Researchers demonstrate sustainable 3D printing by using poly(N-isopropylacrylamide) solutions (PNIPAM), which speedily and reliably turn solid by undergoing a rapid phase change when in a salt solution.

This property has been used to 3D print objects by using a syringe tip as if it were a nozzle in a filament-based printer. As long as the liquid is being printed into contact with a salt solution, the result is a polymer that solidifies upon leaving the syringe.

What’s also interesting is that the process by which the PNIPAM-based solutions solidify is entirely reversible. Researchers demonstrate printing, breaking down, then re-printing, which is an awfully neat trick. Finally, by mixing different additives in with PNIPAM, one can obtain different properties in the final product. For example, researchers demonstrate making conductive prints by adding carbon nanotubes.

While we’ve seen the concept of printing with liquids by extruding them into a gel bath or similar approach, we haven’t seen a process that prides itself on being so reversible before. The research paper with all the details is available here, so check it out for all the details.

I ricercatori di Certitude hanno dimostrato un modo per aggirare la protezione anti-phishing in Microsoft 365 (ex Office 365). Tuttavia, le vulnerabilità non sono state ancora risolte.

Gli esperti dicono che esiste un modo per nascondere il suggerimento di sicurezza del primo contatto. Come suggerisce il nome, First Contact Safety Tip è progettato per avvisare gli utenti di Outlook quando ricevono e-mail da nuovi contatti. Viene visualizzato un messaggio come questo: “Non ricevi spesso email da xyz@example.com. Scopri perché è importante.”

La chiave qui è che l’avviso viene aggiunto direttamente al corpo HTML principale dell’e-mail, il che apre la possibilità di manipolare il CSS incorporato nell’e-mail.

I ricercatori di Certitude scrivono che questo messaggio può essere facilmente nascosto nel modo seguente.

Cioè, il testo e il colore dello sfondo vengono cambiati nel colore bianco, la dimensione del carattere viene impostata su 0, il che alla fine nasconde l’avviso e lo rende invisibile all’utente.

Portando avanti questa idea, gli esperti hanno scoperto che potevano aggiungere ulteriore codice HTML alle e-mail che imitavano le icone che Microsoft Outlook aggiunge alle e-mail crittografate e firmate per farle sembrare sicure. Sebbene alcune limitazioni di formattazione impediscano una perfetta corrispondenza visiva, questo trucco può comunque aiutare a bypassare controlli poco approfonditi.

I ricercatori sottolineano di non essere a conoscenza di casi di sfruttamento dei bug descritti e di non aver trovato modi per manipolare l’HTML per visualizzare testo arbitrario in un’e-mail.

Certitude ha informato Microsoft delle sue scoperte inviando una PoC e un rapporto dettagliato agli sviluppatori tramite il Microsoft Researcher Portal (MSRC). Tuttavia, i rappresentanti di Microsoft hanno dato ai ricercatori la seguente risposta:

“Abbiamo stabilito che le tue informazioni sono valide, ma non soddisfano i nostri criteri per una risposta immediata poiché [il problema] può essere utilizzato principalmente per attacchi di phishing. Tuttavia, abbiamo preso nota di queste informazioni per un’ulteriore revisione volta a migliorare i nostri prodotti.”

L'articolo Microsoft 365: come bypassare la sicurezza anti-phishing di Outlook con il CSS proviene da il blog della sicurezza informatica.

Fluke meters have been around for a long, long time. Heck, we’ve got a Fluke 73 that we bought back in 1985 that’s still a daily driver. But just because they’ve been making them forever doesn’t mean they last forever, and getting a secondhand meter back in the game can be a challenge. That’s what [TheHWCave] learned with his revival of a wonky eBay Fluke 25, an effort that holds lessons for anyone in the used Fluke market.

Initial inspection of the meter showed encouragingly few signs of abuse, somewhat remarkable for something built for the military in the early 1980s. A working display allowed a few simple diagnostics revealing that the ammeter functions seemed to work, but not the voltmeter and ohmmeter functions. [TheHWCave]’s teardown revealed a solidly constructed unit with no obvious signs of damage or blown fuses. Thankfully, a service schematic was available online, albeit one with a frustrating lack of detail, confusing test point nomenclature, and contradictory component values.

