The Brennan torpedo, invented in 1877 by Louis Brennan, was one of the first (if not the first) guided torpedoes of a practical design. Amazingly, it had no internal power source but it did have a very clever and counter-intuitive mode of operation: a cable was pulled backward to propel the torpedo forward.

If the idea of sending something forward by pulling a cable backward seems unusual, you’re not alone. How can something go forward faster than it’s being pulled backward? That’s what led [Steve Mould] to examine the whole concept in more detail in a video in a collaboration with [Derek Muller] of Veritasium, who highlights some ways in which the physics can be non-intuitive, just as with a craft that successfully sails downwind faster than the wind.

Pulling the cable out the back of the device turns the propeller thanks to a pulley-type assembly with the prop shaft connected to a drum, as seen in the animation here. The actual Brennan torpedo was somewhat more complex, but the operating principle was the same.

The real thing had two cables coming out the back and drove two counter-rotating props. It could be steered by changing the relative speed at which the two cables were pulled, which caused a rudder to turn and allowed the torpedo to be guided. It really was very clever, and the Brennan torpedo was in service for over a decade before being superseded by designs with internal power systems that could be launched by ship.

The basic concept is explored with the help of a working model in the video embedded below, along with identifying what makes the physics tricky to intuit. If you have a few extra minutes to admire the importance of leveraging mechanical advantage, check it out.

youtube.com/embed/qvtZIdSI1Yk?…

hackaday.com/2024/12/17/pullin…

If you were in Tunisia in October, you might have caught some of the Morse Code championships this year. If you didn’t make it, you could catch the BBC’s documentary about the event, and you might be surprised at some of the details. For example, you probably think sending and receiving Morse code is only for the elderly. Yet the defending champion is 13 years old.

Teams from around the world participated. There was stiff competition from Russia, Japan, Kuwait, and Romania. However, for some reason, Belarus wins “almost every time.” Many Eastern European countries have children’s clubs that teach code. Russia and Belarus have government-sponsored teams.

Morse code is very useful to amateur radio operators because it allows them to travel vast distances using little power and simple equipment. Morse code can also assist people who otherwise might have problems communicating, and some assistive devices use code, including a Morse code-to-speech ring the podcast covers.

The speed records are amazing and a young man named [Ianis] set a new record of 1,126 marks per minute. Code speed is a little tricky since things like the gap size and what you consider a word or character matter, but that’s still a staggering speed, which we estimate to be about 255 words per minute. While we can copy code just fine, at these speeds, it sounds more like modem noises.

Learning Morse code isn’t as hard as it sounds. Your computer can help you learn, but in the old days, you had to rely on paper tape.

hackaday.com/2024/12/17/the-wo…

If you aren’t up to date with [Carl Bugeja]’s work with tiny brushless PCB motors, his summary video of his latest design and all the challenges it involved is an excellent overview.

Back in 2018 we saw [Carl]’s earliest versions making their first spins and it was clear he was onto something. Since then they have only improved, but improvement takes both effort and money. Not only does everything seemingly matter at such a small scale, but not every problem is even obvious in the first place. Luckily, [Carl] has both the determination and knowledge to refine things.
Hardware development is expensive, especially when less than a tenth of a millimeter separates a critical component from the junk pile.
The end result of all the work is evident in his most recent test bed: an array of twenty test motors all running continuously at a constant speed of about 37,000 RPM. After a month of this, [Carl] disassembled and inspected each unit. Each motor made over 53 million rotations per day, closing out the month at over 1.6 billion spins. Finding no sign of internal scratches or other damage, [Carl] is pretty happy with the results.

These motors are very capable but are also limited to low torque due to their design, so a big part of things is [Carl] exploring and testing different possible applications. A few fun ones include a wrist-mounted disc launcher modeled after a Spider-Man web shooter, the motive force for some kinetic art, a vibration motor, and more. [Carl] encourages anyone interested to test out application ideas of their own. Even powering a micro drone is on the table, but will require either pushing more current or more voltage, both of which [Carl] plans to explore next.

Getting any ideas? [Carl] offers the MotorCell for sale to help recover R&D costs but of course the design is also open source. The GitHub repository contains code and design details, so go ahead and make them yourself. Or better yet, integrate one directly into your next PCB.

Got an idea for an application that would fit a motor like this? Don’t keep it to yourself, share in the comments.

youtube.com/embed/CVszJMlvZcA?…

hackaday.com/2024/12/17/pcb-mo…

Although a lot of tools have been digitized and consolidated into our smartphones, from cameras, music players, calendars, alarm clocks, flashlights, and of course phones, perhaps none are as useful as the GPS and navigational capabilities. The major weakness here, though, is that this is a single point of failure. If there’s no cell service, if the battery dies, or you find yourself flying a bomber during World War II then you’re going to need another way to navigate, possibly using something like this Astro Compass.

The compass, as its name implies, also doesn’t rely on using the Earth’s magnetic field since that would have been difficult or impossible inside of an airplane. Instead, it can use various celestial bodies to get a heading. But it’s not quite as simple as pointing it at a star and heading off into the wild blue yonder. First you’ll need to know the current time and date and look those up in a companion chart. The chart lists the global hour angle and the declination for a number of celestial bodies which can be put into the compass. From there the latitude is set and the local hour angle is calculated and set, and then the compass is rotated until the object is sighted. After all of that effort, a compass heading will be shown.

For all its complexity, a tool like this can be indispensable in situations where modern technology fails. While it does rely on precise tabulated astrometric data to be on hand, as long as that’s available it’s almost failsafe, especially compared to a modern smartphone. Of course, you’ll also need a fairly accurate way of timekeeping which can be difficult in some situations.

youtube.com/embed/w_e_wOifi3o?…

hackaday.com/2024/12/17/a-comp…

If you’re new to the world of circular math, you might be content with referring to pi as 3.14. If you’re getting a little more busy with geometry, science, or engineering, you might have tacked on a few extra decimal places in your usual calculations. But what about the big dogs? How many decimal places do NASA use?
NASA doesn’t need this many digits. It’s likely you don’t either. Image credits: NASA/JPL-Caltech
Thankfully, the US space agency has been kind enough to answer that question. For the highest precision calculations, which are used for interplanetary navigation, NASA uses 3.141592653589793 — that’s fifteen decimal places.

The reason why is quite simple, going into any greater precision is unnecessary. The article demonstrates this by calculating the circumference of a circle with a radius equal to the distance between Earth and our most distant spacecraft, Voyager 1. Using the formula C=2pir with fifteen decimal places of pi, you’d only be off on the true circumference of the circle by a centimeter or so. On solar scales, there’s no need to go further.

Ultimately, though, you can calculate pi to a much greater precision. We’ve seen it done to 10 trillion digits, an effort which flirts with the latest Marvel movies for the title of pure irrelevance. If you’ve done it better or faster, don’t hesitate to let us know!

hackaday.com/2024/12/17/why-na…

If you ask around a wood shop, most people will agree that the table saw is the most dangerous tool around. There’s ample evidence that this is true. In 2015, over 30,000 ER visits happened because of table saws. However, it isn’t clear how many of those are from blade contact and how many are from other problems like kickback.

We’ve seen a hand contact a blade in a high school shop class, and the results are not pretty. We’ve heard of some people getting off lucky with stitches, reconstructive surgery, and lifelong pain. They are the lucky ones. Many people lose fingers, hands, or have permanent disfiguration and loss of function. Surgeons say that the speed and vigor of the blade means that some of the tissue around the cut vanishes, making reconstruction very difficult.

Modern Tech

These days, there are systems that can help prevent or mitigate these kinds of accidents. The most common in the United States is the patented SawStop system, which is proprietary — that is, to get it, you have to buy a saw from SawStop.

The system assumes the blade is all metal. It can detect your hand making contact with the blade, and if that happens, the saw reacts within 5 milliseconds. The system releases a beefy spring that jams an aluminum block into the saw blade, halting the 4,000 RPM rotation almost instantly. The force also moves the blade under the table. The cartridge that stops the blade and the blade won’t survive the encounter, but your finger will.

youtube.com/embed/7-FZWOYAyUM?…

Tear It Down!

Of course, being Hackaday, we want to see what’s inside the cartridge, and [Spag the Maker] was happy to oblige. As he points out, the sensor sometimes fires when it shouldn’t, but that’s better than not firing when it should.

In this case, the cartridge fired after contact with a metal tape measure. We’ve heard wet wood can also cause false positives. You can see the inside of the dead cartridge in the video below.

youtube.com/embed/ElgK9hFMwIA?…

Patents

A figure from the “840” patent
SawStop owns several patents that prevented other similar systems from entering the market. Although many of the patents are now expired, there is one — known as the 840 patent — that is very broad and won’t expire until 2033. However, the current owners of the patent — TTS Tooltechnic — have claimed that if government regulation mandates table saws to have protection devices, they will release the patent to the public.

However, until that happens, the company continues to defend its patents vigorously. The most famous case was against Bosch, who has a competing system called Reaxx. The systems are superficially similar, but Reaxx does not destroy the blade, which only moves out of the way.

youtube.com/embed/B3JsUGwt_Mg?…

Even this year, SawStop litigated against Felder KG, another competitor. There have been accusations that SawStop won’t reasonably license their technology, either, but we don’t know the whole story. Anyway, they’re no Volvo.

Safety First

If you don’t think a woodshop is that dangerous, have a look at “It Didn’t Have to Happen” from many years ago. This isn’t a new problem.

youtube.com/embed/xxw5gl1Z2Yk?…

The Consumer Product Safety Commission has tried to force protection systems on table saws for many years. The industry, in general, opposes them as unnecessary and expensive. The controversy is heated, with proponents pointing to the 30,000 plus injuries a year and the cost to the injured and society. The opponents talk about free markets and government interference in your shop. We won’t take sides, but having seen an injury of this type, we’ll spend our money on a safer saw even if no one is making us do it.

Then again, no one is stopping you from making your own saw with whatever safety systems you like. We’ve seen many builds based around a circular saw.

hackaday.com/2024/12/17/tech-i…

For home computer users, the end of the 1980s was the era of 16-bit computers. The challenge facing manufacturers of 8-bit machines through the middle of the decade was to transfer their range and customers to the new hardware, and the different brands each did this in their own way. Commodore and Atari had 68000-based powerhouses, and Apple had their 16-bit-upgraded IIGS for the middle ground below the Mac, but what about Acorn, makers of the BBC Micro? They had the Archimedes, and [RetroBytes] takes us through how they packaged their 32-bit ARM processor for consumers.

The A3000 was the computer you wanted if you were a geeky British kid at the end of that decade, even if an Amiga or an ST was what you got. Schools had bought a few of the desktop Archimedes’, so if you were lucky you’d got to know Arthur and then RiscOS, so you knew just how fast these things were compared to the competition. The video below the break takes a dive into the decisions behind the design of this first ARM consumer product, and along the way it explains a few things we didn’t know at the time. We all know what happened to Acorn through the 1990s and we all use ARM processors today, so it’s a fascinating watch. If only an extra two hundred quid had been in the kitty back then and we could have bought one ourselves.

If you have never used an Archimedes you can get pretty close today with another Cambridge-designed and ARM-powered computer. RiscOS never went away, and you can run it on a Raspberry Pi. As we found, it’s still pretty useful.

youtube.com/embed/wELAhgbqNzc?…

hackaday.com/2024/12/17/the-la…

When you hear the cry of “Man Overboard!” on a ship, it’s an emergency situation. The sea is unkind to those that fall from their vessel, and survival is never guaranteed—even in the most favorable conditions. Raging swell and the dark of night can only make rescue more impossible.

Over the centuries, naval tradition has included techniques to find and recover the person in the water as quickly and safely as possible. These days, though, technology is playing an ever-greater role in such circumstances. Modern man-overboard (MOB) systems are designed to give crews of modern vessels a fighting chance when rescuing those in peril.

A Hard Task

Man overboard recoveries are challenging to execute, because of the unpredictable and rapidly changing conditions at sea. Once a person enters the water, factors like strong currents, wind, waves, and darkness can make it difficult to keep them in sight and quickly maneuver the vessel to their location. Even in calm weather, a victim can be carried away faster than it appears, and thick clothing or heavy gear may limit their mobility, reducing their ability to stay afloat or attract attention. Additionally, communication can be hindered by engine noise, onboard confusion, or the sheer panic of the moment. All of these elements combine to make man overboard scenarios both time-sensitive and complex operations for the crew.

These situations can pose particular difficulties for larger ships. Where a smaller craft might be able to quickly stop to recover a fallen crew member or passenger, larger vessels are much slower to maneuver. Traditional man overboard techniques, such as having crew members point at the victim in the water, can fail to work if the vessel drifts out of visual range. Smaller vessels can have problems, too. With smaller crews, it can be difficult to bring someone back on board while also ensuring the vessel is maneuvered safely.
Simple man-overboard systems for small boats rely on fobs or wrist-straps that communicate via radio. Credit: CrewWatcher
Man-overboard systems aim to help improve the likelihood of survival for those that fall into the water. They come in a variety of forms designed to suit different types of vessel, and the different scenarios they operate in.

For small boats, the most basic systems act as simple alarms, which automatically sound when a person falls overboard. These use small wireless fobs or wrist straps, which communicate with a base station on the boat itself. If the short-range radio link between the two is severed, an alarm is sounded, notifying those on board of the man overboard situation. Many models also feature a water immersion sensor, so the alarm can be raised instantly if someone falls into the sea. For small boats operated by individuals, this can be very useful. There is great benefit in receiving an automatic notification if someone falls into the water, even if nobody on the boat notices the incident directly.

