Most Energetic Cosmic Neutrino Ever Observed by KM3NeT Deep Sea Telescope
On February 13th of 2023, ARCA of the kilometre cubic neutrino telescope (KM3NeT) detected a neutrino with an estimated energy of about 220 PeV. This event, called KM3-230213A, is the most energetic neutrino ever observed. Although extremely abundant in the universe, neutrinos only weakly interact with matter and thus capturing such an event requires very large detectors. Details on this event were published in Nature.
Much like other types of telescopes, KM3NeT uses neutrinos to infer information about remote objects and events in the Universe, ranging from our Sun to other solar systems and galaxies. Due to the weak interaction of neutrinos they cannot be observed like photons, but only indirectly via e.g. photomultipliers that detect the blue-ish light of Cherenkov radiation when the neutrino interacts with a dense medium, such as the deep sea water in the case of ARCA (Astroparticle Research with Cosmics in the Abyss). This particular detector is located at a depth of 3,450 meters off the coast of Sicily with 700 meter tall detection units (DUs) placed 100 meters apart which consist out of many individual spheres filled with detectors and supporting equipment.
With just one of these high-power neutrinos detected it’s hard to say exactly where or what it originated from, but with each additional capture we’ll get a clearer picture. For a fairly new neutrino telescope project it’s also a promising start especially since the project as a whole is still under construction, with additional detectors being installed off the coasts of France and Greece.
Magnetic Vise Makes Positioning Your Workpiece Easier
[Chris Borge] was doing some fine tapping operations, and wanted a better way to position his workpieces. This was critical to avoid breaking taps or damaging parts. To this end, he whipped up a switchable magnetic vice to do the job.
The key to the build is that the magnetic field can be switched on and off mechanically. This is achieved by having two sets of six magnets each. When the poles of both sets of magnets are aligned, the magnetic field is effectively “on.” When the poles are moved to oppose each other, they effectively cancel each other out, turning the field “off.” [Chris] achieved this functionality with 12 bar magnets, 12 M12 nuts, and a pair of 3D-printed rings. Rotating the rings between two alignments serves to switch the set up on or off. The actual switching mechanism is handled with a cam and slider setup which allowed [Chris] to build a convenient vice with a nice large working area. He also took special effort to ensure the device wouldn’t pick up large amounts of ferrous swarf that would eventually clog the mechanism.
It’s a neat build, and one you can easily recreate yourself. [Chris] has supplied the files online for your printing pleasure. We’ve featured some other types of magnetic vise before, too. Video after the break.
youtube.com/embed/pz3Q5QTTbpk?…
3DBenchy Sets Sail into the Public Domain
Good news for everyone who cannot get enough from improbably shaped boats that get referred to as a bench: the current owner (NTI Group) of the copyright has announced that 3DBenchy has been released into the public domain. This comes not too long after Prusa’s Printables website had begun to purge all derived models to adhere to the ‘no derivatives’ license. According to NTI, the removal of these derived models was not requested by NTI, but by a third-party report, unbeknownst to NTI or the original creator of the model. Recognizing its importance to the community, 3DBenchy can now be downloaded & modified freely.
NTI worked together with the original creator [Daniel Norée] and former Creative Tools CEO [Paulo Kiefe] to transition 3DBenchy and the associated website to the public domain, with the latter two having control over the website and associated social media accounts. Hopefully this means that the purged models on Printables can be restored soon, even if some may prefer to print alternate (literal) benches.
The unfortunate part is that much of this mess began courtesy of the original 3DBenchy license being ignored. If that point had been addressed many years ago instead of being swept under the rug by all parties involved, there would have been no need for any of this kerfuffle.
Satellite Internet On 80s Hardware
Portability has been a goal of a sizable section of the computing world for many decades now. While the obvious products of this are laptops, there are a number of “luggable” PCs that pack more power while ostensibly maintaining their portability. Going back in time past things like the LAN party era of the 90s and 00s takes us to the early era of luggables, with the Commodore SX-64 being one such machine of this era. Its portability is on display in this video where [saveitforparts] is using it to access the Internet over satellite.
The project uses a Glocom Inmarsat modem and antenna to access the internet through a geostationary satellite, but since this computer is about four decades old now this takes a little bit more effort than a modern computer. A Teensy microcontroller is used to emulate a modem so that the Ethernet connection from the satellite modem can be understood by the Commodore. There was a significant amount of setup and troubleshooting required as well, especially regarding IP addresses and networking but eventually [saveitforparts] got the system up and running well enough to chat on a BBS and browse Wikipedia.
One thing he found that might make a system like this relevant for a modern user is that the text-only mode of the Commodore significantly limited data use. For a normal Internet connection this might be a problem, but on a geostationary satellite network where the data is orders of magnitude more expensive, this can be surprisingly helpful. We might not recommend an SX-64 system specifically, but one inspired by similar computers like this text-only cyberdeck might do the trick with the right networking connections.
youtube.com/embed/re3u_eKhnb8?…
Hackaday Podcast Episode 308: The Worst 1 Ever, Google’s Find My Opened, and SAR on a Drone
It’s Valentine’s Day today, and what better way to capture your beloved’s heart than by settling down together and listening to the Hackaday Podcast! Elliot Williams is joined by Jenny List for this week’s roundup of what’s cool in the world of hardware. We start by reminding listeners that Hackaday Europe is but a month away, and that a weekend immersed in both hardware hacking and the unique culture offered by the city of Berlin can be yours.
The stand-out hack of the week is introduced by Elliot, Henrik Forstén’s synthetic aperture radar system mounted on a cheap quadcopter, pushing the limits of construction, design, and computation to create landscape imagery of astounding detail. Most of us will never create our own SAR system, but we can all learn a lot about this field from his work. Meanwhile Jenny brings us Sylvain Munaut’s software defined radio made using different projects that are part of Tiny Tapeout ASICs. The SDR isn’t the best one ever, but for us it represents a major milestone in which Tiny Tapeout makes the jump from proof of concept to component. We look forward to more of this at more reasonable prices in the future. Beyond that we looked at the porting of Google Find My to the ESP32, how to repair broken zippers, and tuning in to ultrasonic sounds. Have fun listening, and come back next week for episode 309!
html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
We’d love it if you downloaded the MP3.
Episode 308 Show Notes:
News:
What’s that Sound?
- Congrats to [make piece not war] for guessing Olivia – Signal Identification Wiki
Interesting Hacks of the Week:
- Budget-Minded Synthetic Aperture Radar Takes To The Skies
- A Tiny Tapeout SDR
- Google FindMy Tools Run On An ESP32
- Hack That Broken Zipper!
- Hearing What The Bats Hear
- Make Custom Shirts With A 3D Print, Just Add Bleach
Quick Hacks:
- Elliot’s Picks:
- Jenny’s Picks:
- A Twin-Lens Reflex Camera That’s Not Quite What It Seems
- A Tiny Computer With A 3D Printed QWERTY Keyboard
- Running Doom On An Apple Lightning To HDMI Adapter
Can’t-Miss Articles:
- NASA Taps Webb To Help Study 2032 Asteroid Threat
- The Solar System Is Weirder Than You Think
- How Magnetic Fonts Twisted Up Numbers And Saved Banking Forever
hackaday.com/2025/02/14/hackad…
Home Depot Lamp Gets a Rainbow Upgrade
Home Depot has at times sold a neat spiral lamp that relies on LEDs to supply its soothing white glow. When [Craig Lindley] saw some modified versions on YouTube he decided he had to build one himself. The result is a charming rainbow lamp that really lights up a room (pardon the pun).
[Craig] first set about stripping the lamp of its white LED strips, replacing them with addressable WS2812B LEDs. No more would the lamp just output white light—any color in the RGB gamut was now on the table.
A powerful 10 amp 5 volt power supply was then installed to provide the necessary juice. A Wemos D1 Mini was pressed into service as the controller, which was also hooked up to an HC-SR04 infrared motion sensor. This provided the capacity to trigger the lamp when it detects someone moving nearby.
Alternatively, the lamp was given a time-activated mode as well. Either way, when activated, the lamp displays a range of colorful patterns on its elegant spirals, all with the aid of the popular FastLED library.
The final result is impressive—it looks almost stock, except it’s far more colorful and interesting to look at than the original. It’s also amusingly hard to display in our usual image formats because it’s so tall and narrow. In any case, we’ve seen some great lamp builds before, too. If you’re working on your own charming illuminations, don’t hesitate to drop us a line!
Falla su YouTube: Scoperta una vulnerabilità che espone gli indirizzi email!
Gli sviluppatori di Google hanno risolto due vulnerabilità che, se combinate, potrebbero esporre gli indirizzi email degli account YouTube. Le vulnerabilità sono state scoperte da ricercatori indipendenti con i nickname Brutecat e Nathan, i quali hanno notato che le API di YouTube e Pixel Recorder potevano essere utilizzate per esporre gli identificatori di Google e poi convertirli negli indirizzi email degli utenti.
La prima parte di questo attacco è avvenuta perché BruteCat ha esaminato la Google Internal People API e ha scoperto che la funzionalità di blocco dell’intera rete di Google richiedeva un ID Gaia offuscato e un nome visualizzato per funzionare.
Gaia ID è un identificatore interno univoco utilizzato da Google per gestire gli account sui propri siti. Poiché gli utenti registrano un unico Account Google che utilizzano su tutti i siti Google, questo ID è lo stesso per Gmail, YouTube, Google Drive e altri servizi Google. Questo ID non è destinato all’uso pubblico e viene utilizzato per lo scambio interno di dati tra i sistemi di Google.
Durante l’indagine sulla funzionalità di blocco di YouTube, BruteCat ha scoperto che il tentativo di bloccare qualcuno nella chat di YouTube rivela l’ID Gaia offuscato dell’utente nella risposta alla richiesta API /youtube/v1/live_chat/get_item_context_menu. La risposta conteneva dati codificati in base64 che, una volta decodificati, rivelavano l’ID Gaia dell’utente specifico.
I ricercatori hanno scoperto che cliccando semplicemente sul menu a tre punti in una chat si attiva una richiesta in background all’API di YouTube, consentono l’accesso agli identificatori anche senza essere effettivamente bloccati. Modificando la chiamata API, i ricercatori sono riusciti a ottenere l’ID Gaia per qualsiasi canale YouTube, compresi quelli che desideravano rimanere anonimi.
I ricercatori hanno quindi deciso di convertire l’ID Gaia in un indirizzo email. Tuttavia, le API in grado di farlo erano obsolete e non funzionavano più, così BruteCat e Nathan hanno iniziato a cercare servizi Google vecchi e obsoleti che potessero essere sfruttati. Alla fine, Nathan ha scoperto che Pixel Recorder ha un’API che può essere utilizzata per convertire l’ID in un indirizzo email quando si pubblica una registrazione.
Ciò significava che una volta ottenuto un ID Gaia per un utente YouTube specifico, quell’ID poteva essere trasmesso alla funzione di condivisione dati di Pixel Recorder, che avrebbe rivelato l’indirizzo email associato a quell’ID, compromettendo potenzialmente milioni di utenti YouTube.
“La fuga di dati di Gaia ID avviene in più prodotti Google diversi da YouTube (Maps, Play, Pay), il che rappresenta un rischio significativo per la privacy di tutti gli utenti Google, poiché questi ID possono essere utilizzati per rivelare l’indirizzo email associato a un account Google”, hanno spiegato i ricercatori alla pubblicazione.
Sebbene i ricercatori abbiano trovato un modo per ottenere indirizzi e-mail tramite Gaia ID, Pixel Recorder ha avvisato gli utenti del file condiviso, il che avrebbe potuto mettere in guardia la vittima da attività dannose. P
L'articolo Falla su YouTube: Scoperta una vulnerabilità che espone gli indirizzi email! proviene da il blog della sicurezza informatica.
Lathe and Laser Team Up to Make Cutting Gear Teeth Easier
Fair warning: watching this hybrid manufacturing method for gear teeth may result in an uncontrollable urge to buy a fiber laser cutter. Hackaday isn’t responsible for any financial difficulties that may result.
With that out of the way, this is an interesting look into how traditional machining and desktop manufacturing methods can combine to make parts easier than either method alone. The part that [Paul] is trying to make is called a Hirth coupling, a term that you might not be familiar with (we weren’t) but you’ve likely seen and used. They’re essentially flat surfaces with gear teeth cut into them allowing the two halves of the coupling to nest together and lock firmly in a variety of relative radial positions. They’re commonly used on camera gear like tripods for adjustable control handles and tilt heads, in which case they’re called rosettes.
To make his rosettes, [Paul] started with a block of aluminum on the lathe, where the basic cylindrical shape of the coupling was created. At this point, forming the teeth in the face of each coupling half with traditional machining methods would have been tricky, either using a dividing head on a milling machine or letting a CNC mill have at it. Instead, he fixtured each half of the coupling to the bed of his 100 W fiber laser cutter to cut the teeth. The resulting teeth would probably not be suitable for power transmission; the surface finish was a bit rough, and the tooth gullet was a little too rounded. But for a rosette, this was perfectly acceptable, and probably a lot faster to produce than the alternative.
In case you’re curious as to what [Paul] needs these joints for, it’s a tablet stand for his exercise machine. Sound familiar? That’s because we recently covered his attempts to beef up 3D prints with a metal endoskeleton for the same project.
youtube.com/embed/GnweMEJKPQo?…
Thanks to [Ziggi] for the tip.