Despite these hurdles, [TheHWCave] was able to locate the culprit: a bad fusible power resistor. Finding a direct replacement wasn’t easy given the vagaries of the schematic and the age of the instrument, but he managed to track down a close substitute cheap enough to buy in bulk. He searched through 40 units to find the one closest to the listed specs, which got the meter going again. Fixing the bent pin also gave the meter back its continuity beeper, always a mixed blessing.

If you’re in the market for a meter but can’t afford the Fluke name, picking up a busted meter and fixing it up like this might be one way to go. But are they really worth the premium? Well, kinda yes.

youtube.com/embed/mpk1GC_NOIo?…

Gli specialisti di Cisco Talos stanno monitorando attivamente diverse campagne dannose che utilizzano NetSupport RAT per infezioni persistenti. Queste campagne sfuggono al rilevamento grazie all’offuscamento e agli aggiornamenti regolari.

Nel novembre 2023, i fornitori di sicurezza hanno identificato una nuova campagna NetSupport RAT che utilizzava falsi aggiornamenti del browser per indurre gli utenti a scaricare codice dannoso. Questo codice scarica ed esegue comandi PowerShell che installano l’agente NetSupport sul computer della vittima per scopi di persistenza.

Nel gennaio 2024, i ricercatori di eSentire hanno pubblicato un’altra analisi della stessa campagna, identificando i cambiamenti nel codice sorgente JavaScript e nel percorso di installazione dell’agente. Questi cambiamenti dimostrano il desiderio degli aggressori di migliorare le tecniche di offuscamento e di evasione.

Cisco Talos ha condotto la propria analisi e ha identificato molteplici tecniche di offuscamento ed evasione utilizzate nella campagna. Questa conoscenza ha portato alla creazione di strumenti di rilevamento accurati che aiutano a proteggere gli utenti. Talos utilizza strumenti open source come Snort e ClamAV per sviluppare tecniche di rilevamento e protezione.

NetSupport Manager esiste dal 1989 e viene utilizzato per la gestione remota dei dispositivi. Tuttavia, dal 2017, gli aggressori hanno iniziato ad utilizzarlo per i propri scopi. Il passaggio al lavoro remoto negli anni 2020 ha portato a un aumento dell’uso di NetSupport RAT negli attacchi di phishing e drive-by . Questa campagna è una delle più significative degli ultimi anni, con centinaia di varianti di downloader dannosi utilizzate in una massiccia campagna pubblicitaria.

La prima fase della campagna è un file JavaScript scaricato da siti pubblicitari o risorse compromesse. Questo file è offuscato e contiene il loader della fase successiva. La seconda fase include uno script PowerShell che scarica ed esegue l’agent NetSupport, mantenendolo persistente nel registro di sistema.

Per rilevare la campagna, vengono utilizzate le regole di Snort per identificare i file dannosi e la loro trasmissione attraverso vari protocolli. Queste regole aiutano anche a monitorare l’attività di PowerShell e altri segnali della presenza di un RAT NetSupport.

Il malware e le tattiche di attacco in continua evoluzione richiedono ai professionisti della sicurezza informatica di rimanere costantemente vigili e adattarsi. È importante ricordare che anche gli strumenti legittimi possono essere utilizzati dagli aggressori, quindi il pensiero critico e la cautela quando si interagisce con qualsiasi risorsa online stanno diventando competenze chiave per ogni utente al giorno d’oggi.

L'articolo Attacchi Persistenti: Come NetSupport RAT Sfrutta JavaScript e PowerShell proviene da il blog della sicurezza informatica.

From the “why didn’t we think of that” department comes [dupontgu’s] pong mouse project. The mouse appears and acts like a normal computer mouse until you click the scroll wheel. When you do, the mouse rapidly moves the cursor on the connected computer to play pong. Obviously, though, the paddles and the ball all look like your cursor, whatever that happens to be. So, how do you tell the score? Well, when a score happens, the cursor shows between the two paddles. In the middle means the game is tied. Otherwise, the player closest to the score indicator is winning. The mouse is an off-the-shelf unit, but inside is a tiny XIAO RP2040 board that can act as both a USB host and a USB device. The RP2040 intercepts the USB traffic and can modify it as it sees fit or just pass it unchanged. Part of the secret sauce is to make the mouse use absolute mode so that it can teleport the cursor between two spots. This is common with, for example, touchscreen drivers. However, it is unusual for a mouse to use this mode. Of course, the cursor is actually only in one place at a time, but your eye thinks it is in multiple places at the same time.