Many of these small-scale systems are also set up to work with smartphones or tablets. They instantly log the position at which the man overboard event occurred, and guide the vessel back to the victim in the water. Soem even come with a special “captain’s fob” wherein the system will cut the boat’s engines in the case the skipper falls overboard. This can be valuable for avoiding a runaway boat scenario.
The MARSS MOBtronic system uses sensor pods installed across a cruise ship to detect man overboard events. Credit: MARSS
These systems are useful for small boats. When it comes to larger vessels like cruise ships, however, the solutions are more advanced. When duly equipped with a man overboard system, these craft are dotted with sensor packages, including cameras, thermal imagers, and LIDAR scanners, all of which are trained on the perimeter of the vessel. These are set up to detect if a human falls overboard, at which point they raise the alarm. The bridge is notified as to the emergency, and the vessel receives directions to the area where the person fell from the ship.

These systems come with additional benefits, too. The sensors that detect a fall can also be used to track a person’s motion in the water. Essentially acting as a high-tech surveillance system trained on the perimeter of the vessel, they can be used to detect unwelcome boarders trying to gain access to the ship as well. They can also detect if someone might be climbing on the side of the ship—a foolish act that is perhaps likely to precede a fall into the water. Indeed, it’s pretty hard to fall off of most cruise ships—the high railings are designed specifically to prevent that. Misadventure plays a role in a significant proportion of man overboard incidents on cruises.
Thermal cameras are particularly useful for detecting man overboard events. Credit: MARSS
This technology is relatively new. It has largely been developed as a result of the The Cruise Vessel Security and Safety Act of 2010, which stated that cruise vessels “shell integrate technology that can be used for capturing images of passengers or detecting passengers who have fallen overboard, to the extent that such technology is available.” At the time, advanced man overboard systems did not exist, so the requirement was effectively optional. As covered by USA Today, workable systems have been developed, but they are not yet ubiquitous, as many cruise lines are yet to deploy them across their fleets. An increasing number of vessels are now sailing with such equipment, though MARSS notes that less than 2% of cruise ships are currently fielding effective systems.

The fact remains that falling overboard from a ship is a fraught situation. Statistics from 2018 indicate that of the 1 or 2 people that fell from cruise ships each month, just 17 to 25% were rescued. The hope is that these automated systems will speed responsiveness to man overboard events, and lead to better outcomes. Indeed, in many cases, crews only respond to man overboard incidents hours after victims fall into the water, when the alarm is raised by concerned fellow travelers. This can make even just finding the individual near-impossible. Automated systems have the potential to cut response times to minutes or better, greatly increasing the chances of spotting a person in the water and executing their rescue.

Ultimately, the advancement of automated detection and response systems offers a clear path to improved safety on vessels small and large alike. By sharply cutting the time to raise an alarm, these technologies can dramatically improve the odds of saving a life. As more vessels adopt these systems and integrate them into their safety protocols, we stand to shift the balance, turning dire emergencies into manageable situations, and ultimately, safeguarding more passengers and crew at sea.

hackaday.com/2024/12/17/man-ov…

Nell’ottobre 2024, Cisco ha subito un incidente di sicurezza significativo a causa di una configurazione errata del loro DevHub, che ha permesso di accedere e scaricare dati sensibili.

L’incidente è stato reso pubblico da IntelBroker su BreachForums il 15 di Ottobre scorso, dove è stato annunciato che una parte del breach era disponibile per il download.

Gli attaccanti, tra cui IntelBroker, @zjj e @EnergyWeaponUser hanno pubblicato nuovi dati, grazie ad un’istanza DevHub aperta di Cisco, scaricando 4.5TB di informazioni. I file coinvolti includevano software critici come:

• Cisco C9800-SW-iosxe-wlc.16.11.01
• Cisco IOS XE & XR
• Cisco ISE
• Cisco SASE
• Cisco Umbrella
• Cisco Webex

La dimensione totale dei file disponibili per il download era di 2.9GB, utilizzata come “preview” per attirare potenziali acquirenti per l’intero databreach.

Tattiche, Tecniche e Procedure (TTPs)

Gli attaccanti hanno utilizzato le seguenti tattiche per eseguire l’attacco:

• Sfruttamento di Configurazioni Errate: L’istanza DevHub di Cisco era pubblicamente accessibile senza adeguate misure di autenticazione e controllo degli accessi.

• Esfiltrazione di Dati: Una volta ottenuto l’accesso, gli attori hanno scaricato una vasta quantità di dati, inclusi software e configurazioni critiche.

Implicazioni per la Sicurezza nel Networking

Questo incidente mette in luce diverse vulnerabilità e lezioni importanti per il settore del networking, dimostrando che anche un colosso come Cisco può commettere degli errori.

Le configurazioni errate, ad esempio, possono esporre dati sensibili e sistemi critici. È essenziale implementare rigorosi controlli di accesso e autenticazione per tutte le risorse pubblicamente accessibili.

Condurre audit di sicurezza regolari e valutazioni di vulnerabilità può aiutare a identificare e correggere tempestivamente le esposizioni potenziali.

Le aziende dovrebbero inoltre avere piani di risposta agli incidenti ben definiti per mitigare rapidamente i danni e proteggere i dati dei clienti.

Azioni Correttive di Cisco

Cisco ha risposto all’incidente disabilitando l’accesso pubblico al DevHub e correggendo l’errore di configurazione. Hanno inoltre notificato i clienti interessati e offerto assistenza per la revisione dei file coinvolti. Cisco continua a valutare i file per identificare ulteriori dati sensibili e garantire la sicurezza delle loro risorse.

L’incidente di sicurezza su Cisco DevHub evidenzia l’importanza di una gestione rigorosa delle configurazioni e della sicurezza nel settore del networking. Le aziende devono adottare misure proattive per proteggere le loro risorse e rispondere efficacemente agli incidenti di sicurezza per salvaguardare i dati sensibili e mantenere la fiducia dei clienti.

L'articolo Nuovi dati di Cisco nelle Underground. IntelBroker e Soci pubblicano 4,5 TB proviene da il blog della sicurezza informatica.

Once upon a time, a computer could tell you virtually nothing about an image beyond its file format, size, and color palette. These days, powerful image recognition systems are a part of our everyday lives. They See Your Photos is a simple website that shows you just how much these systems can interpret from a regular photo.

The website simply takes your image submission, runs it through the Google Vision API, and spits back out a description of the image. I tried it out with a photograph of myself, and was pretty impressed with what the vision model saw:

The photo is taken in a lush green forest, with tall trees dominating the background. The foreground features a person, who appears to be the subject of the photograph. The lighting suggests it might be daytime, and the overall color palette is heavily saturated with shades of green, almost artificial in appearance. There’s also some dried vegetation visible to the left, suggesting a natural setting that is possibly a park or woodland area.

The subject is a young to middle-aged Caucasian male with shoulder-length, light-colored hair. He seems serious, perhaps pensive or slightly uneasy. His clothing —a green and yellow checkered shirt over a green and black striped shirt—suggests a casual or outdoorsy lifestyle. He might be of middle to lower-middle class economic standing. It looks like he’s crouching slightly, possibly for the picture. The image lacks metadata on the camera device used or the time the photo was taken. He appears to be alone in the photo, indicating an individualistic or solitary experience.

The saturation level of the greens and yellows is unusually high, hinting at possible digital editing post-capture. There is a very slight blur, particularly noticeable in the background which could be from a smaller aperture or shallow depth of field when captured, creating a focus on the subject. The color alteration and seemingly intentional focus on the subject suggest it may not be a candid shot but rather a posed photograph, possibly with an artistic or stylistic goal.

The system doesn’t get satire or memes, though.
The model did very well—easily determining both the vague type of locale , and the fact that my shirt implies I don’t have a Ferrari at home in my garage. It also picks up on the fact that it was a posed photograph with certain artistic intent.

Back in 2014, the webcomic XKCD stated that it would be an inordinately difficult task for a computer to determine if a digital photo contained a bird. These days, a computer model can tell us what’s in a photo down to the intimate details, and even make amusing assertions as to the lives of the subjects in the image and their intentions. We’ve come a long way, to be sure.

Machine vision is still far from perfect—there are ways to fool systems and areas in which they still don’t stack up to real humans. The only thing we know for certain is that these systems will continue to improve.

hackaday.com/2024/12/17/see-wh…

Siamo in un’era in cui siamo sommersi da un’infinità di segnali e impulsi digitali che, in qualche modo, governano il nostro modo di agire e di interagire con ciò che ci circonda. Ma cosa succederebbe se potessimo hackerare questi segnali e far sì che il mondo risponda ai nostri comandi?

Prendiamo, ad esempio, un dispositivo straordinario come il Flipper Zero: con esso è possibile divertirsi eseguendo attacchi semplici ed efficaci, che nella maggior parte dei casi hanno esito positivo. Ma se ti dicessi che non è necessario possedere un Flipper preconfezionato per riuscire ad aprire la portiera di una Tesla?

Andiamo con ordine. Il Flipper Zero vanta una grande comunità di sviluppatori attivi e competenti, un motivo di orgoglio per chi lo utilizza. Tuttavia, esiste anche un mondo sommerso che si sta sviluppando a ritmi incredibilmente veloci.

In questo mondo, i dispositivi hanno costi ridotti, ma richiedono una maggiore manutenzione e supervisione. È un mondo in cui appassionati e professionisti, con grande entusiasmo, lavorano ogni giorno per sviluppare firmware personalizzati, rendendo utilizzabili anche dispositivi meno noti, ma perfettamente adatti allo scopo.

Un esempio?

Dispositivi come LilyGO T-Embed CC1101, che, con firmware specifici come “Bruce“, possono facilmente eseguire attacchi RF, RFID, IR, NFC, NRF, BLE, WIFI e altri ancora
Una LilyGO T-Embed CC1101

Conclusione

Questi strumenti, con la loro accessibilità e versatilità, stanno ridefinendo il concetto di hacking moderno: non più appannaggio esclusivo degli esperti, ma un fenomeno sempre più alla portata di chiunque abbia la giusta curiosità e competenza.

Tuttavia, questa crescente potenza solleva interrogativi importanti: fino a che punto possiamo spingerci?

E soprattutto, siamo davvero pronti a confrontarci con un mondo in cui ogni segnale può essere intercettato, manipolato o sfruttato?

La tecnologia ‘punk’ è qui per restare, e sta a noi decidere come utilizzarla: come uno strumento di scoperta e innovazione o come un’arma capace di sfidare ogni sistema.

Nascondere queste tecnologie non porta a nulla di buono, ma occorre conoscerle creando consapevolezza. Infatti rimane sempre il concetto “etico” dietro ad ogni device. Ovvero comprendere le minacce per apportare i miglioramenti per rendere il nostro mondo sempre più sicuro

L'articolo Flipper e Lily per l’hacking di auto e dispositivi smart! La tecnologia Punk che spaventa il mondo proviene da il blog della sicurezza informatica.

The ease of integrating bendy parts into designs is one of 3D printing’s strengths. A great example of this is [uhltimate]’s six-shot blaster which integrates several compliant mechanisms. The main blaster even prints in one piece, so there’s not even any assembly required.
The ergonomics are unconventional, but the design is pretty clever.
The blaster itself has three main parts: the trigger, the sear, and the striker. Each of them rely on compliant mechanisms in order to function. The user pulls back the trigger, which hooks into and pulls back the striker. When the trigger is pulled back far enough, the sear releases the striker. This zips forward and slams into a waiting projectile, sending it flying.

The other interesting part is the projectiles and magazine in which they sit. The magazine fits onto the front of the blaster and pulling the trigger allows the magazine to drop down, putting the next projectile into firing position. After the final round is fired, the empty magazine falls away. It’s a pretty clever design, even if the ergonomics are a little unusual and it relies on gravity in order to feed. Tilt it too far sideways or upside down, and it won’t load properly.

We’ve seen compliant mechanisms used for projectile firing before, but this design really raises the bar in the way it does more than just firing the striker.

3D printing allows rapid iteration of designs, which makes devices that rely on compliant mechanisms much easier to develop and fine-tune.

youtube.com/embed/7Y1OKlcw78g?…

hackaday.com/2024/12/17/3d-pri…

In late October 2024, a new scheme for distributing a certain Android banking Trojan called “Mamont” was uncovered. The victim would receive an instant message from an unknown sender asking to identify a person in a photo. The attackers would then send what appeared to be the photo itself but was actually a malware installer. Shortly after, reports surfaced of Mamont being disseminated through neighborhood chat groups. Cybercriminals were touting an app to track a parcel containing household appliances they said they were offering for free. In reality, this was malware with no parcel-tracking functionality whatsoever. Both scams targeted individual users only. Recently, however, we noticed a number of websites promoting a variety of bulk-priced goods that could attract both individual bargain hunters and businesses. A closer look revealed a previously unknown Mamont dissemination pattern.

How we tried to save some cash on a purchase

As we began our investigation, our attention was drawn to websites that offered various products at wholesale prices. We decided to place an order to see if there was a catch. The contact details for one of the stores contained a link to a dedicated private Telegram chat that instructed users to DM their manager to place an order.

Reach out to the agent to place an order

We did just that, checked the details, and made an order. They told us we could pay on delivery with no advance payment whatsoever. This was likely a way for the criminals to avoid arousing suspicions.

The agent requests shipping details

We were notified the following day that our order had shipped and could be tracked with a special mobile app linked in a message from the manager. The link directed users to a phishing site offering to download Mamont for Android (12936056e8895e6a662731c798b27333). The link came with a tracking number that had to be entered in the app. We reported the scam accounts and channels to Telegram, but the messaging service had done nothing to block them at the time of writing this.

The phishing link sent by the manager

We have to give it to the operators: the scam was quite convincing. The private channel was full of users asking questions, no prepayment was necessary, and the “shipping” took a credible length of time. We can’t rule out, however, that some of the group members were, in fact, bots keeping potential victims distracted. Our security products detect the malware spreading via this scam as Trojan-Banker.AndroidOS.Mamont.

The inner workings of the “tracker app”

When launched, the Trojan requests permission to run in the background, and access to push notifications, text messaging, and calls. It then asks the victim to enter the tracking number previously received from the scammers, and sends a POST request containing device information along with the number to the C2 server. We believe the scam operators use that number for victim identification. If the POST request returns a 200 code, the Trojan opens a window that supposedly downloads order details.

