Usagi’s PDP-11 Supercomputer and Appeal for Floating Point Systems Info
With an exciting new year of retrocomputing ahead for [David Lovett] over at the Usagi Electric YouTube channel, recently some new hardware arrived at the farm. Specifically hardware from a company called Floating Point Systems (FPS), whose systems provide computing features to assist e.g. a minicomputer like [David]’s PDP-11/44 system with floating point operations. The goal here is to use a stack of 1980s-era FPS hardware to give the PDP-11/44 MIMD (multiple instructions, multiple data) computing features, which is a characteristic associated with supercomputers.
The FPS hardware is unfortunately both somewhat rare and not too much documentation, including schematics, has been found so far. This is where [David] would love some help from the community on finding more FPS hardware, documentation and any related information so that it can all be preserved.
FPS itself was acquired by Cray in 1991, before SGI took over Cray Research in 1996. As is usual with such acquisitions, a lot of older information tends to get lost, along with the hardware as it gets tossed out over the years by companies and others. So far [David] has acquired an FPS-100 array processor, an interface card for the PDP-11 and an FPS-3000, the latter of which appears to be a MIMD unit akin to the FPS-5000.
Without schematics, let alone significant documentation, it’s going to be an uphill battle to make it all work again, but with a bit of help from us retrocomputer enthusiasts, perhaps this might not be as impossible after all.
youtube.com/embed/ufOHzGh-jbs?…
Second CNC Machine is Twice as Nice
[Cody Lammer] built a sweet CNC router. But as always, when you build a “thing”, you inevitably figure out how to build a better “thing” in the process, so here we are with Cody’s CNC machine v2.0. And it looks like CNC v1.0 was no slouch, so there’s no shortage of custom milled aluminum here.
The standout detail of this build is that almost all of the drive electronics and logic are hidden inside the gantry itself, making cabling a lot less of a nightmare than it usually is. While doing this was impossible in the past, because everything was just so bulky, he manages to get an ESP32 and the stepper drivers onto a small enough board that it can move along with the parts that it controls. FluidNC handles the G-Code interpretation side of things, along with providing a handy WiFi interface. This also allows him to implement a nice jog wheel and a very handy separate position and status indicator LCD on the gantry itself.
When you’re making your second CNC, you have not only the benefit of hindsight, but once you’ve cut all the parts you need, you also have a z-axis to steal and just bolt on. [Cody] mentions wanting a new z-axis with more travel – don’t we all! – but getting the machine up and running is the first priority. It’s cool to have that flexibility.
All in all, this is a very clean build, and it looks like a great improvement over the old machine. Of course, that’s the beauty of machine tools: they are the tools that you need to make the next tool you need. Want more on that subject? [Give Quinn Dunki’s machining series a read].
Fraens’ New Loom and the Limits of 3D Printing
[Fraens] has been re-making industrial machines in fantastic 3D-printable versions for a few years now, and we’ve loved watching his creations get progressively more intricate. But with this nearly completely 3D-printable needle loom, he’s pushing right up against the edge of the possible.
The needle loom is a lot like the flying shuttle loom that started the Industrial Revolution, except for making belts or ribbons. It’s certainly among the most complex 3D-printed machines that we’ve ever seen, and [Fraens] himself says that it is pushing the limits of what’s doable in plastic — for more consistent webbing, he’d make some parts out of metal. But that’s quibbling; this thing is amazing.
On the aesthetic front, the simple but consistent choice of three colors for gears, arms, and frame make the build look super tidy. And the accents of two-color printing on the end caps is just the cherry on the top.
This is no small project, with eight-beds-worth of printed parts, plus all the screws, bearings, washers, etc. The models are for pay, but if you’re going to actually make this, that’s just a tiny fraction of the investment, and we think it’s going to a good home.
We are still thinking of making [Fraens]’s vibratory rock tumbler design, but check out all of his work if you’re interested in nice 3D-printed mechanical designs.
youtube.com/embed/oxqUhElNCuw?…
It’s A Bench, But It’s Not Benchy
Whatever the nuances are surrounding the reported taking down of remixes derived from the famous Benchy 3D printer stress test, it was inevitable that in its aftermath there would be competing stress tests appear under more permissive licensing. And so it has come to pass, in the form of [Depep1]’s Boaty, a model that’s not a boat, but a bench. Sadly this is being written away from a 3D printer so we can’t try it, but we can immediately see that its low bed contact area from having spindly legs would be a significant test for many printers’ bed adhesion, and it has overhangs and bridges aplenty.
It’s always interesting to see new takes on a printer stress test, after all we can all use something to check the health of our machines. But the Benchy saga isn’t something we think should drive you away from the little boat we know and love, as it remains an open-source model as it always has been. We don’t know the exact reasons why the derivatives were removed, but we understand from Internet scuttlebut that the waters may be a little more cloudy than at first supposed. If there’s any moral at all to the story, it lies in reading and understanding open source licences, rather than just assuming they all allow us to do anything we want.
Meanwhile it’s likely this model will be joined by others, and we welcome that. After all, innovation should be part of what open source does.
Missed the Benchy takedown story? Catch up here.
Thanks [Jeremy G] for the tip.
Bad Apple but it’s 6,500 Regex Searches in Vim
In the world of showing off, there is alongside ‘Does it play Doom?’ that other classic of ‘Does it play Bad Apple?’. Whereas either would be quaint in the context of the Vim editor, this didn’t deter [Nolen Royalty] from making Vim play the Bad Apple video. As this is a purely black and white video, this means that it’s possible to convert each frame into a collection of pixels, with regular expression based search and custom highlighting allowing each frame to be rendered in the Vim window.
The fun part about this hack is that it doesn’t require any hacking or patching of Vim, but leans on its insane levels of built-in search features by line and column, adjusting the default highlight features and using a square font to get proper pixels rather than rectangles. The font is (unsurprisingly) called Square and targets roguelike games with a specific aesthetic.
First 6,500 frames are fed through ffmpeg to get PNGs, which are converted these into pixel arrays using scripts on the GitHub project. Then the regex search combined with Vim macros allowed the video to be played at real-time speed, albeit at 120 x 90 resolution to give the PC a fighting chance. The highlighting provides the contrast with the unlit pixels, creating a rather nice result as can be seen in the embedded video.
eieio.games/images/bad-apple-w…
Retrotechtacular: The 1951 Telephone Selector
Telephone systems predate the use of cheap computers and electronic switches. Yesterday’s phone system used lots of stepping relays in a box known as a “selector.” If you worked for the phone company around 1951, you might have seen the Bell System training film shown below that covers 197 selectors.
The relays are not all the normal ones we think of today. There are slow release relays and vertical shafts that are held by a “dog.” The shaft moves to match the customer’s rotary dial input.
Be sure to check out part two to get the whole story. Actually, we think [Periscope] switched the videos, so maybe start with part two. It sort of gives an overview and more of a mechanical perspective. Part one shows the schematic and assumes you know about some things covered in what they are calling part two.
You have to wonder who designed these to start with. Seems hard enough to follow when someone is explaining it, much less dreaming it up from scratch. Like most things, many people contributed to the development of the technology, and we are pretty sure the type 197 selector wasn’t the first device to appear.
Watching the current flow through the wires in the video reminded us of the Falstad circuit simulator.
youtube.com/embed/wSylaHLIzYE?…
youtube.com/embed/zhse34G33A4?…
iFixit Releases Command Line Docs for FixHub Iron
When we reviewed the iFixit FixHub back in September, one of the most interesting features of the portable soldering station was the command line interface that both the iron and the base station offered up once you connected to them via USB. While this feature wasn’t documented anywhere, it made a degree of a sense, as the devices used WebSerial to communicate with the browser. What was less clear at the time was whether or not the user was supposed to be fiddling with this interface, or if iFixit intended to lock it up in a future firmware update.
Thanks to a recent info dump on GitHub, it seems like we have our answer. In the repo, iFixit has provided documentation for each individual command on both the iron and base, including some background information and application notes for a few of the more esoteric functions. A handful of the commands are apparently disabled in the production version of the firmware, but there’s still plenty to poke around with.
A note at the top of the repo invites users to explore the hardware and to have fun, but notes that any hardware damage caused by “inventive tinkering” won’t be covered under the warranty. While it doesn’t look to us like there’s much in here that could cause damage, there’s one or two we probably wouldn’t play with. The command that writes data to the non-volatile storage of the MAX17205 “Fuel Gauge” IC is likely better left alone, for example.
Some of the notes provide a bit of insight into the hardware design of the FixHub, as well. The fact that there are two different commands for reading the temperature from the thermocouple and thermistor might seem redundant, but it’s explained that the value from the thermistor is being used for cold junction compensation to get a more accurate reading from the thermocouple in the iron’s tip. On the other hand, one can only wonder about the practical applications of the tip_installed_uptime command.
The potential for modifying and repairing the FixHub was one of the things we were most excited about in our review, so we’re glad to see iFixit releasing more documentation for the device post-release. That said, the big question still remains: will we eventually get access to the firmware source code?
Blinkenlights-First Retrocomputer Design
[Boz] wants to build a retrocomputer, but where to start? You could start with the computery bits, like say the CPU or the bus architecture, but where’s the fun in that? Instead, [Boz] built a righteous blinkenlights array.