The code itself isn’t very long. A few hundred lines of C++ and, of course, plenty of libraries to handle the USB. We can think of lots of reasons we might want to filter a USB device.

This version of pong doesn’t take a lot of mechanical parts. Or, you could try making one with no parts at all.

Il presidente venezuelano Nicolas Maduro continua a inasprire il suo governo, utilizzando la tecnologia per reprimere il dissenso e limitare l’accesso alle informazioni. Più di 100 organizzazioni della società civile e attivisti per i diritti umani hanno firmato una lettera aperta in cui annunciano il blocco di 62 mezzi di informazione.

La situazione relativa alla soppressione digitale e alle violazioni dei diritti umani in Venezuela è peggiorata in modo significativo durante e dopo le elezioni presidenziali del 28 luglio, ampiamente considerate fraudolente.

VEsinFiltro, un’organizzazione che monitora la censura di Internet nel paese, ha riscontrato 12 nuovi casi di blocco dei siti Web dei media e delle organizzazioni per i diritti umani, nonché delle VPN.

Oltre ai 62 media bloccati, secondo Access Now sono stati messi offline anche i più grandi fornitori di servizi Internet del paese, colpendo 86 domini. Il giorno prima delle elezioni sono stati bloccati anche i siti wikipedia[.]org ed es.wikipedia[.]org.
Casi di blocco di Internet durante la campagna in corso

VEsinFiltro ha inoltre confermato le restrizioni all’accesso al sito web dell’Ufficio Elettorale contenente i dati ufficiali sulle elezioni presidenziali. Il sito non è stato aperto né all’interno né all’esterno del Venezuela.

Secondo alcuni rapporti, dal 2016 la società cinese ZTE fornisce al Venezuela tecnologie di sorveglianza avanzate. Maduro ha anche confermato la presenza di tecnologie di hacking telefonico sviluppate dall’azienda israeliana Cellebrite.

Le autorità venezuelane utilizzano il servizio di messaggistica VenApp di proprietà statale per raccogliere rapporti sui personaggi dell’opposizione. Inoltre, la videosorveglianza e i droni vengono utilizzati attivamente per spiare i cittadini. Il programma di sorveglianza è accompagnato dall’operazione Knock-Knock del governo, che facilita la denuncia e la detenzione arbitraria di attivisti, giornalisti e cittadini comuni.

Secondo Reuters tre gruppi per i diritti umani hanno riferito che le forze di sicurezza hanno molestato e arrestato i manifestanti, compresi minorenni, senza consentire loro di consultare gli avvocati. In totale, secondo Access Now, sono state arrestate più di 2.000 persone, tra cui 20 morti, e almeno 25 persone sono risultate scomparse.

L'articolo Muri Digitali: Blocco di Internet e Repressione Digitale in Venezuela proviene da il blog della sicurezza informatica.

Immagina di avere una serratura difettosa sulla porta di casa. Un ladro esperto potrebbe sfruttare questa debolezza per entrare e saccheggiare la tua abitazione. Allo stesso modo, la vulnerabilità CVE-2024-4885 ha creato una falla enorme nella sicurezza di migliaia di organizzazioni che utilizzano WhatsUp Gold, un popolare software di monitoraggio delle reti. Questa grave vulnerabilità consente agli hacker di aggirare completamente le difese informatiche e di prendere il controllo dei sistemi, con potenziali conseguenze devastanti per le aziende.

Una vulnerabilità critica (CVE-2024-4885) è stata recentemente scoperta in WhatsUp Gold, un’applicazione di monitoraggio delle reti sviluppata da Progress Software. Questa falla di sicurezza, con un punteggio CVSS di 9.8 su 10, consente l’esecuzione di codice remoto senza autenticazione e sta già venendo attivamente sfruttata dagli attaccanti. Le versioni del software precedenti alla 2023.1.3 sono tutte vulnerabili, rendendo l’aggiornamento immediato una priorità per tutte le organizzazioni che utilizzano questo strumento.

Inoltre, l’aggiornamento alla versione 2023.1.3 risolve altre vulnerabilità critiche, tra cui CVE-2024-4883, CVE-2024-4884 e CVE-2024-5009, aumentando l’urgenza dell’applicazione del patch.