Sending data to the C2

The app also starts two malicious services. The first one hijacks all push notifications and forwards them to the attackers’ server. The other one sets up a connection with the attackers’ WebSocket server. The server responds with JSON-formatted commands. The “type” field in the object contains the command name. The object may also contain other fields with command arguments. The full list of commands with their descriptions is given in the table below.

The “custom” and “photo” commands, designed to trick the user into giving away data, call for special attention. The “custom” command can be used to manipulate the victim into giving up various login details. When the app receives that command, the user sees a window with a text box for entering data, which is then sent to the command-and-control server. The “photo” command is similar to “custom”, but instead of a text box, it displays an image upload window. It appears that the attackers do this to harvest data for further social engineering scams like posing as law enforcement or a regulatory agency to trick users into sending money. Additionally, cybercriminals can leverage the banker’s capabilities to directly extract data from victims during this manipulation for added credibility.

Victims

The Mamont campaign exclusively targets Android phone users in Russia as highlighted by the operators themselves.

According to Kaspersky Security Network (KSN) anonymized telemetry data consensually provided by users, our security products blocked more than 31,000 Mamont attacks under the guise of a parcel-tracking app in October and November 2024.

Conclusion

What makes the scam detailed above notable is that both individual users and businesses may take the bait. The attackers lure victims with bulk-priced offers, spreading malware disguised as parcel-tracking apps. Admittedly, the scam is highly convincing and may well look like a bona fide offer to the victim. Besides, the scammers get the victim to contact them first, which boosts the level of trust.

Simple as it may be, the Trojan possesses the essential feature set for stealing login credentials through windows with customizable text elements and controlling SMS banking. We recommend following a few simple rules to avoid getting infected with this and other malware.

• Don’t click links in messages you get from strangers.
• Be wary of overly generous offers you come across online.
• Avoid downloading apps from anywhere but official sources.
• Use a reliable security solution to keep malware away from your device.

Indicators of compromise

C2 server
apisys003[.]com

MD5
12936056e8895e6a662731c798b27333

securelist.com/mamont-banker-d…

Avete notato anche voi che il social nato per i "contatti professionali" ultimamente è diventato un Instagram per boomer?

spreaker.com/episode/dk-9x13-i…

Un post allarmante è stato recentemente individuato nel Dark Web, dove un Threat Actor sta promuovendo una presunta vulnerabilità 0-day Remote Code Execution (RCE), in grado di compromettere i due browser più diffusi al mondo: Google Chrome e Microsoft Edge.

Questa segnalazione solleva serie preoccupazioni all’interno della comunità della sicurezza informatica, evidenziando il potenziale rischio di sfruttamento di una falla non ancora divulgata, con implicazioni che potrebbero mettere in pericolo la sicurezza di milioni di utenti a livello globale.

L’offerta dell’hacker: bug bounty o vendita diretta

Secondo quanto dichiarato nel post, il Threat Actor afferma di aver scoperto la vulnerabilità, ma di non averla ancora resa pubblica. Il Cybercriminale ha avanzato due opzioni:

• Trovare un programma di bug bounty che accetti pagamenti in criptovaluta e non richieda procedure di identificazione personale.

• Vendere direttamente la vulnerabilità, limitando la transazione a compratori in grado di fornire prove di fondi o che possiedano uno status di “acquirente fidato”.

Il prezzo di partenza richiesto è di 100.000 dollari, con transazioni esclusivamente in criptovaluta, un dettaglio che sottolinea la volontà di mantenere l’anonimato e rende difficile rintracciare le operazioni.

Potenziali rischi della vulnerabilità

Se autentica, questa vulnerabilità rappresenta una minaccia significativa sia per gli utenti individuali che per le aziende. Una falla RCE consente agli attaccanti di eseguire codice arbitrario da remoto, aprendo la strada a diverse tipologie di attacco:

• Compromissione dei dispositivi, utilizzando exploit specifici.
• Furto di dati sensibili, incluse credenziali e informazioni personali.
• Distribuzione di malware, come ransomware o spyware, con impatti potenzialmente estesi e dannosi.

La gravità di una vulnerabilità 0-day risiede nella sua natura: essendo sconosciuta al pubblico e ai fornitori, non esistono patch o misure di difesa immediate, lasciando gli utenti esposti a possibili attacchi.

Conclusione

L’episodio sottolinea ancora una volta il ruolo cruciale della cybersecurity in un panorama digitale sempre più complesso e minaccioso. Il Dark Web continua a essere un punto di scambio per falle di alto profilo, mettendo in evidenza la necessità di un monitoraggio costante e di una risposta rapida alle minacce emergenti. La prevenzione e l’adozione di misure proattive restano le armi più efficaci per contrastare un ambiente in cui ogni vulnerabilità rappresenta un’opportunità per i Cybercriminali e un potenziale disastro per utenti e organizzazioni.

L'articolo Minaccia Dal Dark Web: Un Bug RCE 0-Day per Chrome ed Edge in Vendita nelle Underground proviene da il blog della sicurezza informatica.

Air hockey is a fun game, but it’s one you can’t play by yourself. That is, unless you have a smart robot hockey player to act as your rival. [Zeroshot] built exactly that.

The build is based around a small 27-inch air hockey table—not exactly arcade-spec, but big enough to demonstrate the concepts at play. The robot player moves its mallet in the X and Y axes using a pair of NEMA17 stepper motors and an H-belt configuration. To analyze the game state, there’s a Raspberry Pi 3B fitted with a camera, and it has a top-down view of the board. The Pi gives the stepper motors commands on how to move the mallet via an Arduino that communicates with the stepper drivers. The Pi doesn’t just aim for the puck itself, either. With Python and OpenCV, it tries to predict your own moves by tracking your mallet, and the puck, too. It predicts the very-predictable path of the puck, and moves itself to the right position for effective defence.

Believe it or not, we’ve featured quite a few projects in this vein before. They’ve all got their similarities, and their own unique quirks. Video after the break.

youtube.com/embed/VZdKkK-lPW4?…

[Thanks to hari wiguna for the tip!]

hackaday.com/2024/12/16/robot-…

When it comes to aviation curiosities, few machines captivate the imagination like the Fairey Rotodyne. This British hybrid aircraft was a daring attempt to combine helicopter and fixed-wing efficiency into a single vehicle. A bold experiment in aeronautical design, the Rotodyne promised vertical takeoffs and landings in cramped urban spaces while offering the speed and range of a regional airliner. First flown in 1957, it captured the world’s attention but ultimately failed to realize its potential. Despite featured before, new footage keeps fascinating us. If you have never heard about this jet, keep reading.

The Rotodyne’s innovative design centered around a massive, powered rotor that utilized a unique tip-jet system. Compressed air, mixed with fuel and ignited at the rotor tips, created lift without the need for a tail rotor. The result: a smoother transition between vertical and forward flight modes. Inside, it offered spacious seating for 50 passengers and even had clamshell doors for cargo. Yet its futuristic approach wasn’t without drawbacks—most notably, the thunderous noise produced by its rotor jets, earning complaints from both city planners and residents.

Despite these hurdles, the helicopter plane crossover demonstrated its versatility, setting a world speed record and performing groundbreaking intercity flights. Airlines and militaries expressed interest, but escalating development costs and noise concerns grounded this ambitious project.

To this day, the Rotodyne remains a symbol of what could have been—a marvel of engineering ahead of its time. Interested in more retro-futuristic aircraft tales? Read our previous story on it, or watch the original footage below and share your thoughts.

youtube.com/embed/Xa0G6brh420?…

hackaday.com/2024/12/16/versat…

[Mark B] had a problem. He’d come into possession of an Acer N30 PDA, sans batteries. He couldn’t just throw any old cells in, since the unit expected to communicate with an onboard controller chip in the original pack. What ensued was his effort to emulate the original battery controller hardware. This is classic Hackaday right here, folks.

Just wiring in typical Li-Ion voltages to the PDAs battery pins wasn’t enough to make this Windows CE device happy. The device kept fleeing to sleep mode, thinking the battery was faulty or very low. Eventually, inspecting the motherboard revealed the PDA hosted a BQ24025 charger IC from Texas Instruments. [Mark] surmised it was trying to communciate with a BQ26500 “gas gauge” IC from the original battery pack. Armed with that knowledge, he then set about programming an STM32 chip to emulate its behavior. He then successfully ported the functionality over to a CH32V003 microcontroller as well. Paired with a Nokia BL-5CT battery, he had a working portable power solution for his PDA.

It’s great to see ancient hardware brought back to functionality with some good old fashioned hacking. I’d hoped to do the same with my Apple Newton before someone nicked it from my lounge room, more’s the pity. If you’re rescuing your own beleaguered battery-powered portables, don’t hesitate to let us know!

hackaday.com/2024/12/16/emulat…

In most natural environments, fish are able to feed themselves. However, if you wanted to help them out with some extra food, you could always build a 3D-printed boat to do the job for you, as [gokux] did.

The concept is simple enough—it’s a small radio-controlled boat that gets around the water with the aid of two paddle wheels. Driven together, the paddle wheels provide thrust, and driven in opposite directions, they provide steering. A SeeedStudio XIAO ESP32 is the brains of the operation. It listens into commands from the controller and runs the paddle drive motors with the aid of a DRV8833 motor driver module. The custom radio controller is it itself running on another ESP32, and [gokux] built it with a nice industrial style joystick which looks very satisfying to use. The two ESP32s use their onboard wireless hardware to communicate, which keeps things nicely integrated. The boat is able to potter around on the water’s surface, while using a servo-driven to deliver small doses of food when desired.

It’s a neat build, and shows just what you can whip up when you put your 3D printer to good use. If you’d like to build a bigger plastic watercraft, though, you can do that too. Video after the break.

youtube.com/embed/HWH-6doB_aM?…

hackaday.com/2024/12/16/3d-pri…

A long-term project of mine is the the Sony Vaio new mainboard project. A year ago, I used it as an example to show you the cool new feature in KiCad 8, known as “background bitmaps”.

There are a heap of cool aspects to this specific Sony Vaio. It’s outrageously cute and purse-sized, the keyboard is nice enough for typing, motherboard schematics are available (very important!), and it’s not too terribly expensive. Of course, the most motivating aspect is that I happen to own one, its mainboard is not in the best state, and I’ve been itching to make it work.

It turned out to be a pretty complicated project, and, there was plenty to learn – way more than I expected in the beginning, too. I’m happy to announce that my v1 PCB design has been working wonders so far, and there are only a few small parts of it left untested.

I know that some of you might be looking to rebuild a lovely little computer of your choice. Hell, this particular laptop has had someone else rebuild it into a Pi-powered handheld years ago, as evidenced by this majestic “mess of wires” imgur build log! In honor of every hacker who has gotten their own almost-finished piece of hardware waiting for them half-assembled on the shelf, inside a KiCad file, or just inside your mind for now, let’s go through the tricks and decisions that helped made my board real.

Barely Any Space? Plan It Out Well

I recently finished and tested the first revision of this motherboard. It’s a tightly packed four-layer board, populated from both sides, and I want to show it off – describe how I designed it, the various low-level and high-level decisions that went into it, and strategies that I used to make sure this board became real and workable despite the odds.

First of all, the original article has helped in more than one way. Most importantly, I was lucky be contacted by [Exentio], a hacker who was also looking at remaking this particular Vaio with a Compute Module. He had designed two crucial blocks: a display parallel RGB to LVDS converter and a keyboard controller board. From my side, I could help and design review these boards, and design the backlight circuit, uhhh, eventually. Having these blocks was instrumental in me feeling comfortable enough to start the Vaio board design!

At some point in May, I realized I had the board outline and two of the crucial building blocks tested and ready to go, thanks to [Exentio]’s effort – there was barely anything else left that could hold me back. I started playing with the design by throwing these blocks into the schematic and copy-pasting some of my own general building blocks in, for instance, a PAM2306 dual-channel buck regulator, a USB hub, and two simple powerpaths for initial power management.

One trick that’s definitely helped from the start, is planning out locations for the building blocks using empty squares on the silkscreen, ensuring I’d keep space for everything. It didn’t have to be the perfect kind of planning, and I still had to move things here and there during layout, but it’s definitely helped in that I didn’t end up requiring any giant moves and rearrangements.
The silkscreen separations turned out to be super helpful for starting the board. Half of them ended up moving, but they did serve as a helpful “what to expect and where” TODO list
If you want to make your estimates more precise or make more educated layout guesses, don’t limit yourself to squares – just throw footprints (“Add Footprint”) onto the board before you even get to their schematic – any little bit of pre-planning that helps you avoid moving large chunks of your layout later. This applies doubly to connectors – you might not have the symbols for them wired up or even ready yet, but if you make sure the required external connectors are present on the board from the start, it will help you avoid some nasty moves.

Another crucial trick was spending about an hour-two on this board every day, for a week or two. A large project like this will take a fair bit of time, so you’ll want to make sure you can put tons of effort into it, and be emotionally prepared that it won’t happen in an evening’s time – this one took about two weeks. I also kept a TODO list in the schematic – you really want a place to note even the smallest things, from features, to potentially problematic spots that you’ll want to pay extra attention.

Space Constraints

When planning out a board with a large amount of passives, you want to make sure they’re as uniform as possible, so you have less to worry when ordering. In particular – what’s the size of passives you can afford in terms of board space? If you pick too large ones, you might run out of board space way way too quickly, becoming unable to route tracks

I standardized on 0402 components, which also meant I’d certainly be stenciling this board. It gets tiring to hand-solder parts given that this board has a thousand or two solder pads to touch. I opted to use 0805 for larger-value bulk capacitors for switching regulators and power rail purposes because 0402 10uF and 22uF capacitors get expensive if you want to get reliable ones, as we’ve discussed previously. In a few spots, though, I had to switch some 0805 capacitors to 0603, purely due to space constraints.