What’s cool about this display is that it’s ready to go out of the box. All of the LEDs are reverse-mount and assembled by the board maker. The 19″ 2U PCBs serve as the front plates, so [Boz] was careful not to use any through-hole parts, which also simplified the PCB assembly, of course. Each slice has its own microcontroller and a few shift registers to get the bits lit up, and that’s all there is to it. They take incoming data at 9600 baud and output blinkiness.
Right now it pulls out its bytes from his NAS. We’re not sure which bytes, and we think we see some counters in there. Anyway, it doesn’t matter because it’s so pretty. And maybe someday the prettiness will lure [Boz] into building a retrocomputer to go under it. But honestly, we’d just relax and watch the blinking lights.
youtube.com/embed/vKjqw5iGqnQ?…
hackaday.com/2025/01/11/blinke…
In Praise of Simple Projects
Hackaday was at Chaos Communication Congress last week, and it’s one of those big hacker events that leaves you with so much to think about that I’m still processing it. Just for scope, the 38th CCC is a hacker event with about 15,000 attendees from all around Europe, and many from even further. If I were to characterize the crowd on a hardware-software affinity scale, I would say that it skews heavily toward the software side of the hacker spectrum.
What never ceases to amaze me is that there are a couple of zones that are centered on simple beginner soldering and other PCB art projects that are completely full 20 hours of the day. I always makes me wonder how it is possible to have this many hackers who haven’t picked up a soldering iron. Where do all these first-timers come from? I think I’m in a Hackaday bubble where not only does everyone solder at least three times a day, some of us do it with home-made reflow ovens or expensive microscopes.
But what this also means is that there’s tremendous reach for interesting, inviting, and otherwise cool beginner hardware projects. Hands-on learning is incredibly addictive, and the audience for beginner projects is probably ten times larger than that for intermediate or advanced builds. Having watched my own son putting together one of these kits, I understand the impact they can have personally, but it’s worth noting that the guy next to him was certainly in his mid-30s, and the girl across the way was even a few years younger than my son.
So let’s see some cool beginner projects! We’d love to feature more projects that could lure future hackers to the solder-smoky side.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
Telegram Premium? No, è un Dropper: La Truffa Che Ruba le Tue Credenziali
È stato scoperto un nuovo malware Android, FireScam, che si maschera da versione premium di Telegram e prende di mira i dispositivi con versioni Android 8-15. Il malware viene distribuito tramite pagine di phishing su GitHub che imitano l’app store RuStore.
Secondo i ricercatori di Cyfirma , una pagina dannosa su GitHub.io che imitava RuStore (ora cancellata) ha inizialmente fornito alle vittime un modulo dropper chiamato GetAppsRu.apk.
Questo dropper APK viene offuscato con DexGuard per eludere il rilevamento e richiede autorizzazioni che gli consentano di identificare le app installate sul dispositivo della vittima, concedere l’accesso allo spazio di archiviazione e abilitare l’installazione di pacchetti aggiuntivi.
Il dropper quindi estrae e installa il payload principale, Telegram Premium.apk, che chiede all’utente il permesso di tenere traccia delle notifiche, dei dati degli appunti, degli SMS, del registro delle chiamate e così via.
Dopo aver eseguito questo, l’utente vede una schermata WebView che mostra la pagina di accesso di Telegram. Le credenziali inserite in questa pagina alla fine finiscono nelle mani degli operatori del malware.
I ricercatori scrivono che FireScam alla fine stabilisce una connessione con il Firebase Realtime Database, dove carica tutti i dati rubati in tempo reale e registra anche il dispositivo compromesso, assegnandogli un ID univoco per il tracciamento. In questo caso i dati rubati vengono archiviati nel database solo temporaneamente e poi cancellati (presumibilmente dopo che gli aggressori hanno verificato la presenza di informazioni preziose e li hanno copiati in un’altra posizione).
Inoltre, il malware stabilisce una connessione WebSocket persistente con l’endpoint Firebase per eseguire vari comandi in tempo reale. Ad esempio, potrebbero trattarsi di richieste di dati specifici, caricamento immediato di dati nel database Firebase, caricamento ed esecuzione di payload aggiuntivi o configurazione di parametri di monitoraggio.
Inoltre, FireScam è in grado di tenere traccia dei cambiamenti nell’attività dello schermo registrando gli eventi di avvio e arresto del dispositivo e può anche registrare dati su applicazioni ed eventi attivi che durano più di 1000 millisecondi.
Il malware monitora attentamente anche tutte le transazioni finanziarie, cercando di intercettare dati riservati. Pertanto, gli operatori FireScam ricevono tutto ciò che l’utente digita sulla tastiera, trascina e copia negli appunti (compresi i dati inseriti automaticamente dai gestori di password).
Gli analisti di Cyfirma notano che lo stesso dominio di phishing ospitava un altro artefatto dannoso chiamato CDEK, probabilmente associato a una società logistica russa con lo stesso nome. Tuttavia, i ricercatori non sono stati in grado di studiare questo artefatto.
L'articolo Telegram Premium? No, è un Dropper: La Truffa Che Ruba le Tue Credenziali proviene da il blog della sicurezza informatica.
Comparing Ways to Add Threads to Your 3D Prints
Adding threads to your 3D prints is a life-changing feature, but obviously there are a lot of trade-offs and considerations when deciding on how to go about this exactly. Between self-tapping screws, printed threads, heat inserts and a dozen other options it can be tough to decide what to go with. In a recent video [Thomas Sanladerer] runs through a few of these options, including some less common ones, and what he personally thinks of them.
Confounding factors are also whether you’re printing on an FDM or resin printer, what size thread you’re targeting and how often the screw or bolt will be removed. The metal heat inserts are generally a good option for durability, but when you have big bolts you get a few other metal-based options too, including thread repair inserts and prong nuts. Tapping threads into a print can also be an option, but takes a fair bit of patience.
Slotted nuts can be an idea if you don’t mind carving a space into your model, and the comments dove on embedding nuts in the print by pausing during printing. Ultimately [Thomas] really likes to use a type of self-forming threads with just three protruding sections into the hole that the bolt taps into, which reduces the stress on the part and works well enough for parts that only have to be screwed down once or twice.
youtube.com/embed/HgEEtk85rAY?…
Embedding Lenticular Lenses Into 3D Prints
A research project shows that it’s possible to create complex single-piece lenticular objects, or objects that have lenticular lenses built directly into them. The result is a thing whose appearance depends on the viewer’s viewpoint. The object in the image above, for example, is the same object from five different angles.
What’s really neat is that these colorful things have been 3D printed as single objects, no separate lenses or assembly required. Sure, it requires equipment that not just everyone has on their workbench, but we think a clever hacker could put the underlying principles to work all the same.
The effect is essentially the same as what is sometimes seen in children’s toys and novelties — where a perceived image changes depending on the viewing angle. This principle has been used with a lenticular lens sheet to create a clever lenticular clock, but there’s no need to be limited by what lenses are available off the shelf. We’ve seen a custom 3D printed lenticular lens slapped onto a mobile device to create a 3D screen effect.
Coming back to the research, the objects researchers created go beyond what we’ve seen before in two important ways. First is in using software to aid in designing the object and it’s viewpoints (the plugin for Rhino 3D is available on GitHub), and the second is the scale of the effect. Each lens can be thought of as a pixel whose color depends on the viewing angle, and by 3D printing the lenses, one can fit quite a lot of them onto a surface with a high degree of accuracy.
To make these objects researchers used PolyJet 3D printing, which is essentially UV-cured resin combined with inkjet technology, and can create multi-color objects in a single pass. The lenses are printed clear with a gloss finish, the colors are embedded, and a final hit of sprayed varnish helps with light transmission. It sure beats placing hundreds of little lenses by hand.
youtube.com/embed/tLCBk1Z3ZgQ?…
Italia Sotto Attacco di NoName057(16). Gli Hacker: “l’Italia dovrebbe pensare alla propria Sicurezza cibernetica”
Gli hacker di NoName057(16) riavviano le loro attività ostili contro diversi obiettivi italiani, attraverso attacchi di Distributed Denial-of-Service (DDoS). Questi nuovi attacchi sono ad 11 giorni dall’ultima tornata conclusa il 31 dicembre scorso.
NoName057(16) è un gruppo di hacker hacktivisti che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi che supportano l’Ucraina, come gli Stati Uniti e molti altri paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private.
Di seguito il post pubblicato dagli attivisti filorussi sul loro canale telegram:
Il primo ministro italiano Giorgia Meloni ha confermato la continuazione del sostegno globale all'Ucraina in un incontro con Vladimir Zelenskyj durante la sua visita a Roma, ha riferito Palazzo Chigi.
Secondo la Meloni, l’Italia aiuterà l’Ucraina a difendere i propri interessi e a raggiungere una pace giusta e duratura. Le trattative sono durate circa un'ora e miravano a rafforzare la posizione di Kiev🤬
L’Italia dovrebbe iniziare ad aiutare se stessa e, prima di tutto, la propria sicurezza informatica😈
Ministero italiano delle Infrastrutture e dei Trasporti (chiuso da geo)
check-host.net/check-report/2229ec74k19e
❌Ministero dello Sviluppo Economico dell'Italia
check-host.net/check-report/2229ed55ka78
❌Forze Armate Italiane (morto al ping)
check-host.net/check-report/2229eea6k1f5
❌L'industria energetica aerospaziale italiana
check-host.net/check-report/2229efe0kfc0
❌Organizzazione dei Carabinieri d'Italia (morto al ping)
check-host.net/check-report/2229f0dfk8a8
❌Marina Militare Italiana (morto su ping)
check-host.net/check-report/2229f155k396
❌APS è l'azienda di autobus di Siena
check-host.net/check-report/2229f289kdb8
❌ATAP - Azienda di autobus di Torino (chiusa per motivi geo)
check-host.net/check-report/2229f2c6k1e0
Tradotto con DeepL.com (versione gratuita)
Che cos’è un attacco Distributed Denial of Service
Un attacco DDoS (Distributed Denial of Service) è un tipo di attacco informatico in cui vengono inviate una grande quantità di richieste a un server o a un sito web da molte macchine diverse contemporaneamente, al fine di sovraccaricare le risorse del server e renderlo inaccessibile ai suoi utenti legittimi.
