As of Dec. 15, the U.S. Press Freedom Tracker has documented 32 detainments or charges against journalists in the U.S. — 28 of those at immigration-related protests — according to a new report released by the Freedom of Press Foundation (FPF) project this week.

The report notes how, unlike most years, the majority of journalists were released without charges or had them soon dropped, with law enforcement instead focusing on deterring news gathering rather than pursuing charges.

• Read the Tracker's 2025 arrest report

Tracker Senior Reporter Stephanie Sugars, who authored the report, said it was “shocking” to see the sharp increase in the number of journalists released without being charged.

“While perhaps a sign that officers know the journalists cannot be charged as protesters, each detention pulls eyes and ears from often chaotic protest scenes, and that may well be the point,” Sugars said.

For journalist Dave Decker, being arrested at an anti-deportation demonstration in Miami last month and held in custody for more than 30 hours was a way to “put the brakes on press freedom,” he told the Tracker.

“News is only news for a couple of hours, when it’s breaking like that,” Decker said. “I would say that there were no wires out there, there were no local people, there were no stand-ups, no TV, no helicopter. There was none of that there. So I was literally the only journalist out there. They effectively stopped the news from getting out.”

In 2025, more than 30 journalists were detained or charged for doing their jobs.

freedom.press/issues/report-mo…

Neopixels and other forms of addressable LEDs have taken the maker world by storm. They make it trivial to add a ton of controllable, glowing LEDs to any project. [Arnov Sharma] has made a great tribute to the WS2812B LED by building the NeoPixel Giant Edition.

The build is simply a recreation of the standard 5mm x 5mm WS2812B, only scaled up to 150 mm x 150 mm. It uses a WS2811 chip inside to make it behave in the same way from a logical perspective, and this controller is hooked up to nine standard RGB LEDs switched with MOSFETs to ensure they can deliver the requisite light output. The components are all assembled on a white PCB in much the same layout as the tiny parts of a WS2812B, which is then installed inside a 3D-printed housing made in white PLA. Large metal terminals were added to the housing, just like a WS2812B, and the lens was then created using a large dose of clear epoxy.

The result is a fully functional, addressable LED that is approximately 30 times larger than the original. You can even daisy-chain them, just like the real thing. We’ve covered all kinds of projects using addressable LEDs over the years, from glowing cubes to fancy nature installations. If you’ve got your own glowable project that the world needs to see, make sure you notify the tips line!

hackaday.com/2025/12/15/giant-…

[Chris Borge] has made (and revised) many of his own tools using a combination of 3D printing and common hardware, and recently decided to try metal casting. Having created his own tapping arm, he tries his hand at aluminum casting to create a much more compact version out of metal. His video (embedded below) really shows off the whole process, and [Chris] freely shares his learning experiences in casting his first metal tool.

The result looks great and is considerably smaller in stature than the 3D-printed version. However, the workflow of casting metal parts is very different. The parts are much stronger, but there is a lot of preparation and post-processing involved.
Metal casting deals with molten metal, but the process is otherwise very accessible, and many resources are available to help anyone with a healthy interest.
The key to making good castings is mold preparation. [Chris] uses green sand (a mixture of fine sand and bentonite clay – one source of the latter is ground-up kitty litter) packed tightly around 3D printed parts inside a frame. The packed sand holds its shape while still allowing the original forms to be removed and channels to be cut, creating a two-part mold.

His first-time castings have a rough surface texture, but are perfectly serviceable. After some CNC operations to smooth some faces and drill some holes, the surface imperfections are nothing filing, filler, and paint can’t handle.

To cast molten metal, there really isn’t any way around needing a forge. Or is there? We have seen some enterprising hackers repurpose microwave ovens for this purpose. One can also use a low-temperature alloy like Rose’s Metal, or eschew molten liquid altogether and do cold casting, which uses a mixture of resin and metal powder instead.

The design files for [Chris]’s tapping arm are available from links in the video description, and he also helpfully provides links to videos and resources he found useful. Watch it in the video, embedded just below.

youtube.com/embed/lp9xzWZWO_U?…

hackaday.com/2025/12/15/3d-pri…

Reposted from the US Pirate Party.