There are about a hundred resistors and a hundred capacitors on this board – remember, at some point, you can get a PCB fab to assemble just the passives for you, purely to spare yourself all the resistor and capacitor placement. You won’t get to stencil the ICs together with the passives, though, which is why I didn’t bother, because the RP2040 QFNs alone are annoying to handle without solder paste. Have you heard of Interactive HTML BOM for KiCAD? Make sure to use that, it’s simply wonderful and will prevent assembly errors of the kind that burn your board up before it’s even placed into the case.
This was one of the high-power inductors for which I didn’t estimate physical size early enough, and as a result, I had to somewhat bend reality around it
Inductors in the switching regulator can be an unexpected contribution to board space – if you need a 4.7 uH inductor and you need it to pass 5 A or more, take a look at online marketplaces before you even start designing the circuit, and see what the average size is for an inductor that fits your parameters. In my case, I got lucky, but only barely – some inductors definitely didn’t fit as well as I would’ve had hoped.

For this specific board, expected to fit inside the thin Sony Vaio’s shell, I had one more different thing to consider – component height. The original Vaio board was definitely designed in a way where all switching regulator components were placed on only one side, with plenty of height room for inductors and capacitors specifically. I placed all the switching regulators on one side, except one – the PAM2306 for the display 2.5 V and mod board extra 3.3 V rail.

In the end, I mis-estimated the inductor height, and had to shop for lower-profile inductors for that regulator. Thankfully, I found some decent lower-height inductors – they work wonders for powering the screen, and the only problem is that the inductor heats up more than I’d expect, but not too badly.

Source Considerations

Ordering the components for your board? Missing a position or two will really suck, and could delay your project by a week or two easily. My advice is to make sure that all component values are assigned and correct, and to pay the most attention to configuration and feedback resistors! Then, optimize the BOM, export the BOM out of the board into a .csv, and go through it line by line as you’re ordering. Alternatively, you can use the checkboxes in the InteractiveHTLMBoM – just that you’ll have to keep it open all throughout.

When it comes to resistors, remember that you might have to improvise them on the spot – again, you don’t want to wait on them, so get a collection of resistor values. I bought a $15 book of 0402 resistors from Aliexpress, and it proved instrumental – especially given it lets you adjust values during bringup, and, it let me basically not worry at all about missing resistor values at all during sourcing. The earlier you order, the more likely will it be that one IC won’t go out – which has very much prevented me from testing out the display properly.

Apart from that, the book let me be a little more lazy and figure out switching regulator feedback circuits during assembly – and there’s nothing like being able to adjust your USB boost regulator to 5.25 V post-factum, or increasing backlight current in case you figure out the calculated resistors result in a dim screen.

Hacks For Routability, Bootstrap, Motivation

This board’s switching regulators are probably worth their ownr article. There were two power hacks I ended up doing. The first one was having a separate always-on linear regulator for the EC, avoiding chicken-and-egg power problems. This one was certainly a success, and if you’re planning a motherboard that will also have to go low-power at times, you might really want a separate regulator for your EC.

The second one was making use of the Pi Zero’s 3.3 V regulator for powering a ton of stuff, like the keyboard controller chip, the LVDS transmitter, the USB hub, and – basically, everything that would only need to run once the Pi would be powered. This constrains the Zero’s onboard 3.3 V regulator, sure, but it’s not too much of a problem – I’ve powered tons of stuff from the Pi Zero’s 3.3 V rail in the past. It also has helped quite a bit, because the less switching regulators I have to design and keep track of, the better.

A big problem was making use of board layers correctly. I went for four layers on this board, with one 3.3 V layer which carries the output 3.3V rail from the Pi Zero, and one GND layer: SIG-GND-PWR-SIG. Later on, I took a look at the 3.3 V polygon, and realized that nothing used 3.3 V on a big chunk of the board. I deliberated some, and added an extra GND polygon covering a good third of the 3.3 V layer on the path where all the switching regulators were concentrated, and specifically, the path where the DC input jack current would flow into the switching regulator providing 5 V. It’s a plane split, sure, which is not great as far as signal return currents go, but there was one continuous GND layer right next to it already. Fingers crossed it works out for me long-term!

I kept inner layers as clean as possible generally – however, some tracks still had to go on inner layers. My compromise for having good inner polygons was keeping the inner layer traces as close as possible to the edge of the board, ensuring that there’s the least amount of plane splitting possible.

The cherry on top of the cake? I used KiCad board image generation hook for GitHub that I covered this year, and, it’s added a surprising source of motivation to the project. Each time I’d push changes to the repository after a day of board design work, the board image would regenerate, showing off my changes – a lovely conclusion to my work and a reminder that I’ve done well with it. Also, I could demonstrate the board additions to my friends, including [Exentio] – can’t deny, having a social element to this design has really helped in getting this board completed!

There are a few fundamental aspects left – like power management, making plans for board assembly and bringup before you send off the board to manufacturing, and giving yourself the best chances for success when assembly and bringup time comes. That’s within a week – together with a report on how the board is working out so far!

hackaday.com/2024/12/16/sony-v…

The Red Ring of Death (RROD) was the bane of many an Xbox 360 owner. The problem was eventually solved, mostly, but memories of that hellish era lurk in the back of many a gamer’s mind. For a more cheery use of those same status lights, you might appreciate “Lightshow” from [Derf].

The concept is simple enough. It’s a small application that runs on an Xbox 360, and allows you to test the individual LEDs that make up the Ring of Light indicator, along with the main power LED. If you want to test the lights and see each segment correctly lights up as green, yellow and red, you can.

Alternatively, you can have some fun with it. [Derf] also programmed it to flash along to simple four-channel MIDI songs. Naturally, Sandstorm was the perfect song to test it with. It may have been the result of a simple throwaway joke, but [Derf] delivered in amusing fashion nonetheless.

Lightshow is an entry for Xbox Scene Modfest 2024; it’s nice to see the community is still popping off even in this era of heavily-locked-down consoles. We’ve featured some other useful 360 hacks in recent months, too. Video after the break.

youtube.com/embed/3WJwQjNUcpw?…

youtube.com/embed/-H91NT_gmmU?…

hackaday.com/2024/12/16/a-red-…

What do you get when you combine a Raspberry Pi 4B, a Kaypro keyboard, and a 9″ Apple ], you get the coolest AVR development workstation I’ve seen in a while.

Image by [John Anderson] via Hackaday.IOAs you may have guessed, I really dig the looks of this thing. The paint job on the display is great, but the stripes on the keyboard and badging on are on another level. Be sure to check out the entire gallery on this one.

About that keyboard — [John] started this project with two incomplete keyboards that each had a couple of broken switches. Since the two keyboards were compliments of each other parts-wise, they made a great pair, and [John] only had to swap out three switches to get it up and clacking.

In order to make it work with the Pi, [John] wrote a user-mode serial driver that uses the uinput kernel module to inject key events to the kernel. But he didn’t stop there.

Although the Pi supports composite video out, the OS doesn’t provide any way to turn off the chroma color signal that’s modulated on top of the basic monochrome NTSC signal, which makes the picture look terrible. To fix that, he wrote a command-line app that sets up the video controller to properly display a monochrome NTSC signal. Happy AVRing on your amazing setup, [John]!

Check Out This Refreshingly Small Keyboard

Image by [AnnaRooks] via redditUsually when we see keyboards this small, they have tiny keys that are fully intended for thumb presses and thumb presses only. But what about something ultra-portable that has full-size keys?

Although it might be hard to believe, [AnnaRooks] only uses about 20 of the 24 keys that make up this mint tin keyboard. She has a keymap for typing, gaming, and Diablo II.

Personally, and my feelings about layers aside, I don’t think I could use a keyboard without thumb clusters at this point. Although you know what? It would make a great traveling macropad.

The Centerfold: A Close Look At Force Curves

Image by [ThereminGoat] via redditWell, boys and girls, we’ve got a smart beauty this time around. This here is an industrial key switch force tester. [ThereminGoat] is gonna tell you all about force curves and how to read them.

What even is a force curve, and why is it so important? It refers to the graphical representation of the force required to press a key to the actuation point (y) versus the distance traveled during the press (x). So, it’s only critical to evaluating key switch performance. Key points along the force curve include the starting force, the actuation point, the tactile bump if present, the bottom-out force, and the return curve.

So, why does it actually matter? Force curves help us understand how light or heavy a switch feels, the actuation behavior, and help with customization. I’ll let [ThereminGoat] take it from here.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: My IBM Wheelwriter 5

You know, I kind of can’t believe that I’ve now gone 47 Keebins without spotlighting my daily driver, which takes up most of my second desk. She may not look like much, but she types like the wind, and has that legendary buckling-spring keyboard to boot.

Sure, the Selectrics get all the love, and rightfully so. But if you actually want to use a typewriter day in and day out, you really can’t beat its successor, the Wheelwriter. IBM produced these machines from 1984 to 1991, and Lexmark took over, cranking them out until 2001. Mine shows an install date of 4/22/85.

The Wheelwriter was IBM’s first daisy wheel typewriter, which replaced the golf ball type element that signified the Selectric. Arguably even easier to swap than the golf ball, these slim cartridges lay flat for easy storage.

Whereas the Selectric used a mainspring and an escapement like traditional machines, the Wheelwriter has a stepper motor that moves the print head and a solenoid that strikes the daisy wheel against the paper. It makes a delightfully frightening noise on startup as it tests the stepper and solenoid and spins the daisy wheel with alarming swiftness. I love this machine!
hackaday.com/wp-content/upload…

ICYMI: Updated Mouse Ring Now Uses Joystick

Are you tired of traditional mouse and keyboard input, even though you’ve got a sweet ergo split and a trackball? Maybe you’re just looking to enhance your VR setup. Whatever you’re into, consider building [rafgaj78]’s Mouse Ring.

As you might be able to discern from the picture, this baby is based on the Seeed Xiao nRF52840 and uses a tiny battery pack. This is version two of the ring mouse, so if you prefer buttons to a joystick, then the first iteration may be more your style. Keep in mind that version two is easier to assemble and comes in more ring sizes.

There are two modes to this mouse ring. In the first mode, the joystick does left and right mouse click and wheel up-down, and pushing will wake it from deep sleep. In the second mode, the joystick acts as the mouse pointer, and you push down to left click.

I love the elegant design of the ring itself, and it looks great in yellow. Hmm, maybe I need one of these…

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

hackaday.com/2024/12/16/keebin…

This year, we not only challenged Supercon attendees to come up with their own Simple Add-Ons (SAOs) for the badge, but to push the envelope on how the modular bits of flair work. Historically, most SAOs were little more than artistically arranged LEDs, but we wanted to see what folks could do if they embraced the largely unused I2C capability of the spec.

[Squidgeefish] clearly understood the assignment. This first-time attendee arrived in Pasadena with an SAO that was hard to miss…literally. Looking directly at the shockingly bright 128 RGB LED array packed onto the one-inch diameter PCB was an experience that would stay with you for quite some time (ask us how we know). With the “artistically arranged LEDs” aspect of the nominal SAO handled nicely, the extra work was put into the design so that the CPU could control the LED array via simple I2C commands.

Aligning the LED footprints with an imported image of the array.
Now that the dust has settled after Supercon, [Squidgeefish] took the time to write up the experience of designing and producing this gorgeous specimen for our reading pleasure. It’s a fascinating account that starts with a hat tip towards the work of [Jason Coon], specifically the Fibonacci series of densely-packed RGB art pieces. The goal was to recreate the design of the 128 LED model in SAO form, but without the design files for the original hardware, that meant spending some quality time with KiCad’s image import feature.

He designed the LED array for assembly at a board house for obvious reasons, but hand soldering was the order of the day for the SOIC-8 microcontroller, capacitors, and SAO header on the reverse side. Speaking of the MCU, [Squidgeefish] went though a couple of possible suspects before settling on the STM8S001J3, and all the code necessary to drive the LEDs and communicate with the badge over I2C are available should you consider a similar project.

Now technically, the SAO was done at this point, but in testing it out on the Vectorscope badge from Supercon 2023, a problem appeared. It turns out that whatever yahoos came up with that design pulled the power for the SAO port right off of the batteries instead of utilizing the boost converter built-in to the Pi Pico. The end result is that, you never get a true 3.3 V. Also, the voltage that the SAO does get tends to drop quickly — leading to all sorts of unexpected issues.

To solve the problem, [Squidgeefish] came up with a clever boost converter “backpack” PCB that attaches to the rear of the completed SAO. This board intercepts the connection to the badge, and takes whatever voltage is coming across the line and steps it up to the 5 V that the LEDs are actually designed for.

Of course, the irony is that since the 2024 Supercon badge actually did use the boost circuitry of the Pico to provide a true 3.3 V on the SAO connector, this modification wasn’t strictly necessary. But we still love the idea of an add-on for the add-on.

The entire write-up is a fantastic read, and serves as a perfect example of why creating your own Simple Add-On can be so rewarding…and challenging. From adding contingency hardware to deal with badges that don’t obey the spec to figuring out how to produce low-cost packaging on short notice, the production of a decent number of SAOs for the purposes of distribution is a great way to peek out from your comfort zone.

hackaday.com/2024/12/16/buildi…

Review of last year’s predictions

The number of services providing AV evasion for malware (cryptors) will increase

We continuously monitor underground markets for the emergence of new “cryptors,” which are tools specifically designed to obfuscate the code within malware samples. The primary purpose of these tools is to render the code undetectable by security software. In 2024, our expert observations indicate that commercial advertising for these cryptors have indeed gained momentum. Cryptor developers are introducing novel techniques to evade detection by security solutions, incorporating these advances into their malware offerings.

Pricing for these tools has remained consistent, ranging from $100 for a monthly subscription to cryptors available on dark web forums to as much as $20,000 for premium private subscriptions. There has been a shift toward the development and distribution of premium private solutions, which are becoming increasingly prevalent compared to public offerings.