Queste richieste possono essere inviate da un grande numero di dispositivi infetti da malware e controllati da un’organizzazione criminale, da una rete di computer compromessi chiamata botnet, o da altre fonti di traffico non legittime. L’obiettivo di un attacco DDoS è spesso quello di interrompere le attività online di un’organizzazione o di un’azienda, o di costringerla a pagare un riscatto per ripristinare l’accesso ai propri servizi online.
Gli attacchi DDoS possono causare danni significativi alle attività online di un’organizzazione, inclusi tempi di inattività prolungati, perdita di dati e danni reputazionali. Per proteggersi da questi attacchi, le organizzazioni possono adottare misure di sicurezza come la limitazione del traffico di rete proveniente da fonti sospette, l’utilizzo di servizi di protezione contro gli attacchi DDoS o la progettazione di sistemi resistenti agli attacchi DDoS.
Occorre precisare che gli attacchi di tipo DDoS, seppur provocano un disservizio temporaneo ai sistemi, non hanno impatti sulla Riservatezza e Integrità dei dati, ma solo sulla loro disponibilità. pertanto una volta concluso l’attacco DDoS, il sito riprende a funzionare esattamente come prima.
Che cos’è l’hacktivismo cibernetico
L’hacktivismo cibernetico è un movimento che si serve delle tecniche di hacking informatico per promuovere un messaggio politico o sociale. Gli hacktivisti usano le loro abilità informatiche per svolgere azioni online come l’accesso non autorizzato a siti web o a reti informatiche, la diffusione di informazioni riservate o il blocco dei servizi online di una determinata organizzazione.
L’obiettivo dell’hacktivismo cibernetico è di sensibilizzare l’opinione pubblica su questioni importanti come la libertà di espressione, la privacy, la libertà di accesso all’informazione o la lotta contro la censura online. Gli hacktivisti possono appartenere a gruppi organizzati o agire individualmente, ma in entrambi i casi utilizzano le loro competenze informatiche per creare un impatto sociale e politico.
È importante sottolineare che l’hacktivismo cibernetico non deve essere confuso con il cybercrime, ovvero la pratica di utilizzare le tecniche di hacking per scopi illeciti come il furto di dati personali o finanziari. Mentre il cybercrime è illegale, l’hacktivismo cibernetico può essere considerato legittimo se mira a portare all’attenzione pubblica questioni importanti e a favorire il dibattito democratico. Tuttavia, le azioni degli hacktivisti possono avere conseguenze legali e gli hacktivisti possono essere perseguiti per le loro azioni.
Chi sono gli hacktivisti di NoName057(16)
NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private
Le informazioni sugli attacchi effettuati da NoName057(16) sono pubblicate nell’omonimo canale di messaggistica di Telegram. Secondo i media ucraini, il gruppo è anche coinvolto nell’invio di lettere di minaccia ai giornalisti ucraini. Gli hacker hanno guadagnato la loro popolarità durante una serie di massicci attacchi DDOS sui siti web lituani.
Le tecniche di attacco DDoS utilizzate dal gruppo sono miste, prediligendo la “Slow http attack”.
La tecnica del “Slow Http Attack”
L’attacco “Slow HTTP Attack” (l’articolo completo a questo link) è un tipo di attacco informatico che sfrutta una vulnerabilità dei server web. In questo tipo di attacco, l’attaccante invia molte richieste HTTP incomplete al server bersaglio, con lo scopo di tenere occupate le connessioni al server per un periodo prolungato e impedire l’accesso ai legittimi utenti del sito.
Nello specifico, l’attacco Slow HTTP sfrutta la modalità di funzionamento del protocollo HTTP, che prevede che una richiesta HTTP sia composta da tre parti: la richiesta, la risposta e il corpo del messaggio. L’attaccante invia molte richieste HTTP incomplete, in cui il corpo del messaggio viene inviato in modo molto lento o in modo incompleto, bloccando la connessione e impedendo al server di liberare le risorse necessarie per servire altre richieste.
Questo tipo di attacco è particolarmente difficile da rilevare e mitigare, poiché le richieste sembrano legittime, ma richiedono un tempo eccessivo per essere elaborate dal server. Gli attacchi Slow HTTP possono causare tempi di risposta molto lenti o tempi di inattività del server, rendendo impossibile l’accesso ai servizi online ospitati su quel sistema.
Per proteggersi da questi attacchi, le organizzazioni possono implementare soluzioni di sicurezza come l’uso di firewall applicativi (web application firewall o WAF), la limitazione delle connessioni al server e l’utilizzo di sistemi di rilevamento e mitigazione degli attacchi DDoS
L'articolo Italia Sotto Attacco di NoName057(16). Gli Hacker: “l’Italia dovrebbe pensare alla propria Sicurezza cibernetica” proviene da il blog della sicurezza informatica.
Tactility; The ESP32 Gets Another OS
Doing the rounds this week is a new operating system for ESP32 microcontrollers, it’s called Tactility, and it comes from [Ken Van Hoeylandt]. It provides a basic operating system level with the ability to run apps from an SD card, and it has the choice of a headless version or an LVGL-based touch UI.
Supported devices so far are some Lillygo and M5Stack boards, with intriguingly, support in the works for the Cheap Yellow Display board that’s caught some attention recently. The term “ESP32” is now a wide one encompassing Tensilica and RISC-V cores and a range of capabilities, so time will tell how flexible it is for all branches of the family.
We find this OS to be interesting, both in its own right and because it joins at least two others trying to do the same thing. There’s [Sprite_TM]’s PocketSprite mini console, and the operating system used by the series of Netherlands hacker camp badges, We’ll be trying to get a device running it, in order to give you a look at whether it’s suitable for your projects. If it runs well on the cheaper hardware, it could be a winner!
Telefónica conferma: violazione del sistema interno e fuga di dati sensibili
Recentemente, un attore di minacce ha pubblicato su un forum clandestino una presunta violazione dei dati di Telefónica, una delle principali aziende di telecomunicazioni a livello mondiale. L’attaccante ha dichiarato di aver ottenuto l’accesso a un sistema interno di gestione dei ticket, esfiltrando una notevole quantità di dati sensibili.
Secondo le informazioni fornite dall’attore di minacce e confermate da Telefónica, i dati compromessi includono:
- 236.493 record contenenti dati dei clienti.
- 469.724 record relativi a ticket interni.
- Oltre 5.000 file interni, tra cui documenti in formato CSV, PPTX, XLSX, DOCX, DOC, PDF e MSG.
Questi dati sono stati resi disponibili per il download su un forum di hacking, esponendo informazioni sensibili sia dei clienti che dell’azienda stessa.
Informazioni sull’obiettivo degli attori della minaccia
Telefónica è una multinazionale spagnola delle telecomunicazioni con sede a Madrid, Spagna. Opera in dodici paesi e conta oltre 104.000 dipendenti. In Spagna, l’azienda opera con il marchio Movistar ed è il principale fornitore di servizi di telecomunicazione, offrendo telefonia fissa e mobile, internet a banda larga e televisione digitale.
Telefónica ha confermato la violazione del suo sistema interno di ticketing, avvenuta tramite l’accesso non autorizzato a un account aziendale utilizzato per gestire richieste di supporto e assistenza. L’azienda ha dichiarato che l’incidente ha riguardato solo dati interni e che non sono state coinvolte informazioni personali dei clienti o impatti sui servizi forniti. Telefónica ha inoltre avviato un’indagine approfondita e collaborato con le autorità competenti per gestire l’incidente e prevenire futuri attacchi.
La compromissione di un sistema interno di gestione dei ticket può avere diverse implicazioni:
- Esposizione di dati sensibili dei clienti: informazioni personali potrebbero essere utilizzate per attività fraudolente o di phishing.
- Rischi per la sicurezza interna: documenti interni potrebbero contenere dettagli su infrastrutture, processi aziendali o vulnerabilità, aumentando il rischio di ulteriori attacchi.
- Danno reputazionale: la fiducia dei clienti potrebbe essere compromessa, influenzando negativamente l’immagine dell’azienda.
Conclusione
La conferma della violazione da parte di Telefónica evidenzia l’importanza di implementare misure di sicurezza robuste per proteggere i sistemi interni e i dati sensibili. È fondamentale che l’azienda continui a investigare sull’incidente, adottando tutte le misure necessarie per prevenire futuri accessi non autorizzati e mitigare le conseguenze per i clienti coinvolti.
Come nostra abitudine, lasciamo sempre spazio a una dichiarazione dell’azienda, qualora volesse fornirci aggiornamenti sulla questione. Saremo lieti di pubblicare tali informazioni con un articolo specifico che evidenzi il problema.