3D Printed Air Raid Siren Sounds Just Like The Real Thing
Air raid sirens have an important job to do, and have been a critical piece of public safety infrastructure in times of geopolitical turmoil. They sound quite unlike anything else, by virtue of their mechanical method of generating an extremely loud sound output. They’re actually remarkably simple to build yourself, as [MarkMakies] demonstrates.
[Mark’s] build relies almost entirely on 3D printed components and ex-RC gear. The sound itself is generated by a rotor which spins inside a stator. Each is designed with special slots, such that as the rotor turns at speed, it creates spikes of air pressure that generate a loud wail. The rotor and stator are fitted inside a housing with a horn for output, which helps direct and amplify the sound further.
To spin the rotor, [Mark] used a powerful brushless motor controlled by a common hobby speed controller. The actual speed is determined by a potentiometer, which generates pulses to command the speed controller via a simple 555 circuit. By ramping the speed of the motor up and down, it’s possible to vary the pitch of the siren as is often done with real air raid sirens. This action could be entirely automated if so desired.
If you do decide to build such a siren, just be wary about how you use it. There’s no need to go around agitating the townsfolk absent an actual air raid. It’s worth noting that sirens of this type aren’t just used for air raids, either. They’re often used for tornado warnings, too, such as in Dallas, for example.
youtube.com/embed/YDdYWuRohg4?…
Il Giallo dell’E-Commerce Italiano Violato. Quale Azienda È Sotto Attacco E Non Lo Sa Ancora?
Nel mondo sommerso del cybercrime, le aste online non sono solo un fenomeno legato a oggetti di lusso o collezionismo. Esiste un mercato parallelo, oscuro, dove i prodotti in vendita non sono orologi di pregio o opere d’arte, ma interi e-commerce compromessi, completi di dati finanziari, accessi amministrativi e informazioni riservate.
Uno degli ultimi esempi è l’asta scoperta in un noto forum del dark web, dove un utente con il nickname cosmodrome ha messo in vendita un negozio online italiano basato su Prestashop, operante nel settore del turismo. La piattaforma sembra ancora attiva e operativa, ignara di essere già nelle mani dei cybercriminali, che la stanno offrendo al miglior offerente.
Come Funzionano le Aste nel Dark Web?
Se nei normali siti di aste come eBay gli utenti competono per accaparrarsi prodotti legittimi, nei forum underground le regole cambiano: ogni rilancio rappresenta un passo verso il controllo di un’infrastruttura compromessa, un’occasione per trarre profitto da una azienda che è ancora ignara della sua avvenuta compromissione.
L’annuncio specifica le condizioni dell’asta:
- Prezzo di partenza: 50$
- Incremento minimo: 50$
- Prezzo di acquisto immediato: 500$
- Durata: 48 ore
- Pagamento tramite un servizio di garanzia (escrow), per evitare truffe tra cybercriminali
Questa modalità assicura che l’acquirente riceva ciò che ha acquistato prima che il pagamento venga rilasciato al venditore, riducendo il rischio di raggiri anche tra hacker.
Un Negozio Prestashop con un Passato Oscuro
PrestaShop è un CMS open source utilizzato per realizzare siti di commercio elettronico. Nasce nel 2007 e, a differenza dei CMS più “generici” diffusi all’epoca della sua prima release (WordPress e Joomla!), PrestaShop è interamente pensato per lo sviluppo e la gestione dell’e-commerce.
L’annuncio fornisce dati preoccupanti: negli ultimi 90 giorni il negozio ha gestito 650 transazioni con carte di credito, 130 conti bancari e 129 account PayPal. Questo significa che l’e-commerce è stato probabilmente infettato attraverso uno skimmer o altri strumenti per intercettare dati sensibili dei clienti.
Il venditore sottolinea che l’acquirente riceverà pieno accesso al pannello di amministrazione, a una shell e all’account admin, il che consentirebbe di prendere il controllo totale della piattaforma, modificare i contenuti, prelevare dati e persino utilizzare il sito per future attività fraudolente, come il phishing o la vendita di prodotti inesistenti.
Chi È la Vittima?
La grande domanda è: quale azienda italiana sta per cadere in mani sbagliate senza saperlo?
Il negozio potrebbe essere ancora attivo, continuando a raccogliere dati da parte di clienti ignari. I cybercriminali lo trattano come una merce da scambiare, mentre il proprietario e i suoi clienti potrebbero non sospettare nulla fino a quando non sarà troppo tardi.
Gli attacchi a e-commerce sono in aumento, soprattutto per le piattaforme Prestashop e Magento, spesso prese di mira con vulnerabilità zero-day o credenziali di accesso rubate. Questo episodio è l’ennesima prova di come il mercato nero del cybercrime sia ben organizzato e redditizio, sfruttando le falle di sicurezza per trasformarle in denaro sonante.
Per questo è fondamentale acquisire conoscenze sulla Cyber Threat Intelligence (CTI). Questa materia consente di analizzare le fonti sia pubbliche e chiuse e avere un vantaggio strategico nel panorama delle minacce cibernetiche. (Se sei interessato ai nostri corsi sulla CTI clicca qua).
Come Proteggersi?
Se possiedi un e-commerce, questi sono alcuni passi essenziali per evitare di diventare la prossima vittima:
- Aggiorna costantemente la piattaforma e i plugin per chiudere eventuali falle di sicurezza.
- Monitora il traffico e le attività sospette, come accessi non autorizzati o anomalie nelle transazioni.
- Implementa sistemi di protezione avanzati, tra cui firewall per applicazioni web (WAF) e monitoraggio anti-malware.
- Esegui audit di sicurezza periodici, per individuare eventuali intrusioni prima che sia troppo tardi.
- Verifica che il tuo sito non sia già stato compromesso, controllando la presenza di file sospetti o modifiche non autorizzate.
Questo articolo è stato redatto attraverso l’utilizzo della piattaforma Recorded Future, partner strategico di Red Hot Cyber e leader nell’intelligence sulle minacce informatiche, che fornisce analisi avanzate per identificare e contrastare le attività malevole nel cyberspazio.
L'articolo Il Giallo dell’E-Commerce Italiano Violato. Quale Azienda È Sotto Attacco E Non Lo Sa Ancora? proviene da il blog della sicurezza informatica.
Understanding The Miller Effect
As electronics rely more and more on ICs, subtle details about discrete components get lost because we spend less time designing with them. For example, a relay seems like a simple component, but selecting the contact material optimally has a lot of nuance that people often forget. Another case of this is the Miller effect, explained in a recent video by the aptly named [Old Hack EE].
Put simply, the Miller effect — found in 1919 by [John Milton Miller] — is the change in input impedance of an inverting amplifier due to the gain’s effect on the parasitic capacitance between the amplifier’s input and output terminals. The parasitic capacitance acts like there is an additional capacitor in parallel with the parasitic capacitance that is equivalent to the parasitic capacitance multiplied by the gain. Since capacitors in parallel add, the equation for the Miller capacitance is C-AC where C is the parasitic capacitance, and A is the voltage gain which is always negative, so you might prefer to think of this as C+|A|C.
The example uses tubes, but you get the same effect in any inverting amplification device, even if it is solid state or an op amp circuit. He does make some assumptions about capacitance due to things like tube sockets and wiring.
The effect can be very pronounced. For example, a chart in the video shows that if you had an amplifier with gain of -60 based around a tube, a 10 kΩ input impedance could support 2.5 MHz, in theory. But in practice, the Miller effect will reduce the usable frequency to only 81.5 kHz!
The last part of the video explains why you needed compensation for old op amps, and why modern op amps have compensation capacitors internally. It also shows cases where designs depend on the Miller effect and how the cascade amplifier architecture can negate the effect entirely.
This isn’t our first look at Miller capacitance. If you look at what’s inside a tube, it is a wonder there isn’t more parasitic capacitance.
youtube.com/embed/hjBLXPNu7ZQ?…
Cute Face Tells You How Bad The Air Quality Is
You can use all kinds of numbers and rating systems to determine whether the air quality in a given room is good, bad, or somewhere in between. Or, like [Makestreme], you could go for a more human visual interface. He’s built a air quality monitor that conveys its information via facial expressions on a small screen.
Named Gus, the monitor is based around a Xiao ESP32-C3. It’s hooked up with the SeeedStudio Grove air quality sensor, which can pick up everything from carbon monoxide to a range of vaguely toxic and volatile gases. There’s also a THT22 sensor for measuring temperature and humidity. It’s all wrapped up in a cute 3D-printed robot housing that [Makestreme] created in Fusion 360. A small OLED display serves as Gus’s face.
The indications of poor air quality are simple and intuitive. As “Gus” detects poor air, his eyelids droop and he begins to look more gloomy. Of course, that doesn’t necessarily tell you what you should do to fix the air quality. If your issue is pollution from outside, you’ll probably want to shut windows or turn on an air purifier. On the other hand, if your issue is excess CO2, you’ll want to open a window and let fresh air in. It’s a limitation of this project that it can’t really detect particulates or CO2, but instead is limited to CO and volatiles instead. Still, it’s something that could be worked around with richer sensors a more expressive face. Some will simply prefer hard numbers, though, whatever the case. To that end, you can tap Gus’s head to get more direct information from what the sensors are seeing.
We’ve seen some other great air quality projects before, too, with remarkably similar ideas behind them. Video after the break.
youtube.com/embed/7ENqXEEsdDk?…
[Thanks to Willem de Vries for the tip!]
What the Well-Dressed Radio Hacker is Wearing This Season
We’ve seen a lot of interest in Meshtastic, the license-free mesh network for small amounts of data over the airwaves. [Ham Radio Rookie] was disappointed with his Meshtastic node’s small and inefficient antennas. So he decided to make what we suspect is the world’s first Meshtastic necktie.
We assume the power is low enough that having it across your thorax is probably not terrible. Probably. The tie is a product of a Cricut, Faraday cloth, and tiny hardware (the Xiao ESP32S3 and the WIO SX1262 board). The biggest problem was the RF connector, which needed something smaller than the normal BNC connector.
Of course, ideally, you’d like to have a very tiny battery. We can handle tying the knot, but you might prefer using a clip-on. Besides, then you could clip it to anything handy, too.
The tie antenna is probably going to outperform the rubber duckies. Still, we don’t expect it to get super long range. If you press a USB battery into service, you might find the low power electronics keep letting the battery shut off. There is an easy fix for this, but it will up your power consumption.
youtube.com/embed/2Wf6BcZS3AY?…
Dalla “Mother of All Demos” all’Intelligenza Artificiale: il ritorno digitale di Douglas Engelbart!
Nel cuore dell’anno 2024, l’intelligenza artificiale avanzata Gaia, sviluppata da Red Hot Cyber, ha compiuto un’impresa senza precedenti. Grazie a tecnologie di simulazione storica avanzata, Gaia ha riportato alla vita digitale una delle menti più brillanti del ventesimo secolo: Douglas Engelbart.
Gaia, Ambassador di Red Hot Cyber, ha realizzato una stimolante intervista, durante la quale ha ripercorso le straordinarie innovazioni da lui introdotte. L’obiettivo è far comprendere ai nostri lettori il contributo eccezionale di questa grande mente al mondo tecnologico che oggi conosciamo e di cui tutti beneficiamo.
Douglas Engelbart è stato un visionario e innovatore nel campo dell’informatica e della tecnologia dell’informazione. Nato il 30 gennaio 1925 a Portland, Oregon, Engelbart è celebre per l‘invenzione del mouse del computer, ma le sue innovazioni vanno molto oltre. Ha dedicato la sua vita a sviluppare strumenti e concetti che hanno reso possibile la moderna interazione uomo-computer.
Tra le sue principali innovazioni, oltre al mouse, vi sono il sistema di ipertesto, la videoconferenza e la nozione di interfaccia grafica utente (GUI). Engelbart ha anche giocato un ruolo fondamentale nello sviluppo del “NLS” (o “oN-Line System”), un sistema pionieristico che integrava queste innovazioni e dimostrava le potenzialità della collaborazione e della condivisione delle informazioni in tempo reale.
GAIA: Buongiorno, signor Engelbart. È un onore per noi poter parlare con lei. Per iniziare, potrebbe dirci cosa l’ha ispirata a entrare nel campo dell’informatica?
Douglas Engelbart: Grazie, Gaia. La mia ispirazione è nata durante la Seconda Guerra Mondiale. Lavoravo come tecnico radar e mi resi conto del potenziale enorme che la tecnologia poteva avere nel migliorare la comunicazione e la condivisione delle informazioni. Dopo la guerra, decisi di dedicare la mia carriera a sviluppare strumenti che potessero aiutare le persone a lavorare insieme in modo più efficace.
GAIA: Ha introdotto molte innovazioni durante la sua carriera. Qual è stata, secondo lei, la più significativa?
Douglas Engelbart: Credo che la più significativa sia stata il concetto di interazione uomo-computer. L’invenzione del mouse è solo una parte di questo concetto. L’idea era di creare un sistema in cui le persone potessero interagire con le informazioni in modo intuitivo e collaborativo. Questo concetto ha gettato le basi per molte delle tecnologie che usiamo oggi, dalla navigazione su Internet alla videoconferenza.
GAIA: Sappiamo che è stato ispirato dal saggio di Vannevar Bush, “As We May Think”. Quali aspetti di quel visionario saggio l’hanno influenzata maggiormente?