Verdict: prediction fulfilled ✅

“Loader” malware services will continue to evolve

As anticipated, the supply for the “loader” malware family has been constant in 2024. These loaders exhibit a wide range of capabilities, from mass-distributed loaders available at low prices to highly specialized loaders tailored to detailed specifications with prices reaching into the thousands of dollars.

Examples of loader offers

Additionally, threat actors appear to be increasingly using multiple programming languages. For example, the client component of the malware may be developed in C++, while the server-side admin panel is implemented in Go.

Along with the wide variety of loader offerings, we have also seen demands for specific functionality tailored to launch a particular infection chain.

Example of searching for a loader with specific requirements

Verdict: prediction fulfilled ✅

Crypto asset draining services will continue to grow on dark web markets

In 2024, we observed a surge in the activity of “drainers” across dark markets. These are malicious tools designed to steal the victim’s crypto assets, such as tokens or NFTs. New drainers emerged throughout the year and were actively promoted on various dark web platforms. In general, the number of unique threads discussing drainers on underground markets increased from 55 in 2022 to 129 in 2024, which is remarkable. At the same time, these posts frequently served as redirects to Telegram.

The number of unique threads about drainers on the dark web (download)

In fact, in 2024, Telegram channels were a prominent hub for drainer-related activity.

Dark web post containing links directing potential collaborators to Telegram

Drainer developers are increasingly focused on serving their long-term clients, with most activity now conducted in invite-only channels.

In terms of functionality, drainers have remained largely consistent, with a continued emphasis on incorporating support for new crypto-related assets such as emerging coins, tokens, and NFTs. 2024 also saw the discovery of the first mobile drainer.

Verdict: prediction fulfilled ✅

Black traffic schemes will be very popular on underground markets

In 2024, the popularity of black traffic schemes on underground markets remained constant. Black traffic dealers have maintained their operations by promoting malicious landing pages through deceptive ads. Sales activities for these services remain robust on underground markets, with demand holding steady, further highlighting the effectiveness of mainstream ad delivery platforms for malware distribution. This method continues to be a popular choice for cybercriminals looking to reach a wider audience, posing an ongoing threat to online users.

Verdict: Partially fulfilled

Evolution and market dynamics of Bitcoin mixers and cleaning services

In 2024, there was no significant increase in the number of services advertising cryptocurrency “cleaning” solutions. The majority of established and popular services have maintained their presence in the market, with little change in the competitive landscape.

Verdict: prediction not fulfilled ❌

Our predictions for 2025

Data breaches through contractors

When abusing company-contractor relationships (trusted relationship attacks), threat actors first infiltrate a supplier’s systems and then gain access to the target organization’s infrastructure or data. In some cases, these attacks result in significant data breaches, such as the case where attackers allegedly accessed Ticketmaster’s Snowflake cloud account by breaching a third-party contractor. Another prominent threat actor employing this tactic was IntelBroker – the actor and their associated gang reportedly breached companies like Nokia, Ford, a number of Cisco customers including Microsoft, and others through third parties.

Profile of the actor named IntelBroker on a popular dark web forum

We expect to see the number of attacks through contractors leading to data breaches at major end targets to continue to grow in 2025. Cloud platforms and IT services often store and process corporate data from multiple organizations, so a breach at just one company can open the door to many others. It is worth noting that a breach does not necessarily have to affect critical assets to be destructive. Not every data breach advertisement on the dark web is the result of a genuinely serious incident. Some “offers” may simply be well-marketed material; for example, certain databases may combine publicly available or previously leaked data and present it as breaking news, or simply claim to be a breach for a well-known brand. By creating hype around what is actually old – and probably irrelevant – data, cybercriminals can provoke publicity, generate buzz, and damage the reputation of both the supplier and its customers.

IntelBroker’s dark web post claiming a Tesla data breach, later edited to claim to be a breach of a third-party EV charging firm

In general, we have noticed an overall increase in the frequency of corporate database advertisements on the dark web. For example, on one popular forum, the corresponding number of posts in August-November 2024 increased by 40% in comparison with the same period last year, and peaked several times.

Number of dark web posts distributing databases on one popular forum, August 2023-November 2024 (download)

While some of this growth may be attributed to the reposting or combining of older leaks, cybercriminals are clearly interested in distributing leaked data – whether new, old, or even fake. Consequently, in 2025, we are likely to witness not only a rise in company data hacks and leaks through contractors, but also an overall increase in data breaches.

Migration of criminal activity from Telegram to dark web forums

Despite a spike in cybercriminal activity on Telegram in 2024, we expect the shadow community to migrate back to dark web forums. Shadow Telegram channels are increasingly being banned, as noted by their administrators:

Examples of messages from threat actors announcing a ban on their Telegram channels and accounts

The return or influx of cybercriminals to dark web forums is expected to intensify competition among these resources. To stand out and attract new audiences, forum operators are likely to start introducing new features and improving conditions for data trading. These may include automated escrow services, streamlined dispute resolution processes, and improved security and anonymity measures.

Increase in high-profile law enforcement operations against cybercrime groups

2024 was a significant year in the global high-profile fight against cybercrime. The world has seen many successful operations – Cronos against LockBit, the takedown of BreachForums, the arrest of WWH Club members, successful initiatives like Magnus against RedLine and Meta stealers, and Endgame against TrickBot, IcedID, and SmokeLoader, and more. We at Kaspersky also actively contributed to law enforcement efforts to combat cybercrime. For example, we supported INTERPOL-coordinated action to disrupt the Grandoreiro malware operation, helped counter cybercrime during the 2024 Olympics, and contributed to Operation Synergia II, which aimed to disrupt cyberthreats such as targeted phishing, ransomware, and infostealers. We also assisted the joint INTERPOL and AFRIPOL operation combating cybercrime across Africa. These and many other cases highlighted the coordination and collaboration between law enforcement and cybersecurity organizations.

We expect 2025 to bring an increase in arrests and takedowns of high-profile cybercriminal group infrastructures and forums. However, in response to the successful operations of 2024, threat actors will likely switch tactics and retreat to deeper, more anonymous layers of the dark web. We also expect to see the emergence of closed forums and an increase in invitation-only access models.

Stealers and drainers to see a rise in their promotion as services on the dark web

Cryptocurrencies have been a prime target for cybercriminals for years. They lure crypto users to scam sites and Telegram bots under various guises, and add crypto-stealing functionality to infostealers and banking Trojans. With the price of Bitcoin setting record after record, the popularity of drainers specifically designed to steal cryptocurrency tokens from victims’ wallets is likely to persist in the coming year.

Infostealers are another type of malware that harvests sensitive information from users’ devices, including private keys for cryptocurrency wallets, passwords, browser cookies, and autofill data. In recent years, we have witnessed a dramatic rise in credential leaks driven by this malware, and we expect this trend to continue – and in some sense evolve. Most likely, we will see the emergence of new families of stealers, along with an increase in the activity of those that already exist.

Both stealers and drainers are likely to be increasingly promoted as services on the dark web. Malware-as-a-Service (MaaS) – or “subscription” – is a dark web business model that involves leasing software to carry out cyberattacks. Typically, clients of such services are offered a personal account through which they can control the attack, as well as technical support. It lowers the initial threshold of expertise required by would-be cybercriminals.

Example of a stealer offered through the MaaS model

In addition to publications on the dark web featuring stealers or drainers themselves, we also see posts looking for traffers – people who help cybercriminals distribute and promote stealers, drainers, or scam and phishing pages.

Examples of traffer searches for drainers

Example of a traffer search for a cryptoscam (not a drainer)

Fragmentation of ransomware groups

Next year, we may see ransomware groups fragmenting into smaller independent entities, making them more difficult to track and allowing cybercriminals to operate with greater flexibility while staying under the radar. Kaspersky Digital Footprint Intelligence data shows that in 2024 the number of Dedicated Leak Sites (DLS) grew 1.5 times compared to 2023. Despite this growth, the average number of unique posts per month has remained the same compared to the previous year.

Ransomware operators are also likely to continue to leverage leaked malware source codes and builders to create their own customized versions. This approach significantly lowers the barrier to entry for new groups, as they can avoid developing tools from scratch. The same goes for Dedicated Leak Sites (DLSs): low-skilled cybercriminals will likely use the leaked DLS source codes of notorious groups to create almost exact copies of their blogs – something we can already see happening on the dark web.

LockBit’s DLS

DarkVault’s DLS is almost an exact copy of LockBit’s

Escalating cyberthreats in the Middle East: hacktivism and ransomware on the rise

According to Kaspersky Digital Footprint Intelligence (DFI), one of the most concerning cybersecurity threats related to dark web activity in the Middle East in the first half of 2024 was the activity of hacktivists. The region has seen an increase in these threats due to the current geopolitical situation, which is likely to continue to rise if tensions do not ease.

Kaspersky DFI researchers observed more than 11 hacktivist movements and various actors across the region. In line with the current geopolitical instability, hacktivist attacks are already shifting from distributed denial of service (DDoS) and website defacement to critical outcomes such as data leaks and the compromise of target organizations.

Another threat that is likely to remain highly active in the region is ransomware. Over the past two years, the Middle East has seen a surge in the number of ransomware attack victims, rising significantly from an average of 28 each six months in 2022-2023 to 45 in the first half of 2024. This trend is likely to persist into 2025.

securelist.com/ksb-dark-web-pr…

Researchers have been testing a new type of lithium ion battery that uses single-crystal electrodes. Over several years, they’ve found that the technology could keep 80% of its capacity after 20,000 charge and discharge cycles. For reference, a conventional cell reaches 80% after about 2,400 cycles.

The researchers say that the number of cycles would be equivalent to driving about 8 million kilometers in an electric vehicle. This is within striking distance of having the battery last longer than the other parts of the vehicle. The researchers employed synchrotron x-ray diffraction to study the wear on the electrodes. One interesting result is that after use, the single-crystal electrode showed very little degradation. According to reports, the batteries are already in production and they expect to see them used more often in the near future.

The technology shows promise, too, for other demanding battery applications like grid storage. Of course, better batteries are always welcome, although it is hard to tell which new technologies will catch on and which will be forgotten.

There are many researchers working on making better batteries. Even AI is getting into the act.

hackaday.com/2024/12/16/single…

Nel panorama delle minacce informatiche contemporanee, il malware FK_Undead rappresenta un esempio sofisticato e preoccupante di come gli attori malevoli siano in grado di combinare tecniche avanzate di evasione, persistenza e manipolazione del traffico di rete. Recenti analisi pubblicate da G DATA hanno portato alla luce un rootkit loader di nuova generazione appartenente alla famiglia FK_Undead, il quale sfrutta caratteristiche avanzate per infiltrarsi nei sistemi Windows, rimanere nascosto e manipolare il traffico di rete degli utenti a proprio vantaggio.

Funzionamento del rootkit loader FK_Undead

Il processo di infezione di FK_Undead è caratterizzato da una sequenza ben strutturata di passaggi che garantiscono al malware un’alta capacità di elusione e di persistenza nel sistema compromesso. Vediamo in dettaglio come si articola questa catena di infezione:

1. Caricamento iniziale e firma digitale legittima:
   Il malware si presenta come un loader firmato con un certificato Microsoft valido. Questa caratteristica è particolarmente subdola, poiché consente al codice malevolo di aggirare molti controlli di sicurezza basati sull’autenticità delle firme digitali. La presenza di una firma valida facilita l’esecuzione del malware senza destare sospetti, permettendo al rootkit di essere eseguito come un servizio di sistema con privilegi elevati.
2. Persistenza come servizio di sistema:
   Una volta eseguito, il loader si installa come un servizio di sistema, garantendosi la possibilità di eseguirsi automaticamente ad ogni avvio del computer. Questo meccanismo di persistenza rende estremamente difficile rimuovere il malware con una semplice scansione antivirus o con un riavvio del sistema.
3. Download e decrittazione del payload:
   Il loader è programmato per connettersi a specifici URL al fine di scaricare un payload cifrato. La tecnica utilizzata per ottenere questi URL è conosciuta come “deaddrop”: una metodologia che permette agli attaccanti di mantenere nascosti gli indirizzi reali dai quali viene distribuito il payload. Una volta scaricato, il payload viene decriptato localmente e preparato per l’installazione.
4. Installazione del driver kernel protetto:
   Il payload scaricato consiste in un driver kernel firmato e protetto con VMProtect, un software di protezione che rende difficile l’analisi e il reverse engineering del codice. L’uso di VMProtect assicura che anche gli analisti di sicurezza più esperti incontrino notevoli difficoltà nel decifrare il funzionamento interno del malware.
5. Controlli anti-sicurezza e anti-virtualizzazione:
   Prima di procedere con l’esecuzione del payload, il rootkit esegue una serie di controlli avanzati per verificare la presenza di software di sicurezza, ambienti virtuali (come sandbox) o strumenti di analisi. Se il malware rileva uno di questi elementi, può interrompere la propria esecuzione o modificare il proprio comportamento per evitare di essere scoperto.
6. Manipolazione del traffico di rete:
   Una delle caratteristiche più pericolose di FK_Undead è la capacità di intercettare e manipolare il traffico di rete dell’utente attraverso la gestione di proxy compromessi. Questo permette agli attaccanti di esfiltrare dati sensibili, intercettare comunicazioni riservate o reindirizzare il traffico verso server controllati dai criminali informatici.

Infrastruttura e indicatori di compromissione (IoC)

L’immagine allegata fornisce una rappresentazione visiva della complessa infrastruttura di comando e controllo (C2) utilizzata da FK_Undead. Alcuni degli elementi chiave emersi dall’analisi includono:

• Nomi di dominio malevoli:
  Tra i domini utilizzati per distribuire il payload e per comunicare con il malware figurano nomi come:
  
  • tjxgood.com
  • tjxupdates.com
  • microsoftdns2.com

  
  Questi nomi sono stati scelti con cura per somigliare a domini legittimi, rendendo più difficile per gli utenti e i sistemi di sicurezza individuare l’attività sospetta.