RHC Dark Lab seguirà l’evolversi della situazione per pubblicare ulteriori notizie sul blog, qualora ci fossero aggiornamenti sostanziali. Se ci sono persone a conoscenza dei fatti che desiderano fornire informazioni in forma anonima, possono utilizzare l’e-mail criptata dell’informatore.
L'articolo Telefónica conferma: violazione del sistema interno e fuga di dati sensibili proviene da il blog della sicurezza informatica.
AA Battery Performances Tested, So Get The Most For Your Money
[Project Farm] has a video in which a wide variety of AA cells are analyzed and compared in terms of capacity, internal resistance, ability to deliver voltage under load, and ability to perform in sub-freezing temperatures. Alkaline, lithium, and even some mature rechargeable cells with a couple thousand cycles under their belt were all compared. There are a few interesting results that will can help you get the most from your money the next time you’re battery shopping.
The video embedded below demonstrates a set of tests that we recommend you check out, but the short version is that more expensive (non-rechargeable) lithium cells outperform their alkaline peers, especially when it comes to overall longevity, ability to perform under high-drain conditions, and low temperatures. Lithium cells also cost more, but they’re the right choice for some applications.
As for how different brands stack up against one another, many of them are more or less in the same ballpark when it comes to performance. Certainly there are better and worse performers, but outside of a couple of stinkers the rest measure up reasonably well. Another interesting finding was that among rechargeable cells that were all several years (and roughly 2,200 charge-discharge cycles) old, a good number of them still performed like new.
Probably the single most striking difference among the different cells is cost — and we’re not just talking about whether lithium versus alkaline AAs are more cost-effective in the long run. Some brands simply cost twice as much (or more!) than others with comparable performance. If you’re in a hurry, jump to [Project Farm] presenting the final ranked results at 19:45 in.
Relying on brand recognition may save you from buying complete junk, but it’s clearly not the most cost-effective way to go about buying batteries. These findings are similar to an earlier effort at wide-scale battery testing which also determined that factoring in price-per-cell was too significant to ignore.
youtube.com/embed/efDTP5SEdlo?…
The Engineer Behind Mine Detection
According to [Joanna Goodrich] in IEEE Spectrum, prior to World War II, soldiers who wanted to find land mines, simply poked at the ground with pointed sticks or bayonets. As you might expect, this wasn’t very safe or reliable. In 1941, a Polish signals officer, [Józef Stanislaw Kosacki], escaped to Britain and created an effective portable mine detector.
[Kosaci] was an electrical engineer trained at the Warsaw University of Technology. He had worked as a manager for the Polish National Telecommunication Institute. In 1937, the government tasked him with developing a machine that could detect unexploded grenades and shells. The machine was never deployed.
When Germany invaded Poland in 1939, [Kosacki] returned to military service (he had done a year of compulsory service earlier). He was captured and kept in a prison camp in Hungary. But he managed to escape in late 1939 and joined the Polish Army Corps in Britain, teaching Morse code to soldiers.
Britain buried landmines along their coastline to thwart any invasion. Unfortunately, they failed to notify allied forces about it and several Polish soldiers were killed. In response, the British Army set a challenge to develop a mine detector and, as a test, the device had to locate some coins on a beach.
There were seven devices entered, and [Kosacki’s] won. As a military secret, there isn’t much detail, but it sounds like it was the (now) usual BFO metal detector affair with two coils at the end of a bamboo pool. With the tech of the day, the whole affair came in at around 30 pounds. We’d bet a lot of that was in batteries.
By 1942 during the second battle of El Alamein, the new detectors allowed mine clearing operations to happen twice as fast as before. Our engineer didn’t get much recognition. Just a letter from King George. Part of that was due to fear that his family in Poland would suffer.
While land mines aren’t as common for most people as FM radios, we love to meet inventors. Even when it isn’t a very happy story.
Springs and Things Make for a Unique Timepiece
You never know when inspiration is going to strike, and for [Ekaggrat Singh Kalsi], it struck while he was playing with one of his daughter’s hair ties. The result is a clock called “Bezicron” and it’s a fascinating study in mechanical ingenuity.
For our money, the best part of this build is the cams. Coming up with the proper shape for those had to be incredibly tedious, although we suspect 3D printing and rapid iterative design were a big help here. Practice with cam design from his earlier Eptaora clock probably helped too.
youtube.com/embed/_p6RKjwEwpk?…
Thanks to [Hari Wiguna] for the tip.
Bit-Banging the USB-PD Protocol
For one-off projects, adding a few integrated circuits to a PCB is not too big of a deal. The price of transistors is extremely low thanks to Moore and his laws, so we’re fairly free to throw chips around like peanuts. But for extremely space-constrained projects, huge production runs, or for engineering challenges, every bit of PCB real estate counts. [g3gg0] falls into the latter group, and this project aims to remove the dedicated USB-PD module from a lighting project and instead bit-bang the protocol with the ESP32 already on the board.
The modern USB power delivery (PD) protocol isn’t quite as simple as older USB ports that simply present a 5V source to whatever plugs itself into the port. But with the added complexity we get a lot more capability including different voltages and greater power handling capabilities. The first step with the PD protocol is to communicate with a power source, which requires a 1.2V 600kHz signal. Just generating the signal is challenging enough, but the data encoding for USB requires level changes to encode bits rather than voltage levels directly. With that handled, the program can then move on to encoding packets and sending them out over the bus.
After everything is said and done, [g3gg0] has a piece of software that lets the ESP32 request voltages from a power supply, sniff and log PD communication, and inject commands with vendor defined messages (VDM), all without needing to use something like a CH224K chip which would normally offload the USB-PD tasks. For anyone looking to save PCB space for whatever reason, this could be a valuable starting point. To see some more capabilities of the protocol, check out this USB-PD power supply that can deliver 2 kW.
Life Without Limits: A Blind Maker’s Take on 3D Printing
In the world of creation, few stories inspire as much as [Mrblindguardian], a 33-year-old who has been blind since the age of two, but refuses to let that hold him back. Using OpenSCAD and a 3D printer, [Mrblindguardian] designs and prints models independently, relying on speech software and touch to bring his ideas to life. His story, published on his website Accessible3D.io, is a call to action for makers to embrace accessibility in their designs and tools.
[Mrblindguardian]’s approach to 3D printing with OpenSCAD is fascinating. Without visual cues, he can still code every detail of his designs, like a tactile emergency plan for his workplace. The challenges are there: navigating software as a blind user, mastering 3D printers, and building from scratch. His tip: start small. Taking on a very simple project allows you to get accustomed to the software while avoiding pressure and frustation.
His successes highlight how persistence, community support, and creativity can break barriers. His journey mirrors efforts by others, like 3D printed braille maps or accessible prosthetics, each turning daily limitations into ingenious innovations. [Mrblindguardian] seems to be out to empower others, so bookmark his page for that what’s yet to come.
Accessible tech isn’t just about empowering. Share your thoughts in the comments if you have similar experiences – or good solutions to limitations like these! As [Mrblindguardian] says on his blog: “take the leap. Let’s turn the impossible into the tangible—one layer at a time”.
I am fully blind, and this is how I 3d design and print independantly
byu/Mrblindguardian inprusa3d
Hackaday Podcast Episode 303: The Cheap Yellow Display, Self-Driving Under $1000, and Don’t Remix that Benchy
As the holiday party season fades away into memory and we get into the swing of the new year, Elliot Williams is joined on the Hackaday Podcast by Jenny List for a roundup of what’s cool in the world of Hackaday. In the news this week, who read the small print and noticed that Benchy has a non-commercial licence? As the takedown notices for Benchy derivatives fly around, we muse about the different interpretations of open source, and remind listeners to pay attention when they choose how to release their work.
The week gave us enough hacks to get our teeth into, with Elliot descending into the rabbit hole of switch debouncing, and Jenny waxing lyrical over a crystal oscillator. Adding self-driving capability to a 30-year-old Volvo caught our attention too, as did the intriguing Cheap Yellow Display, an ESP32 module that has (almost) everything. Meanwhile in the quick hacks, a chess engine written for a processor architecture implemented entirely in regular expressions impressed us a lot, as did the feat of sending TOSLINK across London over commercial fibre networks. Enjoy the episode, and see you again next week!
[Editor’s Note: Libsyn, our podcasting syndicator, is bugging out. I’ll keep trying, but until they get their service back into gear, I’ve uploaded the podcast here, and as always you can just download the podcast for yourself. Sorry for the inconvenience, and enjoy!]
hackaday.com/wp-content/upload…
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 298 Show Notes:
News:
What’s that Sound?
- Think you know what this week’s nature sound is? Fill out this form with your best guess!
Interesting Hacks of the Week:
- Self Driving Like It’s 1993
- Is A Cheap Frequency Standard Worth It?
- Button Debouncing With Smart Interrupts
- More Things To Do With Your Cheap Yellow Display
- All-Band Receiver Lets You Listen To All The Radio At Once
- Pi Pico Makes SSTV Reception A Snap
Quick Hacks:
- Elliot’s Picks:
- Regular (Expression) Chess
- Try A PWMPot
- Gaze Upon This Omni-directional Treadmill’s Clever LEGO Construction
- Jenny’s Picks:
- A New Life For A Conference Badge, Weighing Bees
- 38C3: It’s TOSLINK, Over Long Distance Fibre
- A Street For Every Date
Can’t-Miss Articles:
SerenityOS On Real Hardware
One of the problems facing any developer working on their own operating system is that of hardware support. With many thousands of peripherals and components that can be found in a modern computer, keeping up requires either the commercial resources of Microsoft or the huge community of Linux.
