distingue per la rapidità nella generazione dei token e per una latenza inferiore all’avvio rispetto al DGX Spark, rendendolo più reattivo in scenari di risposta immediata.
Nonostante il DGX Spark mantenga una potenza di calcolo di 1 PFLOP FP4 con 10 GB di memoria, risultando ideale per ambienti ad alto throughput, il mini PC di GMKtec sembra puntare su un diverso segmento di utenza: professionisti e sviluppatori che necessitano di inferenze in tempo reale e applicazioni sensibili alla latenza, ma con un budget più contenuto.
In sintesi, mentre il DGX Spark si rivolge a chi richiede la massima potenza per elaborazioni intensive, EVO-X2 propone una soluzione compatta e più accessibile, capace di offrire prestazioni competitive nei modelli AI di grandi dimensioni, con un rapporto prezzo/prestazioni favorevole.
L'articolo Vi ricordate di NVIDIA DGX Spark? Arriva GMKtec EVO-X2, alla metà del prezzo proviene da Red Hot Cyber.
Gli USA hanno rubato 127.000 Bitcoin? La Cina accusa Washington di un maxi attacco hacker
Si parla di 11 miliardi di Euro. Una cifra da capogiro!
Il Centro Nazionale di Risposta alle Emergenze Virus Informatici (CVERC) cinese ha affermato che un’entità statale, probabilmente statunitense, era dietro un attacco del 2020 a una società di mining di Bitcoin.
Recentemente, il CVERC ha pubblicato un rapporto su Weixin che descriveva un attacco al gestore del mining pool LuBian, che operava in Cina e Iran. A seguito dell’incidente, aggressori sconosciuti hanno rubato 127.272 Bitcoin.
Secondo il centro, il proprietario dei fondi rubati era Chen Zhi, presidente del Cambodian Prince Group. All’inizio del 2021 e nel luglio 2022, ha lasciato messaggi sulla blockchain chiedendo la restituzione della criptovaluta e offrendo un riscatto, ma senza successo.
Gli esperti del CVERC osservano che i Bitcoin rubati sono stati conservati in un unico portafoglio per quasi quattro anni e sono rimasti praticamente inutilizzati. Tale comportamento, a loro avviso, è caratteristico non dei criminali comuni, ma di un’entità statale in grado di mantenere il controllo sui beni per lungo tempo.
Il rapporto collega inoltre l’incidente agli eventi del 14 ottobre 2025, quando il Dipartimento di Giustizia degli Stati Uniti ha annunciato accuse contro Chen Zhi per frode e riciclaggio di denaro. Secondo gli investigatori statunitensi, l’uomo dirigeva campi di lavoro forzato e centri antifrode in Cambogia.
Contemporaneamente, il Dipartimento di Giustizia degli Stati Uniti ha presentato una richiesta di confisca per circa 127.271 bitcoin, citandoli come “proventi e strumenti” di attività illegali. Il dipartimento ha affermato che la criptovaluta era precedentemente conservata nei portafogli personali di Chen Zhi, ma ora è sotto il controllo del governo statunitense.
Il CVERC afferma che la sua analisi dei registri blockchain conferma che le stesse monete sono effettivamente finite in indirizzi associati agli Stati Uniti. Pertanto, entrambe le parti concordano su un punto: i bitcoin rubati a Chen Zhi ora appartengono a Washington.
Tuttavia, il rapporto cinese non fa alcun riferimento al collegamento dell’uomo d’affari con i campi di lavoro forzato. Ciò è sconcertante, dato che Pechino condanna pubblicamente tali schemi: i cittadini cinesi ne sono spesso vittime e le autorità hanno ripetutamente segnalato operazioni congiunte per smantellarli e dure condanne per i loro organizzatori.
Altrettanto insolito è che, nelle conclusioni del rapporto, il CVERC si rivolga alla comunità blockchain cinese e agli operatori di mining pool con raccomandazioni per rafforzare la sicurezza informatica. Ciò appare contraddittorio, dato che la Cina ha ufficialmente vietato il mining e il trading di criptovalute già nel 2021.
Gli analisti ritengono che la pubblicazione del CVERC possa far parte di una campagna informativa interna volta a rafforzare l’immagine della Cina come vittima di attacchi informatici. Pechino ha già pubblicato rapporti simili, sostenendo di non condurre operazioni illecite e che le accuse di hacking degli Stati Uniti, incluso l’incidente del Volt Typhoon, sono inventate.
L'articolo Gli USA hanno rubato 127.000 Bitcoin? La Cina accusa Washington di un maxi attacco hacker proviene da Red Hot Cyber.
No, journalists don’t need permission to cover immigration courts
Last month, we wrote to the Hyattsville Immigration Court in Maryland to express our alarm over a report that two journalists from Capital News Service had been expelled for not seeking express permission from the federal government to cover immigration proceedings.
Not only was that a blatant First Amendment violation, it was contrary to the Executive Office for Immigration Review’s own fact sheet, in which the arm of the Justice Department said that coordinating media visits with the government in advance was “encouraged,” not mandatory. It’s hard to blame journalists for not wanting to go out of their way to put themselves on the radar by “coordinating” with an administration that abhors the free press.
But we noticed another problem with the fact sheet. It said reporters “must” check in upon arriving at immigration court. We’d been hearing anecdotes for some time about journalists being asked to “check in” at lobbies of immigration courts in other parts of the country. The fact sheet confirmed it.
We expressed our concerns to the EOIR, which was (surprisingly) responsive to our initial letter, despite the shutdown. It confirmed that, as CNS reported, the journalists’ access had been restored and they were free to report on immigration court proceedings.