• Indirizzi IP associati:
  L’indirizzo 101.37.76.254 è uno dei principali indicatori di compromissione collegati alla distribuzione del payload. Questo IP è utilizzato per ospitare file malevoli e per orchestrare le comunicazioni tra il rootkit e i server di comando e controllo.
• Hash dei file:
  L’analisi ha identificato diversi hash di file malevoli che possono essere utilizzati per rilevare la presenza di FK_Undead nei sistemi. Ad esempio:
  
  • 10d8591dd18e061febabe0384dc6e4516b7e7e54be87e0ac3e211f698b0[url=https://www.redhotcyber.com/post/tecniche-di-attacco-cosa-si-intende-per-server-di-i-comand-and-control-c2/]c2[/url]
  • adf0bed4734b416c0c959e0965d9a9726b9ea2b9c8864e2050375fe61a1b

  
  

Tecniche di evasione e occultamento

FK_Undead implementa una serie di tecniche di evasione avanzate che lo rendono particolarmente difficile da rilevare e rimuovere:

• Offuscamento del codice tramite VMProtect per rendere arduo il reverse engineering.
• Routine di notifica del kernel che permettono di nascondere processi e file dal sistema operativo e dai software di sicurezza.
• Controlli di integrità e di ambiente per evitare di eseguire il malware su macchine virtuali o ambienti di analisi automatizzata.

Implicazioni per la sicurezza aziendale e individuale

La presenza di FK_Undead su un sistema rappresenta una grave minaccia sia per gli utenti privati che per le aziende. Le possibili conseguenze includono:

• Furto di dati riservati: Informazioni sensibili come credenziali, documenti aziendali e dati finanziari possono essere sottratti e utilizzati per scopi fraudolenti.
• Intercettazione di comunicazioni: Manipolando il traffico di rete, gli attaccanti possono spiare le comunicazioni aziendali o personali.
• Compromissione della rete aziendale: Un sistema infetto può fungere da punto di ingresso per ulteriori attacchi all’infrastruttura IT aziendale.

Strategie di protezione e mitigazione

Per proteggersi da FK_Undead e da altre minacce avanzate, è essenziale adottare una serie di misure di sicurezza:

1. Aggiornamento costante del software: Installare regolarmente aggiornamenti di sicurezza per sistemi operativi e applicazioni.
2. Monitoraggio continuo della rete: Utilizzare soluzioni di Threat Detection per identificare comportamenti anomali nel traffico di rete.
3. Controllo delle firme digitali: Verificare l’autenticità dei certificati digitali e segnalare eventuali anomalie.
4. Segmentazione della rete: Limitare l’accesso alle risorse critiche per ridurre il rischio di diffusione del malware.
5. Formazione del personale: Educare gli utenti sui rischi legati a download sospetti e phishing.

L’analisi di FK_Undead da parte di G DATA e i dati ricavati dalla piattaforma di Threat Intelligence evidenziano un’evoluzione significativa nelle capacità dei malware moderni. La combinazione di tecniche avanzate di evasione, persistenza e manipolazione del traffico richiede un approccio proattivo alla sicurezza informatica. Le aziende e gli utenti devono adottare misure preventive e mantenere alta l’attenzione per difendersi da queste minacce sempre più sofisticate.

L'articolo Analisi del malware FK_Undead: una minaccia avanzata per Windows proviene da il blog della sicurezza informatica.

If you ever wanted to dive into the source code for the 1980s space game Elite, but didn’t want to invest many hours reverse-engineering the 6502 assembly code, then [Mark Moxon]’s annotated code has you covered. The systems referenced range from the BBC Micro and Commodore 64 to the NES and Apple II, with some of these versions based on the officially released source code. For other systems the available source code was used together with decompiled game binaries to determine the changes and to produce functional, fully commented source code.
The cutting-edge gameplay of Elite on the 8502.
This particular game is fascinating for being one of the first to use wire-frame 3D graphics with hidden-line removal and a sprawling universe in which to trade and deal with less than friendly parties using a variety of weapons. After this initial entry it would go on to spawn many sequels and inspired countless games that’d follow a similar formula.

On the respective GitHub project page for each version, you can find instructions on how to build the code for yourself, such as for the Commodore 64. Of note here is the the license, which precludes anyone from doing more than forking and reading the code. If this is no concern, then building the game is as simple as using the assembler (BeebAsm) and the c1541 disk image utility from the VICE project.

hackaday.com/2024/12/15/docume…

How often have you wished to have an instruction manual — or, at least, a Unix man page — for life? Well, your wait is over. Of course, you probably were hoping for instructions on how to navigate life, but [cve’s] mott program plays life inside a man page. That might not be as useful as a real manual for life, but it is still pretty cool.

To understand what’s happening, you have to understand how man pages work. They use an old form of markup known as roff, which later begat nroff and troff. While roff is made to do crude word processing at the dawn of Unix, it is also a Turing-complete language.

You do need groff installed and, of course, man. If you have all that, you can get a live demo with:
curl codeberg.org/cve/mott/raw/bran… | man -l -
We’ll leave understanding all the macros involved as an exercise for the reader, but we are certainly impressed with the audacity of the idea and the implementation.

We would ask if it could play Doom, but we are afraid someone would answer yes and then show us. If you think markup is old-fashioned, don’t be too sure. (Although the underlying project is now at a new URL)

hackaday.com/2024/12/15/finall…

It looks like we won’t have Cruise to kick around in this space anymore with the news that General Motors is pulling the plug on its woe-beset robotaxi project. Cruise, which GM acquired in 2016, fielded autonomous vehicles in various test markets, but the fleet racked up enough high-profile mishaps (first item) for California regulators to shut down test programs in the state last year. The inevitable layoffs ensued, and GM is now killing off its efforts to build robotaxis to concentrate on incorporating the Cruise technology into its “Super Cruise” suite of driver-assistance features for its full line of cars and trucks. We feel like this might be a tacit admission that surmounting the problems of fully autonomous driving is just too hard a nut to crack profitably with current technology, since Super Cruise uses eye-tracking cameras to make sure the driver is paying attention to the road ahead when automation features are engaged. Basically, GM is admitting there still needs to be meat in the seat, at least for now.

Speaking of accidents, the results of the first aircraft accident investigation on another world were released this week, and there were a few surprises. Ingenuity, the little helicopter that hitched a ride to Mars in the belly of the Perseverance rover in 2021, surpassed all expectations by completing 71 flights successfully and becoming an integral part of the search for ancient life on Mars. But flight 72 proved to be a bridge too far and ended with a hard landing that terminally damaged its rotor system. At the time it was speculated that the relatively bland terrain it was flying over at the time of the accident was the root cause. This was confirmed by analysis of the flight logs, but the degree to which the flight computer’s down-looking navigation camera was confused by the featureless dunes is new information. As for why the rotor blades broke, it doesn’t appear that it was because they impacted the surface. Rather, as Scott Manley points out, the blades appear to have broken at their weakest point due to extreme flexing induced by the high vertical speed while touching down on a slope, which caused one set of legs to hit the surface before the others.

Also roughly in the realm of space-based failures comes the story of a hapless senior citizen in New York who has been issued thousands of dollars in traffic tickets because of her love for Star Trek. Years ago, Long Island resident Beda Koorey got a New York vanity license plate for her car emblazoned with “NCC-1701,” the registration number of the USS Enterprise. She turned in those plates years ago when she gave up driving, but in the meantime, novelty NCC-1701 plates began popping up on Amazon and other sites. They were clearly not intended to be used on cars, but that didn’t stop some people from putting them on over their real plates in an attempt to defeat traffic cameras. It worked, at least from their point of view, since it left poor Beda with a collection of tickets for speeding and red light violations from as far away as Chicago. She even got a ticket for a violation committed by a motorcycle with a phony plate, which you think would not map to the registration for an automobile, but there you go. We always knew it was hard to be a Trekkie, especially back in the ’70s, but at least it never cost us much money. It did cost us a lot of dates, though.

We featured plenty of stories of start-up tech companies with the next must-have IoT device that fold up shop after a few years and abandon their users by effectively bricking their widgets. Heck, we’ve even suffered that fate ourselves; curse you, Logitech, for killing the SqueezeBox. However, one company recently took IoT bricking to a new low by ending support for a line of AI-powered companion bots for kids. The company was called Embodied, and they hawked $800 AI bots for kids called Moxie, with a cute face and a huggable form factor that kids couldn’t help falling in love with. Embodied couldn’t make a go of it financially and since Moxie uses a cloud-based LLM to interact with kids, the bots are now bricked. This leaves parents who invested in these devices with the quandary of having to explain to young kids that their robot pal is dead. Some of the TikToks of parents breaking the news are heartbreaking, and we can’t help but think that this is a perfect opportunity for someone in our community to reverse-engineer these things and bring them back to life.

And finally, the burning of the Yule Log is an ancient tradition, one that reminds us of the time our grandfather brought an entire telephone pole that had washed up on the beach home and burned it for days on end, feeding it slowly into the fireplace in the living room through the open front door. Good times. Not everyone is blessed with a fireplace in their abode, though, which has given rise to the popularity of video Yule Logs that you can just play on your TV. And now NASA is in on the action with an eight-hour 4K video of the SLS main engines and boosters. Framed by a lovely stone fireplace and replete with crackling wood sound effects over the subdued roar of the four RS-25 engines and twin solid-fuel boosters, it’ll make a nice addition to your holiday festivities. Although given that NASA just announced that the next Artemis missions are delayed until at least 2026, we’re not sure that it’s a great idea to show a rocket that never lifts off. You’ll also want to be careful that the neighbors don’t see the action.

youtube.com/embed/_cgTVTwu4nw?…

hackaday.com/2024/12/15/hackad…

Most small-scale, residential rainwater harvesting systems we’ve seen rely on using an existing roof and downspout to collect water that would otherwise be diverted out into the environment. These are accessible for most homeowners since almost all of the infrastructure needed for it is already in place. [SuburbanBiology] already built one of these systems to take care of his potable water, though, and despite its 30,000 gallon capacity it’s not even close to big enough to also water his garden. But with some clever grading around his yard and a special rainwater system that harvests rain from the street instead of his roof, he’s capable of maintaining a lush food forest despite living through a drought in Texas.

For this build there are actually two systems demonstrated, one which is gravity-fed from the road and relies on one’s entire property sloping away from the street, and a slightly more complex one that’s more independent of elevation. Both start with cutting through a section of sidewalk to pass a 4″ PVC pipe through to the street where the stormwater runoff can be collected. The gravity-fed system simply diverts this into a series of trenches around the property while the second system uses a custom sump pump to deliver the water to the landscaping.

For a system like this a holding tank is not necessary; [SuburbanBiology] is relying on the soil on his property itself to hold onto the rainwater. Healthy, living soil can hold a tremendous amount of water for a very long time, slowly releasing it to plants when they need it. And, at least where he lives, a system like this is actually helpful for the surrounding environment as a whole since otherwise all of the stormwater runoff has to be diverted out of the city or cause a flood, and it doesn’t end up back in an aquifer. If you’re more curious about a potable water system instead, take a look at [SuburbanBiology]’s previous system.

youtube.com/embed/ZGsuOyzyYcI?…

hackaday.com/2024/12/15/rainwa…

For the amateur radio operator with that on-the-go lifestyle, nothing is more important than having your gear as light and packable as possible. If you’re lugging even a modest setup out into the woods, every ounce counts, which is why we love projects like this packable dipole antenna feedpoint.

At its simplest, a dipole antenna is just two pieces of wire cut to a specific, frequency-dependent length connected to a feedline. In practical terms, though, complications arise, such as keeping common-mode currents off the feedline and providing sturdy mechanical support for the antenna to suspend it safely. [Ham Radio Dude]’s design handles both those requirements while staying as small and packable as possible. The design starts with a bifilar 1:1 current balun, which is wound on an FT82-43 ferrite toroid with 22 AWG magnet wire. One side of the balun is connected to a BNC connector while the other is connected to a pair of Wago splice connectors that are glued together. A loop of paracord for mechanical strain relief is added, and the whole thing gets covered in heat-shrink tubing. The antenna is deployed by attaching a feedline to the BNC, clipping quarter-wave wires into the Wago terminals, and hoisting the whole thing aloft. Full build details are in the video below.

People will no doubt be quick to point out that these Wago terminals are rated for a minimum of 18 AWG wire, making them inappropriate for use with fine magnet wire. True enough, but [Dude] was able to get continuity through the Wagos, so the minimum gauge is probably more of an electrical code thing. Still, you’ll want to be careful that the connections stay solid, and it might pay to look at alternatives to the Wago brand, too.

youtube.com/embed/U5SdglQCC3U?…

hackaday.com/2024/12/15/wago-t…

Way back in 2008, Apple unveiled the first unibody Macbook with a chassis milled out of a single block of aluminum. Before that, essentially all laptops, including those from Apple, were flimsy plastic screwed together haphazardly on various frames. The unibody construction, on the other hand, finally showed that it was possible to make laptops that were both lightweight and sturdy. Apple eventually began producing iPhones with this same design style, and with the right tools and a very accurate set of calipers it’s possible to not only piece together the required hardware to build an iPhone from the ground up but also build a custom chassis for it entirely out of metal as well.

The first part of the project that [Scotty] from [Strange Parts] needed to tackle was actually getting measurements of the internals. Calipers were not getting the entire job done so he used a flatbed scanner to take an image of the case, then milled off a layer and repeated the scan. From there he could start testing out his design. After an uncountable number of prototypes, going back to the CAD model and then back to the mill, he eventually settles into a design but not before breaking an iPhone’s worth of bits along the way. Particularly difficult are the recessed areas inside the phone, but eventually he’s able to get those hollowed out, all the screw holes tapped, and then all the parts needed to get a working iPhone set up inside this case.