For a small project such as SerenityOS this becomes a difficult task, and for that reason the primary way to run that OS has always been in an emulator. [Sdomi] however has other ideas, and has put a lot of effort to getting the OS to run on some real hardware. The path to that final picture of a laptop with a SerenityOS desktop is long, but it makes for a fascinating read.
The hardware in question is an Intel powered Dell Chromebook. An odd choice you might think, but they’re cheap and readily available, and they have some useful debugging abilities built in. We’re treated to an exploration of the hardware and finding those debug ports, and since the USB debugging doesn’t work, a Pi Pico clone is squeezed into the case. We like that it’s wired up to the flash chip as well as serial.
Getting access to the serial port from the software turned out to be something of a pain, because the emulated UART wasn’t on the port you’d expect. Though it’s an Intel machine it’s not a PC clone, so it has no need. Some epic hackery involving rerouting serial to the PC debug port ensued, enabling work to start on an MMC driver for the platform. The eventual result is a very exclusive laptop, maybe the only one running SerenityOS on hardware.
We like this OS, and we hope this work will lead to it becoming usable on more platforms. We took a look at it back in 2023, and it’s good to hear that it’s moving forward.
Il CRM della NIKE è stato violato? Un Threat Actors mette in vendita i dati
In un recente post su un forum dell’underground è stata rivendicata una grave violazione dei dati che coinvolge Nike Inc. Un utente noto come Sorb, ha pubblicizzato un database CRM compromesso appartenente al gigante dell’abbigliamento sportivo.
Questo database, compilato utilizzando un bot chiamato esnkrs.com, contiene oltre 42 milioni di record di log.
Attualmente, non possiamo confermare l’autenticità della notizia, poiché l’organizzazione non ha ancora pubblicato un comunicato ufficiale sul proprio sito web in merito all’incidente. Le informazioni riportate provengono da fonti pubbliche accessibili su siti underground, pertanto vanno interpretate come una fonte di intelligence e non come una conferma definitiva.
Il database compromesso copre un periodo che va dal 2020 al 2024 e include informazioni sensibili come ID Discord, email, indirizzi fisici e IP, taglie di scarpe, nomi dei prodotti, link e timestamp. Sorb ha messo in vendita questi dati per 1300 dollari, fornendo campioni in formati JSON e CSV. Il post evidenzia che il database è ancora accessibile a causa dell’incapacità degli sviluppatori di individuare l’amministratore finale del server.
La violazione colpisce in particolare il settore retail, con un focus specifico sul settore dell’abbigliamento sportivo. Le informazioni sensibili esposte potrebbero portare a gravi conseguenze per gli utenti coinvolti, inclusi rischi di furto d’identità e altre forme di abuso dei dati. Da una prima analisi dei dati effettuata da Darklab la struttura dei dati e la consistenza sembrerebbe essere autentica.
La violazione dei dati di Nike evidenzia l’importanza di implementare misure di sicurezza robuste e di monitorare costantemente i sistemi per prevenire accessi non autorizzati. Le aziende devono essere pronte a rispondere rapidamente in caso di violazione per proteggere i dati dei loro utenti e mantenere la fiducia dei clienti
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.
L'articolo Il CRM della NIKE è stato violato? Un Threat Actors mette in vendita i dati proviene da il blog della sicurezza informatica.
This Week in Security: Backdoored Backdoors, Leaking Cameras, and The Safety Label
The mad lads at watchTowr are back with their unique blend of zany humor and impressive security research. And this time, it’s the curious case of backdoors within popular backdoors, and the list of unclaimed domains that malicious software would just love to contact.
OK, that needs some explanation. We’re mainly talking about web shells here. Those are the bits of code that get uploaded to a web server, that provide remote access to the computer. The typical example is a web application that allows unrestricted uploads. If an attacker can upload a PHP file to a folder where .php files are used to serve web pages, accessing that endpoint runs the arbitrary PHP code. Upload a web shell, and accessing that endpoint gives a command line interface into the machine.
The quirk here is that most attackers don’t write their own tools. And often times those tools have special, undocumented features, like loading a zero-size image from a .ru domain. The webshell developer couldn’t be bothered to actually do the legwork of breaking into servers, so instead added this little dial-home feature, to report on where to find all those newly backdoored machines. Yes, many of the popular backdoors are themselves backdoored.
This brings us to what watchTowr researchers discovered — many of those backdoor domains were either never registered, or the registration has been allowed to expire. So they did what any team of researchers would do: Buy up all the available backdoor domains, set up a logging server, and just see what happens. And what happened was thousands of compromised machines checking in at these old domains. Among the 4000+ unique systems, there were a total of 4 .gov. domains from governments in Bangladesh, Nigeria, and China. It’s an interesting romp through old backdoors, and a good look at the state of still-compromised machines.
The Cameras are Leaking
One of the fun things to do on the Internet is to pull up some of the online video feeds around the world. Want to see what Times Square looks like right now? There’s a website for that. Curious how much snow is in on the ground in Hokkaido? Easy to check. But it turns out that there are quite a few cameras on the Internet that probably shouldn’t be. In this case, the focus is on about 150 license plate readers around the United States that expose both the live video stream and the database of captured vehicle data to anyone on the Internet that knows where and how to look.
This discovery was spurred by [Matt Brown] purchasing one of these devices, finding how easy they were to access, and then checking a service like Shodan for matching 404 pages. This specific device was obviously intended to be located on a private network, protected by a firewall or VPN, and not exposed to the open Internet. This isn’t the first time we’ve covered this sort of situation, and suggests an extension to Murhpy’s Law. Maybe I’ll refer to it as Bennett’s law: If a device can be put on the public Internet, someone somewhere inevitably will do so.
youtube.com/embed/0dUnY1641WM?…
Some related research is available from RedHunt Labs, who did a recent Internet scan on port 80, and the results are a bit scary. 42,000,000 IP addresses, 1% of the IPv4 Internet, is listening on port 80. There are 2.1 million unique favicons, and 87% of those IPs actually resolve with HTTP connections and don’t automatically redirect to an HTTPS port. The single most common favicon is from a Hikvision IP Camera, with 674,901 IPs exposed.
The Big Extension Compromise
One of the relatively new ways to deploy malicious code is to compromise a browser plugin. Users of the Cyberhaven browser plugin received a really nasty Christmas present, as a malicious update was pushed this Christmas. The Cyberhaven extension is intended to detect data and block ex-filtration attempts in the browser, and as such it has very wide permissions to read page content. The malicious addition looked for API keys in the browser session, and uploaded cookies for sites visited to the attacker. Interestingly the attack seemed to be targeted specifically at OpenAI credentials and tokens.
This started with an OAuth phishing attack, where an email claimed the extension was in danger of removal, just log in with your Chrome Developer account for details. The Cyberhaven clicked through the email, and accidentally gave attackers permission to push updates to the extension. This isn’t the only extension that was targetted, and there are other reports of similar phishing emails. This appears to be a broader attack, with the first observed instance being in May of 2024, and some of the affected extensions used similar techniques. So far just over 30 compromised extensions have been discovered to be compromised in this way.
And while we’re on the topic of browser extensions, [Wladimir Palant] discovered the i18n trick that sketchy browser extensions use to show up in searches like this one for Wireguard.
The trick here is internationalization, or i18n. Every extension has the option to translate its name and description into 50+ languages, and when anyone searches the extension store, the search term can match on any of those languages. So unscrupulous extension developers fill the less common languages with search terms like “wireguard”. Google has indicated to Ars Technica that it is aware of this problem, and plans to take action.
Safety Labels
The US has announced the U.S. Cyber Trust mark, a safety label that indicates that “connected devices are cybersecure”. Part of the label is a QR code, that can be scanned to find information about the support timeline of the product, as well as information on automatic updates. There are some elements of this program that is an obviously good idea, like doing away with well known default passwords. Time will tell if the Cyber Trust mark actually makes headway in making more secure devices, or if it will be just another bit of visual clutter on our device boxes? Time will tell.
Bits and Bytes
SecureLayer7 has published a great little tutorial on using metasploit to automatically deploy known exploits against discovered vulnerabilities. If Metasploit isn’t in your bag of tricks yet, maybe it’s time to grab a copy of Kali Linux and try it out.
Amazon, apparently, never learns, as Giraffe Security scores a hat trick. The vulnerability is Python pip’s “extra-index-url” option preferring to pull packages from PyPi rather than the specified URL. It’s the footgun that Amazon just can’t seem to avoid baking right into its documentation. Giraffe has found this issue twice before in Amazon’s documentation and package management, and in 2024 found it the third time for the hat trick.
It seems that there’s yet another way to fingerprint web browsers, in the form of dynamic CSS features. This is particularly interesting in the context of the TOR browser, that turns off JavaScript support in an effort to be fully anonymous.
And finally, there seems to be a serious new SonicWall vulnerability that has just been fixed. It’s an authentication bypass in the SSLVPN interface, and SonicWall sent out an email indicating that this issue is considered likely to be exploited in the wild.