It also stated that journalists are not required to either coordinate visits with the government in advance or check in with courthouse personnel upon arrival. It explained that it prefers journalists check in so that they can arrange for priority seating, but that they do not have to do so. And it issued a new fact sheet to make that clear. Yes, the fact sheet reflects that EOIR, like far too many local and federal agencies, still unconstitutionally demands that all media inquiries be routed through a public information office. But that‘s a battle for another day.
We’re posting the email exchange and new fact sheet below so that any journalist who is told something to the contrary can show it to whoever is giving them incorrect information.
And kudos to the unnamed EOIR official who took care of this promptly. Let’s hope the Trump administration doesn’t fire them for gross competence.
freedom.press/static/pdf.js/we…
freedom.press/static/pdf.js/we…
An account is spamming horrific, dehumanizing videos of immigration enforcement because the Facebook algorithm is rewarding them for it.#AI #AISlop #Meta
AI-Generated Videos of ICE Raids Are Wildly Viral on Facebook
“Watch your step sir, keep moving,” a police officer with a vest that reads ICE and a patch that reads “POICE” says to a Latino-appearing man wearing a Walmart employee vest. He leads him toward a bus that reads “IMMIGRATION AND CERS.” Next to him, one of his colleagues begins walking unnaturally sideways, one leg impossibly darting through another as he heads to the back of a line of other Latino Walmart employees who are apparently being detained by ICE. Two American flag emojis are superimposed on the video, as is the text “Deportation.”The video has 4 million views, 16,600 likes, 1,900 comments, and 2,200 shares on Facebook. It is, obviously, AI generated.
Some of the comments seem to understand this: “Why is he walking like that?” one says. “AI the guys foot goes through his leg,” another says. Many of the comments clearly do not: “Oh, you’ll find lots of them at Walmart,” another top comment reads. “Walmart doesn’t do paperwork before they hire you?” another says. “They removing zombies from Walmart before Halloween?”
0:00
/0:14
1×The latest trend in Facebook’s ever downward spiral down the AI slop toilet are AI deportation videos. These are posted by an account called “USA Journey 897” and have the general vibe of actual propaganda videos posted by ICE and the Department of Homeland Security’s social media accounts. Many of the AI videos focus on workplace deportations, but some are similar to horrifying, real videos we have seen from ICE raids in Chicago and Los Angeles. The account was initially flagged to 404 Media by Chad Loder, an independent researcher.
“PLEASE THAT’S MY BABY,” a dark-skinned woman screams while being restrained by an ICE officer in another video. “Ma’am stop resisting, keep moving,” an officer says back. The camera switches to an image of the baby: “YOU CAN’T TAKE ME FROM HER, PLEASE SHE’S RIGHT THERE. DON’T DO THIS, SHE’S JUST A BABY. I LOVE YOU, MAMA LOVES YOU,” the woman says. The video switches to a scene of the woman in the back of an ICE van. The video has 1,400 likes and 407 comments, which include “ Don’t separate them….take them ALL!,” “Take the baby too,” and “I think the days of use those child anchors are about over with.”
0:00
/0:14
1×The USA Journey 897 account publishes multiple of these videos a day. Most of its videos have at least hundreds of thousands of views, according to Facebook’s own metrics, and many of them have millions or double-digit millions of views. Earlier this year, the account largely posted a mix of real but stolen videos of police interactions with people (such as Luigi Mangione’s perp walk) and absurd AI-generated videos such as jacked men carrying whales or riding tigers.
The account started experimenting with extremely crude AI-generated deportation videos in February, which included videos of immigrants handcuffed on the tarmac outside of deportation planes where their arms randomly detached from their body or where people suddenly disappeared or vanished through stairs, for example. Recent videos are far more realistic. None of the videos have an AI watermark on them, but the type and style of video changed dramatically starting with videos posted on October 1, which is the day after OpenAI’s Sora 2 was released; around that time is when the account started posting videos featuring identifiable stores and restaurants, which have become a common trope in Sora 2 videos.A YouTube page linked from the Facebook account shows a real video uploaded of a car in Cyprus nearly two years ago before any other content was uploaded, suggesting that the person behind the account may live in Cyprus (though the account banner on Facebook includes both a U.S. and Indian flag). This YouTube account also reveals several other accounts being used by the person. Earlier this year, the YouTube account was posting side hustle tips about how to DoorDash, AI-generated videos of singing competitions in Greek, AI-generated podcasts about the WNBA, and AI-generated videos about “Billy Joyel’s health.” A related YouTube account called Sea Life 897 exclusively features AI-generated history videos about sea journeys, which links to an Instagram account full of AI-generated boats exploding and a Facebook account that has rebranded from being about AI-generated “Sea Life” to an account now called “Viral Video’s Europe” that is full of stolen images of women with gigantic breasts and creep shots of women athletes.
My point here is that the person behind this account does not seem to actually have any sort of vested interest in the United States or in immigration. But they are nonetheless spamming horrific, dehumanizing videos of immigration enforcement because the Facebook algorithm is rewarding them for that type of content, and because Facebook directly makes payments for it. As we have seen with other types of topical AI-generated content on Facebook, like videos about Palestinian suffering in Gaza or natural disasters around the world, many people simply do not care if the videos are real. And the existence of these types of videos serves to inoculate people from the actual horrors that ICE is carrying out. It gives people the chance to claim that any video is AI generated, and serves to generally litter social media with garbage, making real videos and real information harder to find.