[Scotty] has garnered some fame not just for his incredible skills at the precision mill, but by demonstrating in incredible detail how smartphones can be user-serviceable or even built from scratch. They certainly require more finesse than assembling an ATX desktop and can require some more specialized tools, but in the end they’re computers like any other. For the most part.

youtube.com/embed/Yrl4OmS3bBA?…

hackaday.com/2024/12/15/an-iph…

Suchir Balaji – che ha lasciato OpenAi questo agosto – si è chiesto se l’Intelligenza artificiale generativa sia davvero regolata da un uso corretto. Secondo la sua ricerca l’uso di dati protetti da copyright da parte di OpenAI violerebbe la legge e tecnologie come ChatGPT starebbero danneggiando Internet, oltre che apportare alla società più danni che benefici. La sua morte – avvenuta per suicidio il 14 dicembre 2024 – riporta alla luce una visione etica dell’innovazione nella battaglia per un’intelligenza artiiciale più responsabile di chi mette in discussione l’operato delle Big Tech.

“Negli ultimi due anni – ha rivelato Balji al New York Times – un certo numero di individui e aziende hanno fatto causa a varie aziende di intelligenza artificiale, tra cui OpenAI, sostenendo che hanno utilizzato illegalmente materiale protetto da copyright per addestrare le loro tecnologie”, cause che potrebbero avere un impatto significativo sullo sviluppo dell’IA negli USA.

Tra queste aziende – come riporta Harvard Law Today – ci sarebbe il New York Times, secondo il quale ChatGBT avrebbe fatto scraping di parti fondamentali di suoi contenuti creando proprie librerie (con materiale non concesso in licenza): una pratica che indebolirebbe il modello di business del Times, che – secondo i legali “si basa su licenze, abbonamenti e ricavi pubblicitari”. Tuttavia secondo Mason Kortz – istruttore presso la Harvard Law School Cyberlaw Clinic presso il Berkman Klein Center for Internet & Society – il New York Times dovrebbe dimostrare che gli elementi copiati includano un’espressione protetta e che la quantità utilizzata da parte dell’IA sia corretta.

Ebbene Suchir Balaji definisce l’uso corretto in base ad un bilanciamento di 4 fattori (di cui 1 e 4 tendono ad essere i più importanti), basati sulla Sezione 107 del Copyright Act del 1976, che regola l’uso corretto di un’opera protetta da copyright:

1. lo scopo e il carattere dell’uso, incluso se tale uso è di natura commerciale o è per scopi educativi senza scopo di lucro,
2. la natura dell’opera protetta da copyright,
3. la quantità e la sostanzialità della porzione utilizzata in relazione all’opera protetta da copyright nel suo complesso,
4. l’effetto dell’uso sul potenziale mercato o valore dell’opera protetta da copyright.

Nessuno dei quattro fattori sembra pesare a favore del fatto che ChatGPT si fondi su un uso corretto dei suoi dati di training. “Sebbene i modelli generativi raramente producano output sostanzialmente simili a uno qualsiasi dei loro input di training – spiega Balaji – “il processo di training di un modello generativo comporta la creazione di copie di dati protetti da copyright”.

Fonte immagine: Suchir Balaji, When does generative AI qualify for fair use?

L’addestramento suI dati protetti da copyright senza accordo di licenza è un tipo di danno di mercato

Il processo di training di un modello generativo comporta la creazione di copie di dati protetti da copyright: quindi se queste copie non sono autorizzate – e senza regolamentazione – “ciò potrebbe potenzialmente essere considerato una violazione del copyright, a seconda che l’uso specifico del modello si qualifichi o meno come “uso corretto”, determinato necessariamente caso per caso. Balaji ha sostenuto che le pratiche di OpenAI stanno distruggendo la redditività commerciale di individui, aziende e servizi Internet, creando contenuti che competono direttamente con le fonti di dati originali, minandone l’uso corretto. Tornando al New York Times, i modelli generativi potrebbero avere un effetto lesivo sul mercato dell’originale: senza una buona regolamentazione – basata sulla trasparenza – e tasse di licenza si potrebbe parlare di danno del mercato, questione legata anche al whistleblowing di Suchir Balaji, secondo cui la società di Sam Altman, ha reperito enormi quantità di dati digitali da Internet per addestrare i suoi modelli di intelligenza artificiale, facendo copie non autorizzate dei dati protetti da copyright e creando versioni simili agli originali, senza rispettare le disposizioni sull’uso corretto.

“Questo non è un modello sostenibile per l’ecosistema di Internet” _ [Suchir Balaji, New York Times, ottobre 2024].

Le tecnologie di intelligenza artificiale generativa, stanno rivoluzionando l’acquisizione di informazioni e la produzione di contenuti in una varietà di domini. La studio “The consequences of generative AI for online knowledge communities”, pubblicato a maggio 2024, ha rilevato la forte influenza di ChatGPT sull’attività degli utenti di comunità di sviluppatori di come Stack Overflaw con il conseguente “calo sia nelle visite al sito che nei volumi di domande su Stack Overflow, in particolare sugli argomenti in cui ChatGPT eccelle”. Stack Overflaw però con Reddit, The Associated Press, News Corp, ha firmato degli accordi con gli sviluppatori di modelli come OpenAI e Google.

[strong]Fonte immagine:[/strong] Gordon Burtch, Dokyun Lee & Zhichen Chen, The consequences of generative AI for online knowledge communities (Cit)

Anche considerando gli impatti positivi – miglioramento della produttività utente – il pericolo è che gli LLM possano sostituire del tutto le comunità di conoscenza online – con il peggioramento di ogni tipo di interazione interpersonale (anche nei luoghi di lavoro) – oltre al fatto che la loro produzione di contenuti errati (allucinazioni) sia da prendere in seria considerazione.

Il problema dello sfruttamento dei dati protetti da copyright senza licenza o compensi per gli autori, evidenziato da Suchir Balaji è significativo: uno strumento come ChatGBT potrebbe entrare in competizione con gli stessi contenuti originali degli autori, danneggiando loro, gli hub di informazione e le arti creative, con il rischio ulteriore di avvelenamento dei contenuti originali e la generazione di informazioni false o fuorvianti.

Fonte immagine: Gordon Burtch, Dokyun Lee & Zhichen Chen, The consequences of generative AI for online knowledge communities (Cit)

Migliaia di artisti – e da tempo – si sono infine schierati contro la pratica di addestrare l’intelligenza artificiale generativa con materiale protetto da copyright e senza licenza: “spendono somme ingenti per persone ed eleborazione” ha detto Newton-Rex, fondatore di Fairly Trained “si aspettano di prendere gratuitamente i dati di addestramento”, termine disumanizzante che sarebbe “il lavoro delle persone, la loro scrittura, la loro arte, la loro musica”.

L'articolo Intelligenza Artificiale generativa e copyright, Suchir Balaji: “Internet sta volgendo al peggio” proviene da il blog della sicurezza informatica.

Wood heat offers unique advantages compared to more modern heating systems, especially in remote areas. But it also comes with its own challenges, namely, keeping the fire going at the optimum temperature. If it’s too cold you risk buildup in the chimney, but if you’ve got it stoked up more than necessary, you’ll end up burning through your wood faster.

To keep the fire in that sweet spot, [Jay] decided to put an ESP8266 and a thermocouple to work. Now, this might seem like an easy enough job at first, but things are complicated by the fact that the flue temperature above the stove lags considerably behind the temperature inside the stove. There’s also the fact that the top of the chimney will end up being much colder than the bottom.
Mounting the thermocouple in the flue pipe.
In an effort to get a more complete view of what’s happening, [Jay] plans on putting at least two thermocouples in the chimney. But as getting on the roof in December isn’t his idea of fun, for now, he’s starting with the lower one that’s mounted right above the stove. He popped a hole in the pipe to screw in a standard K-type probe, and tapped it a few times with the welder to make sure it wasn’t going anywhere.

From there, the thermocople connects to a MAX6675 amplifier, and then to the WeMos D1 Mini development board that’s been flashed with ESPHome. [Jay] provides the configuration file that will get the flue temperature into Home Assistant, as well as set up notifications for various temperature events. The whole thing goes into a 3D printed box, and gets mounted behind the stove.

This project is a great example on how you can get some real-world data into Home Assistant quickly and easily. In the future, [Jay] not only wants to add that second thermocouple, but also look into manipulating the stove’s air controls with a linear actuator. Here’s hoping we get an update as his woodstove learns some new tricks.

hackaday.com/2024/12/15/esp826…

One of the major reasons why using Linux on a desktop system is unsuitable for many is due to the lack of Linux support for many major applications, including Autodesk Fusion 360. Naturally, using Wine this should be easy in an ideal world, but realistically getting something like Fusion 360 set up and ready to log in with Wine will take some serious time. Fortunately [Steve Zabka] created some shell scripts to automate the process. As demonstrated by [Tech Dregs] on YouTube, this seems to indeed work on a Fedora system, with just a few glitches.

Among these glitches are some rendering artefacts like application controls remaining on the desktop after closing the application, in-application line rendering and [Tech Dregs] was unable to switch from the DirectX 9 renderer to the DirectX 11 one. Since Fusion 360 will soon drop DirectX 9 and OpenGL support, this would seem to be rather an important detail. The GitHub project seems to indicate that this should work, but [Tech Drags] reported only getting a black screen after switching.

Clearly, using applications like Fusion 360 on Linux isn’t quite what you’d want to use for a production workflow in a commercial setting (even ignoring lack of Autodesk support), but it could be useful for students and others who’d like to not switch to Windows or MacOS just to use this kind of software for a course or hobbyist use.

youtube.com/embed/K_RtWSyY6Cc?…

hackaday.com/2024/12/15/runnin…

In occasione dei suoi 30 anni di attività in Italia, Cisco ha inaugurato, nel mese di settembre, la sua nuova sede milanese. Al primo piano di Piazza Gae Aulenti 6, gli spazi di lavoro Cisco si presentano come una gemma incastonata in un prezioso castone. Un ambiente moderno e luminoso che combina estetica e funzionalità. L’ampio utilizzo di vetro, il design contemporaneo e gli ampi spazi creano un effetto di continuità visiva, fondendo gli interni dolcemente con l’ambiente esterno e integrandosi in un armonioso abbraccio con la piazza circostante. Questa scelta progettuale, che riflette l’impegno di Cisco nel ‘dissolvere’ i confini tra il mondo fisico e quello digitale, rappresenta un esempio concreto di come l’azienda stia plasmando il futuro del lavoro, coniugando le esigenze del personale con la produttività.

Tale approccio si estende all’adozione di architetture e tecnologie all’avanguardia, tra cui l’intelligenza artificiale (IA). Tuttavia, l’avvento dell’IA pone nuove sfide, in particolare per quanto riguarda la protezione della privacy e dei dati personali. Per comprendere meglio le preoccupazioni e le aspettative degli utenti in merito a questi temi cruciali, Cisco ha condotto la Consumer Privacy Survey 2024, fornendo un’analisi dettagliata delle percezioni e dei comportamenti degli italiani in materia di privacy e sicurezza dei dati.
foto Carlo Denza
Il 27 novembre 2024, nella sala Margherita Hack della sede ambrosiana, Fabio Florio e Renzo Ghizzoni, Country Leader Sales Security di Cisco Italia, hanno presentato i risultati della Consumer Privacy Survey 2024. L’indagine ha approfondito il legame tra la consapevolezza dei consumatori in materia di privacy e la fiducia nell’adozione di nuove tecnologie, inclusa l’Intelligenza Artificiale (IA).

Cisco Consumer Privacy Survey 2024

Negli ultimi sei anni, Cisco ha monitorato l’evoluzione del rapporto tra i consumatori e la privacy, un tempo tema marginale e oggi una delle principali preoccupazioni in grado di influenzare scelte personali e professionali. I risultati dimostrano che le campagne di sensibilizzazione stanno restituendo un effetto positivo, aumentando la consapevolezza degli utenti sul valore dei propri dati personali.

Quest’anno, per la prima volta, molti intervistati hanno dimostrato una maggiore conoscenza delle normative sulla privacy, arrivando a mettere in discussione le pratiche aziendali poco trasparenti nella raccolta e nell’utilizzo dei dati.

La ricerca, condotta nell’estate del 2024, si è concentrata sull’analisi delle tendenze globali legate alla privacy e all’uso dell’IA. Lo studio ha coinvolto 2600 partecipanti provenienti da 12 Paesi diversi (5 in Europa, 4 in Asia e 3 nelle Americhe), offrendo spunti sulle loro percezioni riguardo a:

• L’utilizzo dei dati personali da parte delle aziende;
• La conoscenza della legislazione sulla privacy;
• L’intelligenza artificiale generativa;
• I requisiti di localizzazione dei dati.

L’Italia al vertice della consapevolezza sulla privacy

Tra i risultati della Cisco Consumer Privacy Survey 2024, un dato particolarmente significativo emerge dall’Italia: il 62% degli italiani conosce le leggi in materia di privacy, una percentuale che supera di gran lunga la media globale, fissata poco sopra il 50%.

Questo risultato sottolinea un progresso importante in un mondo sempre più connesso e digitale, dove la consapevolezza è la prima linea di difesa contro l’uso improprio dei dati personali.

Chi conosce le leggi sulla privacy ha maggiori probabilità di proteggere i propri dati personali. Questo dato evidenzia come la conoscenza normativa rappresenti un passo cruciale per adottare comportamenti più consapevoli e sicuri nell’ambiente digitale.

Impostazioni e applicazioni

Un altro dato interessante riguarda l’aumento del numero di utenti che intraprendono azioni pratiche per gestire la sicurezza e la privacy dei propri dati. Ad esempio, molti intervistati hanno modificato le impostazioni delle applicazioni e delle piattaforme che utilizzano. Questo comportamento, già osservato nella Survey 2023, mostra una tendenza positiva che si estende a tutte le fasce d’età. Tuttavia, sono i giovani a distinguersi come il gruppo più attivo nel migliorare la gestione della sicurezza dei propri dati.