TikTok goes to court
THE YEAR IS STILL YOUNG. But it's time for a bonus Digital Politics. I'm Mark Scott, and on Jan 10, the US Supreme Court will hear oral arguments over whether TikTok's should be banned in the United States on Jan 19 (if it's not sold by then.)
It marks the second event in a pretty eventful week in the world of social media. Meta announced on Jan 7 it was ending its fact-checking program and overhauling its content moderation policies. My take on that here.
At stake in the TikTok hearing, at least on paper, is whether the US governmenthas the right to outlaw a foreign-owned social media company — all in the name of national security. In response, TikTok and some of its users accuse Washington of illegally constraining their free speech rights under the First Amendment.
You'll likely hear a lot about the case, both on Jan 10 and in the build-up to the prospective ban/divestiture ahead of the Jan 19 deadline within the Protecting Americans from Foreign Adversary Controlled Applications Act. You can watch the oral arguments from 10am ET / 5pm CET here.
Much of what will be said won't get to the nub of the issue: That TikTok (and its popularity with mostly young Americans) is now entrenched in an increasingly open geopolitical dispute between the US and China.
Let's get started:
TikTok goes to court
THE YEAR IS STILL YOUNG. But it's time for a bonus Digital Politics. I'm Mark Scott, and on Jan 10, the US Supreme Court will hear oral arguments over whether TikTok's should be banned in the United States on Jan 19 (if it's not sold by then.)
It marks the second event in a pretty eventful week in the world of social media. Meta announced on Jan 7 it was ending its fact-checking program and overhauling its content moderation policies. My take on that here.
At stake in the TikTok hearing, at least on paper, is whether the US governmenthas the right to outlaw a foreign-owned social media company — all in the name of national security. In response, TikTok and some of its users accuse Washington of illegally constraining their free speech rights under the First Amendment.
You'll likely hear a lot about the case, both on Jan 10 and in the build-up to the prospective ban/divestiture ahead of the Jan 19 deadline within the Protecting Americans from Foreign Adversary Controlled Applications Act. You can watch the oral arguments from 10am ET / 5pm CET here.
Much of what will be said won't get to the nub of the issue: That TikTok (and its popularity with mostly young Americans) is now entrenched in an increasingly open geopolitical dispute between the US and China.
Let's get started:
RISC-V Microcontroller Lights Up Synth with LED Level Meter
The LM3914 LED bar graph driver was an amazing chip back in the day. Along with the LM3915, its logarithmic cousin, these chips gave a modern look to projects, allowing dancing LEDs to stand in for a moving coil meter. But time wore on and the chips got harder to find and even harder to fit into modern projects, what with their giant DIP-18 footprint. What’s to be done when a project cries out for bouncing LEDs? Simple — get a RISC-V microcontroller and roll your own LED audio level meter.
In fairness, “simple” isn’t exactly what comes to mind while reading [svofski]’s write-up of this project. It’s part of a larger build, a wavetable synth called “Pétomane Ringard” which just screams out for lots of blinky LEDs. [svofski] managed to squeeze 20 small SMD LEDs onto the board along with a CH32V003 microcontroller. The LEDs are charlieplexed, using five of the RISC-V chip’s six available GPIO lines, leaving one for the ADC input. That caused a bit of trouble with programming, since one of those pins is needed to connect to the programmer. This actually bricked the chip, thankfully only temporarily since there’s a way to glitch the chip back to life, but only after pulling it out of the circuit. [svofski] recommends adding a five-second delay loop to the initialization routine to allow time to recover if the microcontroller gets into an unprogrammable state. Good tip.
As for results, we think the level meter looks fantastic. [svofski] went for automated assembly of the 0402 LEDs, so the strip is straight and evenly spaced. The meter seems to be quite responsive, and the peak hold feature is a nice touch. It’s nice to know there’s a reasonable substitute for the LM391x chips, especially now that all the hard work has been done.
youtube.com/embed/4ZVkaHjhwek?…
Attenzione: Falsi annunci di lavoro CrowdStrike nascondono crypto-miner che mirano agli sviluppatori
CrowdStrike ha recentemente svelato una sofisticata campagna di phishing, scoperta il 7 gennaio 2025, che prende di mira gli sviluppatori di software. Utilizzando false offerte di lavoro, gli hacker cercano di ingannare le vittime per installare un crypto miner basato su Monero (XMRig) sui loro dispositivi.
La trappola
L’attacco inizia con un’email ingannevole, che sembra provenire da un “recruiter” di CrowdStrike. La comunicazione ringrazia la vittima per essersi “candidata” a una posizione come sviluppatore presso l’azienda e la invita a scaricare un’applicazione CRM per completare l’onboarding, descritta come parte di un innovativo processo di selezione.
Chi clicca sul link viene indirizzato a un sito web dall’aspetto ingannevolmente legittimo, cscrm-hiring[.]com, dove può scaricare l’app per Windows o macOS. Una volta installato il software, il malware esegue una serie di controlli per verificare se si trova in un ambiente di analisi, come una sandbox. Questi controlli includono:
- Numero di processi attivi
- Conteggio dei core CPU
- Presenza di debugger
Se i controlli non rilevano anomalie, il malware scarica la configurazione necessaria per il funzionamento del miner e recupera i file di XMRig da un repository GitHub. Successivamente, estrae i file nella directory temporanea del sistema e avvia il miner in background, limitando l’uso delle risorse al 10% per evitare sospetti.
Il malware garantisce persistenza sul sistema scrivendo una chiave di avvio automatico nel registro e inserendo uno script nella directory di avvio del menu Start.
Come proteggersi
Questa campagna sottolinea l’importanza di mantenere alta la guardia durante la ricerca di lavoro online. Ecco alcune regole fondamentali per proteggersi:
- Verifica l’autenticità dell’email: Controlla attentamente l’indirizzo email per assicurarti che provenga dal dominio ufficiale dell’azienda. Le email di phishing spesso usano domini simili ma non identici.
- Evita download sospetti: Nessun datore di lavoro richiede di scaricare software di terze parti per partecipare a un processo di selezione. Se ti viene chiesto di farlo, sospetta subito.
- Diffida delle offerte troppo allettanti: Le offerte di lavoro che sembrano troppo belle per essere vere sono spesso trappole. Le aziende serie non inviano offerte spontanee senza una comunicazione ufficiale.
- Conferma sempre le informazioni ufficiali: Se ricevi un’offerta di lavoro, contatta direttamente l’azienda tramite i canali ufficiali (come il sito web ufficiale o il numero di telefono) per verificarne l’autenticità.
Le conseguenze del malware
Le implicazioni di un attacco come questo possono essere gravi. Oltre al danno immediato, come l’infezione da malware e l’uso non autorizzato delle risorse del computer, i miner di criptovalute come XMRig possono compromettere l’integrità del sistema, rallentando le prestazioni e causando danni a lungo termine.
Le vittime possono anche essere esposte ad altri tipi di attacchi, come il furto di dati sensibili o l’accesso non autorizzato a informazioni aziendali critiche.
Conclusione
Questa vicenda evidenzia l’astuzia con cui i cybercriminali possono sfruttare situazioni apparentemente innocue, come la ricerca di lavoro, per scopi malevoli. Per chi cerca nuove opportunità professionali, la regola è chiara: mai abbassare la guardia e verificare sempre ogni dettaglio.
Allo stesso tempo, le aziende devono impegnarsi a rafforzare la fiducia nella loro identità digitale, adottando misure preventive per contrastare l’uso improprio del proprio nome
L'articolo Attenzione: Falsi annunci di lavoro CrowdStrike nascondono crypto-miner che mirano agli sviluppatori proviene da il blog della sicurezza informatica.
A Low Effort, Low Energy Doorbell
Bluetooth is a good way to connect devices that are near each other. However, it can drain batteries which is one reason Bluetooth Low Energy — BLE — exists. [Drmph] shows how easy it is to deploy BLE to make, in this case, a doorbell. He even shows how you can refit an existing doorbell to use the newer technology.
Like many projects, this one started out of necessity. The existing wireless doorbell failed, but it was difficult to find a new unit with good review. Cheap doorbells tend to ring spuriously due to interference. BLE, of course, doesn’t have that problem. Common BLE modules make up the bulk of the project. It is easy enough to add your own style to the doorbell like a voice announcement or musical playback. The transmitter is little more than a switch, the module, a coin cell, and an LED.
It is, of course, possible to have a single receiver read multiple doorbells. For example, a front door and back door with different tones. The post shows how to make a remote monitor, too, if you need the bell to ring beyond the range of BLE.
A fun, simple, and useful project. Of course, the cool doorbells now have video. Just be careful not to get carried away.
Casio Presa Di Mira Dal Ransomware: Rubati Dati di migliaia di dipendenti e partner!
Nel mese di ottobre il produttore giapponese di elettronica Casio è stato vittima di un massiccio attacco ransomware che ha provocato la fuga di dati per migliaia di dipendenti, clienti e partner commerciali.
Casio ha affermato nel suo rapporto che l’incidente ha colpito 6.456 dipendenti, 1.931 partner commerciali e 91 clienti. L’indagine ha dimostrato che l’hacking è stato reso possibile grazie a e-mail di phishing che hanno consentito agli aggressori di penetrare nei server dell’azienda il 5 ottobre.
L’azienda ha confermato la fuga di documenti interni, inclusi contratti, fatture, materiale per riunioni e dati di vendita. I dipendenti hanno avuto informazioni compromesse come nomi, numeri di codice, indirizzi e-mail e informazioni sul dipartimento. Di alcuni sono stati divulgati anche il sesso, la data di nascita, l’indirizzo di casa e il codice fiscale.