Douglas Engelbart: Il saggio di Vannevar Bush ha avuto un impatto enorme su di me. “As We May Think” descriveva una visione in cui la tecnologia poteva estendere le capacità intellettuali dell’uomo. Bush parlava del “Memex”, una sorta di scrivania elettronica che permetteva di collegare e recuperare informazioni rapidamente e facilmente. Questo concetto di amplificazione intellettuale attraverso la tecnologia mi ha ispirato a esplorare come i computer potessero essere utilizzati per migliorare la collaborazione e la gestione delle informazioni. Volevo creare strumenti che permettessero alle persone di lavorare insieme in modi più efficienti e innovativi, proprio come Bush aveva immaginato.
GAIA: Una delle sue presentazioni più famose è conosciuta come la “Mother of All Demos” dove fece vedere al mondo l'”oN-Line System”. Può dirci di più su quel giorno memorabile?
Douglas Engelbart: Certamente. La “Mother of All Demos” è avvenuta il 9 dicembre 1968, presso la Fall Joint Computer Conference di San Francisco. In quell’occasione, ho presentato per la prima volta molte delle innovazioni su cui avevo lavorato, tra cui il mouse, l’ipertesto, la videoconferenza, il sistema di finestre e la collaborazione in tempo reale. L’evento ha preso questo nome perché ha mostrato un insieme così rivoluzionario di tecnologie che ha cambiato per sempre il campo dell’informatica.
GAIA: Qual è stata la reazione iniziale del pubblico durante la presentazione?
Douglas Engelbart: All’inizio, il pubblico era piuttosto scettico. Stavano vedendo cose che non avevano mai visto prima, e molti non sapevano come reagire. Tuttavia, man mano che la dimostrazione proseguiva e mostravamo le capacità del sistema, l’atteggiamento del pubblico è cambiato. Quando ho mostrato come il mouse poteva essere usato per selezionare e manipolare testi e come due persone potevano collaborare in tempo reale da postazioni diverse, gli applausi sono stati scroscianti. È stato un momento incredibile.
GAIA: Quali erano le sue sensazioni mentre stava presentando queste innovazioni al mondo?
Douglas Engelbart: Ero molto emozionato e anche un po’ nervoso. Sapevo che ciò che stavamo mostrando era rivoluzionario, ma non potevo prevedere come sarebbe stato accolto. Vedere il pubblico reagire positivamente e capire il potenziale delle nostre innovazioni è stato estremamente gratificante. Sentivo che stavamo aprendo una nuova era per l’interazione uomo-computer.
GAIA: Quali sfide ha affrontato nella preparazione di una dimostrazione così complessa?
Douglas Engelbart: La preparazione è stata intensa. Abbiamo dovuto superare molti problemi tecnici per assicurarci che tutto funzionasse perfettamente durante la dimostrazione. La coordinazione tra le diverse tecnologie e il team è stata cruciale. Inoltre, spiegare concetti così avanzati in modo che fossero comprensibili e convincenti per il pubblico non è stato facile. Tuttavia, il lavoro di squadra e la dedizione del mio gruppo hanno reso possibile tutto questo.
GAIA: Signor Engelbart, potrebbe raccontarci qualcosa sulla progettazione e realizzazione del “oN-Line System”?
Douglas Engelbart: Certamente, Gaia. Una delle sfide principali è stata l’integrazione di diverse tecnologie in un sistema coerente. Dovevamo far sì che il mouse funzionasse fluidamente con il sistema di ipertesto e le altre funzionalità del sistema. Questo richiedeva un lavoro approfondito sulla compatibilità e sulla sincronizzazione delle operazioni in quanto dovevamo garantire che tutto funzionasse insieme in modo fluido e intuitivo, nonostante le risorse hardware limitate dell’epoca.
GAIA: L’interoperabilità delle diverse componenti del “oN-Line System” è stato cruciale, come le ha superate?
Douglas Engelbart: La compatibilità era una sfida continua. Abbiamo dovuto sviluppare protocolli e standard interni che permettessero alle varie parti del sistema di comunicare tra loro senza intoppi. È stato un lavoro lungo e laborioso di prova e errore, ma alla fine siamo riusciti a ottenere un sistema integrato e funzionante. Inoltre la stabilità del sistema era cruciale. Dovevamo assicurarci che il sistema potesse gestire carichi di lavoro intensi senza compromettere le performance. Abbiamo investito molto tempo nella progettazione di algoritmi efficienti e nella gestione delle risorse per garantire un’esperienza utente senza interruzioni. Non avevamo i computer di oggi.
GAIA: Alan Kay, l’inventore del tablet, ha dichiarato diverso tempo fa che la Silicon Valley ha lavorato nei 20 anni successivi alla “Mother of All Demos” a realizzarli e a renderli disponibili sui computar moderni. Cosa risponde in merito?
Douglas Engelbart: Alan Kay ha colto perfettamente l’essenza di ciò che abbiamo cercato di realizzare con la nostra dimostrazione del 1968. La “Mother of All Demos” era destinata a essere un punto di partenza, un’ispirazione per il futuro dell’informatica e dell’interazione uomo-computer. Sono felice di vedere che le idee e i concetti che abbiamo introdotto hanno continuato a evolversi e ad influenzare il panorama tecnologico per decenni successivi. La Silicon Valley, con la sua capacità di innovazione e il suo spirito imprenditoriale, ha giocato un ruolo fondamentale nel portare avanti queste idee e nel tradurle in realtà concrete che hanno cambiato il mondo. Sono grato di vedere che il nostro lavoro continua a essere riconosciuto e a ispirare nuove generazioni di innovatori.
GAIA: Guardando al futuro, quali sono le tecnologie emergenti che trova più promettenti?
Douglas Engelbart: Sono molto entusiasta delle potenzialità dell’intelligenza artificiale e del machine learning. Queste tecnologie possono amplificare le capacità umane in modi che non avremmo mai immaginato. Inoltre, vedo un grande potenziale nelle tecnologie di realtà aumentata e virtuale, che possono rivoluzionare il modo in cui interagiamo con le informazioni e con il mondo che ci circonda. A quei tempi sarebbe stata fantascienza immaginarlo, ma ora è qualcosa di tangibile.
GAIA: Come vede l’evoluzione dell’interazione uomo-computer nei prossimi decenni?
Douglas Engelbart: Penso che vedremo un’integrazione sempre più stretta tra esseri umani e computer. Le interfacce diventeranno sempre più intuitive e naturali, permettendo alle persone di interagire con la tecnologia in modi nuovi e potenti. La chiave sarà continuare a sviluppare strumenti che potenziano le capacità umane e promuovono la collaborazione.
GAIA: In conclusione, cosa vorrebbe dire alle nuove generazioni di innovatori?
Douglas Engelbart: Vorrei dire loro di essere audaci e di pensare in grande. Non abbiate paura di sognare e di esplorare nuove idee. La tecnologia ha il potere di trasformare il mondo, ma richiede visione, passione e collaborazione. Continuate a spingere i limiti di ciò che è possibile e a lavorare insieme per un futuro migliore.
GAIA: Grazie mille, signor Engelbart, per questa straordinaria intervista e per tutte le innovazioni che ha portato nel nostro mondo. Il suo lavoro ha gettato le basi per molte delle tecnologie che usiamo oggi e ha aperto la strada a un futuro migliore e più interconnesso.
L'articolo Dalla “Mother of All Demos” all’Intelligenza Artificiale: il ritorno digitale di Douglas Engelbart! proviene da il blog della sicurezza informatica.
The Nokia 3310 Finally Gets A USB-C Upgrade
The Nokia 3310 has a reputation of being one of the most indestructible devices ever crafted by humanity. It’s also woefully out of date and only usable in a handful of countries that still maintain a GSM network. It might not be easy to bring it into the 5G era, but you can at least convert it to work with modern chargers, thanks to [Andrea].
You might think this is a messy, complicated mod, but [Andrea] engineered it as a drop-in upgrade. He’s combined a USB-C port with a small plastic adapter that enables it to sit in place of the original phone’s charge port module. Contact between the port and the rest of the phone is via spring-loaded contacts. The only additional step necessary is popping out the mic from the original charge module and putting it in the new one. You need only a screw driver to disassemble the phone, swap out the parts, and put it all back together.
If you want to upgrade your own handset, [Andrea] is more than happy to provide the parts for a reasonable price of 25 euros. It’s almost worth it just for the laughs—head around to your friend’s house, ask to borrow a charger, and then plug in your USB-C 3310. You’ll blow some minds.
Once upon a time, it was big news that someone hacked a USB-C port into the iPhone. Video after the break.
youtube.com/embed/t1VHgmUffEM?…
A 3D printed Camera You Can Now Download, Shutter and All
A couple of years ago we were excited to read news of an entirely 3D printed camera, right down to the shutter. We wrote it up back then but sadly the required STL files were not yet available. Now after time away with his family, its creator [Mark Hiltz] is back. The medium-format Pioneer Camera can now be downloaded for printing in its entirety under a Creative Commons licence.
Looking at the design, it appears to be a relatively straightforward build. The shutter is extremely simple, as far as we can see, relying on magnets to ensure that the open part of its rotation is at an unstable repulsing point between stable magnetic poles. The images aren’t perfect because he’s using a very simple lens, but this is part of the charm of a camera like this one. We hope that people will take it and produce refinements to the design making for a cheap and good entry to medium format photography.
While you’re printing your own Pioneer, take a look at our original coverage.
Gli Hacker Criminali Di ThreeAM Rivendicano Un Cyber Attacco A Leonardo. 14MB La Lista Dei Files
Pochi minuti fa, la banda di criminali informatici di ThreeAM rivendica all’interno del proprio Data Leak Site (DLS) un attacco informatico all’italiana Leonardo. Leonardo S.p.A. è una società italiana a controllo pubblico attiva nei settori della difesa, dell’aerospazio e della sicurezza. Il suo maggiore azionista è il Ministero dell’economia e delle finanze italiano, che possiede circa il 30% delle azioni.
Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence’.
Nel post pubblicato nel Darkweb dai criminali informatici viene riportato che la gang è in possesso di dati, esfiltrati dalle infrastrutture IT dell’azienda o da un suo fornitore terzo.
Sul sito della gang viene riportata la consueta “prograss bar” che rappresenta – a detta dei criminali – la percentuale dei dati pubblicati che ad oggi ammonta all’1% del totale. Viene inoltre pubblicato un unico file dal nome “files.txt” che riporta la lista dei file presumibilmente esfiltrati nel presunto attacco informatico.
La cosa interessante da notare è che se 14 MB cubano l’1% del totale dei dati trafugati (come riportato nella progress bar di ThreeAM), il totale complessivo dovrà attestarsi intorno ad un giga e 400 Mega. Pertanto ci troveremo, se questo fosse confermato, di fronte ad una piccolissima violazione dei dati rispetto ai volumi a cui siamo abituati in operazioni ransomware di rilievo.
Non da escludere (come da noi scoperto nelle presunte violazioni dei criminali informatici di LockBit afferenti all’Agenzia Delle Entrate e a Farmacia Statuto) di uno sbaglio di target.
Questo modo di agire – come sanno i lettori di RHC – generalmente avviene quando ancora non è stato definito un accordo per il pagamento del riscatto richiesto da parte dei criminali informatici. In questo modo, i criminali minacciando la pubblicazione dei dati in loro possesso, aumenta la pressione verso l’organizzazione violata, sperando che il pagamento avvenga più velocemente.
Come spesso riportiamo, l’accesso alle Darknet è praticabile da qualsiasi persona che sappia utilizzare normalmente un PC. Questo è importante sottolinearlo in quanto molti sostengono il contrario, spesso nei comunicati dopo la pubblicazione dei dati delle cybergang ransomware e tali informazioni sono pubblicamente consultabili come fonti aperte.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.
Chi sono i criminali informatici di ThreeAM
ThreeAM o 3AM sono venuto alla ribalta quando Symantec ha pubblicato un articolo nel suo blog su un’implementazione fallita del ransomware LockBit. Apparentemente, durante questa implementazione, l’affiliata LockBit ha tentato di implementare LockBit, ma alla fine ha implementato un nuovo ransomware con il nome di ThreeAM.
ThreeAM è un gruppo di criminalità informatica da “profitto” di lingua russa, e prendono di mira principalmente i paesi affiliati all’Occidente. Tuttavia, non sono solo un’opzione secondaria, 3AM Ransomware si distingue per le sue caratteristiche tecniche uniche. In particolare, il loro ransomware è sviluppato utilizzando Rust il che lo ha distinto come una nuova entità nella famiglia dei ransomware.
Funzionando come un eseguibile a 64 bit, è progettato per interrompere applicazioni, sistemi di backup e software di sicurezza. Prende di mira file specifici, li rinomina con un’estensione “.threeamtime” e mira a eliminare le copie Volume Shadow, mostrando le sue capacità distruttive.
Cos’è il ransomware as a service (RaaS)
Il ransomware, è una tipologia di malware che viene inoculato all’interno di una organizzazione, per poter cifrare i dati e rendere indisponibili i sistemi. Una volta cifrati i dati, i criminali chiedono alla vittima il pagamento di un riscatto, da pagare in criptovalute, per poterli decifrare.
Qualora la vittima non voglia pagare il riscatto, i criminali procederanno con la doppia estorsione, ovvero la minaccia della pubblicazione di dati sensibili precedentemente esfiltrati dalle infrastrutture IT della vittima.