Cos’è WhatsUp Gold?

WhatsUp Gold è una soluzione di monitoraggio delle reti utilizzata da aziende di tutto il mondo per ottenere visibilità in tempo reale sulle loro infrastrutture IT. Questo strumento permette agli amministratori di rete di monitorare server, applicazioni e dispositivi, identificando rapidamente problemi di prestazioni o di connettività. Grazie a queste capacità, WhatsUp Gold è diventato un componente essenziale per la gestione delle reti, ma proprio la sua diffusione lo rende un obiettivo interessante per gli attaccanti informatici.

Tipo di Attacco e Vulnerabilità

La vulnerabilità CVE-2024-4885 si annida nel metodo ‘GetFileWithoutZip‘ di WhatsUp Gold, che non esegue un’adeguata validazione dei percorsi forniti dagli utenti prima del loro utilizzo. Questo difetto permette agli attaccanti di eseguire codice arbitrario con i privilegi del servizio associato all’applicazione, NMConsole. La gravità della situazione è ulteriormente accentuata dal rilascio di un exploit proof-of-concept (PoC) da parte del ricercatore di sicurezza Sina Kheirkhah.

Gli amministratori sono dunque invitati non solo ad aggiornare il software, ma anche a monitorare attentamente il traffico di rete e ad implementare regole firewall per limitare l’accesso ai soli IP attendibili, specialmente sulle porte 9642 e 9643.

Oltre a CVE-2024-4885, la versione 2023.1.3 di WhatsUp Gold affronta altre due vulnerabilità critiche, CVE-2024-4883 e CVE-2024-4884, che permettono anch’esse l’esecuzione di codice remoto non autenticato tramite NmApi.exe e il controller CommunityController. Inoltre, è stato risolto un problema di escalation dei privilegi (CVE-2024-5009), che permetteva agli attaccanti locali di aumentare i propri privilegi sfruttando il metodo SetAdminPassword.

Conclusioni

La scoperta della vulnerabilità CVE-2024-4885 evidenzia l’importanza cruciale di mantenere aggiornati gli strumenti di monitoraggio e gestione delle reti. Con exploit “attivi” in circolazione, gli amministratori IT devono agire tempestivamente per aggiornare WhatsUp Gold alla versione 2023.1.3, proteggendo così i loro sistemi da potenziali compromissioni. Questo incidente dimostra anche la necessità di una vigilanza costante, dato che come in questo caso, anche i software più affidabili possono diventare bersagli di attacchi se non adeguatamente protetti. Monitorare attentamente il traffico di rete e applicare regole di accesso restrittive rappresentano ulteriori misure preventive fondamentali per mitigare future minacce.

L'articolo WhatsUp Gold Sotto Attacco: Aggiornamento Immediato Essenziale proviene da il blog della sicurezza informatica.

Apple on Thursday (8 August) changed its policy in the European Union to allow developers to communicate with their customers outside its App Store after the commission charged the iPhone maker in June for breaching the bloc's tech rules.

euractiv.com/section/digital-s…

An ongoing European Commission investigation into social media platform X could take its handling of harmful content related to the recent UK riots into account, a spokesperson said on Thursday (8 August).

euractiv.com/section/platforms…

[Ryan Miceli] wanted to build some reverse engineering skills by finding a new exploit for an original Xbox. Where he ended up was an exploit that worked across the network, across several games, and several different consoles. But it all started with an unbounded strcpy in Tony Hawk Pro Skater (THPS).

Xbox, PlayStation 2, and Gamecube (often referred to as the sixth generation) are wonderful hacking targets as they don’t possess many of the security enhancements of the seventh generation, like hypervisors, privilege levels, and hardware executability protections. The console launches the game, and control is fully within the game, so once you get your code executing, you’re done. The exploit started with a feature in many Tony Hawk games, the custom map editor. In the editor, you can create gaps between jumps with a name so that when a player completes the gap, it can flash “you jumped x” in big letters. However, on Xbox, the gap name is copied with an unbounded strcpy to the stack, meaning you can overwrite the return pointer. Additionally, there are no stack cookies for THPS, which meant nothing stopped [Ryan] from smashing his way through. He includes a small memcpy stub in the header of the level, which the gap name jumps to, which then copies and executes his full payload.