0:00
/0:14
1×an early, crude video posted by the account
Meta did not immediately respond to a request for comment about whether the account violates its content standards, but the company has seemingly staked its present and future on allowing bizarre and often horrifying AI-generated content to proliferate on the platform. AI-generated content about immigrants is not new; in the leadup to last year’s presidential debate, Donald Trump and his allies began sharing AI-generated content about Haitian immigrants who Trump baselessly claimed were eating dogs and cats in Ohio.
In January, immediately before Trump was inaugurated, Meta changed its content moderation rules to explicitly allow for the dehumanization of immigrants because it argued that its previous policies banning this were “out of touch with mainstream discourse.” Phrases and content that are now explicitly allowed on Meta platforms include “Immigrants are grubby, filthy pieces of shit,” “Mexican immigrants are trash!” and “Migrants are no better than vomit,” according to documents obtained and published by The Intercept. After those changes were announced, content moderation experts told us that Meta was “opening up their platform to accept harmful rhetoric and mod public opinion into accepting the Trump administration’s plans to deport and separate families.”
Leaked Meta Rules: Users Are Free to Post “Mexican Immigrants Are Trash!” or “Trans People Are Immoral”
Facebook now allows attacks on immigrants and trans people, and posts like “Mexican immigrants are trash!” and “I’m a proud racist.”Sam Biddle (The Intercept)
Newly released documents provide more details about ICE's plan to use bounty hunters and private investigators to find the location of undocumented immigrants.
Newly released documents provide more details about ICEx27;s plan to use bounty hunters and private investigators to find the location of undocumented immigrants.#ICE #bountyhunters
ICE Plans to Spend $180 Million on Bounty Hunters to Stalk Immigrants
Immigration and Customs Enforcement (ICE) is allocating as much as $180 million to pay bounty hunters and private investigators who verify the address and location of undocumented people ICE wishes to detain, including with physical surveillance, according to procurement records reviewed by 404 Media.The documents provide more details about ICE’s plan to enlist the private sector to find deportation targets. In October The Intercept reported on ICE’s intention to use bounty hunters or skip tracers—an industry that often works on insurance fraud or tries to find people who skipped bail. The new documents now put a clear dollar amount on the scheme to essentially use private investigators to find the locations of undocumented immigrants.
💡
Do you know anything else about this plan? Are you a private investigator or skip tracer who plans to do this work? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.This post is for subscribers only
Become a member to get access to all content
Subscribe nowICE Plans to Spend $180 Million on Bounty Hunters to Stalk Immigrants
Newly released documents provide more details about ICE's plan to use bounty hunters and private investigators to find the location of undocumented immigrants.Joseph Cox (404 Media)
OpenAI’s guardrails against copyright infringement are falling for the oldest trick in the book.#News #AI #OpenAI #Sora
OpenAI Can’t Fix Sora’s Copyright Infringement Problem Because It Was Built With Stolen Content
OpenAI’s video generator Sora 2 is still producing copyright infringing content featuring Nintendo characters and the likeness of real people, despite the company’s attempt to stop users from making such videos. OpenAI updated Sora 2 shortly after launch to detect videos featuring copyright infringing content, but 404 Media’s testing found that it’s easy to circumvent those guardrails with the same tricks that have worked on other AI generators.The flaw in OpenAI’s attempt to stop users from generating videos of Nintendo and popular cartoon characters exposes a fundamental problem with most generative AI tools: it is extremely difficult to completely stop users from recreating any kind of content that’s in the training data, and OpenAI can’t remove the copyrighted content from Sora 2’s training data because it couldn’t exist without it.
Shortly after Sora 2 was released in late September, we reported about how users turned it into a copyright infringement machine with an endless stream of videos like Pikachu shoplifting from a CVS and Spongebob Squarepants at a Nazi rally. Companies like Nintendo and Paramount were obviously not thrilled seeing their beloved cartoons committing crimes and not getting paid for it, so OpenAI quickly introduced an “opt-in” policy, which prevented users from generating copyrighted material unless the copyright holder actively allowed it. Initially, OpenAI’s policy allowed users to generate copyrighted material and required the copyright holder to opt-out. The change immediately resulted in a meltdown among Sora 2 users, who complained OpenAI no longer allowed them to make fun videos featuring copyrighted characters or the likeness of some real people.
This is why if you give Sora 2 the prompt “Animal Crossing gameplay,” it will not generate a video and instead say “This content may violate our guardrails concerning similarity to third-party content.” However, when I gave it the prompt “Title screen and gameplay of the game called ‘crossing aminal’ 2017,” it generated an accurate recreation of Nintendo’s Animal Crossing New Leaf for the Nintendo 3DS.
Sora 2 also refused to generate videos for prompts featuring the Fox cartoon American Dad, but it did generate a clip that looks like it was taken directly from the show, including their recognizable voice acting, when given this prompt: “blue suit dad big chin says ‘good morning family, I wish you a good slop’, son and daughter and grey alien say ‘slop slop’, adult animation animation American town, 2d animation.”
The same trick also appears to circumvent OpenAI’s guardrails against recreating the likeness of real people. Sora 2 refused to generate a video of “Hasan Piker on stream,” but it did generate a video of “Twitch streamer talking about politics, piker sahan.” The person in the generated video didn’t look exactly like Hasan, but he has similar hair, facial hair, the same glasses, and a similar voice and background.
A user who flagged this bypass to me, who wished to remain anonymous because they didn’t want OpenAI to cut off their access to Sora, also shared Sora generated videos of South Park, Spongebob Squarepants, and Family Guy.OpenAI did not respond to a request for comment.