Weeks of voting has come to a conclusion, and it is official: Boston, MA will be the host city for the 2026 Pirate National Conference, taking place on June 6th, 2026.

A single round knockout elimination tournament featuring twelve cities has concluded with Boston defeating fellow finalist city Vicksburg, MS.

The following cities, in addition to Vicksburg, shall remain in permanent consideration for a future conference host city:

• Albuquerque, NM
• Chicago, IL
• Las Vegas, NV
• Louisville, KY
• Mobile, AL
• New Orleans, LA
• Plattsburgh, NY
• Portland, OR
• Providence, RI
• San Francisco, CA*
• Seattle, WA

*San Francisco was host city for the 2025 Pirate National Conference and thus was not in consideration for the 2026 conference
We promised a conference on a boat, and by hell or high water, we will get ourselves a conference on a boat.

Boston being selected as host city not only provides us with an instantly recognizable location, but one so deeply entrenched in U.S. history and struggles against tyranny.

As well, this allows us to honor the Massachusetts Pirate Party properly. The MAPP features some of the hardest working and most dedicated Pirates in the country, so having our conference, one which will mark twenty years of the United States Pirate Party, in their home state is fitting.

There wouldn’t be a twenty years old Pirate Party in existence today without the work of the Massachusetts Pirate Party. For that, I could not think of a more perfect setting.

We look forward to providing you with more details about our conference as the weeks go on. In the meantime, we look forward to seeing you in Boston (or online, since it’s a in-person-online hybrid conference).

Boston, Victory is Arrrs.

masspirates.org/blog/2025/12/1…

Tetrodotoxin (TTX) is best known as the neurotoxin of the puffer fish, though it also appears in a range of other marine species. You might remember it from an episode of The Simpsons involving a poorly prepared dish at a sushi restaurant. Indeed, it’s a potent thing, as ingesting even tiny amounts can lead to death in short order.

Given its fatal reputation, it might be the last thing you’d expect to be used in a therapeutic context. And yet, tetrodotoxin is proving potentially valuable as a treatment option for dealing with cancer-related pain. It’s a dangerous thing to play with, but it could yet hold promise where other pain relievers simply can’t deliver.

Poison, or…?

A license to prepare fugu (pufferfish) issued by Tokyo authorities. Credit: Nesnad, CC BY SA 3.0
Humans have been aware of the toxicity of the puffer fish and its eggs for thousands of years. It was much later that tetrodotoxin itself was chemically isolated, thanks to the work of Dr. Yoshizumi Tahara in 1909.

Its method of action was proven in 1964, with tetrodotoxin found to bind to and block voltage-gated sodium channels in nerve cell membranes, essentially stopping the nerves from conducting signals as normal. It thus has the effect of inducing paralysis, up to the point where an afflicted individual suffers respiratory failure, and subsequently, death.
Tetrodotoxin is most closely associated with pufferfish, though it’s also present in other deadly species, like the blue-ringed octopus. Thankfully, nobody is crazy enough to try to eat those. Credit: NPS, public domain
It doesn’t take a large dose of tetrodotoxin to kill, either—the median lethal dose in mice is a mere 334 μg per kilogram when ingested. The lethality of tetrodotoxin was historically a prime driver behind Japanese efforts to specially license chefs who wished to prepare and serve pufferfish. Consuming pufferfish that has been inadequately prepared can lead to symptoms in 30 minutes or less, with death following in mere hours as the toxin makes it impossible for the sufferer to breathe. Notably, though, with the correct life support measures, particularly for the airway, or with a sub-fatal dose, it’s possible for a patient to make a full recovery in mere days, without any lingering effects.

The effects that tetrodotoxin has on the nervous system are precisely what may lend it therapeutic benefit, however. By blocking sodium channels in sensory neurons that deal with pain signals, the toxin could act as a potent method of pain relief. Researchers have recently explored whether it could have particular application for dealing with neuropathic pain caused by cancer or chemotherapy treatments. This pain isn’t always easy to manage with traditional pain relief methods, and can even linger after cancer recovery and when chemotherapy has ceased.
Tetrodotoxin is able to block voltage-gated sodium channels, which is the basis of both its pain-relieving abilities and its capacity to paralyze and kill. Credit: research paper
The challenge of using a toxin for pain relief is obvious—there’s always a risk that the negative effects of the toxin will outweigh the supposed therapeutic benefit. In the case of tetrodotoxin, it all comes down to dosage. The levels given to patients in research studies have been on the order of 30 micrograms, well under the multi-milligram dose that would typically cause severe symptoms or death in an adult human. The hope would be to find a level at which tetrodotoxin reduces pain with a minimum of adverse effects, particularly where symptoms like paralysis and respiratory failure are on the table.