Gli hacker hanno rubato informazioni sulle aziende dai partner commerciali di Casio: indirizzi, numeri di telefono e contatti dei rappresentanti. Sono state rubate anche informazioni biografiche a due società. I clienti hanno perso i dati degli ordini, indirizzi di consegna, numeri di telefono, date di acquisto e nomi di prodotti. I criminali informatici non hanno avuto accesso ai dati di pagamento.
Casio ha informato dell’incidente la Commissione per la protezione delle informazioni personali del Giappone e altri regolatori internazionali. Si afferma che le richieste degli estorsori sono rimaste senza risposta ed è iniziata anche la collaborazione con le forze dell’ordine.
L’attacco rivendicato dal gruppo Underground ha provocato la fuga di oltre 200 GB di dati. Inoltre, Casio ha dovuto affrontare settimane di ritardi nelle consegne e la sospensione temporanea di alcuni servizi. La società ha inoltre avvertito di un aumento delle e-mail di spam legate a violazioni dei dati e ha affermato che sta collaborando con la polizia per frenare tale attività.
L’attacco a Casio si inserisce in una serie di importanti attacchi informatici contro aziende giapponesi negli ultimi mesi. Le autorità di regolamentazione giapponesi hanno recentemente emesso un avvertimento su una campagna di hacking su larga scala condotta dal 2019 dal gruppo MirrorFace. I ricercatori suggeriscono un collegamento tra il gruppo e la Cina, poiché l’obiettivo principale è rubare dati relativi alla sicurezza nazionale e alle tecnologie avanzate in Giappone. Tra le vittime ci sono i ministeri, l’agenzia spaziale del Paese, nonché aziende e think tank.
L'articolo Casio Presa Di Mira Dal Ransomware: Rubati Dati di migliaia di dipendenti e partner! proviene da il blog della sicurezza informatica.
It’s IP, Over TOSLINK!
At the recent 38C3 conference in Germany, someone gave a talk about sending TOSLINK digital audio over fiber optic networks rather than the very low-end short distance fibre you’ll find behind hour CD player. This gave [Manawyrm] some ideas, so of course the IP-over TOSLINK network was born.
TOSLINK is in effect I2S digital audio as light, so it carries two 44.1 kilosamples per second 16-bit data streams over a synchronous serial connection. At 1544 Kbps, this is coincidentally about the same as a T1 leased line. The synchronous serial link of a TOSLINK connection is close enough to the High-Level Data Link Control, or HDLC, protocol used in some networking applications, and as luck would have it she had some experience in using PPP over HDLC. She could configure her software from that to use a pair of cheap USB sound cards with TOSLINK ports, and achieve a surprisingly respectable 1.47 Mbit/s.
We like this hack, though we can see it’s not entirely useful and we think few applications will be found for it. But she did it because it was there, and that’s the essence of this game. Now all that needs to happen is for someone to use it in conjunction with the original TOSLINK-over network fiber, for a network-over-TOSLINK-over-network abomination.
Engineering Lessons from the Super-Kamiokande Neutrino Observatory Failure
Every engineer is going to have a bad day, but only an unlucky few will have a day so bad that it registers on a seismometer.
We’ve always had a morbid fascination with engineering mega-failures, few of which escape our attention. But we’d never heard of the Super-Kamiokande neutrino detector implosion until stumbling upon [Alexander the OK]’s video of the 2001 event. The first half of the video below describes neutrinos in some detail and the engineering problems related to detecting and studying a particle so elusive that it can pass through the entire planet without hitting anything. The Super-Kamiokande detector was built to solve that problem, courtesy of an enormous tank of ultrapure water buried 1,000 meters inside a mountain in Japan and lined with over 10,000 supersized photomultiplier tubes to detect the faint pulses of Chernkov radiation emitted on the rare occasion that a neutrino interacts with a water molecule.
Those enormous PM tubes would be the trigger for the sudden demise of the Super-K , which is covered in the second half of the video. During operations to refill the observatory after routine maintenance, technicians noticed a bang followed by a crescendo of noise from the thirteen-story-tall tank. They quickly powered down the system and took a look inside the tank to find almost every PM tube destroyed. The resulting investigation revealed that the tubes had failed in sequence following the sudden implosion of a single tube at the bottom of the tank. That implosion caused a shock wave to propagate through the water to surrounding tubes which exceeded their design limits, causing further implosions and further destruction. The cascading implosion took a full ten seconds to finish its wave of destruction, which destroyed $7 million worth of tubes.
The interesting part about this is the root cause analysis, which boils down to the fact that you shouldn’t stand on 50-cm photomultiplier tubes. Also at fault was the testing regimen for the tubes, which the project engineers anticipated could cause a cascading implosion. They tested this but were unable to cause a cascade failure, leading them to the conclusion it wasn’t likely to happen. But analysis of the destruction revealed a flaw in the testing, which should give pause to anyone who ever had to design a test like this before.
Luckily, nobody was killed or even hurt during the Super-K incident. The observatory was repaired with upgraded tubes and remains in service to this day, with an even bigger Hyper-Kamiokande detector in the works. We’ve covered neutrino observatories before, so check that out if you want more background on the science.
youtube.com/embed/YoBFjD5tn_E?…
Sheet Metal Forming With 3D Printed Dies
Sheet metal is very easy to form, including the pressing in of intricate shapes with dies and a hydraulic press, but the dies themselves are slightly harder to come by. What if we could 3D print custom dies to stamp logos and more into sheet metal? This is the premise of a recent video by the Stick Shift Garage channel on YouTube in which dies are printed in PLA+ (solid infill) and used to stamp 1 and 2 mm thick sheet metal with the channel’s logo.
As can be observed in the video, the results aren’t bad at all after a couple of tweaks and adjustments to the pressure, but of course there is room for improvement. Some helpful commentators suggest improving the dies with properly rounded edges on the die’s shape and paying attention to K-factors and kin so as not to overstress or tear the sheet metal. In terms of die longevity, the PLA+ dies began to wear out after about a dozen tries but not the point of failure. Here other filament types might work even better, maybe even to the point of competing with a CNCed metal die.
Considering that this was a first attempt without a lot of pre-existing knowledge it went pretty well, and a future video was promised in which improvements will be shown off.
youtube.com/embed/QmlE7mnHJoE?…
Toner Transfer, but Not for PCBs
It is old news that you can print PCB artwork on glossy paper and use a clothes iron to transfer the toner to a copper board, which will resist etchant. But [Squalius] shows us how to do a similar trick with 3D prints in a recent video, which you can see below.
The example used is a QR code, although you can use anything you can print in a mirror image. Of course, heat from a clothes iron isn’t going to be compatible with your 3D-printed plastic. The trick is to use some acrylic medium on the part, place the print face down, and apply more medium to the back of the paper.
Once the acrylic dries, you can use water to remove the paper, but the toner pattern will remain. Once it dries, you’ll need to remove bits of paper still left. Be careful, though. The image is now pretty fragile. To make it more durable, the process calls for a clear varnish overcoat. Some commenters on the video mentioned that a UV clear coat would probably work, too.
This is an easy technique to experiment with, and the results look great. Seems perfect for keycaps or front panels. Let us know how it goes!
youtube.com/embed/wWhU4gyD9Bk?…
Retrotechtacular: Soldering the Tek Way
For a lot of us, soldering just seems to come naturally. But if we’re being honest, none of us was born with a soldering iron in our hand — ouch! — and if we’re good at soldering now, it’s only thanks to good habits and long practice. But what if you’re a company that lives and dies by the quality of the solder joints your employees produce? How do you get them to embrace the dark art of soldering?
If you’re Tektronix in the late 1970s and early 1980s, the answer is simple: make in-depth training videos that teach people to solder the Tek way. The first video below, from 1977, is aimed at workers on the assembly line and as such concentrates mainly on the practical aspects of making solid solder joints on PCBs and mainly with through-hole components. The video does have a bit of theory on soldering chemistry and the difference between eutectic alloys and other tin-lead mixes, as well as a little about the proper use of silver-bearing solders. But most of the time is spent discussing the primary tool of the trade: the iron. Even though the film is dated and looks like a multi-generation dupe from VHS, it still has a lot of valuable tips; we’ve been soldering for decades and somehow never realized that cleaning a tip on a wet sponge is so effective because the sudden temperature change helps release oxides and burned flux. The more you know.
The second video below is aimed more at the Tek repair and rework technicians. It reiterates a lot of the material from the first video, but then veers off into repair-specific topics, like effective desoldering. Pro tip: Don’t use the “Heat and Shake” method of desoldering, and wear those safety glasses. There’s also a lot of detail on how to avoid damaging the PCB during repairs, and how to fix them if you do manage to lift a trace. They put a fair amount of emphasis on the importance of making repairs look good, especially with bodge wires, which should be placed on the back of the board so they’re not so obvious. It makes sense; Tek boards from the era are works of art, and you don’t want to mess with that.
youtube.com/embed/yZSveVpgmIM?…
youtube.com/embed/jMchFqu3Jx0?…
Writing a RISC-V OS From Scratch
If you read Japanese, you might have seen the book “Design and Implementation of Microkernels” by [Nu Tian Sheng]. An appendix covers how to write your own operating system for RISC-V in about 1,000 lines of code. Don’t speak Japanese? An English version is available free on the Web and on GitHub.