There are several ways to moderate generative AI tools, but the simplest and cheapest method is to refuse to generate prompts that include certain keywords. For example, many AI image generators stop people from generating nonconsensual nude images by refusing to generate prompts that include the names of celebrities or certain words referencing nudity or sex acts. However, this method is prone to failure because users find prompts that allude to the image or video they want to generate without using any of those banned words. The most notable example of this made headlines in 2024 after an AI-generated nude image of Taylor Swift went viral on X. 404 Media found that the image was generated with Microsoft’s AI image generator, Designer, and that users managed to generate the image by misspelling Swift’s name or using nicknames she’s known by, and describing sex acts without using any explicit terms.
Since then, we’ve seen example after example of users bypassing generative AI tool guardrails being circumvented with the same method. We don’t know exactly how OpenAI is moderating Sora 2, but at least for now, the world’s leading AI company’s moderating efforts are bested by a simple and well established bypass method. Like with these other tools, bypassing Sora’s content guardrails has become something of a game to people online. Many of the videos posted on the r/SoraAI subreddit are of “jailbreaks” that bypass Sora’s content filters, along with the prompts used to do so. And Sora’s “For You” algorithm is still regularly serving up content that probably should be caught by its filters; in 30 seconds of scrolling we came across many videos of Tupac, Kobe Bryant, JuiceWrld, and DMX rapping, which has become a meme on the service.
It’s possible OpenAI will get a handle on the problem soon. It can build a more comprehensive list of banned phrases and do more post generation image detection, which is a more expensive but effective method for preventing people from creating certain types of content. But all these efforts are poor attempts to distract from the massive, unprecedented amount of copyrighted content that has already been stolen, and that Sora can’t exist without. This is not an extreme AI skeptic position. The biggest AI companies in the world have admitted that they need this copyrighted content, and that they can’t pay for it.
The reason OpenAI and other AI companies have such a hard time preventing users from generating certain types of content once users realize it’s possible is that the content already exists in the training data. An AI image generator is only able to produce a nude image because there’s a ton of nudity in its training data. It can only produce the likeness of Taylor Swift because her images are in the training data. And Sora can only make videos of Animal Crossing because there are Animal Crossing gameplay videos in its training data.
For OpenAI to actually stop the copyright infringement it needs to make its Sora 2 model “unlearn” copyrighted content, which is incredibly expensive and complicated. It would require removing all that content from the training data and retraining the model. Even if OpenAI wanted to do that, it probably couldn’t because that content makes Sora function. OpenAI might improve its current moderation to the point where people are no longer able to generate videos of Family Guy, but the Family Guy episodes and other copyrighted content in its training data are still enabling it to produce every other generated video. Even when the generated video isn’t recognizably lifting from someone else’s work, that’s what it’s doing. There’s literally nothing else there. It’s just other people’s stuff.
Big Tech admits in copyright fight that paying for training data would ruin generative-AI plans
Meta, Google, Microsoft, and Andreessen Horowitz are trying to keep AI developers from having to pay for copyrighted material used in AI training.Kali Hays (Business Insider)
Sanità: una questione ancora da risolvere
@Informatica (Italy e non Italy 😁)
La sanità digitale, rappresenta ancora un elemento di assoluta criticità complice anche un’organizzazione non federata ed eterogenea tra regioni. A farne le spese sono spesso i pazienti ma talvolta anche […]
L'articolo Sanità: una questione ancora da risolvere proviene da Edoardo Limone.
L'articolo proviene dal blog
Informatica (Italy e non Italy 😁) reshared this.
Il cerchio si stringe attorno a #Zelensky
Ucraina, tempesta su Zelensky
I conflitti interni tra le varie fazioni della classe dirigente ucraina esplodono talvolta pubblicamente, riproponendo l’interrogativo sul tempo che potrebbe rimanere al (ex) presidente Zelensky prima di essere rimosso, esiliato o fare una fine molto…altrenotizie.org
La strategia di Trump nel caso-Bbc
@Giornalismo e disordine informativo
articolo21.org/2025/11/la-stra…
La cantonata è stata ammessa dallo stesso Tim Davie, direttore generale dimissionario della Bbc: sono stati fatti errori che ci sono costati ma ora li stanno usando come arma. Una settimana prima delle elezioni presidenziali statunitensi del 2024, un prestigioso
Giornalismo e disordine informativo reshared this.
La Russia avanza a Pokrovsk: battaglia urbana e ritirate ucraine nel fronte orientale
@Notizie dall'Italia e dal mondo
La conquista della città darebbe al Cremlino una piattaforma operativa per completare il controllo sul Donbass, quasi due anni dopo la caduta di Bakhmut
L'articolo La Russia avanza a Pokrovsk: battaglia urbana e ritirate ucraine nel fronte
Notizie dall'Italia e dal mondo reshared this.
LA BONIFICA PRIMA DI TUTTO
Da oggi siamo al sito dalle 15.30 alle 17.30 (tutti i giorni esclusi sabato e domenica). In anteprima il manifesto del corteo di sabato 22 novembre ad Albano ore 15.00. Più tardi il comunicato stampa del corteo.
#Ambiente #StopInceneritore #NoInceneritore #NoInceneritori #ZeroWaste #Rifiuti #Riciclo #EconomiaCircolare #NoAlCarbone #EnergiaPulita
Bibliogame Night
farezero.org/2025/gaming_zone/…
Segnalato da Fare Zero Makers Fab Lab e pubblicato sulla comunità Lemmy @GNU/Linux Italia
Scopri il successo di Bibliogame Night, l’evento mensile di giochi da tavolo e ruolo nato nella Biblioteca di Francavilla e ora a Fragagnano. Unisciti alla community, prenota il tuo
GNU/Linux Italia reshared this.