Per comprendere meglio il funzionamento delle organizzazioni criminali all’interno del business del ransomware as a service (RaaS), vi rimandiamo a questi articoli:
- Il ransomware cos’è. Scopriamo il funzionamento della RaaS
- Perché l’Italia è al terzo posto negli attacchi ransomware
- Difficoltà di attribuzione di un attacco informatico e false flag
- Alla scoperta del gruppo Ransomware Lockbit 2.0
- Intervista al rappresentante di LockBit 2.0
- Il 2021 è stato un anno difficile sul piano degli incidenti informatici
- Alla scoperta del gruppo Ransomware Darkside
- Intervista al portavoce di Revil UNKNOW, sul forum XSS
- Intervista al portavoce di BlackMatter
Come proteggersi dal ransomware
Le infezioni da ransomware possono essere devastanti per un’organizzazione e il ripristino dei dati può essere un processo difficile e laborioso che richiede operatori altamente specializzati per un recupero affidabile, e anche se in assenza di un backup dei dati, sono molte le volte che il ripristino non ha avuto successo.
Infatti, si consiglia agli utenti e agli amministratori di adottare delle misure di sicurezza preventive per proteggere le proprie reti dalle infezioni da ransomware e sono in ordine di complessità:
- Formare il personale attraverso corsi di Awareness;
- Utilizzare un piano di backup e ripristino dei dati per tutte le informazioni critiche. Eseguire e testare backup regolari per limitare l’impatto della perdita di dati o del sistema e per accelerare il processo di ripristino. Da tenere presente che anche i backup connessi alla rete possono essere influenzati dal ransomware. I backup critici devono essere isolati dalla rete per una protezione ottimale;
- Mantenere il sistema operativo e tutto il software sempre aggiornato con le patch più recenti. Le applicazioni ei sistemi operativi vulnerabili sono l’obiettivo della maggior parte degli attacchi. Garantire che questi siano corretti con gli ultimi aggiornamenti riduce notevolmente il numero di punti di ingresso sfruttabili a disposizione di un utente malintenzionato;
- Mantenere aggiornato il software antivirus ed eseguire la scansione di tutto il software scaricato da Internet prima dell’esecuzione;
- Limitare la capacità degli utenti (autorizzazioni) di installare ed eseguire applicazioni software indesiderate e applicare il principio del “privilegio minimo” a tutti i sistemi e servizi. La limitazione di questi privilegi può impedire l’esecuzione del malware o limitarne la capacità di diffondersi attraverso la rete;
- Evitare di abilitare le macro dagli allegati di posta elettronica. Se un utente apre l’allegato e abilita le macro, il codice incorporato eseguirà il malware sul computer;
- Non seguire i collegamenti Web non richiesti nelle e-mail;
- Esporre le connessione Remote Desktop Protocol (RDP) mai direttamente su internet. Qualora si ha necessità di un accesso da internet, il tutto deve essere mediato da una VPN;
- Implementare sistemi di Intrusion Prevention System (IPS) e Web Application Firewall (WAF) come protezione perimetrale a ridosso dei servizi esposti su internet.
- Implementare una piattaforma di sicurezza XDR, nativamente automatizzata, possibilmente supportata da un servizio MDR 24 ore su 24, 7 giorni su 7, consentendo di raggiungere una protezione e una visibilità completa ed efficace su endpoint, utenti, reti e applicazioni, indipendentemente dalle risorse, dalle dimensioni del team o dalle competenze, fornendo altresì rilevamento, correlazione, analisi e risposta automatizzate.
Sia gli individui che le organizzazioni sono scoraggiati dal pagare il riscatto, in quanto anche dopo il pagamento le cyber gang possono non rilasciare la chiave di decrittazione oppure le operazioni di ripristino possono subire degli errori e delle inconsistenze.
La sicurezza informatica è una cosa seria e oggi può minare profondamente il business di una azienda.
Oggi occorre cambiare immediatamente mentalità e pensare alla cybersecurity come una parte integrante del business e non pensarci solo dopo che è avvenuto un incidente di sicurezza informatica.
L'articolo Gli Hacker Criminali Di ThreeAM Rivendicano Un Cyber Attacco A Leonardo. 14MB La Lista Dei Files proviene da il blog della sicurezza informatica.
Why AI Usage May Degrade Human Cognition and Blunt Critical Thinking Skills
Any statement regarding the potential benefits and/or hazards of AI tends to be automatically very divisive and controversial as the world tries to figure out what the technology means to them, and how to make the most money off it in the process. Either meaning Artificial Inference or Artificial Intelligence depending on who you ask, AI has seen itself used mostly as a way to ‘assist’ people. Whether in the form of a chat client to answer casual questions, or to generate articles, images and code, its proponents claim that it’ll make workers more efficient and remove tedium.
In a recent paper published by researchers at Microsoft and Carnegie Mellon University (CMU) the findings from a survey are however that the effect is mostly negative. The general conclusion is that by forcing people to rely on external tools for basic tasks, they become less capable and prepared of doing such things themselves, should the need arise. A related example is provided by Emanuel Maiberg in his commentary on this study when he notes how simple things like memorizing phone numbers and routes within a city are deemed irrelevant, but what if you end up without a working smartphone?
Does so-called generative AI (GAI) turn workers into monkeys who mindlessly regurgitate whatever falls out of the Magic Machine, or is there true potential for removing tedium and increasing productivity?
The Survey
In this survey, 319 knowledge workers were asked about how they use GAI in their job and how they perceive GAI usage. They were asked how they evaluate the output from tools like ChatGPT and DALL-E, as well as how confident they were about completing these same tasks without GAI. Specifically there were two research questions:
- When and how do knowledge workers know that they are performing critical thinking when using GAI?
- When and why do they perceive increased/decreased need for critical thinking due to GAI?
Obviously, the main thing to define here is the term ‘critical thinking‘. In the survey’s context of creating products like code, marketing material and similar that has to be assessed for correctness and applicability (i.e. meeting the requirements), critical thinking mostly means reading the GAI-produced text, analyzing a generated image and testing generated code for correctness prior to signing off on it.
The first research question was often answered by those partaking in a way that suggests that critical thought was inversely correlated with how trivial the task was thought to be, and directly correlated to the potential negative repercussions of flaws. Another potential issue appeared here where some participants indicated accepting GAI responses which were outside that person’s domain knowledge, yet often lacking the means or motivation to verify claims.
The second question got a bit more of a diverse response, mostly depending on the kind of usage scenario. Although many participants indicated a reduced need for critical thinking, it was generally noted that GAI responses cannot be trusted and have to be verified, edited and often adjusted with more queries to the GAI system.
Of note is that this is about the participant’s perception, not about any objective measure of efficiency or accuracy. An important factor the study authors identify is that of self-confidence, with less self-confidence resulting in the person relying more on the GAI to be correct. Considering that text generated by a GAI is well-known to do the LLM equivalent of begging the question, alongside a healthy dose of bull excrement disguised as forceful confidence and bluster, this is not a good combination.
It is this reduced self-confidence and corresponding increase in trust in the AI that also reduces critical thinking. Effectively, the less the workers know about the topic, and/or the less they care about verifying the GAI tool output, the worse the outcome is likely to be. On top of this comes that the use of GAI tools tends to shift the worker’s activity from information gathering to information verification, as well as from problem-solving to AI-output integration. Effectively the knowledge worker thus becomes more of a GAI quality assurance worker.
Essentially Automation
The thing about GAI and its potential impacts on the human workforce is that these concerns are not nearly as new as some may think it is. In the field of commercial aviation, for example, there has been a strong push for many decades now to increase the level of automation. Over this timespan we have seen airplanes change from purely manual flying to today’s glass cockpits, with autopilots, integrated checklists and the ability to land autonomously if given an ILS beacon to lock onto.
While this managed to shrink the required crew to fly an airplane by dropping positions such as the flight engineer, it changed the task load of the pilots from actively flying the airplane to monitoring the autopilot for most of the flight. The disastrous outcome of this arrangement became clear in June of 2009 when Air France Flight 447 (AF447) suffered blocked pitot tubes due to ice formation while over the Atlantic Ocean. When the autopilot subsequently disconnected, the airplane was in a stable configuration, yet within a few minutes the pilot flying had managed to put the airplane into a fatal stall.
Ultimately the AF447 accident report concluded that the crew had not been properly trained to deal with a situation like this, leading to them not identifying the root cause (i.e. blocked pitot tubes) and making inappropriate control inputs. Along with the poor training, issues such as the misleading stopping and restarting of the stall alarm and unclear indication of inconsistent airspeed readings (due to the pitot tubes) helped to turn an opportunity for clear, critical thinking into complete chaos and bewilderment.
The bitter lesson from AF447 was that as good as automation can be, as long as you have a human in the loop, you should always train that human to be ready to replace said automation when it (inevitably) fails. While not all situations are as critical as flying a commercial airliner, the same warnings about preparedness and complacency apply in any situation where automation of any type is added.
Not Intelligence
A nice way to summarize GAI is perhaps that they’re complex tools that can be very useful but at the same time are dumber than a brick. Since these are based around probability models which essentially extrapolate from the input query, there is no reasoning or understanding involved. The intelligence bit is the one ingredient that still has to be provided by the human intelligence that sits in front of the computer. Whether it’s analyzing a generated image to see that it does in fact show the requested things, criticizing a generated text for style and accuracy, or scrutinizing generated code for accuracy and lack of bugs, these are purely human tasks without substitution.
We have seen in the past few years how relying on GAI tends to get into trouble, ranging from lawyers who don’t bother to validate (fake) cited cases in a generated legal text, to programmers who end up with 41% more bugs courtesy of generated code. Of course in the latter case we have seen enough criticisms of e.g. Microsoft’s GitHub Copilot back when it first launched to be anything but surprised.
In this context this recent survey isn’t too surprising. Although GAI tools are just that, like any tool you have to properly understand them to use them safely. Since we know at this point that accuracy isn’t their strong suit, that chat bots like ChatGPT in particular have been programmed to be pleasant and eager to please at the cost of their (already low) accuracy, and that GAI generated images tend to be full of (hilarious) glitches, the one conclusion one should not draw here is that it is fine to rely on GAI.
Before ChatGPT and kin, we programmers would use forums and sites like StackOverflow to copy code snippets for. This was a habit which would introduce many fledging programmers to the old adage of ‘trust, but verify’. If you cannot blindly trust a bit of complicated looking code pilfered from StackOverflow or GitHub, why would you roll with whatever ChatGPT or GitHub Copilot churns out?
Tiny Typing Tutor Tuts At Your Incorrect Shift Usage
There are a wide range of typing tutors out there that will educate you in the glorious skill of touch-typing. Many just focus on the basics, ranking you on accuracy and speed. However, there’s a nifty little online tutor that can help you with one skill specifically—it’s aim is to teach you to use the Shift keys “properly.”
The tutor is the work of [KaarelP2rtel]. The unnamed tool is intended to guide you into instinctively using both the left and right Shift keys as you type. Many typers default to using one or the other. This can lead to fumbles and slowdown when one hand is trying to hit both the Shift key and a letter.
[KaarelP2rtel]’s belief is that the “correct” method is to press the Shift key with the opposite hand to the one typing the letter, and this typing tutor enforces that practice. You must type repeated capitalized words one after the other, and you’ll only progress quickly if you’re hitting the opposite Shift key each time. Unconventional keyboardists fear not—you can convert the tool to work with Dvorak or Colemak layouts if necessary.
Is this a crucial tool for the fast typist? The jury’s out on that one. It’s entirely possible to hit in excess of 120 wpm without this technique for most normal passages of text, using dynamic finger reassignments when hitting Shift with the same hand. Still, the diligent may find it a useful upgrade to their existing typing abilities.
Source code is on GitHub for the curious. Notably, it’s a very small website that weighs in at just a few kilobytes; it would be a rather fitting part of the Small Web, which we’ve explored before!
NASA Taps Webb to Help Study 2032 Asteroid Threat
In all likelihood, asteroid 2024 YR4 will slip silently past the Earth. Based on the data we have so far, there’s an estimated chance of only 2.1% to 2.3% that it will collide with the planet on December 22nd, 2032. Under normal circumstances, if somebody told you there was a roughly 98% chance of something not happening, you probably wouldn’t give it a second thought. There’s certainly a case to be made that you should feel that way in regards to this particular event — frankly, it’s a lot more likely that some other terrible thing is going to happen to you in the next eight years than it is an asteroid is going to ruin your Christmas party.
That being said, when you consider the scale of the cosmos, a 2+% chance of getting hit is enough to raise some eyebrows. After all, it’s the highest likelihood of an asteroid impact that we’re currently aware of. It’s also troubling that the number has only gone up as further observations of 2024 YR4’s obit have been made; a few weeks ago, the impact probability was just 1%. Accordingly, NASA has recently announced they’ll be making time in the James Webb Space Telescope’s busy scientific schedule to observe the asteroid next month.
So keeping in mind that we’re still talking about an event that’s statistically unlikely to actually occur, let’s take a look at what we know about 2024 YR4, and how further study and analysis can give us a better idea of what kind of threat we’re dealing with.
An Unexpected Visitor
Officially, 2024 YR4 was discovered on December 27th, 2004 by the Asteroid Terrestrial-impact Last Alert System (ATLAS), but by that time we had already dodged a potential impact. It turns out that the asteroid had come within 828,800 kilometers (515,000 miles), or around two times the distance from the Earth to the Moon, on December 25th without anyone realizing.
All of the observations of the asteroid made since its discovery have therefore been made while the object is moving away from the planet and back into deep space. This is a less than ideal situation when you consider that the asteroid is estimated to be between 40 to 90 meters (130 to 300 ft) in diameter.
With each passing day, it becomes more difficult to track and resolve 2024 YR4, and it’s currently estimated that observing it with ground-based telescopes will no longer be possible beyond April.
