Il nuovo video di Pasta Grannies: youtube.com/shorts/KhD_v4G-cC8
@Cucina e ricette
(HASHTAG)
Cucina e ricette reshared this.
2025 Component Abuse Challenge: Weigh With A TL074
The late and lamented [Bob Pease] was one of a select band of engineers, each of whose authority in the field of analogue integrated circuit design was at the peak of the art. So when he remarks on something in his books, it’s worth taking notice. It was just such an observation that caught the eye of [Trashtronic]; that the pressure on a precision op-amp from curing resin could be enough to change the device’s offset voltage. Could this property be used for something? The op-amp as a load cell was born!
The result is something of an op-amp torture device, resembling a small weighing machine with a couple of DIP-8 packages bearing the load. Surprisingly modest weights will change the offset voltage, though it was found that the value will drift over time.
This is clearly an experimental project and not a practical load cell, but it captures the essence of the 2025 Component Abuse Challenge of which it forms a part. Finding completely unexpected properties of components doesn’t always have to lead to useful results, and we’re glad someone had done this one just to find out whether or not it works. You still just about have time for an entry yourself if you fancy giving it a go.
Leone XIV: “preoccupati per il lavoro”, “unire le forze per trovare soluzioni, non solo per commentare problemi” - AgenSIR
“La voce della Chiesa è che sui diritti e sulla necessità del lavoro bisogna veramente lavorare tutti insieme”.M.Michela Nicolais (AgenSIR)
The app, called Mobile Identify and available on the Google Play Store, is specifically for local and regional law enforcement agencies working with ICE on immigration enforcement.#CBP #ICE #FacialRecognition #News
CBP Quietly Launches Face Scanning App for Local Cops To Do Immigration Enforcement
Customs and Border Protection (CBP) has publicly released an app that Sheriff Offices, police departments, and other local or regional law enforcement can use to scan someone’s face as part of immigration enforcement, 404 Media has learned.The news follows Immigration and Customs Enforcement’s (ICE) use of another internal Department of Homeland Security (DHS) app called Mobile Fortify that uses facial recognition to nearly instantly bring up someone’s name, date of birth, alien number, and whether they’ve been given an order of deportation. The new local law enforcement-focused app, called Mobile Identify, crystallizes one of the exact criticisms of DHS’s facial recognition app from privacy and surveillance experts: that this sort of powerful technology would trickle down to local enforcement, some of which have a history of making anti-immigrant comments or supporting inhumane treatment of detainees.
Handing “this powerful tech to police is like asking a 16-year old who just failed their drivers exams to pick a dozen classmates to hand car keys to,” Jake Laperruque, deputy director of the Center for Democracy & Technology's Security and Surveillance Project, told 404 Media. “These careless and cavalier uses of facial recognition are going to lead to U.S. citizens and lawful residents being grabbed off the street and placed in ICE detention.”
💡
Do you know anything else about this app or others that CBP and ICE are using? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.Mobile Identify is designed “to identify and process individuals who may be in the country unlawfully,” according to its respective page on the Google Play Store. The app was published on Monday.
A source with knowledge of the app told 404 Media the app doesn’t return names after a face search. Instead it tells users to contact ICE and provides a reference number, or to not detain the person depending on the result. 404 Media granted the person anonymity because they weren’t permitted to speak to the press.
404 Media downloaded a copy of the app and decompiled its code, a common practice among security researchers and technology journalists. Although the Play Store page does not mention facial recognition, multiple parts of the app’s code make clear references to scanning faces. One package is called “facescanner.” Other parts mention “FacePresence” and “No facial image found.”
A screenshot from the app's Google Play Store page.
Screenshots of the app on the Play Store page show the app requires users to login with their Login.gov account, and that the app “requires camera access to take photos of subjects.” At the time of writing the app has “1+” downloads, according to the Play Store page.The Play Store page does not say exactly how the app processes scanned faces, such as what images it compares them to, or what data the app returns upon a hit. In statements to 404 Media, DHS and CBP did not provide any specifics.
The app is for agencies that are part of the 287(g) program, the Play Store page says. This program lets ICE delegate certain immigration-related authorities and powers to local and state agencies. Members of the 287(g) Task Force Model (TFM), for instance, are allowed to enforce certain immigration authorities during their police duties, ICE’s website explains. At the time of writing, 555 agencies in 34 states are part of the TFM program, according to data published by ICE.