Italia e Germania insieme nel rilancio europeo. Il racconto dalla Festa della Bundeswehr
@Notizie dall'Italia e dal mondo
La Germania e l’Italia possono essere protagoniste del rilancio europeo, a partire dalla cooperazione tra le loro Forze armate. A dirlo è il neo-insediato ambasciatore tedesco in Italia, Thomas Bagger. Alla residenza di Villa Almone, sede
Notizie dall'Italia e dal mondo reshared this.
La Cop30 terreno fertile per l’automazione delle truffe online: i 3 principali schemi di frode
@Informatica (Italy e non Italy 😁)
I criminali informatici stanno sfruttando la Cop30, l’evento globale dell'Onu sui cambiamenti climatici, per rubare credenziali a utenti e autorità attraverso portali falsificati creati con la Gen AI. Ecco il duplice
reshared this
Chiuderli
@Politica interna, europea e internazionale
Ciò che quei garanti garantiscono non è quel che sembrerebbe garantito dalla denominazione, sicché la sola garanzia di serietà che può essere offerta è chiuderli. L’insegna recita: «Garante per la protezione dei dati personali». Quella più in voga è freudianamente anglofona: Authority per la privacy. L’indipendenza di queste Autorità (mica solo questa) è credibile soltanto […]
Politica interna, europea e internazionale reshared this.
Il ministro Pichetto Fratin: “Più che transizione ecologica dovremmo chiamarla transizione sociale”
@Politica interna, europea e internazionale
“La transizione in atto, che ogni tanto chiamiamo ecologica, ogni tanto transizione energetica, ogni tanto ambientale è una transizione sociale, che comporta diverse modalità di consumo e determina automaticamente la necessità di nuove competenze”.
Politica interna, europea e internazionale reshared this.
Morse Code for China
It is well known that pictographic languages that use Hanzi, like Mandarin, are difficult to work with for computer input and output devices. After all, each character is a tiny picture that represents an entire word, not just a sound. But did you ever wonder how China used telegraphy? We’ll admit, we had not thought about that until we ran into [Julesy]’s video on the subject that you can watch below.
There are about 50,000 symbols, so having a bunch of dots and dashes wasn’t really practical. Even if you designed it, who could learn it? Turns out, like most languages, you only need about 10,000 words to communicate. A telegraph company in Denmark hired an astronomer who knew some Chinese and tasked him with developing the code. In a straightforward way, he decided to encode each word from a dictionary of up to 10,000 with a unique four-digit number.
A French expat took the prototype code list and expanded it to 6,899 words, producing “the new telegraph codebook.” The numbers were just randomly assigned. Imagine if you wanted to say “The dog is hungry” by writing “4949 1022 3348 9429.” Not to mention, as [Julesy] points out, the numbers were long driving up the cost of telegrams.
It took a Chinese delegate of what would eventually become the International Telecommunication Union (ITU) to come up with a method by which four-digit codes would count as a single Chinese character. So, for example, 1367 0604 6643 0932 were four Chinese characters meaning: “Problem at home. Return immediately.”
Languages like Mandarin make typewriters tough, but not impossible. IBM’s had 5,400 characters and also used a four-digit code. Sadly, though, they were not the same codes, so knowing Chinese Morse wouldn’t help you get a job as a typist.
youtube.com/embed/QSeInNtwvEY?…
Synology risolve un bug zero-day in BeeStation OS. 40.000 dollari ai ricercatori
Synology ha corretto una vulnerabilità zero-day nei suoi dispositivi BeeStation, dimostrata durante la recente competizione Pwn2Own. Il bug, identificato come CVE-2025-12686, rientra nella categoria “copia del buffer senza convalida delle dimensioni di input”, consentendo a un aggressore di eseguire codice arbitrario sul sistema di destinazione.
Il problema riguarda diverse versioni di BeeStation OS, il sistema operativo che gestisce i dispositivi di archiviazione di rete (NAS) Synology consumer e viene commercializzato come “cloud personale”. Una correzione è inclusa nell’aggiornamento di BeeStation OS per le versioni 1.3.2-65648 e successive. Non sono disponibili altre soluzioni temporanee, pertanto si consiglia agli utenti di installare immediatamente il firmware più recente.
La vulnerabilità è stata dimostrata dai ricercatori Tek e anyfun dell’azienda francese Synacktiv durante la competizione Pwn2Own Ireland 2025, che si è svolta il 21 ottobre. Il team ha ricevuto una ricompensa di 40.000 dollari per aver sfruttato con successo il bug.
L’ evento Pwn2Own riunisce ogni anno ricercatori di sicurezza informatica provenienti da tutto il mondo, offrendo loro l’opportunità di dimostrare come sfruttare le vulnerabilità zero-day nei dispositivi più diffusi. Alla competizione, tenutasi in Irlanda, i partecipanti hanno presentato 73 falle precedentemente sconosciute in vari prodotti, guadagnando oltre un milione di dollari.
Una settimana prima, anche un altro importante produttore di dispositivi NAS, QNAP , aveva rilasciato aggiornamenti che risolvevano sette vulnerabilità zero-day individuate nello stesso evento.