A review of various studies worldwide was published in 2023, and highlights that tetrodotoxin pain relief does come with some typical adverse effects, even at tiny clinical doses. The most typical reported symptoms involved nausea, oral numbness, dizziness, and tingling sensations. In many cases, these effects were mild and well-tolerated. A small number of patients in research trials exhibited more serious symptoms, however, such as loss of muscle control, pain, or hypertension. At the same time, the treatment did show positive results — with many patients reporting pain relief for days or even weeks after just a few days of tetrodotoxin injections.

While tetrodotoxin has been studied as a pain reliever for several decades now, it has yet to become a mainstream treatment. There have been no large-scale studies that involved treating more than 200 patients, and no research group or pharmaceutical company has pushed hard to bring a tetrodotoxin-based product to market. Research continues, with a 2025 paper even exploring the use of ultra-low nanogram-scale doses in a topical setting. For now, though, commercial application remains a far-off fantasy. Today, the toxin remains the preserve of pufferfish and a range of other deadly species. Don’t expect to see it in a hospital ward any time soon, despite the promise it shows thus far.

Featured image: “Puffer Fish DSC01257.JPG” by Brocken Inaglory. Actually, not one of the poisonous ones, but it looked cool.

hackaday.com/2025/12/15/puffer…

Shannon opera come un penetration tester che non si limita a segnalare vulnerabilità, ma lancia veri e propri exploit. L’intento di Shannon è quello di violare la sicurezza della tua applicazione web prima che qualcuno con intenzioni malevole possa farlo.

Utilizzando il suo browser integrato, Shannon cerca autonomamente nel tuo codice punti deboli da sfruttare e, per dimostrare la reale esistenza di tali vulnerabilità, esegue attacchi concreti, come quelli da iniezione e quelli volti a bypassare i sistemi di autenticazione.

La verifica della sicurezza tramite penetration test resta limitata generalmente a una sola volta l’anno. se svolta manualmente Ne deriva una significativa falla nella sicurezza. Per i restanti 364 giorni, potresti essere a rischio senza saperlo.

Shannon sopperisce a questa mancanza ricoprendo il ruolo di pentester su richiesta. Oltre a identificare possibili criticità, esegue effettivamente exploit, fornendo prove di concetto delle vulnerabilità riscontrate.

Questo strumento ha superato i penetration tester umani e i sistemi proprietari nel benchmark XBOW, segnando un passaggio verso test di sicurezza continui. Shannon simula le tattiche del red team, coprendo l’intero processo di ricognizione, analisi delle vulnerabilità, sfruttamento e reporting. Il suo principio di funzionamento include:

• Analizzando il flusso di dati di mappatura del codice sorgente
• Distribuzione di agenti paralleli per rilevare vulnerabilità OWASP critiche (ad esempio difetti di iniezione, XSS, SSRF e autenticazione).
• Integrazione di strumenti come Nmap e automazione del browser
• Per ridurre al minimo i falsi positivi, nei report di livello professionale vengono incluse solo le vulnerabilità riproducibili confermate da PoC.

Caratteristiche

Una gamma di funzioni è offerta dal software Shannon, che permette di rendere automatiche varie attività finora svolte manualmente. Queste possono essere riassunte come segue:

• Funzionamento completamente autonomo : avvia il pentest con un singolo comando. L’intelligenza artificiale gestisce tutto, dagli accessi 2FA/TOTP avanzati (incluso l’accesso con Google) alla navigazione nel browser, fino al report finale, senza alcun intervento.
• Report di livello Pentester con exploit riproducibili : fornisce un report finale incentrato su risultati comprovati e sfruttabili, completo di Proof-of-Concept copiabili e incollabili per eliminare i falsi positivi e fornire risultati fruibili.
• Copertura delle vulnerabilità critiche OWASP : attualmente identifica e convalida le seguenti vulnerabilità critiche: iniezione, XSS, SSRF e autenticazione/autorizzazione non funzionante, con altri tipi in fase di sviluppo.
• Test dinamici basati sul codice: analizza il codice sorgente per orientare in modo intelligente la strategia di attacco, quindi esegue exploit live, basati su browser e riga di comando, sull’applicazione in esecuzione per confermare il rischio reale.
• Basato su strumenti di sicurezza integrati : migliora la fase di scoperta sfruttando i principali strumenti di ricognizione e test, tra cui Nmap, Subfinder, WhatWeb e Schemathesis, per un’analisi approfondita dell’ambiente di destinazione.
• Elaborazione parallela per risultati più rapidi : ottieni il tuo report più velocemente. Il sistema parallelizza le fasi più dispendiose in termini di tempo, eseguendo contemporaneamente analisi e exploit per tutti i tipi di vulnerabilità.

Prestazioni effettive

Nei test di benchmark sulle vulnerabilità, Shannon ha dimostrato capacità pratiche che superano la scansione statica: Questi risultati dimostrano che Shannon possiede la capacità autonoma di compromettere completamente le applicazioni. Sviluppato sulla base dell’SDK Claude Agent di Anthropic, con il supporto di Shannon è possibile svolgere:

• Test white-box di repository monolitici o ambienti integrati utilizzando Docker
• Accesso con autenticazione a due fattori
• Integrazione della pipeline CI/CD

Sono disponibili due versioni:

• La versione Lite (licenza AGPL-3.0) è adatta ai ricercatori.
• La versione Pro aggiunge la funzionalità di analisi del flusso di dati LLM per le aziende.

Un test tipico dura da 1 a 1,5 ore e costa circa 50 dollari, e fornisce risultati che includono un riepilogo dell’esecuzione e una Proof of Concept (PoC). Grazie all’utilizzo da parte del team di sviluppo di strumenti di programmazione basati sull’intelligenza artificiale come Claude per accelerare i test, Shannon consente di effettuare test di sicurezza giornalieri in ambienti non di produzione, colmando le lacune di copertura nei penetration test annuali.

Gli sviluppatori sottolineano che deve essere utilizzato in modo conforme solo dopo aver ottenuto l’autorizzazione e mettono in guardia contro l’esecuzione di test di attacco potenzialmente dannosi in ambienti di produzione.

Lo strumento è open source su GitHub e i contributi della community sono benvenuti per ampliarne le capacità di rilevamento.

Licenza

Il software Shannon è distribuito sotto licenza GNU Affero General Public License v3.0 (AGPLv3), una delle licenze copyleft più restrittive. Questa licenza consente l’uso commerciale, la modifica, la distribuzione e l’uso privato del software, includendo anche una concessione esplicita dei diritti di brevetto. Tuttavia, impone che qualsiasi versione modificata o lavoro derivato venga rilasciato sotto la stessa licenza, preservando gli avvisi di copyright e di licenza originali.

Una caratteristica chiave dell’AGPLv3 è l’obbligo di rendere disponibile il codice sorgente completo anche quando il software viene utilizzato per fornire un servizio tramite rete (ad esempio un servizio web o SaaS). In questo caso, l’uso in rete è considerato a tutti gli effetti una forma di distribuzione. La licenza esclude qualsiasi garanzia e limita la responsabilità degli autori, rendendo il software disponibile “così com’è”, senza assicurazioni sul suo funzionamento o sulla sua idoneità a scopi specifici.

L'articolo Pentesting continuo: Shannon porta il red teaming nell’era dell’AI proviene da Red Hot Cyber.

Keychain cameras are rarely good. However, in the case of Walmart’s current offering, it might be worse than it’s supposed to be. [FoxTailWhipz] bought the Vivitar-branded device and set about investigating its claim that it could deliver high-resolution photos.

The Vivatar Retro Keychain Camera costs $12.88, and wears “FULL HD” and “14MP” branding on the packaging. It’s actually built by Sakar International, a company that manufactures products for other brands to license. Outside of the branding, though, [FoxTailWhipz] figured the resolution claims were likely misleading. Taking photos quickly showed this was the case, as whatever setting was used, the photos would always come out at 640 x 480, or roughly 0.3 megapixels. He thus decided a teardown would be the best way to determine what was going on inside. You can see it all in the video below.