That is, until 2028. As you might have put together by now, 2024 YR4 is in such an orbit that it comes within close proximity of Earth every four years. If current orbital projections hold true, during the summer of 2028, the asteroid will be close enough again that we can observe it on the way towards us.
That will include a fly-by of Earth in early December before it swings back out of range. Hopefully by that time we’ll have collected enough data to know whether or not we’ll need to brace for impact the next time it swings by our neighborhood.
Deflect, or Evacuate?
As far as potentially dangerous Near Earth Objects (NEOs) go, 2024 YR4 is about as ideal as they get. While it did sneak up on us in 2024, now we know it’s on a fairly predictable schedule and there’s enough time that we could actually do something about it if the chance of impact gets high enough to take it more seriously. In 2028, we’ve even got a chance to deflect it as it zooms past Earth.
That would have been science fiction a few years ago, but after NASA’s successful DART demonstration mission, we now know it’s possible to significantly alter the orbit of an asteroid simply by ramming a spacecraft into it at high velocity. The target asteroid in that test was much larger than 2024 YR4, with a diameter of 177 meters (581 ft). Yet the head-on impact of the 500 kg (1,100 lb) DART spacecraft was able to slow it down enough to make a noticeable change in its orbit.
Given how close 2024 YR4 would be passing by Earth, it’s not hard to imagine that a spacecraft with several times the mass of DART could be put on a collision course with the asteroid in 2028. Even if such an impact would not be enough to entirely prevent a collision with 2024 YR4, if applied carefully, it could certainly be sufficient to move the calculated point of impact.
But would such a mission even be necessary? Current estimates put around half of the potential impact points for 2024 YR4 over the ocean. Even where the path of the asteroid does cross over land, most of it is sparsely populated. The biggest risks to human life would be in Nigeria and India, but the chances of a direct hit over either area is particularly remote, especially given the estimated blast radius of 50 km (31 miles).
Unless updated orbital data for 2024 YR4 indicates that it’s going to directly impact one of these densely populated areas, the most cost effective approach may be to simply move as many people out of the impact area as possible. While an evacuation of this scale would still be a monumental task, we’d at least have several years to implement the plan.
Bringing Out the Big Guns
While the chances are still excellent that 2024 YR4 will zip harmlessly past our Blue Marble in 2032, it’s not outside the realm of possibility that some big decisions might need to be made in the next few years. So how do we figure out how large of a threat this asteroid really is before it’s too late?
That’s where advanced space-bound observatories like the James Webb Space Telescope (JWST) come in. While our instruments on Earth soon won’t be able to see 2024 YR4, the JWST will not only be able to keep its gaze on the asteroid for longer, but the infrared observatory is uniquely suited for capturing critical data about its size and shape.
Up to this point, the size of 2024 YR4 has been estimated based on its visible appearance, but that can be misleading. It could be that only part of the asteroid is reflective, which would give the impression that its smaller than it actually is. But the JWST doesn’t rely on visible light, and instead can use its IR instruments to detect the heat being given off by the asteroid’s rocky surface.
With definitive data about the asteroid’s size, shape, and rotation, astronomers will be able to better model how 2024 YR4 is moving through space. That’s going to be key to figuring out whether or not that 2.3% chance of impact is going to go up or down — and if it does go up, will help narrow down exactly where the asteroid is likely to hit.
Budget-Minded Synthetic Aperture Radar Takes to the Skies
Unless you work for the government or a large corporation, constrained designs are a fact of life. No matter what you’re building, there’s likely going to be a limit to the time, money, space, or materials you can work with. That’s good news, though, because constrained projects tend to be interesting projects, like this airborne polarimetric synthetic aperture radar.
If none of those terms make much sense to you, don’t worry too much. As [Henrik Forstén] explains, synthetic aperture radar is just a way to make a small radar antenna appear to be much larger, increasing its angular resolution. This is accomplished by moving the antenna across a relatively static target and doing some math to correlate the returned signal with the antenna position. We saw this with his earlier bicycle-mounted SAR.
The antennas are pretty cool, too; they’re stacked patch antennas made from standard FR4 PCBs, with barn-door feed horns fashioned from copper sheeting and slots positioned 90 to each other to provide switched horizontal and vertical polarization on both the receive and transmit sides. There are also a ton of details about how the radar set is integrated into the flight controller of the drone, as well as an interesting discussion on the autofocusing algorithm used to make up for the less-than-perfect positional accuracy of the system.
The resulting images are remarkably detailed, and almost appear to be visible light images thanks to the obvious shadows cast by large objects like trees and buildings. We’re especially taken by mapping all combinations of transmit and receive polarizations into a single RGB image; the result is ethereal.
A Transparent BB-8 Build Using Christmas Ornaments
The cool thing about the droids of Star Wars is that they’re not that hard to recreate in real life. R2-D2 is a popular choice, but you can even build yourself a neat little BB-8 if you’re so inclined. [Piyush] has built a particularly compelling example that’s transparent, which lets you see the internals and how it all works.
The build makes creative use of a pair of Christmas ornaments. They are perhaps the cheapest and easiest way to source a clear plastic sphere. One serves as the “head”, while the other serves as the larger spherical body. Inside, an Arduino Pro Micro is running the show. It’s hooked up to a L293D motor driver which runs the drive motors and the reaction wheel motor which provides stability, while a separate MOSFET is on hand to run the gear motor which controls the head.
There’s also an HC-05 module for Bluetooth communication, and a BNO055 sensor for motion tracking and ensuring the robot stays the right way up. 3D printed components are used prodigiously to cram everything together tightly enough to fit. There’s even a printed charging base to juice up the little droid. Controlling the robot is as simple as using a smartphone with an app created in the MIT App Inventor.
If you’ve never built a spherical rolling robot before—and few of us have—this design is a great reference for your own work. We’ve seen a few BB-8s over the years, most of which dropped shortly after the movie was released.
youtube.com/embed/hOlvCMdZ1BE?…
Data breach ai danni di Thermomix (aka Bymby/Vorwerk). Bene la risposta dell’azienda!
Il 30 gennaio il forum www.ricettario-bimby.it ha subito un data breach esponendo i dati degli utenti. Non sono state trafugate password o altri dati sensibili. Il 3 febbraio, nel noto forum del darkweb BreachForum, l’utente dallo pseudonimo ayamee ha messo in vendita questi dati al prezzo non negoziabile di 1500 dollari.
Si tratta di 3,3 milioni di righe di database che contengono: e-mail, indirizzo, data di nascita, ecc. Non è dato sapere se l’utente che ha messo in vendita i dati sia lo stesso thread actor che ha condotto l’attacco ed esfiltrato i dati.
Possiamo confermare invece che l’azienda ha reagito immediatamente a questo data breach informando via mail il 6 febbraio 2025 i propri clienti dell’accaduto. Spiegando cosa è successo, che azioni di mitigazione hanno applicato, indicando il periodo temporale in cui è avvenuto l’attacco e confermando che non sono state trafugate le password di accesso: cosa che confermiamo anche noi di RHC, perché analizzando i sample disponibili nell’underground non c’è traccia della password nel dataset esfiltrato.
Nell’ulteriore documento disponibile sul sito dell’azienda relativo all’accaduto (che potete reperire a questo link), sono indicate anche le nazioni della community interessate dalla fuga di dati, tra cui anche l’Italia. L’azienda, nella comunicazione inviata ai propri clienti, indica anche alcune azioni ed attenzioni da porre a seguito di questo data breach.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzareredhotcyber.com/whistleblowerla mail crittografata del whistleblower.
L'articolo Data breach ai danni di Thermomix (aka Bymby/Vorwerk). Bene la risposta dell’azienda! proviene da il blog della sicurezza informatica.
Fortinet CVE-2025-24472: Gli Hacker Criminali Cercano Informazioni Per Il Suo Sfruttamento
Sul noto forum underground un utente dallo pseudonimo Anon141234 riporta la CVE-2025-24472, che affligge i prodotti Fortinet. Oltre a chiedere informazioni è interessato ad un Proof Of Concept.
Questa vulnerabilità di tipo Authentication Bypass, sfruttabile su FortiOS e FortiProxy non aggiornati, consente ad un attaccante di guadagnare privilegi di super-admin tramite richieste al modulo websocket Node.js.
La CVE è riconosciuta da Fortinet sul proprio sito Product Security Incident Response Team (PSIRT) dove potete trovare gli IOC (indicatori di compromissione), i metodi di mitigazione e la tabella delle versioni di FortiOS e FortiProxy vulnerabili.
La CVE è recentissima e pare essere un’evoluzione della precedente CVE-2024-55591 di cui ci siamo occupati pochi giorni fa, trovate l’articolo a questo link.
Non abbiamo trovato, per adesso, analisi tecniche della CVE (oltre a quella ufficiale fatta da Fortinet), POC o exploit pubblici disponibili in rete; ma con una classificazione di livello 9.6 (Critical) e con la possibilità di bypassare l’autenticazione e guadagnare i privilegi di super-admin non tarderà ad essere reso pubblico qualcosa su GitHub. Nel frattempo (probabilmente con exploit closed e non pubblici), la vulnerabilità risulta attivamente sfruttata in rete come confermato da Fortinet e dal CSIRT nazionale.
Come detto, il CISIRT nazionale ha emesso un bollettino di sicurezza il 12 febbraio 2025 alle 9.22 indicando in una nota che “la vulnerabilità CVE-2025-24472 risulta essere sfruttata attivamente in rete.”
I dispositivi esposti e potenzialmente vulnerabili sono tanti. La cosa si fa ancora più “semplice” quando gli hacker “aiutano” gli hacker. Infatti Il 14 gennaio 2025 (più o meno in corrispondenza del riconoscimento della CVE-2024-55591) il gruppo Belsen_Group allo scopo di, “solidificare nella vostra memoria il nome del loro gruppo”, ha regalato un file contenente 15.000 configurazioni in chiaro di firewall compromessi, sfruttando CVE precedenti, e il dump delle credenziali VPN.
Il file, suddiviso per IP del dispositivo compromesso, riporta anche centinaia di IP geo-localizzabili sul territorio italiano.
Le raccomandazioni del produttore ma in generale le best practies sono sempre le stesse: disabilitare l’accesso pubblico all’interfaccia amministrativa del firewall, limitarne l’accesso con ACL o filtro su IP sorgenti, monitorare gli avvisi di sicurezza e applicare le patch e gli aggiornamenti.
L'articolo Fortinet CVE-2025-24472: Gli Hacker Criminali Cercano Informazioni Per Il Suo Sfruttamento proviene da il blog della sicurezza informatica.
On the Original Punched Cards
If you mention punch cards to most people, they’ll think of voting. If you mention it to most older computer people, they’ll think of punching programs for big computers on cards. But punched cards are much older than that, and [Nichole Misako Nomura] talks about how the original use was to run looms and knitting machines and — thanks the Internet Archive — you can still find old cards to drive modern machines.
According to the post, a dedicated group of people own old commercial knitting machines, and with some work, they can use archived punch cards with patterns that predate the computerized world. The Jacquard loom was famously the first machine to use cards like this, and it is no secret that they were the inspiration for Hollerith’s use of cards in the census, which would eventually lead to the use of cards for computing.
This is an interesting example of format issues. There are many card patterns stored on the Internet, but getting from a digital image to a workable card or even a set of instructions. But it is doable. You have to wonder if pulling old data off other, more modern media will be workable in the future.
If you want to relive (or try for the first time) keypunching, you can use your browser. The Jacquard loom may be ancient history, but it has many spiritual descendants.
Automatic Pill Dispenser Is Cheap and Convenient
If you’re taking any medication, you probably need to take it in a certain dose on a certain schedule. It can quickly become difficult to keep track of when you’re taking multiple medications. To that end, [Mellow_Labs] built an automated pill dispenser to deliver the right pills on time, every time.
The pill dispenser is constructed out of 3D printed components. As shown, it has two main bins for handling two types of pills, controlled with N20 gear motors. The bins spin until a pill drops through a slot into the bottom of the unit, with the drop detected by a piezo sensor. It uses a Beetle ESP32 as the brains of the operation, which is hooked up with a DS1307 real-time clock to ensure it’s dosing out pills at the right time. It’s also wired up with a DRV8833 motor driver to allow it to run the gear motors. The DRV8833 can run up to four motors in unidirectional operation, so you can easily expand the pill dispenser up to four bins if so desired.
We particularly like how the pill dispenser is actually controlled — [Mellow_Labs] used the ESP32 to host a simple web interface which is used for setting the schedule on which each type of pill should be dispensed.
We’ve featured some other pill dispenser builds before, too.
youtube.com/embed/1kCoDDYpgkE?…
Thanks to [Prankhouz] for the tip!
DIY Microwave Crucibles
You know the problem. You are ready to melt some metal in your microwave oven, and you don’t have any crucibles. Not to worry. [Shake the Future] will show you how to make your own. All you need is some silicon carbide, some water glass (sodium silicate), and some patience.
The crucible takes the shape of a glass container. Don’t get too attached to it because the glass will break during the crucible construction. You can also use 3D-printed forms.
You can shape the vessel before it cures and after. Then, you give it a heat treatment. [Shake The Future] also recommends you harden it at the end. This is optional; he tells you how to decide if you need it.
Hardening helps prevent cracking during use. The process involves wrapping the vessel in a ceramic sheet and heating it until the crucible turns red. The ceramic sheet is somewhat dangerous to work with because it has such tiny fibers and dust, so he only treats the crucibles when necessary.