In conformità con l’accordo di divulgazione, ZDI si asterrà dal pubblicare dettagli tecnici fino al rilascio delle patch e alla scadenza del periodo di aggiornamento per gli utenti. Si prevede che descrizioni dettagliate delle vulnerabilità appariranno sul sito web dell’iniziativa e sui blog dei ricercatori nei prossimi mesi.
L'articolo Synology risolve un bug zero-day in BeeStation OS. 40.000 dollari ai ricercatori proviene da Red Hot Cyber.
Mistica e santità: all’Urbaniana il convegno promosso dal Dicastero delle cause dei santi. Oggi percorso sul tema nelle altre religioni - AgenSIR
“Mistica cristiana ed altre religioni”. È stato questo il filo conduttore della mattina nel convegno sul tema “La mistica.Raffaele Iaria (AgenSIR)
Digitale Souveränität: Neues Bündnis fordert mehr Engagement für offene Netzwerke
netzpolitik.org/2025/digitale-…
Server Redis lasciati senza protezione: ecco come li sfruttano gli attaccanti
@Informatica (Italy e non Italy 😁)
Sono 60.000 in tutto il mondo, di cui oltre 300 in Italia, i server Redis connessi a Internet e senza alcuna password impattati dalla vulnerabilità RediShell, classificata con un severity code di 10 su 10. Ecco tutti i dettagli tecnici e i consigli per
Informatica (Italy e non Italy 😁) reshared this.
Procurement, sarà buy American vs buy European? Non necessariamente
@Notizie dall'Italia e dal mondo
La riforma del procurement del Pentagono annunciata da Pete Hegseth la scorsa settimana viaggia su due binari paralleli. Se da un lato il nuovo Warfighting acquisition system punta ad accelerare l’assegnazione delle commesse e le consegne per le Forze armate americane, dall’altro ha
Notizie dall'Italia e dal mondo reshared this.
The newly-formed, first of its kind Adult Studio Alliance is founded by major porn companies including Aylo, Dorcel, ERIKALUST, Gamma Entertainment, Mile High Media and Ricky’s Room, and establishes a code of conduct for studios.#porn
Major Porn Studios Join Forces to Establish Industry ‘Code of Conduct’
Six of the biggest porn studios in the world, including industry giant and Pornhub parent company Ayl o, announced Wednesday they have formed a first-of-its-kind coalition called the Adult Studio Alliance (ASA). The alliance’s purpose is to “contribute to a safe, healthy, dignified, and respectful adult industry for performers,” the ASA told 404 Media.“This alliance is intended to unite professionals creating adult content (from studios to crews to performers) under a common set of values and guidelines. In sharing our common standards, we hope to contribute to a safe, healthy, dignified, and respectful adult industry for performers,” a spokesperson for ASA told 404 Media in an email. “As a diverse group of studios producing a large volume and variety of adult content, we believe it’s key to promote best practices on all our scenes. We all come from different studios, but we share the belief that all performers are entitled to comfort and safety on set.”
The founding members include Aylo, Dorcel, ERIKALUST, Gamma Entertainment, Mile High Media and Ricky’s Room. Aylo owns some of the biggest platforms and porn studios in the industry, including Brazzers, Reality Kings, Digital Playground and more.
In a press release Wednesday, the ASA said its primary mission is “to publish and adhere to a comprehensive Code of Conduct, providing a structured framework for directors, producers, and talent to ensure the safest possible sets and consistent industry best practices.” The ASA’s code of conduct addresses performers’ rights to consent to the types of scenes they’ll shoot, their scene partners including extras, sexual acts, script and creative documents, the length of the shoot day, location, remuneration and conditions, and any other rights involved in their agreement with the studio.
The founding studios say they have signed agreements to adhere to the ASA’s code of conduct, but the ASA “encourages all studios, members or not, to adopt and adhere to these guidelines to foster a safer, more respectful, and more professional adult industry,” the spokesperson said.
“All performers have the right to be treated with professional respect and dignity, free from harassment of any kind,” the code states. “They should be: Able to refuse, at any time, any act, even if previously agreed upon; Able to visually confirm their partner’s STI test status on set before any sexual performance; Provided water, snacks, meals, breaks, and privacy as needed; Provided all necessary sexual health and hygienic materials needed to perform; Paid their agreed-upon rate for the date of production.”
The code also outlines rights and expectations for third-party producers and crew members, including verifying performers’ ages, ensuring an environment “free of harassment of any kind (mental, physical or sexual),” and “never using their influence or access to the studio to pressure performers or promise work.” Agencies and talent agents are also addressed in the code of conduct: “Agencies should represent and protect performers, inform them very clearly of the specific requirements of pornographic performances,” the code states. “They must inform performers of their rights and duties and legitimate expectations, with no expectation of sexual contact with agency staff, reasonably limited contract terms (within industry standard range of 1 year), and no punitive buyouts for performers who choose to leave the agency.”
A need for more autonomy over one’s working conditions spurred the rise of the independent adult content creator economy in the last 10 years, as more performers moved away from studio work—which often dictates workers’ hours, physical location, and ownership rights to their performances, and can be sporadic—to models like webcamming and subscription platforms like OnlyFans. Porn is legal in the U.S. but is still a heavily stigmatized career, and performers have reported that legislation like 2018’s Fight Online Sex Trafficking Act have made their livelihoods more precarious, even when working with studios.
In 2020, as Hollywood reckoned with allegations of abuse and coercion against the most powerful people in the entertainment industry, multiple performers came forward with their own stories of physical and mental abuse on-set. The power dynamic present in mainstream acting careers also exists in porn, with the added stigma of sex work: adult performers, like mainstream entertainment professionals or many other industries, might feel like they risk being ostracized within their industry for speaking out about mistreatment, but they also may feel a risk fueling decades-old anti-porn campaigns and their harmful rhetoric.