The American Civil Liberties Union (ACLU) has criticized the 287(g) program because a large number of participating sheriffs have made anti-immigrant statements, supported inhumane immigration and border enforcement policies, and have a pattern of racial profiling and other civil rights violations.
Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation (EFF), told 404 Media “Face surveillance in general, and this tool specifically, was already a dangerous infringement of civil liberties when in the hands of ICE agents. Putting a powerful surveillance tool like this in the hands of state and local law enforcement officials around the country will only further erode peoples’ Fourth Amendment rights, for citizens and non-citizens alike. This will further erode due process, and subject even more Americans to omnipresent surveillance and unjust detainment.”
Screenshots from the app's Google Play Store page.
Mobile Fortify—the facial recognition app used by ICE which 404 Media first revealed in June—uses the CBP Traveler Verification Service (TVS) ordinarily designed for when people enter the U.S. The app took those systems and an unprecedented collection of U.S. government databases and turned them inwards, letting officers in the field reveal a person’s identity and immigration status. The app also uses data from the State Department, FBI, and state databases, and uses a bank of 200 million images.
404 Media reported in October that multiple social media videos show Border Patrol and ICE officers scanning peoples’ faces on the street.
“I’m an American citizen so leave me alone,” a person stopped by ICE says in one video.
“Alright, we just got to verify that,” one of the officers replies.
404 Media also obtained an internal DHS document which says ICE does not let people decline or consent to being scanned by the app. The document, called a Privacy Threshold Analysis, said photos taken by the app will be stored for 15 years, including those of U.S. citizens.
Ranking member of the House Homeland Security Committee Bennie G. Thompson previously told 404 Media in a statement that ICE will prioritize the results of the Mobile Fortify app over birth certificates. “ICE officials have told us that an apparent biometric match by Mobile Fortify is a ‘definitive’ determination of a person’s status and that an ICE officer may ignore evidence of American citizenship—including a birth certificate—if the app says the person is an alien,” he said. “ICE using a mobile biometrics app in ways its developers at CBP never intended or tested is a frightening, repugnant, and unconstitutional attack on Americans’ rights and freedoms.”
In response to questions about the new app for Sheriff Offices and other local law enforcement, a DHS spokesperson told 404 Media in an email “While the Department does not discuss specific vendors or operational tools, any technology used by DHS Components must comply with the requirements and oversight framework.”
CBP responded with a statement primarily discussing Mobile Fortify. “Biometric data used to identify individuals through TVS are collected by government authorities consistent with the law, including issuing documents or processing illegal aliens. The Mobile Fortify Application provides a mobile capability that uses facial comparison as well as fingerprint matching to verify the identity of individuals against specific immigration related holdings,” the statement said. CBP added it built the Mobile Fortify application to support ICE, and confirmed ICE has used the app in its operations around the U.S.
Google did not respond to a request for comment.
Inside ICE’s Supercharged Facial Recognition App of 200 Million Images
404 Media has seen user manuals for Mobile Fortify, ICE’s new facial recognition app which allows officers to instantly look up DHS, State Department, and state law enforcement databases by just pointing a phone at someone’s face.Joseph Cox (404 Media)
#UE: l'#Ucraina presenta il conto
UE: l’Ucraina presenta il conto
L’avvicinarsi minaccioso del collasso forse definitivo delle linee di difesa ucraine sul fronte del Donbass sta alimentando un’amarissima riflessione in Europa circa gli effetti disastrosi delle politiche di sostegno incondizionato al regime di Zelen…www.altrenotizie.org
Jenny’s Daily Drivers: ReactOS 0.4.15
When picking operating systems for a closer look here in the Daily Drivers series, the aim has not been to merely pick the next well-known Linux distro off the pile, but to try out the interesting, esoteric or minority OS. The need remains to use it as a daily driver though, so each one we try has to have at least some chance of being a useful everyday environment in which a Hackaday piece could be written. With some of them such as the then-current BSD or Slackware versions we tried for interest’s sake a while back that’s not a surprising achievement, but for the minority operating systems it’s quite a thing. Today’s choice, ReactOS 0.4.15, is among the closest we’ve come so far to that ideal.
For The N’th Time In The Last 20 Years, I download A ReactOS ISO
ReactOS is an open-source clone of a Windows operating system from the early 2000s, having a lot on common with Windows XP. It started in the late 1990s and has slowly progressed ever since, making periodic releases that, bit-by-bit, have grown into a usable whole. I last looked at it for Hackaday with version 0.4.13 in 2020, so have five years made any difference? Time to download that ISO and give it a go.