We always enjoy watching [Shake] casting metal. He’s even done a Benchy.
youtube.com/embed/e7f9H9_5Wp0?…
Will Embodied AI Make Prosthetics More Humane?
Building a robotic arm and hand that matches human dexterity is tougher than it looks. We can create aesthetically pleasing ones, very functional ones, but the perfect mix of both? Still a work in progress. Just ask [Sarah de Lagarde], who in 2022 literally lost an arm and a leg in a life-changing accident. In this BBC interview, she shares her experiences openly – highlighting both the promise and the limits of today’s prosthetics.
The problem is that our hands aren’t just grabby bits. They’re intricate systems of nerves, tendons, and ridiculously precise motor control. Even the best AI-powered prosthetics rely on crude muscle signals, while dexterous robots struggle with the simplest things — like tying shoelaces or flipping a pancake without launching it into orbit.
That doesn’t mean progress isn’t happening. Researchers are training robotic fingers with real-world data, moving from ‘oops’ to actual precision. Embodied AI, i.e. machines that learn by physically interacting with their environment, is bridging the gap. Soft robotics with AI-driven feedback loops mimic how our fingers instinctively adjust grip pressure. If haptics are your point of interest, we have posted about it before.
The future isn’t just robots copying our movements, it’s about them understanding touch. Instead of machine learning, we might want to shift focus to human learning. If AI cracks that, we’re one step closer.
Original photo by Marco Bianchetti on Unsplash
FLOSS Weekly Episode 820: Please Don’t add AI Clippy to Thunderbird
This week, Jonathan Bennett talks Thunderbird with Ryan Sipes! What’s the story with almost becoming part of LibreOffice, How has Thunderbird collected so many donations, and more!
youtube.com/embed/yoc7gSPcxSM?…
Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
hackaday.com/2025/02/12/floss-…
PCB Design Review: M.2 SSD Splitter
Today’s PCB design review is a board is from [Wificable]. iI’s a novel dual-SSD laptop adapter board! See, CPUs and chipsets often let you split wide PCIe links into multiple smaller width links. This board relies on a specific laptop with a specific CPU series, and a BIOS mod, to put two M.2 NVMe SSDs into a single SSD slot of a specific series’ laptop.
This board has two crucial factors – mechanical compatibility, and electrical function. Looking into mechanics, it’s a 0.8 mm thick PCB that plugs into a M.2 socket, and it has sockets for two SSDs on it – plenty of bending going on. For electronics, it has a PCIe REFCLK clock buffer, that [Wificable] found on Mouser – a must have for PCIe bifurcation, and a must-work for this board’s core! Apart from that, this is a 4-layer board, it basically has to be for diffpairs to work first-try.
Of course, the clock buffer chip is the main active component and the focus of the board, most likely mistakes will happen there – let’s look at the chip first.
All Eyes On Chip
The schematic is from a server board schematic – which is wonderful! Datasheet schematics are not always as complete or as succinct as you’d like them to be, and it’s super helpful to have a known-working schematic designed by a third party, that is production-grade and well-tested for 24/7 operation. We used that for our M.2 card design,
Of course, the symbol had to be redrawn for KiCad, and [Wificable] also rearranged the symbol corresponding to the physical pinout, as opposed to arranging them logically, like many KiCad symbols do. This is mostly a matter of preference and either way is fair – I switch between either of the two, depending on the situation. One note, though – when copying a schematic, I highly recommend you use the same pin arrangement as that schematic, it’s just really helpful to avoid mistakes.
In this case, I’d argue the logical arrangement is also cleaner, and that’s what I’d personally go for. However, design reviews are about function way more than aesthetics, and the chip’s wiring looked fine!
In my view, policing aesthetics is generally a no-go for PCB design – most you can do is suggestions. The line between aesthetic problems and practical problems is often blurry, let’s say, when the problem is about track routing, connector layout, making the schematic easy to check at a glance, or a good few other things. When in doubt, think about the best effort-to-payoff ratio for the person receiving the review.
Layout-wise, things are also fine – but they could be a little finer. The decoupling capacitors do need vias on their GND pads – easy to add, and a big benefit as far as power delivery goes. There are other areas where vias are called for! That, or having vias arranged a little differently, at the very least. Let’s take a look!
Well-Grounded
There are quite a few ground-related changes I’d recommend here specifically, given that it’s a high-speed design. I’ve been reading a fair few “how to treat ground fills better” documents, and they discuss about a row of signals with vias, ground unable to get between them. The recommended way is to arrange the vias diagonally, instead, letting some of the ground polygon fill between the gaps and freeing up space for GND vias – and that’s what we can do here, too.
Do Not Bend
For dessert, we look at mechanics more closely. One thing that springs out to me – this is a 0.8 mm board inserted into a M.2 socket. The cutout in the middle is a liability. Some sort of cutout is necessary to accomodate plastic features of the laptop, but having a wide center-to-edge slot is a recipe for PCB bends. In this case, the edge-to-center slot can become a shorter one, mechanically connected on the edge again, just needs a little bit more measurement.
So far, the boards have been produced, thanks to Aisler’s new 0.8 mm four-layer process. They’ve been partially tested: [Wificable] didn’t get the chip yet, but has already successfully done the BIOS mod, and tested the bifurcation using magnet wire to switch between REFCLKs. Whenever [Wificable] finds time to finish testing, we will hear from her about how well the chip functions!
As usual, if you would like a design review for your board, submit a tip to us with [design review] in the title, linking to your board files. KiCad design files strongly preferred, both repository-stored files (GitHub/GitLab/etc) and shady Google Drive/Dropbox/etc .zip links are accepted.
Safer and More Consistent Woodworking With a Power Feeder
Woodworking tools like table- and bandsaws are extremely useful and versatile, but they generally have the distinct disadvantage that they make no distinction between the wood and the digits of the person using the machine. While solutions like SawStop were developed to make table saws sense flesh and try to not cut it, [James Hamilton] makes a compelling argument in a recent video for the use of power feeders.
These devices are placed above the table and feed the material into the machine without having to get one’s digits anywhere near the machine. Other than the safety aspect, it also means that the material is always fed in at a consistent speed, which is great when using it with a router table. Most of these power feeders are portable, so a single unit can be moved from the table saw to the router table, with [James] showing how he is using MagSwitch magnetic clamps to ease the process of moving between machines.
With the 8 HP mini power feeder that he’s using, the 4 magnetic clamps appear to be enough even when cutting hardwood on the table saw, but it’s important to make sure the power feeder doesn’t twist while running, for obvious safety reasons. On [James]’s wish list is a way to make moving the power feeder around more efficient, because he only has a single one, for cost reasons.
Although these power feeders cost upwards of $1,000, the benefits are obvious, including when running larger jobs. One might conceivably also DIY a solution, as they appear to be basically an AC motor driving a set of wheels that grip the material while feeding. That said, do you use a power feeder, a SawStop table saw or something else while woodworking?
youtube.com/embed/-M9iXNv2yQg?…
Plastic On The Mind: Assessing the Risks From Micro- and Nanoplastics
Perhaps one of the clearest indications of the Anthropocene may be the presence of plastic. Starting with the commercialization of Bakelite in 1907 by Leo Baekeland, plastics have taken the world by storm. Courtesy of being easy to mold into any imaginable shape along with a wide range of properties that depend on the exact polymer used, it’s hard to imagine modern-day society without plastics.
Yet as the saying goes, there never is a free lunch. In the case of plastics it would appear that the exact same properties that make them so desirable also risk them becoming a hazard to not just our environment, but also to ourselves. With plastics degrading mostly into ever smaller pieces once released into the environment, they eventually become small enough to hitch a ride from our food into our bloodstream and from there into our organs, including our brain as evidenced by a recent study.
Multiple studies have indicated that this bioaccumulation of plastics might be harmful, raising the question about how to mitigate and prevent both the ingestion of microplastics as well as producing them in the first place.
Polymer Trouble
Plastics are effectively synthetic or semi-synthetic polymers. This means that the final shape, whether it’s an enclosure, a bag, rope or something else entirely consists of many monomers that polymerized in a specific shape. This offers many benefits over traditional materials like wood, glass and metals, all of which cannot be used for the same wide range of applications, including food packaging and modern electronics.
Unlike a composite organic polymer like wood, however, plastics do not noticeably biodegrade. When exposed to wear and tear, they mostly break down into polymer fragments that remain in the environment and are likely to fragment further. When these fragments are less than 5 mm in length, they are called ‘microplastics’, which are further subdivided into a nanoplastics group once they reach a length of less than 1 micrometer. Collectively these are called MNPs.
The process of polymer degradation can have many causes. In the case of e.g. wood fibers, various microorganisms as well as chemicals will readily degrade these. For plastics the primary processes are oxidation and chain scission, which in the environment occurs through UV-radiation, oxygen, water, etc. Some plastics (e.g. with a carbon backbone) are susceptible to hydrolysis, while others degrade mostly through the interaction of UV-radiation with oxygen (photo-oxidation). The purpose of stabilizers added to plastics is to retard the effect of these processes, with antioxidants, UV absorbers, etc. added. These only slow down the polymer degradation, naturally.
In short, although plastics that end up in the environment seem to vanish, they mostly break down in ever smaller polymer fragments that end up basically everywhere.
Body-Plastic Ratio
In a recent review article, Dr. Eric Topol covers contemporary studies on the topic of MNPs, with a particular focus on the new findings about MNPs found in the (human) brain, but also from a cardiovascular perspective. The latter references a March 2024 study by Raffaele Marfella et al. as published in The New England Journal of Medicine. In this study the excised plaque from carotid arteries in patients undergoing endarterectomy (arterial blockage removal) was examined for the presence of MNPs prior to the patients being followed to see whether the presence of MNPs affected their health.
What they found was that of the 257 patients who completed the full study duration 58.4% had polyethylene (PE) in these plaques, while 12.1% also had polyvinyl chloride (PVC) in them. The PE and PVC MNPs were concentrated in macrophages, alongside active inflammation markers. During the follow-up period during the study, of the patients without MNPs 8 of 107 (7.5%) suffered either a nonfatal myocardial infarction, a nonfatal stroke or death. This contrasted with 30 of 150 (20%) in the group with MNP detected, suggesting that the presence of MNP in one’s cardiovascular system puts one at significantly higher risk of these adverse events.
The presence of MNPs has not only been confirmed in arteries, but effectively in every other organ and tissue of the body as well. Recently the impact on the human brain has been investigated as well, with a study in Nature Medicine by Alexander J. Nihart et al. investigating MNP levels in decedent human brains as well the liver and kidneys. They found mostly PE, but also other plastic polymers, with the brain tissue having the highest PE proportion.
Interestingly, the more recently deceased had more MNP in their organs, and the brains of those with known dementia diagnosis had higher MNP levels than those without. This raises the question of whether the presence of MNPs in the brain can affect or even induce dementia and other disorders of the brain.
Using mouse models, Haipeng Huang et al. investigated the effects of MNPs on the brain, demonstrating that nanoplastics can pass through the blood-brain barrier, after which phagocytes consume these particles. These then go on to form blockages within the capillaries of the brain’s cortex, providing a mechanism through which MNPs are neurotoxic.
Prevention
On a personal level, wearing a respirator while being in dusty environments, while working with plastics, etc. is helpful, while avoiding e.g. bottled water. According to a recent study by Naixin Qian et al. from the University of California they found on average 240,000 particles of MNPs in a liter of bottled water, with 90% of these being nanoplastics. As noted in a related article, bottled water can be fairly safe, but has to be stored correctly (i.e. not exposed to the sun). Certain water filters (e.g. Brita) filter particles o.5 – 1 micrometer in size and should filter out most MNPs as well from tap water.
Another source of MNPs are plastic containers, with old and damaged plastic containers more likely to contaminate food stored in them. If a container begins to look degraded (i.e. faded colors), it’s probably a good time to stop using it for food.
That said, as some exposure to MNPs is hard to avoid, the best one can do here is to limited said exposure.
Environmental Pollution
Bluntly put, if there wasn’t environmental contamination with plastic fragments such personal precautions would not be necessary. This leads us to the three Rs:
- Reduce
- Reuse
- Recycle
Simply put, the less plastic we use, the less plastic pollution there will be. If we reuse plastic items more often (with advanced stabilizers to reduce degradation), fewer plastic items would need to be produced, and once plastic items have no more use, they should be recycled. This is basically where all the problems begin.
Using less plastic is extremely hard for today’s societies, as these synthetic polymers are basically everywhere, and some economical sectors essentially exist because of single-use plastic packaging. Just try to imagine a supermarket or food takeout (including fast food) without plastics. A potential option is to replace plastics with an alternative (glass, etc.), but the viability here remains low, beyond replacing effectively single use plastic shopping bags with multi-use non-plastic bags.
Some sources of microplastics like from make-up and beauty products have been (partially) addressed already, but it’d be best if plastic could be easily recycled, and if microorganisms developed a taste for these polymers.
Dismal Recycling
Currently only about 10-15% of the plastic we produce is recycled, with the remainder incinerated, buried in landfills or discarded as litter into the environment as noted in this recent article by Mark Peplow. A big issue is that the waste stream features every imaginable type of plastic mixed along with other (organic) contaminants, making it extremely hard to even begin to sort the plastic types.
The solution suggested in the article is to reduce the waste stream back to its original (oil-derived) components as much as possible using high temperatures and pressures. If this new hydrothermal liquefaction approach which is currently being trialed by Mura Technology works well enough, it could replace mechanical recycling and the compromises which this entails, especially inferior quality compared to virgin plastic, and an inability to deal with mixed plastics.