The other games in the series, like Tony Hawk’s Pro Skater 3 (THPS3), had the bug, but the gap name was copied to the heap, not the stack. However, he could overflow into a vtable of the next object that would call his code when the object was freed. However, the level save data wasn’t an executable region of memory, which meant he needed ROP (return-oriented programming). Just a few gadgets later, and [Ryan] had another exploit working.

Tony Hawk’s Underground 1 and 2 had stack cookies turned on. This meant a random value was placed on the stack before a function, then popped off and checked. This meant the program could check if its stack had been smashed. Unfortunately for [Ryan], this proved to be a major roadblock. However, the PC and PS2 versions of these games do not have stack cookies, which means they can be exploited in the same manner.

The beauty of the exploit is that the game allows you to invite a friend to play a custom level. This means once the level is transferred over the network, their console is hacked as well. However, the full payload wasn’t sent to the client console, which meant the exploit had to send the payload to the other console using the game’s existing net code. The exploit sets up an asynchronous file transfer then hands control back to the game. Of course, there was a memory leak in the netcode, because the game had never sent large amounts of data over the network before. So, part of the exploit was a hot patch for a memory leak.

As a last hurrah, [Ryan] ported the hack to Gamecube, PS2, and PC. The code is on GitHub, and the video is after the break. We love the attention the Xbox has been getting, and if you’re curious about a hardware hack, this 256MB ROM mod goes deep into the internals.

youtube.com/embed/Pjqw1Gwk0jg?…

HVAC – heating, ventilation, and air conditioning – can account for a huge amount of energy usage of a building, whether it’s residential or industrial. Often it’s the majority energy consumer, especially in places with extreme climates or for things like data centers where cooling is a large design consideration. When problems arise with these complex systems, they can go undiagnosed for a time and additionally be difficult to fix, leading to even more energy losses until repairs are complete. With the growing availability of platforms that can run capable artificial intelligences, [kutluhan_aktar] is working towards a system that can automatically diagnose potential issues and help humans get a handle on repairs faster.

The prototype system is designed for hydronic (water-based) systems and uses two separate artificial intelligences, one to analyze thermal imagery of the system and look for problems like leaks, hot spots, or blockages, and the other to listen for anomalous sounds especially relating to the behavior of cooling fans. For the first, a CNC-like machine was built to move a thermal camera around a custom-built model HVAC system and report its images back to a central system where they can be analyzed for anomalies. The second system which analyses audio runs its artificial intelligence on a XIAO ESP32C6 and listens to the cooling fans running in the model.

One problem that had to be tackled before any of this could be completed was actually building an open-source dataset to train the AI on. That’s part of the reason for the HVAC model in this project; being able to create problems to train the computer to detect before rolling it out to a larger system. The project’s code and training models can be found on its GitHub page. It seems to be a fairly robust solution to this problem, though, and we’ll be looking forward to future versions running on larger systems. Not everyone has a hydronic HVAC system, though. As heat pumps become more and more popular and capable, you’ll need systems to control those as well.

da Radio Popolare (19-7-2024):

Le colonie israeliane in Cisgiordania sono illegali. Lo ha stabilito oggi la Corte internazionale di giustizia con un pronunciamento storico, che ha chiuso un importante procedimento avviato nel 2022.
“Il popolo ebraico non è conquistatore nella propria terra”, ha subito commentato il premier israeliano Benyamin Netanyahu, mentre i ministri di estrema destra Itamar Ben Gvir e Bezalel Smotrich hanno risposto chiedendo “l’annessione” di larghe parti della Cisgiordania.
Il parere della Corte era stato formalmente richiesto dall’Assemblea generale delle Nazioni Unite a proposito delle conseguenze legali dell’occupazione da parte di Israele della Cisgiordania e di Gerusalemme Est. Sentiamo Chantal Meloni, docente di diritto penale internazionale alla statale di Milano: radiopopolare.it/riassunto-del…

Few processors have found themselves in so many different devices as the venerable Z80. While it isn’t powerful by modern standards, you can still use devices like this Cidco MailStation as a terminal.

The MailStation was originally designed as an email machine for people who weren’t onboard with this whole computer fad, keeping things simple with just an adjustable monchrome LCD, a keyboard, and a few basic applications. [Joshua Stein] developed a terminal application, msTERM, for the MailStation thanks to work previously done on decoding this device and the wealth of documentation for Z80 assembly.