Un tema chiave emerso dal sondaggio è la necessità di armonizzare le normative sulla privacy a livello internazionale. Il 76% degli intervistati italiani ha espresso il desiderio di vedere una standardizzazione delle tutele in materia di protezione dei dati personali.

Una legislazione uniforme aiuterebbe a garantire che i diritti degli utenti siano protetti ovunque, semplificando l’applicazione delle norme e rafforzando la fiducia globale nelle tecnologie digitali.

Gli attacchi informatici, come il furto di credenziali, continuino a rappresentare una minaccia significativa, ciò rende gli utenti italiani sempre più attenti alla sicurezza di queste ultime. I risultati del sondaggio rivelano che:

• 71% degli italiani (contro il 67% della media globale) ha recentemente aggiornato le impostazioni di privacy nelle applicazioni o piattaforme utilizzate.
• 73% si affida all’autenticazione a più fattori (MFA) per proteggere gli account personali.
• 69% utilizza un password manager per gestire in sicurezza le credenziali.

Questi dati mostrano una tendenza positiva e indicano che l’Italia supera la media globale in termini di adozione di pratiche per la cybersecurity. Si tratta di un segnale incoraggiante, che riflette una crescente consapevolezza dell’importanza di proteggere i dati personali.

Intelligenza Artificiale

I risultati relativi all’intelligenza artificiale evidenziano un ampio consenso tra gli italiani riguardo la capacità dell’IA di migliorare la qualità della vita. Tuttavia, gli intervistati si aspettano che le organizzazioni impieghino l’IA in modo etico e responsabile. Inoltre, molti si sono dichiarati disposti a condividere dati personali anonimizzati per contribuire al progresso della ricerca medica. Un altro dato positivo riguarda l’intelligenza artificiale generativa, il cui uso sta guadagnando terreno anche in Italia. Sebbene il nostro Paese mostri ancora un lieve ritardo rispetto alla media globale nell’uso regolare dell’IA (22% contro 23%), la percentuale di italiani che ne fa un uso regolare è aumentata di 10 punti percentuali rispetto al 2023 passando dal 12% al 22%. La tendenza è chiaramente in crescita e si allinea con le dinamiche internazionali.

In un presente caratterizzato da incognite e da progressi straordinari come quelli dell’intelligenza artificiale, le preoccupazioni legate ai rischi dell’IA generativa sono diffuse. Come emerge dalla Cisco Consumer Privacy Survey 2024, l’86% degli intervistati esprime preoccupazione per la possibilità di ottenere output errati (51% “abbastanza preoccupato” e 35% “molto preoccupato”). A questa si aggiunge il timore che i dati possano essere resi pubblici (84% complessivo), con una percentuale maggiore di “molto preoccupati” (44%) rispetto a coloro che si dicono “abbastanza preoccupati” (40%). Seguono, a pari merito con l’80% di preoccupazione complessiva, il rischio che la disinformazione mini le elezioni (con il 42% di “molto preoccupati”) e l’impatto negativo dell’IA sull’umanità (con il 43% di “molto preoccupati”). Infine, il 72% degli intervistati teme che l’IA possa portare alla perdita di posti di lavoro (40% “abbastanza preoccupato” e 32% “molto preoccupato”).

Impatto dell’IA Generativa sui ruoli ICT

Cisco guida l’AI-Enabled ICT Workforce Consortium, un’iniziativa che coinvolge grandi aziende tecnologiche come Accenture, Eightfold, Google, IBM, Indeed, Intel, Microsoft e SAP, per studiare l’impatto dell’intelligenza artificiale sul mondo del lavoro ICT. Come si legge nel comunicato stampa di settembre 2024, il primo studio del consorzio, The Transformational Opportunity of AI on ICT Jobs, ha rivelato che il 92% dei ruoli ICT subirà una trasformazione elevata o moderata nei prossimi anni a causa dei progressi dell’IA.

L’introduzione dell’IA creerà nuove opportunità professionali, come gli specialisti in prompt engineering, scienza dei dati, sviluppo di modelli di intelligenza artificiale (LLM) e specialisti in etica dell’IA. Allo stesso tempo, richiederà un adeguamento delle competenze per altri ruoli. Ad esempio, competenze tradizionali, come quelle dei programmatori o gestione documentale o chi fa creazione di contenuti, potrebbero diventare meno rilevanti. Il consorzio ha anche esaminato l’impatto dell’IA su 47 ruoli ICT in sette famiglie professionali, creando un “Job Transformation Canvas”. Cisco prevede di formare 25 milioni di persone con competenze digitali e di cybersecurity entro il 2032. Tuttavia, si pensa che complessivamente la domanda di professionisti ICT rimarrà alta.

Algoretica: un’etica nella progettazione degli algoritmi

Cisco, in collaborazione con la Pontificia Accademia per la Vita e la Fondazione RenAIssance, ha aderito alla Rome Call for AI Ethics, un’iniziativa globale che mira a promuovere un’etica nello sviluppo dell’intelligenza artificiale. Questa importante alleanza, che coinvolge e promuove un senso di responsabilità condivisa tra grandi aziende tecnologiche, università, istituzioni internazionali e rappresentanti delle principali religioni mondiali, ha come obiettivo centrale garantire che l’IA sia al servizio dell’umanità e rispetti la dignità di ogni individuo.

La Rome Call for AI Ethics, documento elaborato dalla Pontificia Accademia per la Vita, delinea una serie di principi fondamentali, tra cui trasparenza, inclusione, responsabilità e tutela della privacy, che dovrebbero guidare lo sviluppo e l’utilizzo dell’IA. Cisco, forte della propria esperienza nella creazione di infrastrutture sicure e affidabili, contribuisce attivamente a tradurre questi principi in azioni concrete, impegnandosi nello sviluppo di soluzioni tecnologiche innovative che promuovono la privacy, la sicurezza dei dati e l’equità nell’utilizzo dell’IA.

Questa iniziativa rappresenta un passo fondamentale verso una governance dell’intelligenza artificiale. Attraverso la collaborazione tra attori pubblici e privati, la Rome Call for AI Ethics si propone di affrontare le sfide etico-sociali poste dall’IA, come la discriminazione algoritmica e la tutela della privacy, e di sfruttare appieno il potenziale di questa tecnologia per migliorare la vita di persone e comunità.

Conclusioni

La Cisco Consumer Privacy Survey 2024 disegna un quadro interessante delle percezioni e dei comportamenti degli italiani in materia di privacy e intelligenza artificiale. L’Italia si distingue per una crescente consapevolezza sull’importanza della protezione dei dati personali e si registra inoltre un atteggiamento positivo nei confronti dell’IA, a patto che sia sviluppata e utilizzata in modo responsabile, con una forte attenzione ai risvolti etici (Algoretica).

Cisco, da sempre attenta alle nuove tecnologie e alle loro implicazioni, si fa promotrice di un approccio etico all’IA aderendo a iniziative come la Rome Call for AI Ethics, contribuendo attivamente alla definizione di principi etici per l’intelligenza artificiale. L’impegno di Cisco per uno sviluppo responsabile e benefico dell’intelligenza artificiale è testimoniato anche dalla guida dell’AI-Enabled ICT Workforce Consortium, un’iniziativa volta a studiare e orientare l’impatto dell’IA sul mondo del lavoro. Quali saranno le prossime sfide e come garantire che l’IA sia sempre al servizio dell’umanità?

L'articolo Algoretica: la chiave per un’IA responsabile? Gli insight dalla Cisco Consumer Privacy Survey 2024 proviene da il blog della sicurezza informatica.

Unless you’re running a commercial logging operation, with specialized saws, log grapples, mills, transportation for the timber, and the skilled workers needed to run everything, it’s generally easier to bring a sawmill to the wood instead of taking the wood to the sawmill. Especially for a single person, something like a chainsaw mill is generally a much easier and cost effective way to harvest a small batch of timber into lumber. These chainsaw mills can still be fairly cumbersome though, but [izzy swan] has a new design that fits an entire mill onto a hand cart for easy transportation in and out of a forest.

The entire mill is built out of a sheet and a half of plywood, most of which is cut into strips and then assembled into box girders for the track. The remainder of plywood is machined on a CNC to create the carriage for the chainsaw to attach as well as a few other parts to fix the log in place. The carriage has a 4:1 reduction gear on it to winch the chainsaw along the length of the log which cuts the log into long boards. After the milling is complete, the entire mill can be disassembled and packed down onto its hand cart where it can be moved on to the next project fairly quickly.

For a portable mill, it boasts respectable performance as well. It can cut logs up to 11 feet in length and about 30 inches across depending on the type of chainsaw bar used, although [izzy swan] has a few improvements planned for the next prototypes that look to make more consistent, uniform cuts. Chainsaws are incredibly versatile tools to have on hand as well, we’ve seen them configured into chop saws, mortisers, and even fixed to the end of a CNC machine.

Thanks to [Keith] for the tip!

youtube.com/embed/UVsoluu6v48?…

hackaday.com/2024/12/14/a-port…

The shape of an antenna can make a big difference in its performance. Researchers at the Johns Hopkins Applied Physics Laboratory have used shape memory alloy to construct an antenna that changes shape depending on the signals it is receiving. Nitinol, a common shape memory alloy made from nickel and titanium, is an obvious choice, but it’s not obvious how you’d make a shape-changing antenna out of nitinol wire. That changed when a mechanical engineer found a way to 3D print the substance. You can find a paper about the research online from Applied Engineering Materials.

In practice, the antenna is a double spiral made of nitinol. A channel contains a copper wire that can heat the antenna and, therefore, change its shape. Having a powered wire in the antenna can cause problems, so special designs route the signal away from the heating element. It looks like the antenna can assume a flat configuration or a spiral conic configuration.

Printing nitinol requires selective laser melting with argon gas, so you probably aren’t printing an antenna with your Ender 3 anytime soon. The process also required post processing and forming over a metal fixture, so there’s a bit to making it work.

We’ve seen liquid metal antennas that use a similar trick. We are always surprised we don’t see more nitinol in the wild.

hackaday.com/2024/12/14/might-…

A distinct blue pigment reminiscent of turquoise or a clear sky was used by the ancient Maya to paint pottery, sculptures, clothing, murals, jewelry, and even human sacrifices. What makes it so interesting is not only its rich palette — ranging from bright turquoise to a dark greenish blue — but also its remarkable durability. Only a small number of blue pigments were created by ancient civilizations, and even among those Maya blue is unique. The secret of its creation was thought to be lost, until ceramicist and artist [Luis May Ku] rediscovered it.

Maya blue is not just a dye, nor a ground-up mineral like lapis lazuli. It is an unusual and highly durable organic-inorganic hybrid; the result of a complex chemical process that involves two colorants. Here is how it is made: Indigotin is a dye extracted from ch’oj, the Mayan name for a specific indigenous indigo plant. That extract is combined with a very specific type of clay. Heating the mixture in an oven both stabilizes it produces a second colorant: dehydroindigo. Together, this creates Maya blue.
Luis May Ku posing with Maya blue.
The road to rediscovery was not a simple one. While the chemical makeup and particulars of Maya blue had been known for decades, the nuts and bolts of actually making it, not to mention sourcing the correct materials, and determining the correct techniques, was a long road. [May] made progress by piecing together invaluable ancestral knowledge and finally cracked the code after a lot of time and effort and experimentation. He remembers the moment of watching a batch shift in color from a soft blue to a vibrant turquoise, and knew he had finally done it.

Before synthetic blue pigments arrived on the scene after the industrial revolution, blue was rare and highly valuable in Europe. The Spanish exploitation of the New World included controlling Maya blue until synthetic blue colorants arrived on the scene, after which Maya blue faded from common knowledge. [May]’s rediscovered formula marks the first time the world has seen genuine Maya blue made using its original formula and methods in almost two hundred years.

Maya blue is a technological wonder of the ancient world, and its rediscovery demonstrates the resilience and scientific value of ancestral knowledge as well as the ingenuity of those dedicated to reviving lost arts.

We’re reminded that paints and coatings have long been fertile ground for experimentation, and as an example we’ve seen the success people had in re-creating an ultra-white paint that actually has a passive cooling effect.

hackaday.com/2024/12/14/how-th…

When it comes to transmissions, a geared continuously-variable transmission (CVT) is a bit of a holy grail. CVTs allow smooth on-the-fly adjustment of gear ratios to maintain a target speed or power requirement, but sacrifice transmission efficiency in the process. Geared transmissions are more efficient, but shift gear ratios only in discrete steps. A geared CVT would hit all the bases, but most CVTs are belt drives. What would a geared one even look like? No need to wonder, you can see one for yourself. Don’t miss the two videos embedded below the page break.
The outer ring is the input, the inner ring is the output, and the three little gears with dots take turns transferring power.
The design is called the RatioZero and it’s reminiscent of a planetary gearbox, but with some changes. Here’s how the most visible part works: the outer ring is the input and the inner ring is the output. The three small gears inside the inner ring work a bit like relay runners in that each one takes a turn transferring power before “handing off” to the next. The end result is a smooth, stepless adjustment of gear ratios with the best of both worlds. Toothed gears maximize transmission efficiency while the continuously-variable gear ratio allows maximizing engine efficiency.

There are plenty of animations of how the system works but we think the clearest demonstration comes from [driving 4 answers] with a video of a prototype, which is embedded below. It’s a great video, and the demo begins at 8:54 if you want to skip straight to that part.

One may think of motors and gearboxes are a solved problem since they have been around for so long, but the opportunities to improve are ongoing and numerous. Even EV motors have a lot of room for improvement, chief among them being breaking up with rare earth elements while maintaining performance and efficiency.

youtube.com/embed/vc9o-O1n81E?…

youtube.com/embed/mWJHI7UHuys?…

hackaday.com/2024/12/14/behold…