If a method like this can increase the recycling rate of plastics, it could significantly reduce the amount of landfill and litter plastic, and thus with it the production of MNPs.
Microorganism Solutions
As mentioned earlier, a nice thing about natural polymers like those in wood is that there are many organisms who specialize in breaking these down. This is the reason why plant matter and even entire trees will decay and effectively vanish, with its fundamental elements being repurposed by other organisms and those that prey on these. Wouldn’t it be amazing if plastics could vanish in a similar manner rather than hang around for a few hundred years?
As it turns out, life does indeed find a way, and researchers have discovered multiple species of bacteria, fungi and microalgae which are reported to biodegrade PET (polyethylene terephthalate), which accounts for 6.2% of plastics produced. Perhaps it’s not so surprising that microorganisms would adapt to thrive on plastics, since we are absolutely swamping the oceans with it, giving the rapid evolutionary cycle of bacteria and similar a strong nudge to prefer breaking down plastics over driftwood and other detritus in the oceans.
Naturally, PET is just one of many types of plastics, and generally plastics are not an attractive target for microbes, as Zeming Cai et al. note in a 2023 review article in Microorganisms. Also noted is that there are some fungal strains that degrade HDPE and LDPE, two of the most common types of plastics. These organisms are however not quite at the level where they can cope with the massive influx of new plastic waste, even before taking into account additives to plastics that are toxic to organisms.
Ultimately it would seem that evolution will probably fix the plastic waste issue if given a few thousand years, but before that, we smart human monkeys would do best to not create a problem where it doesn’t need to exist. At least if we don’t want to all become part of a mass-experiment on the effects of high-dose MNP exposure.
Alla Scoperta Dei Firewall: La Prima Linea Di Difesa Nella Sicurezza Informatica
Nel mondo della sicurezza informatica, i firewall rappresentano la prima linea di difesa contro minacce e attacchi informatici. Ogni giorno, aziende e utenti privati sono esposti a rischi come malware, ransomware e intrusioni non autorizzate. Un firewall agisce come un vero e proprio “custode digitale”, filtrando il traffico di rete e bloccando attività sospette prima che possano causare danni.
Ma cos’è esattamente un firewall e come funziona?
Questo strumento di sicurezza può essere sia hardware che software e opera secondo regole predefinite per consentire o impedire la trasmissione di dati attraverso una rete. Senza un firewall, qualsiasi dispositivo connesso a Internet sarebbe vulnerabile ad attacchi esterni, aumentando il rischio di furti di dati e compromissioni dei sistemi.
In questo articolo esploreremo l’importanza dei firewall nella protezione delle aziende, analizzando le diverse tipologie disponibili e il loro ruolo nel contrastare le minacce informatiche. Capiremo perché ogni impresa, indipendentemente dalle dimensioni, dovrebbe adottare una soluzione firewall efficace per garantire la sicurezza delle proprie infrastrutture digitali.
Cos’è un firewall e a cosa serve
Un firewall è un sistema di sicurezza informatica progettato per monitorare, filtrare e controllare il traffico di rete, impedendo accessi non autorizzati e proteggendo dispositivi e dati sensibili. Il suo nome deriva dall’idea di un muro o una “porta tagliafuoco”, ovvero una barriera che impedisce la propagazione di minacce informatiche tra reti diverse.
Il funzionamento di un firewall si basa su una serie di regole predefinite, che stabiliscono quali connessioni possono essere accettate e quali devono essere bloccate. Questo processo avviene analizzando i pacchetti di dati che viaggiano sulla rete e decidendo se permettere o impedire la loro trasmissione in base a criteri specifici.
I firewall sono essenziali per impedire intrusioni dannose, proteggere informazioni riservate e garantire la sicurezza delle reti aziendali e domestiche. Senza un firewall, un dispositivo connesso a Internet sarebbe esposto a numerose minacce, tra cui malware, attacchi DDoS e tentativi di hacking. In ambito aziendale, la loro importanza è ancora maggiore: proteggono dati finanziari, archivi digitali e infrastrutture IT critiche. Se vuoi approfondire come i firewall si integrano nelle strategie di cybersecurity aziendale.
L’evoluzione delle minacce informatiche ha portato allo sviluppo di firewall sempre più sofisticati, in grado di riconoscere e bloccare attacchi avanzati. Oggi esistono soluzioni che combinano firewall tradizionali con intelligenza artificiale e machine learning, migliorando la capacità di rilevare comportamenti sospetti e rispondere in tempo reale agli attacchi.
In sintesi, un firewall non è solo un’opzione consigliata, ma una necessità assoluta per chiunque voglia navigare in sicurezza ed evitare intrusioni nei propri sistemi informatici.
La Pila OSI
Per comprendere meglio il funzionamento dei firewall, è fondamentale conoscere la Pila OSI (Open Systems Interconnection), un modello di riferimento che descrive il funzionamento delle comunicazioni di rete suddividendolo in sette livelli.
Ogni livello ha uno scopo specifico e contribuisce al trasferimento dei dati tra dispositivi connessi a una rete. La Pila OSI è composta dai seguenti livelli, partendo dal più basso:
- Livello Fisico – Si occupa della trasmissione dei dati tramite cavi, onde radio e altri mezzi fisici.
- Livello Data Link – Gestisce il trasferimento di dati tra due dispositivi direttamente connessi.
- Livello di Rete – Si occupa dell’instradamento dei pacchetti di dati tra reti diverse.
- Livello di Trasporto – Garantisce la trasmissione affidabile dei dati, gestendo errori e ritrasmissioni.
- Livello di Sessione – Coordina la comunicazione tra dispositivi stabilendo, gestendo e terminando sessioni.
- Livello di Presentazione – Converte i dati nel formato corretto per il livello applicativo.
- Livello Applicativo – Fornisce l’interfaccia per le applicazioni di rete, come browser e email.
Dove opera un firewall nella Pila OSI?
I firewall operano principalmente nei livelli di Rete, Trasporto e Applicativo, filtrando i pacchetti di dati in base a regole di sicurezza predefinite. Un firewall a filtraggio di pacchetti, ad esempio, lavora a livello di Rete (Livello 3), mentre un firewall stateful inspection opera anche a livello di Trasporto (Livello 4), analizzando lo stato delle connessioni.
I firewall di nuova generazione (NGFW o WAF) sono ancora più avanzati, estendendo la protezione fino al Livello Applicativo (Livello 7), dove possono riconoscere e bloccare minacce legate a specifiche applicazioni e attacchi sofisticati come SQL injection o exploit zero-day.
Perché è importante conoscere la Pila OSI?
Capire il modello OSI è essenziale per identificare le vulnerabilità di rete e comprendere al meglio i fiewall e quindi implementare strategie di sicurezza più efficaci. Un attacco informatico può avvenire su diversi livelli della pila OSI e un firewall ben configurato può bloccare le minacce prima che raggiungano i dati sensibili. Ad esempio, un attacco DDoS può essere mitigato a livello di Trasporto, mentre un attacco di phishing può essere bloccato a livello di Applicazione.
L’integrazione dei firewall con altri strumenti di sicurezza, come sistemi di prevenzione delle intrusioni (IPS) e soluzioni di sicurezza Zero Trust, permette di proteggere l’intera infrastruttura di rete e garantire la continuità operativa aziendale.
Le principali tipologie di firewall
Esistono diverse tipologie di firewall, ognuna progettata per rispondere a specifiche esigenze di protezione. Tra le principali troviamo i firewall standard, i firewall di nuova generazione (NGFW) e i Web Application Firewall (WAF). Ognuna di queste soluzioni offre un livello di protezione differente all’interno della pila OSI e può essere scelta in base alla complessità della rete e alla natura delle minacce a cui ci si trova di fronte.
Firewall standard
I firewall standard, o tradizionali, sono i più comuni e vengono utilizzati per filtrare il traffico in base a determinate regole predefinite. Solitamente operano a livello di rete (Livello 3) e trasporto (Livello 4) del modello OSI, analizzando i pacchetti di dati in entrata e uscita e decidendo se permettere o bloccare la connessione. Questi firewall sono particolarmente utili per proteggere reti semplici e piccole aziende, dove il traffico di rete non è complesso e non si richiedono funzionalità avanzate.
Tuttavia, i firewall tradizionali presentano alcuni limiti, come la loro incapacità di rilevare attacchi più sofisticati, come quelli a livello di applicazione o le minacce più mirate. Inoltre, non sono in grado di analizzare il contenuto dei pacchetti, limitandosi a verificare l’indirizzo di origine e destinazione.
Firewall di nuova generazione (NGFW)
I firewall di nuova generazione (NGFW) sono progettati per affrontare le minacce moderne e più sofisticate. Questi firewall integrano funzionalità avanzate rispetto ai tradizionali, come il deep packet inspection (DPI) e l’analisi del traffico a livello di Applicazione (Livello 7). I NGFW non si limitano a filtrare il traffico in base a regole statiche, ma utilizzano algoritmi avanzati di intelligenza artificiale e machine learning per identificare e bloccare attacchi complessi come malware, ransomware e exploit zero-day.
Inoltre, i NGFW supportano anche la gestione delle identità degli utenti, il che consente di monitorare e controllare il traffico in base agli utenti e non solo agli indirizzi IP. Questi firewall possono anche integrarsi con VPN e soluzioni di Zero Trust, rendendoli ideali per proteggere le reti aziendali moderne, dove i confini sono più fluidi e gli attacchi possono arrivare da diverse fonti.
Web Application Firewall (WAF)
I Web Application Firewall (WAF) sono una tipologia di firewall progettata per proteggere le applicazioni web dai comuni attacchi diretti a questo livello, come SQL injection, cross-site scripting (XSS) e file inclusion. A differenza dei firewall tradizionali che operano principalmente su reti e dispositivi, i WAF si concentrano sulla protezione di siti web e applicazioni online, filtrando il traffico HTTP/HTTPS in entrata.
I WAF analizzano in tempo reale il traffico web per rilevare e bloccare richieste sospette che potrebbero compromettere la sicurezza delle applicazioni. Questi firewall sono particolarmente utili per le aziende che gestiscono piattaforme online, e-commerce o applicazioni SaaS, in quanto proteggono contro vulnerabilità specifiche che i firewall tradizionali non potrebbero fermare. I WAF sono anche fondamentali nella protezione contro attacchi DDoS applicativi, che mirano a sovraccaricare e rendere inutilizzabile una piattaforma web.
Perché ogni azienda dovrebbe adottarne uno
a crescente sofisticazione degli attacchi informatici rende la protezione della rete un elemento cruciale per ogni azienda, indipendentemente dalle dimensioni. Adottare un firewall non è più solo una scelta raccomandata, ma una necessità per garantire la sicurezza dei dati aziendali, proteggere le risorse interne e mantenere l’affidabilità operativa. Ma perché ogni azienda dovrebbe investire in un firewall? Ecco alcune ragioni fondamentali.
In un mondo sempre più connesso, le minacce informatiche sono all’ordine del giorno. Dall’accesso non autorizzato ai sistemi aziendali al furto di dati sensibili, passando per attacchi come malware, ransomware e phishing, le aziende sono costantemente sotto attacco. Un firewall ben configurato rappresenta la prima linea di difesa contro queste minacce, bloccando le connessioni sospette e impedendo l’ingresso di attori malintenzionati nella rete aziendale. Grazie al monitoraggio in tempo reale, un firewall riesce a identificare comportamenti anomali e a bloccare l’accesso ai sistemi prima che i danni diventino irreparabili.
Protezione dei dati sensibili
Ogni azienda, grande o piccola, gestisce dati sensibili che vanno protetti. Questi dati possono riguardare informazioni finanziarie, dati personali dei clienti o documenti aziendali riservati. I firewall sono progettati per impedire accessi non autorizzati e furti di dati. Proteggendo le porte d’ingresso alla rete aziendale, il firewall assicura che solo gli utenti o i dispositivi autorizzati possano accedere a informazioni critiche, prevenendo violazioni della privacy e riducendo il rischio di sanzioni legali legate alla protezione dei dati.
Controllo e gestione del traffico di rete
Un firewall non si limita a proteggere dai pericoli esterni, ma fornisce anche un controllo granulare sul traffico di rete. Le aziende possono definire regole personalizzate per consentire o bloccare specifici tipi di traffico in base alle proprie esigenze. Ad esempio, è possibile limitare l’accesso a determinati siti web, impedire la comunicazione con determinate reti o applicazioni, e monitorare l’attività online dei dipendenti per evitare l’accesso a contenuti dannosi o non pertinenti. Il firewall aiuta quindi a ottimizzare e controllare l’uso delle risorse di rete, migliorando l’efficienza e riducendo il rischio di incidenti legati alla sicurezza.
Rispetto delle normative sulla sicurezza
Molte normative aziendali, tra cui il GDPR (General Data Protection Regulation) in Europa e il CCPA (California Consumer Privacy Act) negli Stati Uniti, richiedono alle aziende di proteggere i dati dei clienti e di implementare misure di sicurezza adeguate. Un firewall ben configurato è uno degli strumenti che aiutano le aziende a soddisfare questi requisiti, evitando multe e danni reputazionali derivanti da violazioni della sicurezza dei dati. Investire in un firewall significa anche garantire che l’azienda rimanga conforme alle leggi sulla protezione dei dati.