While [Stein] designed his program to access BBSes, we wonder if it might be a good way to do some distraction-free writing. If that wasn’t enough, he also designed the WiFiStation dongle which lets you communicate over a network without all that tedious mucking about with parallel ports.

If you’d like something designed specifically for writing, how about an AlphaSmart? Wanting to build your own Z80-based project? Why not start with an Altoids-sized Z80 SBC, but don’t wait forever since Z80 production finally ended in June.

youtube.com/embed/Z7FYuFUxFlo?…

The world is tough and uncaring sometimes, especially if you’re at home tinkering with HP Enterprise equipment. If you’re in the same boat as [Neel Chauhan], you might have found that HPE is less than interested in interacting with small individual customers. Thus, when a cable was needed, [Neel] was out of luck. The simple solution was to assemble a substitute one instead!

[Neel] had a HPE ProLiant ML110 Gen11 server, which was to be used as network-attached storage (NAS). Unfortunately, it was bought as an open box, and lacked an appropriate serial-attached SCSI (SAS) cable. Sadly, HPE support was of no assistance in sourcing one.

SlimSAS LP x8 to dual MiniSAS x4 cables aren’t easy to find from anyone else, it turns out. Thus, [Neel] turned to Amazon for help sourcing a combination of parts to make this work. A SlimSAS LP 8X to 2x MiniSAS SFF-8643 cable was used, along with a pair of Mini SAS SFF-8087 to SAS HD SFF-8643 female adapters. From there, SFF-8087 cables could be used to hook up to the actual SAS devices required. The total cost? $102.15.

The stack of cables and adapters looks a bit silly, but it works—and it got [Neel]’s NAS up and running. It’s frustrating when you have to go to such lengths, but it’s not the first time we’ve seen hackers have to recreate obscure cables or connectors from scratch! What’s the craziest adapter salad you’ve ever made?

Social media giant X has suspended the processing of some personal data from EU users' public posts to train AI models, two days after the Irish Data Protection Commission (DPC) launched court proceedings over the practice.

euractiv.com/section/data-priv…

slowforward.net/2024/08/08/bts…

slowforward

2024-08-08 17:17:29

English below

slowforward.net/wp-content/upl…

“Welcome to Hell” è il rapporto più completo e autorevole sugli abusi e le torture sistematiche nelle carceri israeliane dal 7 ottobre, redatto da B’Tselem, la principale organizzazione israeliana per i diritti umani, che ha trascorso mesi a intervistare dozzine di ex prigionieri palestinesi (quelli che sono sopravvissuti alle torture).
Il loro rapporto fa “appello a tutte le nazioni e a tutte le istituzioni e gli organismi internazionali, compresa la Corte penale internazionale, affinché facciano tutto il possibile per porre immediatamente fine alle crudeltà inflitte ai palestinesi dal sistema carcerario israeliano e per riconoscere il regime di apartheid sistematico che opera in Israele”.

slowforward.net/wp-content/upl…

“Welcome to Hell” is the most comprehensive and authoritative report on systematic abuse and torture in Israeli prisons since October 7, written by B’Tselem, Israel’s leading human rights organization, which spent months interviewing dozens of former Palestinian prisoners (those who survived torture).
Their report “calls on all nations and all international institutions and bodies, including the International Criminal Court, to do everything possible to immediately put an end to the cruelties inflicted on Palestinians by the Israeli prison system and to recognize the systematic apartheid regime operating in Israel.”

slowforward.net/2024/08/08/bts…

#ApartheidFreeZone #BTselem #Cisgiordania #detention #dirittiUmani #EastJerusalem #Gaza #genocide #GeruselemmeEst #humanRights #illegalità #illegalitàIsraeliane #imprisonment #Israel #Israele #israeliPrisons #Palestina #Palestine #prigione #prigioniIsraeliane #prigionia #rapporto #report #sionismo #starvation #torture #trial #WelcomeToHell #WestBank #zionism #zionistPrisons #zionists

b’tselem’s report on israeli prisons, “welcome to hell”: free downloadable pdf // il pdf (liberamente scaricabile) del rapporto di b’tselem sulle carceri israeliane

“Welcome to Hell” is the most comprehensive and authoritative report on systematic abuse and torture in Israeli prisons since October 7, written by B’Tselem, Israel’s leadin…