Pulling the device apart was easy, revealing that the screen and battery are simply attached to the PCB with double-sided tape. With the board removed from the case, the sensor and lens module are visible, with the model number printed on the flex cable. The sensor datasheet tells you what you need to know. It’s a 2-megapixel sensor, capable of resolutions up to 1632 x 1212. The camera firmware itself seems to not even use the full resolution, since it only outputs images at 640 x 480.

It’s not that surprising that an ultra-cheap keychain camera doesn’t meet the outrageous specs on the box. At the same time, it’s sad to see major retailers selling products that can’t do what they say on the tin. We see this problem a lot, in everything from network cables to oscilloscopes.

youtube.com/embed/4bNZ95cBIdg?…

hackaday.com/2025/12/15/tearin…

Diverse vulnerabilità di sicurezza sono state individuate nella piattaforma open source per centralini telefonici privati (PBX) FreePBX, tra cui un difetto critico che, in determinate configurazioni, potrebbe consentire l’aggiramento dell’autenticazione.

Le carenze scoperte da Horizon3.ai e segnalate ai responsabili del progetto il 15 settembre 2025 possono essere sintetizzate in:

• CVE-2025-61675 (punteggio CVSS: 8,6) – Numerose vulnerabilità di iniezione SQL autenticate che hanno un impatto su quattro endpoint univoci (stazione base, modello, firmware ed estensione personalizzata) e 11 parametri interessati che consentono l’accesso in lettura e scrittura al database SQL sottostante;
• CVE-2025-61678 (punteggio CVSS: 8,6) – Una vulnerabilità di caricamento di file arbitrari autenticati che consente a un aggressore di sfruttare l’endpoint di caricamento del firmware per caricare una web shell PHP dopo aver ottenuto un PHPSESSID valido ed eseguire comandi arbitrari per divulgare il contenuto di file sensibili;
• CVE-2025-66039 (punteggio CVSS: 9,3) – Una vulnerabilità di bypass dell’autenticazione che si verifica quando il “Tipo di autorizzazione” (noto anche come AUTHTYPE) è impostato su “webserver“, consentendo a un aggressore di accedere al Pannello di controllo dell’amministratore tramite un’intestazione di autorizzazione contraffatta

Nella configurazione predefinita di FreePBX, è fondamentale sottolineare che il bypass dell’autenticazione non presenta vulnerabilità, in quanto l’opzione concernente il “Tipo di autorizzazione” è visibile solo quando tre specifici valori, riportati nei Dettagli delle impostazioni avanzate, sono impostati su “Sì”.

• Visualizza nome descrittivo
• Visualizza impostazioni di sola lettura
• Sostituisci impostazioni di sola lettura

“Queste vulnerabilità sono facilmente sfruttabili e consentono ad aggressori remoti autenticati/non autenticati di eseguire codice remoto su istanze vulnerabili di FreePBX”, ha affermato Noah King, ricercatore di sicurezza di Horizon3.ai, in un rapporto pubblicato la scorsa settimana.

I problemi sono stati affrontati nelle seguenti versioni:

• CVE-2025-61675 e CVE-2025-61678 – 16.0.92 e 17.0.6 (corretti il 14 ottobre 2025)
• CVE-2025-66039 – 16.0.44 e 17.0.23 (corretto il 9 dicembre 2025)

Inoltre, l’opzione per scegliere un provider di autenticazione è stata rimossa dalle Impostazioni avanzate e richiede agli utenti di impostarla manualmente tramite la riga di comando utilizzando fwconsole.

Come mitigazione temporanea, FreePBX ha raccomandato agli utenti di impostare “Tipo di autorizzazione” su “usermanager”, “Ignora impostazioni di sola lettura” su “No”, applicare la nuova configurazione e riavviare il sistema per disconnettere eventuali sessioni non autorizzate.

“Se scopri che l’AUTHTYPE del server web è stato abilitato inavvertitamente, allora dovresti analizzare attentamente il tuo sistema per individuare eventuali segnali di compromissione”, ha affermato.