Installing ReactOS has that bright blue and yellow screen feeling of a Windows install from around the millennium, but I found it to be surprisingly quick and pain free despite a few messages about unidentified hardware. The display driver it chose was a VESA one but since it supported all my monitor’s resolutions and colour depths that’s not the hardship it might once have been.
Once installed, the feeling is completely of a Windows desktop from that era except for the little ReactOS logo on the Start menu. I chose the classic Windows 95 style theme as I never liked the blue of Windows XP. Everything sits where you remember it and has the familiar names, and if you used a Microsoft computer in those days you’re immediately at home. There’s even a web browser, but since it’s the WINE version of Internet Explorer and dates from the Ark, we’re guessing you’ll want to replace it.
Most Of The Old Software You Might Need…
There’s a package manager to download and run open-source software, something which naturally Windows never had. Back in 2020 I found this to be the Achilies’ heel of the OS, with very little able to install and run without crashing, so i was very pleased to note that this situation has changed. Much of the software is out of date due to needing Windows XP compatibility, but I found it to be much more usable and stable. There’s a choice of web browsers but the Firefox and Chromium versions are too old to be useful, but I found its K-Meleon version to be the most recent of the bunch. Adding GIMP to my installed list, I was ready to try this OS as my daily driver.
I am very pleased to report that using K-Meleon and GIMP on ReactOS 0.4.15, I could do my work as a Hackaday writer and editor. This piece was in part written using it, and Hackaday’s WordPress backend is just the same as in Firefox on my everyday Manjaro Linux machine. There however the good news ends, because I’m sorry to report that the experience was at times a little slow and painful. Perhaps that’s the non-up-to-date hardware I’d installed it on, but it’s evident that 2025 tasks are a little taxing for an OS with its roots in 2003. That said it remained a usable experience, and I could just about do my job were I marooned on a desert island with my creaking old laptop and ReactOS.
… And It Works, Too!
So ReactOS 0.4.15 is a palpable hit, an OS that can indeed be a Daily Driver. It’s been a long time, but at last ReactOS seems mature enough to use. I have to admit that I won’t be making the switch though, but who should be thinking about it? I think perhaps back in 2020 I got it right, in suggesting that as a pretty good facsimile of Windows XP it is best thought of as an OS for people who need XP bur for whom the venerable OS is now less convenient. It’s more than just a retrocomputing platform, instead it’s a supported alternative to the abandonware original for anyone with hardware or software from that era which still needs to run. Just like FreeDOS is now the go-to place for people who need DOS, so if they continue on this trajectory, should ReactOS become for those needing a classic Windows. Given the still-installed rump of software and computer controlled machinery which runs XP, that could I think become a really useful niche to occupy.
Furto del Louvre: Windows 2000 e Windows XP nelle reti oltre che a password banali
I ladri sono entrati attraverso una finestra del secondo piano del Musée du Louvre, ma il museo aveva avuto anche altri problemi oltre alle finestre non protette, secondo un rapporto di audit sulla sicurezza informatica risalente a un decennio fa e ora venuto alla luce.
Sebbene la Ministra della Cultura Rachida Dati abbia affermato che «i sistemi di sicurezza del museo non hanno fallito», tutto suggerisce che si siano comunque verificate alcune violazioni della sicurezza informatica.
Secondo documenti riservati consultati dal quotidiano Libération, nel 2014 bastava digitare “LOUVRE” per accedere al server responsabile della videosorveglianza del museo più famoso della Francia. Oppure digitare “THALES” per avere accesso al software pubblicato dall’omonima azienda.
Queste password, che in gergo tecnico si chiamano “di default” o “predicibili banali”, erano già definite dall’ANSSI (Agenzia nazionale per la sicurezza informatica francese) come un grave rischio. Le stesse segnalavano che «la rete degli uffici del Museo del Louvre include anche sistemi obsoleti» come Windows 2000 — che non garantiva più né il blocco delle sessioni né aggiornamenti antivirus.
L’ANSSI aveva verificato tutto ciò con un audit interno del 2014. Microsoft aveva smesso di fornire aggiornamenti di sicurezza per Windows 2000 già nel luglio 2010. Nell’audit erano contenute raccomandazioni ben precise: usare password più complesse, migrare il software su versioni supportate, correggere le vulnerabilità. Ma il museo non ha risposto se abbia effettivamente seguito queste indicazioni.