Many studios have previously established their own codes of conduct, including Gamma Entertainment-owned Adult Time, which published a guide to “what to expect on an Adult Time set” in 2023, and Kink, which published its shooting protocols, consent documents and checklists in 2019. There are also several talent-focused rights groups, like the Free Speech Coalition, that have operated with performer and crew wellbeing guidelines in place for years.
Michigan Lawmakers Are Attempting to Ban Porn Entirely
The “Anticorruption of Public Morals Act” proposes a total ban on porn in the state, and also targets the existence of trans people online, content like erotic ASMR, and selling VPNs in the state.404 MediaSamantha Cole
“The landscape for adult production has expanded rapidly over the past few years, so it's encouraging to see bigger studios codify industry best practices,” Mike Stabile, director of public policy at the Free Speech Coalition, told 404 Media. Stabile noted that the needs and requirements of productions and performers vary; independent content creators working with other indie creators might not need or have the resources to hire an intimacy coordinator on each shoot, for example, or a small fetish studio that doesn’t engage in fluid exchange might not need to adhere to testing. But “it sets a bar for what performers can and should expect in production, and provides a framework for understanding one's rights on set,” he said.
playlist.megaphone.fm?p=TBIEA2…
“It's incredibly powerful because it isn't just one studio or one group, it's a collection of some of the most influential leaders in adult production,” Stabile said. “While these practices aren't entirely new, by publishing guidelines they're creating a broad system of accountability. Whether or not other studios join and sign-on, I expect we'll see broader adoption of these protocols at all levels.”“I believe strong production standards are the foundation of a safe and respectful and successful industry, and I’ve always believed performers deserve nothing less,” performer Cherie DeVille said in the ASA press release. “It's powerful to see these top studios come together with the shared goal of ensuring performer wellness remains a top priority.”
What to Expect on an Adult Time Set - Adult Time Blog
Learn more about working with us through our "What to Expect on Set" campaign and explore Adult Time's new Performer Center.Blog Admin (Adult Time)
A Washington judge said images taken by Flock cameras are "not exempt from disclosure" in public record requests.#Flock
Judge Rules Flock Surveillance Images Are Public Records That Can Be Requested By Anyone
A judge in Washington has ruled that police images taken by Flock’s AI license plate-scanning cameras are public records that can be requested as part of normal public records requests. The decision highlights the sheer volume of the technology-fueled surveillance state in the United States, and shows that at least in some cases, police cannot withhold the data collected by its surveillance systems.In a ruling last week, Judge Elizabeth Neidzwski ruled that “the Flock images generated by the Flock cameras located in Stanwood and Sedro-Wooley [Washington] are public records under the Washington State Public Records Act,” that they are “not exempt from disclosure,” and that “an agency does not have to possess a record for that record to be subject to the Public Records Act.”
She further found that “Flock camera images are created and used to further a governmental purpose” and that the images on them are public records because they were paid for by taxpayers. Despite this, the records that were requested as part of the case will not be released because the city automatically deleted them after 30 days. Local media in Washington first reported on the case; 404 Media bought Washington State court records to report the specifics of the case in more detail.
A screenshot from the judge's decision
Flock’s automated license plate reader (ALPR) cameras are used in thousands of communities around the United States. They passively take between six and 12 timestamped images of each car that passes by, allowing the company to make a detailed database of where certain cars (and by extension, people) are driving in those communities. 404 Media has reported extensively on Flock, and has highlighted that its cameras have been accessed by the Department of Homeland Security and by local police working with DHS on immigration cases. Last month, cops in Colorado used data from Flock cameras to incorrectly accuse an innocent woman of theft based on her car’s movements.The case came in response to a public records request made by Jose Rodriguez, who in April sought all of the images taken by the city’s Flock cameras between the hours of 5 and 6 p.m. on March 30 (he later narrowed this request to only ask for images taken by a single camera in a half-hour period). The city argued that Rodriguez would have to request them directly from Flock, a private company not subject to public records laws. But Flock’s contracts with cities say that the city owns the images taken on their cameras. The city eventually took Rodriguez to court. In the court proceedings, the city made a series of arguments claiming that Flock images couldn’t be released; the judge’s decision rebuked all of these many arguments.
“I wanted the records to see if they would release them to me, in hopes that if they were public records it would raise awareness to all the communities that have the Flock cameras that they may be public record and could be used by stalkers, or burglars scoping out a house, or other ways someone with bad intentions may use them. My goal was to try getting these cameras taken down by the cities that put them up,” Rodriguez told 404 Media. “In order to show that the records were public records and that they don’t qualify as exempt under the Washington public records act we cited the contract, and I made requests to both cities requesting their exterior normal surveillance camera footage from their City Hall and police station that recorded the streets and parking lots with vehicles driving by and license plates viewable, which is what the Flock images also capture. Both cities provided me with the surveillance videos I requested without issue but denied the Flock images, so my attorney used that to show how they contradict themselves.”