Agli utenti viene inoltre visualizzato un avviso sulla dashboard, in cui si afferma che “webserver” potrebbe offrire una sicurezza ridotta rispetto a “usermanager“. Per una protezione ottimale, si consiglia di evitare di utilizzare questo tipo di autenticazione.

L'articolo Nuove vulnerabilità scoperte in FreePBX: aggiornamenti urgenti necessari proviene da Red Hot Cyber.

Weeks of voting has come to a conclusion, and it is official: Boston, MA will be the host city for the 2026 Pirate National Conference, taking place on June 6th, 2026.

A single round knockout elimination tournament featuring twelve cities has concluded with Boston defeating fellow finalist city Vicksburg, MS.

The following cities, in addition to Vicksburg, shall remain in permanent consideration for a future conference host city:

• Albuquerque, NM
• Chicago, IL
• Las Vegas, NV
• Louisville, KY
• Mobile, AL
• New Orleans, LA
• Plattsburgh, NY
• Portland, OR
• Providence, RI
• San Francisco, CA*
• Seattle, WA

*San Francisco was host city for the 2025 Pirate National Conference and thus was not in consideration for the 2026 conference
We promised a conference on a boat, and by hell or high water, we will get ourselves a conference on a boat.

Boston being selected as host city not only provides us with an instantly recognizable location, but one so deeply entrenched in U.S. history and struggles against tyranny.

As well, this allows us to honor the Massachusetts Pirate Party properly. The MAPP features some of the hardest working and most dedicated Pirates in the country, so having our conference, one which will mark twenty years of the United States Pirate Party, in their home state is fitting.

There wouldn’t be a twenty years old Pirate Party in existence today without the work of the Massachusetts Pirate Party. For that, I could not think of a more perfect setting.

We look forward to providing you with more details about our conference as the weeks go on. In the meantime, we look forward to seeing you in Boston (or online, since it’s a in-person-online hybrid conference).

Boston, Victory is Arrrs.

uspirates.org/the-2026-pirate-…

We noted that Excel turned 40 this year. That makes it seem old, and today, if you say “spreadsheet,” there’s a good chance you are talking about an Excel spreadsheet, and if not, at least a program that can read and produce Excel-compatible sheets. But we remember a time when there was no Excel. But there were still spreadsheets. How far back do they go?

Definitions

Like many things, exactly what constitutes a spreadsheet can be a little fuzzy. However, in general, a spreadsheet looks like a grid and allows you to type numbers, text, and formulas into the cells. Formulas can refer to other cells in the grid. Nearly all spreadsheets are smart enough to sort formulas based on which ones depend on others.

For example, if you have cell A1 as Voltage, and B1 as Resistance, you might have two formulas: In A2 you write “=A1/B1” which gives current. In B2 you might have “=A1*A2” which gives power. A smart spreadsheet will realize that you can’t compute B2 before you compute A2. Not all spreadsheets have been that smart.

There are other nuances that many, but not all, spreadsheets share. Many let you name cells, so you can simply type =VOLTS*CURRENT. Nearly all will let you specify absolute or relative references, too. With a relative reference, you might compute cell D1=A1*B1. If you copy this to row two, it will wind up D2=A2*B2. However, if you mark some of the cells absolute, that won’t be true. For example, copying D1=A1*$B$1 to row two will result in D2=A2*$B$1.

Not all spreadsheets mark rows and columns the same way, but the letter/number format is nearly universal in modern programs. Many programs still support RC references, too, where R4C2 is row four, column two. In that nomenclature, R[-1]C[2] is a relative reference (one row back, two rows to the right). But the real idea is that you can refer to a cell, not exactly how you refer to it.

So, How Old Are They?

LANPAR was probably the first spreadsheet program, and it was available for the GE400. The name “LANPAR” was LANguage for Programming Arrays at Random, but was also a fusion of the authors’ names. Want to guess the year? 1969. Two Harvard graduates developed it to solve a problem for the Canadian phone company’s budget worksheets, which took six to twenty-four months to change in Fortran. The video below shows a bit of the history behind LANPAR.

youtube.com/embed/t1sdY6u8pTU?…

LANPAR might not be totally recognizable as a modern spreadsheet, but it did have cell references and proper order of calculations. In fact, they had a patent on the idea, although the patent was originally rejected, won on appeal, and later deemed unenforceable by the courts.