Un secondo audit fu condotto nel 2017 dall’INHESJ (Istituto Nazionale di Studi Avanzati sulla Sicurezza e la Giustizia) e rilevò che «alcune postazioni di lavoro hanno sistemi operativi obsoleti (Windows 2000 e Windows XP) che non garantiscono più una sicurezza efficace (nessun aggiornamento antivirus, nessuna password o blocco di sessione…)». Microsoft interruppe il supporto esteso per Windows XP nel 2014.
Vent’anni di debito tecnico hanno gravato pesantemente sulla sicurezza del Louvre, con il continuo accumulo di sistemi di videosorveglianza analogica, videosorveglianza digitale, antintrusione e controllo accessi, alcuni dei quali con server dedicati o applicazioni proprietarie. Alcuni di questi sono diventati obsoleti nel tempo e avrebbero richiesto aggiornamenti o sostituzioni.
L'articolo Furto del Louvre: Windows 2000 e Windows XP nelle reti oltre che a password banali proviene da Red Hot Cyber.
SesameOp: il malware che usa OpenAI Assistants per il Comando e Controllo
Microsoft ha scoperto un nuovo malware, denominato SesameOp, e ha pubblicato i dettagli del suo funzionamento. Questa backdoor era insolita: i suoi creatori utilizzavano l’API OpenAI Assistants come canale di controllo nascosto, consentendo loro di mascherare l’attività all’interno del sistema infetto ed eludere i tradizionali strumenti di rilevamento.
L’attacco è stato scoperto nel luglio 2025 durante le indagini su un attacco complesso, durante il quale un gruppo sconosciuto è rimasto presente nell’infrastruttura della vittima per diversi mesi.
L’identità dell’organizzazione presa di mira non è stata rivelata, ma l’indagine ha rivelato la presenza di un’ampia rete di web shell interne e processi dannosi mascherati da legittime utility di Visual Studio. Il codice dannoso è stato iniettato tramite AppDomainManager: un file di configurazione modificato ha istruito l’eseguibile a caricare la libreria dinamica Netapi64.dll contenente logica dannosa.
La libreria è stata pesantemente offuscata utilizzando Eazfuscator.NET, garantendo una maggiore invisibilità. Ha svolto la funzione di loader per il modulo .NET OpenAIAgent.Netapi64, che richiedeva istruzioni tramite l’API OpenAI Assistants. I comandi ricevuti venivano prima decriptati, quindi eseguiti in un thread separato e i risultati dell’esecuzione venivano restituiti tramite la stessa API . Pertanto, l’ infrastruttura OpenAI è stata efficacemente utilizzata come nodo di controllo intermedio, non rilevabile durante l’analisi del traffico di rete.
La comunicazione tra il malware e il server di comando e controllo avviene tramite messaggi contenenti parametri chiave nel campo descrizione. Questi possono includere il comando SLEEP (per sospendere temporaneamente l’attività), il comando Payload (per eseguire istruzioni nidificate) e il comando Result (per restituire i risultati dell’esecuzione all’operatore dell’attacco).
Sebbene l’identità degli aggressori rimanga sconosciuta, lo schema in sé dimostra una tendenza a sfruttare servizi cloud legittimi per un controllo occulto. Ciò complica il rilevamento degli attacchi, poiché il traffico non supera il normale utilizzo delle API aziendali. Dopo aver ricevuto la notifica da Microsoft, il team di OpenAI ha condotto una revisione interna, identificato la chiave sospetta e bloccato l’account associato.
Secondo Microsoft, l’utilizzo di SesameOp indica un tentativo deliberato di ottenere l’accesso a lungo termine all’infrastruttura e di controllare i computer infetti all’insaputa dei proprietari. La piattaforma API OpenAI Assistants, attraverso la quale veniva esercitato il controllo, verrà disattivata nell’agosto 2026 e sostituita dalla nuova API Responses.
L'articolo SesameOp: il malware che usa OpenAI Assistants per il Comando e Controllo proviene da Red Hot Cyber.
Dänischer Vorschlag: Der Kampf um die Chatkontrolle ist noch nicht vorbei
netzpolitik.org/2025/daenische…
Cosa accade nel mondo digitale
E forse è proprio lì, in quella crepa nella logica, che sopravvive l’umano.