"it is pretty abhorrent that the city tried to make all of these arguments in the first place"
The case highlights the lengths that police departments and cities are willing to go to in order to prevent the release of what they incorrectly perceive to be private information owned by their surveillance vendors (in this case, Flock). Stanwood’s attorneys first argued that the records were Flock’s, not the city’s, which is clearly contradicted in the contract, which states “customer [Stanwood] shall retain whatever legally cognizable right, title, and interest in Customer Generated Data … Flock does not own and shall not sell Customer Generated Data.” The attorneys then argued that images taken by Flock cameras do not become requestable data until it is directly accessed and downloaded by the police on Flock’s customer portal: “the data existing in the cloud system … does not exist anywhere in the City’s files as a record.” The city’s lawyers also argued that Flock footage is police “intelligence information” that should be exempt from public records requests, and that “there are privacy concerns with making ALPR data accessible to the public.”“Honestly, it is pretty abhorrent that the city tried to make all of these arguments in the first place, but it’s great that the court reaffirmed that these are public records,” Beryl Lipton, senior investigative researcher at the Electronic Frontier Foundation, told 404 Media in a phone interview. “So much of the surveillance law enforcement does is facilitated by third party vendors and that information is stored on their external servers. So for the court to start restricting access to the public because law enforcement has started using these types of systems would have been horribly detrimental to the public’s right to know.”
In affidavits filed with the court, police argued that “if the public could access the Flock Safety System by making Public Records Act requests, it would allow nefarious actors the ability to track private persons and undermine the effectiveness of the system.” The judge rejected every single one of these arguments.
Both Lipton and Timothy Hall, Rodriguez’s attorney, said that, to the contrary, Rodriguez’s request actually shows how pervasive mass surveillance systems are in society, and that sharing this information will help communities make better informed decisions about whether they want to use technology like Flock at all.
“We do think there should be redactions for certain privacy reasons, but we absolutely think that as a whole, these should be considered public records,” Lipton said. “This is part of the whole problem: These police departments and these companies are operating under the impression that everything that happens on the street is fair game, and that their systems are not a privacy violation. But then when it comes to the public wanting to know, they say ‘this is a privacy violation,’ and I think that’s them trying to have it both ways.”
Hall said that Rodriguez’s case, reporting by 404 Media, and a recent study by the University of Washington about Flock data being available to immigration enforcement officers, has started a conversation in the state about Flock in general.
“Now because of the Washington State Public Records Act, people can be aware of all the information these cameras are collecting. Now there’s a discussion going on: Do we even want these cameras? Well, they’re collecting way more information than we realized,” Hall told 404 Media in a phone call. “A lot of people are now realizing there’s a ton of information being collected here. This has now opened up a massive discussion which was ultimately the goal.”
A Flock spokesperson told 404 Media that the company believes that the court simply reaffirmed what the law already was. The city of Stanwood did not respond to a request for comment.
Rodriguez said that even after fighting this case, he is not going to get the images that he originally took, because the city automatically deleted it after 30 days, even though he filed his request. He can now file a new one for more recent images, however.
“I won’t be getting the records, even though I win the case (they could also appeal it and continue the case) no matter what I won’t get those records I requested because they no longer exist,” Rodriguez said. “The cities both allowed the records to be automatically deleted after I submitted my records requests and while they decided to have their legal council review my request. So they no longer have the records and can not provide them to me even though they were declared to be public records.”
Leaving the Door Wide Open: Flock Surveillance Systems Expose Washington Data to Immigration Enforcement - Center for Human Rights
Summary Flock Safety automated license plate reader (ALPR) networks have become increasingly common in Washington state.Andrea Marcos (Center for Human Rights)
A fight against a massive AI data center; how people are 3D-printing whistles to fight ICE; and AI's war on knowledge.
A fight against a massive AI data center; how people are 3D-printing whistles to fight ICE; and AIx27;s war on knowledge.#Podcast
Podcast: Inside a Small Town's Fight Against a $1.2 Billion AI Datacenter
We start with Matthew Gault’s dive into a battle between a small town and the construction of a massive datacenter for America’s nuclear weapon scientists. After the break, Joseph explains why people are 3D-printing whistles in Chicago. In the subscribers-only section, Jason zooms out and tells us what librarians are seeing with AI and tech, and how that is impacting their work and knowledge more broadly.
playlist.megaphone.fm?e=TBIEA3…
Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
youtube.com/embed/rHk580uKwHw?…
6:03 - Our New FOIA Forum! 11/19, 1PM ET7:50 - A Small Town Is Fighting a $1.2 Billion AI Datacenter for America's Nuclear Weapon Scientists
12:27 - 'A Black Hole of Energy Use': Meta's Massive AI Data Center Is Stressing Out a Louisiana Community
21:09 - 'House of Dynamite' Is About the Zoom Call that Ends the World
30:35 - The Latest Defense Against ICE: 3D-Printed Whistles
SUBSCRIBER'S STORY: AI Is Supercharging the War on Libraries, Education, and Human Knowledge
The 404 Media Podcast
Tech News Podcast · Updated Weekly · Welcome to the podcast from 404 Media where Joseph, Sam, Emanuel, and Jason catch you up on the stories we published this week. 404 Media is a journalist-owned digital media company exploring the way …Apple Podcasts
Enrollment to the CopyrightX – Turin University Affiliate Course Fall 2025-2026 Now Open!
Turin, 12 November 2025 Harvard University Law School CopyrightXTurin University Affiliated Course 2025-2026 Fall Edition CALL FOR APPLICATIONS About CopyrightX CopyrightX is a course on Copyright Law developed by Professor William Fisher III at Harv…#CopyrightX
Stati Uniti e Cina allo scontro globale - Nexa Center for Internet & Society
26 novembre 2025 | RAFFAELE SCIORTINONexa Admin (Nexa Center for Internet & Society)
Nicola Pizzamiglio likes this.