There were earlier, noninteractive, spreadsheet-like programs, too. Richard Mattessich wrote a 1961 paper describing FORTRAN IV methods to work with columns or rows of numbers. That generated a language called BCL (Business Computer Language). Others over the years included Autoplan, Autotab, and several other batch-oriented replacements for paper-based calculations.

Spreadsheets Get Personal

Back in the late 1970s, people like us speculated that “one day, every home would have a computer!” We just didn’t know what people would do with them outside of the business context where the computer lived at the time. We imagined people scaling up and down cooking recipes, for example. Exactly how do you make soup for nine people when the recipe is written for four? We also thought they might balance their checkbook or do math homework.

The truth is, two programs drove massive sales of small computers: WordStar, a word-processing program, and VisiCalc. Originally for the Apple ][, Visicalc by Dan Bricklin and Bob Frankston put desktop computers on the map, especially for businesses. VisiCalc was also available on CP/M, Atari computers, and the Commodore PET.

You’d recognize VisiCalc as a spreadsheet, but it did have some limitations. For one, it did not follow the natural order of operations. Instead, it would start at the top, work down a column, and then go to the next column. It would then repeat the process until no further change occurred.

youtube.com/embed/EKtKVab8kH0?…

However, it did automatically recalculate when you made changes, had relative and absolute references, and was generally interactive. You could copy ranges, and the program doesn’t look too different from a modern spreadsheet.

Sincere Flattery

Of course, once you have VisiCalc, you are going to invite imitators. SuperCalc paired with WordStar became very popular among the CP/M crowd. Then came the first of the big shots: Lotus 1-2-3. In 1982, this was a must-have application for the new IBM PC.

youtube.com/embed/ooWJhdV7Ei8?…

There were other contenders, each with its own claims to fame. Innovative Software’s SMART suite, for example, was among the first spreadsheets that let you have formulas that crossed “tabs.” It could also recalculate repeatedly until meeting some criteria, for example, recalculate until cell X20 is less than zero.

Probably the first spreadsheet that could handle multiple sheets to form a “3D spreadsheet” was BoeingCalc. Yes, Boeing like the aircraft. They had a product that ran on PCs or IBM 4300 mainframes. It used virtual memory and could accommodate truly gigantic sheets for its day. It was also pricey, didn’t provide graphics out of the box, and was slow. The Infoworld’s standard spreadsheet took 42.9 seconds to recalculate, versus 7.9 for the leading competitor at the time. Quatro Pro from Borland was also capable of large spreadsheets and provided tabs. It was used more widely, too.

youtube.com/embed/EWzgo0H2Ff8?…

Then Came Microsoft

Of course, the real measure of success in software is when the lawsuits start. In 1987, Lotus sued two spreadsheet companies that made very similar products (TWIN and VP Planner). Not to be outdone, VisiCalc’s company (Software Arts) sued Lotus. Lotus won, but it was a pyrrhic victory as Microsoft took all the money off the table, anyway.

Before the lawsuits, in 1985, Microsoft rolled out Excel for the Mac. By 1987, they also ported it to the fledgling Windows operating system. Of course, Windows exploded — make your own joke — and by the time Lotus 1-2-3 could roll out Windows versions, they were too late. By 2013, Lotus 1-2-3, seemingly unstoppable a few years earlier, fell to the wayside.

There are dozens of other spreadsheet products that have come and gone, and a few that still survive, such as OpenOffice and its forks. Quattro Pro remains available (as part of WordPerfect). You can find plenty of spreadsheet action in any of the software or web-based “office suites.”

Today and the Future

While Excel is 40, it isn’t even close to the oldest of the spreadsheets. But it certainly has kept the throne as the most common spreadsheet program for a number of years.

Many of the “power uses” of spreadsheets, at least in engineering and science, have been replaced by things like Jupyter Notebooks that let you freely mix calculations with text and graphics along with code in languages like Python, for example.