^slowforward

Lo scorso capodanno ho visitato Nagasaki e i suoi monumenti alla bomba atomica. Sono parecchio brutti ma commoventi, e ci sono ancora reduci che portano la loro testimonianza con un'ammirevole dedizione alla diffusione di una cultura della pace anziché della vendetta. Mi dispiace che per amor di Bibi il vendicatore gli europei si siano fatti indietro.

ansa.it/sito/notizie/mondo/202…

Israele non invitato,ambasciatori occidente non vanno a Nagasaki - Notizie - Ansa.it

TOKYO, 07 AGO - Gli ambasciatori dei Paesi occidentali, compresa l'Italia, salteranno la cerimonia per il 79° anniversario del bombardamento di Nagasaki dopo che Israele non è stato invitato. Lo riferiscono alcuni funzionari. (ANSA)

^{Agenzia ANSA}

If there’s one thing humans love, it’s dancing with chance. To that end, [Jonathan] whipped up a fun dice box, connecting it to the Internet of Things for additional functionality.
Expect dice roll stat tracking to become a big thing in the D&D community.
The build is based around Pixels Dice. They’re a smart type of IoT dice that contains Bluetooth connectivity and internal LEDs. The dice are literally capable of detecting their own rolls and reporting them wirelessly. Thus, the dice connects to the dice box, and the dice box can literally log the rolls and even graph them over time.

The project was built in a nice octagonal box [Jonathan] picked up from a thrift store. It was fitted with a hidden battery and ESP32 to communicate with the dice and run the show. The box also contains integrated wireless chargers to recharge the dice as needed, and a screen for displaying status information.

The dice and dice box can do all kinds of neat things, like responding with mood lighting and animations to your rolls—for better or worse. There are some fun modes you can play with—you can even set the lights to sparkle if you pass a given skill check in your tabletop RPG of choice!

If you play a lot of tabletop games, and you love dice and statistics, this is a project well worth looking into. Imagine logging every roll so you can see how hot you are on a given night. Or, heck—whether it was the dice’s fault you lost your favorite player character in that foreboding dungeon.

We see a few dice hacks now and then, but not nearly enough. This project has us questioning where smart dice have been all our life! Video after the break.

youtube.com/embed/oCDr44C-qwM?…

Raspberry Pi’s first foray into the world of microcontrollers, the RP2040, was a very interesting chip. Its standout features were the programmable input/output units (PIOs) which enabled all sorts of custom real-time shenanigans. And that’s not to discount the impact of the Pi Pico, the $4 dev kit built around it.

Today, they’re announcing a brand-new microcontroller: the RP2350. It will come conveniently packaged in the new Pi Pico 2, and there’s good news and bad news. The good news is that the new chip is better in every way, and that the Pico form factor will stay the same. The bad news? It’s going to cost 25% more, coming in at $5. But in exchange for the extra buck, you get a lot.

For starters, the RP2350 runs a bit faster at 150 MHz, has double the on-board RAM at 520 kB, and twice as much QSPI flash at 4 MB. And those sweet, sweet PIOs? Now it has 12 instead of just 8. (Although we have no word yet if there is more program space per PIO – even with the incredibly compact PIO instruction set, we always wanted more!)
Two flavors on the same chip: Arm and RISC
As before, it’s a dual-core chip, but now the cores are Arm Cortex M33s or RISC-V Hazard3s. Yes, you heard that right, there are two pairs of processors on board. Raspberry Pi says that you’ll be able to select which style of cores runs either by software or by burning one-time fuses. So it’s not a quad core chip, but rather your choice of two different dual cores. Wild!

Raspberry Pi is also making a big deal about the new Arm TrustZone functionality. It has signed boot, 8 kB of OTP key-storage memory, SHA-256 acceleration, a hardware RNG, and “fast glitch detectors”. While this is probably more aimed at industry that the beginning hacker, we’re absolutely confident that some of you out there will put this data-safe to good use.

There is, as of yet, no wireless built in. We can’t see into the future, but we can see into the past, and we remember that the original Pico was wireless for a few months before they got the WiFi and Bluetooth radio added into the Pico W. Will history repeat itself with the Pico 2?