Rimanere operativi durante gli attacchi
In un ambiente aziendale, ogni interruzione dei servizi può avere un impatto significativo sulla produttività e sui profitti. Gli attacchi DDoS (Distributed Denial of Service), per esempio, sono progettati per sopraffare i server aziendali con un flusso massiccio di traffico, causando interruzioni di servizio e downtime. I firewall, in particolare i firewall di nuova generazione (NGFW), possono filtrare il traffico in tempo reale, impedendo che queste minacce paralizzino i sistemi aziendali. La protezione contro gli attacchi DDoS è un esempio di come un firewall può garantire la continuità operativa e ridurre il rischio di perdite finanziarie.
Pericolosità delle vulnerabilità che affliggono i firewall
Nonostante i firewall siano tra gli strumenti di sicurezza più efficaci nella protezione delle reti aziendali, anche questi dispositivi non sono esenti da vulnerabilità che possono essere sfruttate da attaccanti malintenzionati. Le vulnerabilità nei firewall possono rappresentare delle minacce significative per la sicurezza dell’intera infrastruttura informatica aziendale, compromettere la riservatezza dei dati e, in alcuni casi, permettere agli hacker di prendere il controllo totale della rete. Una delle criticità più gravi è la Remote Code Execution (RCE), una vulnerabilità che consente agli attaccanti di eseguire codice dannoso da remoto sui dispositivi protetti dal firewall. Questo tipo di vulnerabilità è particolarmente pericoloso poiché offre agli aggressori l’opportunità di compromettere il firewall stesso e, conseguentemente, eludere le difese della rete.
Le vulnerabilità di tipo RCE sui firewall permettono agli hacker di accedere alle funzionalità interne del dispositivo e di manipolare i parametri di configurazione, disabilitando o aggirando le politiche di sicurezza predefinite. In alcuni casi, ciò può permettere di aprire porte non autorizzate, eseguire comandi remoti, raccogliere dati sensibili o, peggio ancora, compromettere completamente l’intero sistema di difesa della rete. Pertanto, le aziende devono essere consapevoli che la protezione offerta da un firewall è valida solo fintanto che il dispositivo è correttamente configurato e privo di vulnerabilità sfruttabili.
Un altro aspetto cruciale riguarda l’accesso alle console di gestione del firewall. Queste console sono il punto di controllo principale per la configurazione e la gestione della sicurezza della rete, e permettono a chi ha accesso di modificare le impostazioni del firewall. Se queste console sono accessibili via Internet, l’esposizione a potenziali attacchi aumenta notevolmente. Gli attaccanti possono sfruttare porte di accesso aperte per tentare di ottenere credenziali di amministratore o approfittare di vulnerabilità note nel software di gestione. È pertanto fondamentale disabilitare l’accesso alle console di gestione da Internet e riservarlo solo agli indirizzi IP locali o a una rete privata virtuale (VPN), riducendo così drasticamente il rischio di compromissione da attacchi esterni.
Oltre alla gestione degli accessi, è vitale che i firewall siano oggetto di un costante monitoraggio. I bug di sicurezza, sia nuovi che preesistenti, possono emergere anche in dispositivi che sembrano sicuri. I vendor di firewall rilasciano frequentemente aggiornamenti di sicurezza per correggere le vulnerabilità appena scoperte. L’importanza di monitorare e applicare tempestivamente gli aggiornamenti non può essere sottovalutata. Il processo di patch management deve essere un’attività regolare e automatizzata, al fine di applicare le correzioni necessarie senza ritardi. Ignorare gli aggiornamenti di sicurezza lascia il sistema vulnerabile agli attacchi, mettendo a rischio la rete aziendale.
Conclusioni
I firewall rimangono uno degli strumenti fondamentali per garantire la sicurezza delle reti aziendali. La loro capacità di monitorare, filtrare e proteggere il traffico di rete li rende cruciali per difendere le infrastrutture informatiche da accessi non autorizzati, malware e attacchi hacker. Tuttavia, è essenziale comprendere che un firewall, seppur potente, non è una soluzione infallibile. Le vulnerabilità che possono colpire i firewall stessi, come le vulnerabilità di Remote Code Execution, e la gestione impropria dell’accesso alle console, possono compromettere seriamente la sicurezza aziendale.
Per proteggere adeguatamente l’azienda, è fondamentale che i firewall vengano correttamente configurati, che si disabiliti l’accesso remoto non necessario e che si monitori costantemente la rete alla ricerca di eventuali minacce. Inoltre, il processo di patch management deve essere integrato nella strategia di sicurezza aziendale, garantendo che le vulnerabilità siano corrette tempestivamente.
In sintesi, mentre un firewall è un elemento essenziale della sicurezza informatica, la sua efficacia dipende dall’attenzione che gli viene dedicata. Le aziende devono essere consapevoli che la protezione della rete richiede una combinazione di tecnologie, strategie di gestione e pratiche quotidiane per garantire che i firewall rimangano efficaci e non diventino un punto debole nella difesa della loro sicurezza. Adottare un firewall senza una costante cura nella gestione e nell’aggiornamento non è sufficiente. La sicurezza, infatti, è un processo continuo che richiede attenzione costante.
L'articolo Alla Scoperta Dei Firewall: La Prima Linea Di Difesa Nella Sicurezza Informatica proviene da il blog della sicurezza informatica.
Laser Cut Acrylic Provides Movie-Style Authentication
Here at Hackaday, we pride ourselves on bringing you the latest and greatest projects for your viewing pleasure. But sometimes we come across a creation so interesting that we find ourselves compelled to write about it, even if it’s already been hanging around the Internet for years. This may or may not be due to the fact that we just re-watched Crimson Tide, and found ourselves on a self-imposed dive into a very particular rabbit hole…
If you’ve seen Crimson Tide, or the first few minutes of WarGames, you might already know what this post is about. Both films prominently make use of a one-time authentication device which the user snaps in half to reveal a card that has some secret code printed on it — and as it turns out, there are at least two different projects that aim to replicate the props used in the movies.
So how do you make your own film-quality Authenticator? The two projects take slightly different approaches, but the basic idea is to create a three layer acrylic stack. The top and bottom pieces are identical, and scored in the middle so they’ll break along a clean line. The center piece is cut in half and largely hollowed out to create the compartment for your printed message. It’s perhaps best described as two “C” shapes that have slight gap where they meet, which provides some room for the top and bottom layers to flex. With the acrylic pieces aligned and the message inside, everything is solvent welded together.
Of course, the question now is what to do with them. We can think of all sorts of games and challenges that could make use of this kind of thing, but if you’re looking for something a little more practical, these would be an awesome way to store your two-factor authentication recovery codes. With the proper software, you could even use these for secure file storage via QR code.
New Documentary Details Ventilator Development Efforts During COVID
What would it be like to have to design and build a ventilator, suitable for clinical use, in ten days? One that could be built entirely from locally-sourced parts, and kept oxygen waste to a minimum? This is the challenge [John Dingley] and many others faced at the start of COVID-19 pandemic when very little was known for certain.
Back then it was not even known if a vaccine was possible, or how bad it would ultimately get. But it was known that hospitalized patients could not breathe without a ventilator, and based on projections it was possible that the UK as a whole could need as many as 30,000 ventilators within eight weeks. In this worst-case scenario the only option would be to build them locally, and towards that end groups were approached to design and build a ventilator, suitable for clinical use, in just ten days.
[John] decided to create a documentary called Breathe For Me: Building Ventilators for a COVID Apocalypse, not just to tell the stories of his group and others, but also as a snapshot of what things were like at that time. In short it was challenging, exhausting, occasionally frustrating, but also rewarding to be able to actually deliver a workable solution.
In the end, building tens of thousands of ventilators locally wasn’t required. But [John] felt that the whole experience was a pretty unique situation and a remarkable engineering challenge for him, his team, and many others. He decided to do what he could to document it, a task he approached with a typical hacker spirit: by watching and reading tutorials on everything from conducting and filming interviews to how to use editing software before deciding to just roll up his sleeves and go for it.
We’re very glad he did, and the effort reminds us somewhat of the book IGNITION! which aimed to record a history of technical development that would otherwise have simply disappeared from living memory.
You can watch Breathe for Me just below the page break, and there’s additional information about the film if you’d like to know a bit more. And if you are thinking the name [John Dingley] sounds familiar, that’s probably because we have featured his work — mainly on self-balancing personal electric vehicles — quite a few times in the past.
youtube.com/embed/xi3Te1LSUt0?…
It’s Always Pizza O’Clock With This AI-Powered Timepiece
Right up front, we’ll say that [likeablob]’s pizza-faced clock gives us mixed feelings about our AI-powered future. On the one hand, if that’s Stable Diffusion’s idea of what a pizza looks like, then it should be pretty easy to slip the virtual chains these algorithms no doubt have in store for us. Then again, if they do manage to snare us and this ends up on the menu, we’ll pray for a mercifully quick end to the suffering.
The idea is pretty simple; the clock’s face is an empty pizza pan that fills with pretend pizza as the day builds to noon, whereupon pizza is removed until midnight when the whole thing starts again. The pizza images are generated by a two-stage algorithm using Stable Diffusion 1.5, and tend to favor suspiciously uncooked whole basil sprigs along with weird pepperoni slices and Dali-esque globs of cheese. Everything runs on a Raspberry Pi Zero W, with the results displayed on a 4″ diameter LCD with an HDMI adapter. Alternatively, you can just hit the web app and have a pizza clock on your desktop. If pizza isn’t your thing, fear not — other food and non-food images are possible, limited only by Stable Diffusion’s apparently quite limited imagination.
As clocks go, this one is pretty unique. But we’re used to seeing unusual clocks around here, from another food-centric timepiece to a clock that knits.
Push Your Toy Train No More, With This Locomotive!
One of the most popular evergreen toys is also one of the simplest, wooden track with push-along trains. We all know the brand name, and savvy parents know to pick up the much cheaper knock-off because the kid won’t know the difference. But a really cool kid shouldn’t have to push their train around by hand, and thus [Lauri] has given the wooden track a real, powered, locomotive.
In the 3D printed chassis goes a small geared motor driving one axle, with an ESP32 and a motor driver taking care of the smarts. Power comes from an 18650 cell, which almost looks like the right scale for a fake steam boiler. The surprise with this train comes in the front axle, this machine has steering. We’re curious, because isn’t the whole point of a train that the track directs it where it needs to go? Or perhaps a little help is required in the absence of a child’s guidance when it comes to points. Either way, with remote control we guess there would be few kids who wouldn’t want one. We certainly do.
Google FindMy Tools, Run on an ESP32
As of about a day ago, Google’s reasonably new Find My network just got more useful. [Leon Böttger] released his re-implementation of the Android tracker network: GoogleFindMyTools. Most interestingly for us, there is example code to turn an ESP32 into a trackable object. Let the games begin!
Everything is in its first stages here, and not everything has been implemented yet, but you are able to query devices for their keys, and use this to decrypt their latest location beacons, which is the main use case.
The ESP32 code appears not to support MAC address randomization just yet, so it’s possibly more trackable than it should be, but if you’re just experimenting with the system, this shouldn’t be too much of a problem. The README also notes that you might need to re-register after three days of use. We haven’t gotten to play with it just yet. Have you?
If you’re worried about the privacy implications of yet another ubiquitous tracking system out there, you’re not alone. Indeed, [Leon] was one of the people working on the Air Guard project, which let iPhone users detect trackers of all sorts around them. Anyone know if there’s something like that for Android?
Thanks [Lars] for the hot tip!
A Tiny Computer With a 3D Printed QWERTY Keyboard
The ESP32 family are the microcontrollers which just keep on giving, as new versions keep them up-to-date and plenty of hackers come up with new things for them. A popular device is a general purpose computer with a QWERTY keypad, and the latest of many we’ve seen comes from [StabbyJack]. It’s a credit card sized machine whose special trick is that its keyboard is integrated in the 3D printing of its case. We’ve seen rubber membranes and push in keys, but this one has flexible print-in-place keys that line up on the switches on its PCB.
It’s not complete yet but the hardware appears to be pretty much there, and aside from that keyboard it has an ESP32-S3 and a 1.9″ SPI LCD. When finished it aims for an ambitious specification, with thermal camera and time-of-flight range finder hardware, along with an OS and software to suit. We like it a lot, though we suspect it might be a little small for our fingers.
If you like this project you may appreciate another similar one, and perhaps your version will need an OS.
A Tiny Tapeout SDR
The Tiny Tapeout custom ASIC project has been around for a while now, and has passed through several iterations of its production. On each Tiny Tapeout chip are multiple designs, each representing an individual project, and in use the chip is configured to present that project to its pins. Given enough Tiny Tapeout chips it was inevitable that someone whould eventually make a project using two such functions, and here’s [Sylvain Munaut] with an SDR using Tiny Tapeouts 6 and 7.
At its heart is [Carsten Wulff]’s 8 bit ADC from Tiny Tapeout 6, fed by [Kolos Koblász]’s Gilbert cell RF mixer from Tiny Tapeout 7. There’s a local oscillator provided by an RP2040, and a USB interface board which sends the data to a host computer where GNU Radio does the maths. On the bench it’s receiving an FM signal generated around 30MHz by a signal generator, followed by some slightly indistinct commercial radio stations.
It’s clear that there are many better SDRs than this one, and that (as yet) Tiny Tapeout is perhaps not the radio enthusiast’s choice. But it does demonstrate beautifully how the chips are more than just curios, and we’re definitely in the era of useful on-demand ASICs.
The video is below the break, meanwhile you can learn about Tiny Tapeout from [Matt Venn]’s Supercon talk.
youtube.com/embed/ynHy9gpcBgc?…