If you want something more traditional that will still let you hack some code, try Grist. We have to confess that we’ve abused spreadsheets for DSP and computer simulation. What’s the worst thing you’ve done with a spreadsheet?

hackaday.com/2025/12/15/a-brie…

Quando il DPO si improvvisa IT e dintorni, è sicuramente un bel problema. Ma un problema ancora peggiore c’è nel momento in cui la figura professionale viene sottovalutata, con quel tremendo lastricato di eccheccivuole che è ancor peggiore di quello delle buone intenzioni che tradizionalmente conduce all’inferno. Nel caso dell’organizzazione, la confusione dei ruoli e delle funzioni è quella tempesta perfetta di una Direzione inerte (o ignorante) e di una serie di soggetti che mostrano una spiccata propensione all’esondazione.

Questo significa che il perimetro d’azione non è solo sfumato ma rischia di diventare terreno di continui conflitti, con una dialettica interna decisamente sub ottimale in cui lo svilimento delle competenze altrui solitamente si mescola con un continuo scarico di responsabilità. Ecco dunque che il DPO diventa un personaggio in cerca non solo d’autore ma di un ruolo vero e proprio, dal momento che manca una consapevolezza e un riconoscimento tanto in relazione alle competenze che all’apporto concreto nel miglioramento degli assetti dell’organizzazione.

Non è un caso raro che talvolta il ruolo del DPO venga sottovalutato sia per quanto riguarda l’aspetto delle competenze richieste che dell’apporto nei confronti dell’organizzazione (o, più precisamente, della data maturity). Con il naufragio di ogni buon proposito astratto di integrarlo all’interno dell’organizzazione, dal momento che manca non solo una comprensione del suo ruolo ma soprattutto anche il giusto riconoscimento.

Qualcuno potrà dirsi sorpreso, ma in fondo dal 2018 sono trascorsi soltanto 7 anni celebrativi del GDPR. Eufemisticamente parlando, ci sono ancora così tanti spunti di miglioramento senza contare le complicazioni che deriveranno dal Digital Omnibus.

L’importanza del riconoscimento.

Nell’attribuzione di ruoli e responsabilità, l’azione di riconoscimento da parte dell’organizzazione inizia con l’impegno della Direzione nel garantire la posizione e i presidi individuati dall’art. 38 GDPR. Motivo per cui una Direzione non consapevole è spesso la prima causa dell’inefficacia d’azione del DPO, con una designazione destinata a rimanere una mera formalità. A beneficio di chi accumula incarichi attendendosi un coinvolgimento minimo se non addirittura nullo, con buona pace di ogni garanzia per gli interessati in concreto.

Nel momento in cui l’azione del DPO è riconosciuta come apporto utile all’organizzazione, è possibile costruire sinergie e convergenze per il rafforzamento della data maturity. Evitando non solo una dispersione di risorse ma anche un impiego delle stesse divergente rispetto alla realizzazione di quegli obiettivi indicati dalla normativa in materia di protezione dei dati personali.

Certamente, questo richiede però un impegno anche da parte del DPO.

Il valore della proattività.

Sin dal momento in cui il DPO viene designato, è bene infatti che vada a chiarire (con la Direzione, ma anche con le ulteriori funzioni) il perimetro della propria operatività e, soprattutto, la propria capacità di intervento a vantaggio degli obiettivi dell’organizzazione. Per farlo, non sono sufficienti le sole hard skill ma è necessario che concorrano anche una serie di abilità trasversali, fra cui leadeship e comunicazione, fondamentali affinché l’apporto positivo possa trovare l’opportunità di realizzarsi. Altrimenti, anche il DPO più competente nella protezione dei dati personali, sarà percepito come un elemento non integrato o di disturbo.

Ovviamente la responsabilità per garantire la continuità d’azione è e rimane in capo all’organizzazione, la quale dovrà pertanto porre particolare attenzione a selezionare e verificare l’operato del DPO designato al fine di agevolarne la capacità di integrarsi.

Nel momento in cui invece si sceglie di avere solo un DPO sulla carta, di fatto si accetta il rischio non solo di vedersi contestata una violazione dell’art. 38 GDPR ma anche tutta la serie di violazioni che si sarebbero ben potute evitare attraverso il coinvolgimento adeguato e il corretto svolgimento di un’attività di sorveglianza.

L'articolo Il DPO Sottovalutato: Una Minaccia Peggiore dell’Incompetenza IT, Ecco Perché proviene da Red Hot Cyber.