We’re getting our hands on a Pico 2 in short order, and we’ve already gotten a sneak peek at the extensive software toolchain that’s been built out for it. All the usual suspects are there: Picotool, TinyUSB, and OpenOCD as we write this. We’ll be putting it through its paces and writing up all the details next week.

Image by [fata1err0r81] via redditThe most striking feature of the Tenshi keyboard has to be those dual track pads. But then you notice that [fata1err0r81] managed to sneak in two extra thumb keys on the left, and that those are tilted for comfort and ease of actuation.

The name Tenshi means ‘angel’ in Japanese, and creator [fata1err0r81] says that the track pads are the halos. Each one slides on a cool 3D-printed track that’s shaped like a half dovetail joint, which you can see it closer in this picture.

Tenshi uses a pair of RP2040 Zeros as controllers and runs QMK firmware. The track pads are 40 mm each and come from Cirque. While the Cirques have been integrated into QMK, the pull request for ZMK has yet to be merged in. And about those angled keys — [fata1err0r81] says they tried risers, but the tilting feels like less effort. Makes total sense to me, but then again I’m used to a whole keyboard full of tilted keys.

kbplacer Is Your New Best Friend

The finished result. Image by [Adam] via GitHubWhat’s the worst part about building custom mechanical keyboards? Well, it probably depends on the person, but for many, the answer would be placing the elements and routing them in order to create the actual PCB.

[Adam] wrote kbplacer, which is an open-source KiCad plugin for designing mechanical keyboards. kbplacer does automatic key placing and routing, and works with Keyboard Layout Editor, VIA, QMK, and, experimentally, Ergogen. It also places diodes, and lets the user select the diode position in relation to key position. In addition, kbplacer can also be installed with pip as a Python package for use with other tools.

If you do want to use it with Ergogen, [Adam] outlines a workflow example. Also, check out how kbplacer works with a whole bunch of popular layouts.

The Centerfold: Battleship Harleyquin

Image by [hiphasreddit] via redditHarlequin all the things, I say, and bring back the four-color Volkswagen. That’s why I love this here Battleship Harleyquin. Don’t miss the gallery!

This may look like an Alice, but it’s really the AVA by Sneak Box with GMK Panels key caps. A matching Panels desk mat might have been too much; I think the GMK Slasher looks nice.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: the Smith Premier 1

Image via Antique Typewriters
While not quite a 200% keyboard, the Smith Premier 1 definitely has one in spirit. As you can probably tell, there are separate keys for upper and lower case letters. No key performs a second function, so there is no Shift in sight. I particularly like the double space bars and the fact that the numerals run down both sides.

This machine, produced by the L.C. Smith Gun Co. of Syracuse, New York beginning in the late 1880s was “the most advertised and successful double keyboard typewriter of its time”. It sold for $100, which was about average for a keyboard typewriter at that time, when one could buy a horse-drawn carriage for $60.

While modern typewriters make use of keys attached to type bars with levers, the Smith Premier uses an array of turning rods in order to transfer motion from the key press to the type bar.

Pressing a key turns a particular horizontal rod that runs the length of the machine. At the rear, a small lever connected to the rod pulls down on the type bar above it, striking the paper. Apparently this design was quite smooth and responsive for the typist. Be sure to check out the detailed images on this one.

ICYMI: the Portable Pi 84

Image by [Michael Mayer] via PrintablesOver the years, the idea of ‘portable’ has changed significantly. While we once had luggable computers and chonky laptops, these have given way to sleek machines that look pretty much all alike from the outside.

Some of those laptops of yore had ultra-wide displays and were hinged in the center, leaving a sort of trunk the back. It is these classic computers that inspired [Michael Mayer] to build the Portable Pi 84.

Well, those, and in particular, [Michael]’s chosen mechanical keyboard, itself based on the Happy-Keyboard from [Luis Alegría]. The 9.3″ Waveshare display serendipitously just fits over the keyboard, and the rest is in that spacious trunk — the Raspberry Pi 4, a UPS hat, a couple of 21700 batteries, and a pair of speakers.

Be sure to check out the printed panels that let the user change up the ports and connection layout, because that’s an incredibly cool idea.

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

The foiled jihadist terrorist plot targeting Taylor Swift‘s concerts in Vienna highlights an increasing terrorist threat coming from radicalised European teenagers, which experts blame on social media.

euractiv.com/section/politics/…