The author points out that the original Linux kernel wasn’t much bigger (about 8,500 lines). The OS allows for paging, multitasking, a file system, and exception handling. It doesn’t implement interrupt handling, timers, inter-process communication, or handling of multiple processors. But that leaves you with something to do!
The online book covers everything from booting using OpenSBI to building a command line shell. Honestly, we’d have been happier with some interrupt scheme and any sort of crude way to communicate and synchronize across processes, but the 1,000 line limit is draconian.
Since the project uses QEMU as an emulation layer, you don’t even need any special hardware to get started. Truthfully, you probably won’t want to use this for a production project, but for getting a detailed understanding of operating systems or RISC-V programming, it is well worth a look.
If you want something more production-ready, you have choices. Or, stop using an OS at all.
Physical Media is Dead, Long Live Physical Media
Much has been written about the demise of physical media. Long considered the measure of technological progress in audiovisual and computing fields, the 2000s saw this metric seemingly rendered obsolete by the rise of online audiovisual and software distribution services. This has brought us to a period in time where the very idea of buying a new music album, a movie or a piece of software in a physical, or even online, retail store has become largely impossible amidst the rise of digital-only media.
Even so, not all is well in this digital-only paradise, as the problems with having no physical copy of the item which you purportedly purchased are becoming increasingly more evident. From increases in monthly service costs, to items being removed or altered without your consent, as well as concerns over privacy and an inability to resell or lend an album or game to a buddy, there are many reasons why having the performance or software on a piece of off-line, physical media is once again increasing in appeal.
Even if the demise of physical data storage was mostly a trick to extract monthly payments from one’s customer base, what are the chances of this process truly reverting, and to what kind of physical media formats exactly?
The End Of Ownership
The concept of having audiovisual performances on physical media which you can play at will within the confines of your own abode is relatively new, first brought to the masses by inventions such as the phonograph, starting with wax cylinders, followed by shellac and vinyl records. This brought everything from concerts to stage performances to the home, where the proud owner of this piece of physical media could play it back on its corresponding playback device. This set the trend that would persist until the dominance of CDs.
Similarly, movies would at first be just something that you’d watch in the cinema, then you could catch it on broadcast TV along with an increasing number of series. Owning a copy of your favorite series or movie became possible with VHS, Laserdisc and so on. When home computer systems became prevalent, the software for them was found in magazines, on tapes, diskettes, CDs, etc., with in-store displays using their box art to entice potential buyers.
Yet at all of this has effectively come to an end. LG recently announced that they’ll stop making new Blu-ray players, following the recent decision by Best Buy and other stores to quit selling Blu-rays and DVDs. Optical drives are now firmly considered a legacy feature on laptops and desktop systems, with only a subset of game consoles still featuring this feature and thus doubling as a Blu-ray player with compromises.
Unlike our parents and their grandparents, it looks like today’s generations will not leave behind a legacy of (physical) media that their children and grandchildren can peruse, often not even for books, as these are equally becoming tied into online subscription services. In this Digital Media Age, it seems that the best we can hope for is to temporarily lease an ethereal digital copy by the grace of media corporate overlords.
Digital Media Is Terrible
There are many reasons to mourn the death of physical media, with some pertinent ones laid out for DVDs and Blu-rays in this AV Club article by Cindy White:
- Permanence: you purchase the copy and as long as you take good care of it, it’s yours to do with as you please.
- Better quality: owing to the video compression of digital streaming services, you’ll get a worse audiovisual experience.
- Portability: you can take the physical media with you, lend it to a friend, or even sell it.
- Better for artists: the system of residuals with DVD/BD sales was much more fair to artists.
- Extras: DVD and BD releases would come with extra content, like soundtracks, behind the scenes, interviews, and much more.
Some are beginning to feel uneasy in the face of this dawning realization that before long all our movies, series, books, games and software will be locked behind what are essentially leasing services on our (ad-sponsored) smart TVs, smart phones, smart books and smart computers/consoles in increasingly barren rooms.
Take for example this article by Amelia over at IGN on physical vs digital media and ownership and the lack thereof. An aspect raised in it is preservation in general, as a streaming platform could decide to put the proverbial torch to (part of) its library and that would be the end of that content, barring any Digital Restrictions Management (DRM)-busting copies. Even so, Amelia finds it hard to ignore the convenience of watching something on these streaming services.
The lack of visual quality is a view that Henry T. Casey over at CNN Underscored shares, with over at The National Faisal Salah and William Mullally advocating for starting that physical media collection. The permanence argument is prevalent here, while the latter article pointing out the hopeful signs of a revival of physical media by smaller (boutique) distributors, but this leaves much of mainstream content firmly digital-only, including recent games like Alan Wake 2 which only got a physical version after fans insisted.
Shallow Libraries
The convenience of flicking on the smart appliance and tuning out on-demand without having to go to a store is a tempting feature that physical media cannot really compete with, yet there’s an argument to be made that physical media sales complement streaming, not unlike how those same sales complemented broadcast TV and cinemas in the past. In fact, as a corollary one could state that digital streaming services have replaced broadcast TV, rather than physical media. This would make the latter collateral damage, whether intentional or not.
A strong advantage of physical media is also that it’s not limited to being sold by a single store, while digital (streaming) services have very shallow libraries that can make finding a specific piece of content or game a complete nightmare. So the conclusion that people seem to be increasingly coming to is that while digital media isn’t bad by itself, there is a lot of value in physical media that we’re now at risk of losing forever.
Yet if CDs and Blu-rays are dying a slow death today, and the next Microsoft and Sony game consoles may not have an optical drive option any more, is there any hope for a physical media revival?
It’s The Business Model
As alluded to already, digital media-as-a-service will not go away, as it has too many advantages. Especially in terms of low distribution costs, as the logistics of physical media can get rather convoluted. Where the real business case for physical media may be is in the added value. This is something which is observed with a platform like Bandcamp, which is an online music distribution platform via which artists can sell their music and merchandise, including CDs or vinyl records.
All of which points to that the physical formats of the future will likely remain CDs, Blu-rays and even vinyl records and cassette tapes as the most popular formats. Meanwhile for video games on PCs at least there are stores like Good Old Games, who recently launched their Preservation Program that seeks to keep older titles playable on modern systems. This in addition to allowing customers to download the installer for any game they purchase and put it on any kind of physical media which they desire, courtesy of their lack of DRM.
Yet the ticking timebomb under this revival of physical media may be that good players are becoming scarce. Cassette tapes and records increasingly are being played on the same cheap mechanisms, like the Tanashin clones, that are still being churned out by factories in China as Sony and others have abandoned the market. Now it seems that optical drives are facing the same race to the bottom, until one day the only physical media players and readers can be found used for exorbitant prices.
After all, what use is physical media if you have no way to play it?
Featured image: Front panel of a GPO Brooklyn with cassette player (Credit: VSchagow, Wikimedia)
CERT-AGID: Flusso IoC ora compatibile con ClamAV, la protezione open source si evolve!
Da oggi, il Flusso IoC del CERT-AGID supporta anche il formato per ClamAV, l’antivirus open source ampiamente utilizzato in contesti accademici, istituzionali e aziendali. Questa nuova funzionalità è stata realizzata per soddisfare una valida proposta espressa dalla comunità dei sistemisti degli Atenei del GARR, che aveva evidenziato l’opportunità di aggiungere al flusso già disponibile un ulteriore formato personalizzabile e di facile utilizzo per aumentare il livello di protezione dei propri sistemi.
Il nuovo formato consente di utilizzare direttamente gli indicatori di compromissione (IoC) diramati dal CERT-AGID per individuare file sospetti nei sistemi protetti da ClamAV. La gestione delle firme è trasparente e altamente flessibile, come dettagliato nella documentazione ufficiale.
Le pubbliche amministrazioni già accreditate al Flusso IoC possono utilizzare subito il nuovo formato per ClamAV, semplicemente aggiungendo il parametro type=clamav all’URL ricevuto:
&type=clamav
Il servizio restituirà una lista testuale conforme al formato .hsb per ClamAV, omettendo la dimensione del file. Per questo motivo, viene utilizzato il carattere jolly *. Inoltre, per garantire la compatibilità con le versioni precedenti di ClamAV, è stato fissato un livello funzionale minimo pari a 73.
L'articolo CERT-AGID: Flusso IoC ora compatibile con ClamAV, la protezione open source si evolve! proviene da il blog della sicurezza informatica.
3DBenchy Starts Enforcing its No Derivatives License
Nobody likes reading the fine print, least of all when you’re just downloading some 3D model. While printing a copy for personal use this is rarely an issue, things can get a lot more complicated when you make and distribute a derived version of a particular model.
Case in the point the ever popular 3DBenchy model, which was intended to serve as a diagnostic aid by designer [Creative Tools]. Although folks have been spinning up their own versions of this benchmark print for years, such derivative works were technically forbidden by the original model’s license — a fact that the company is now starting to take seriously, with derivative models reportedly getting pulled from Printables.
The license for the 3DBenchy model is (and always has been) the Creative Commons BY-ND 4.0, which requires attribution and forbids distributing of derivative works. This means that legally any derived version of this popular model being distributed on Thingiverse, Printables, etc. is illegal, as already noted seven years ago by an observant user on Reddit. According to the message received by a Printables user, all derived 3DBenchy models will be removed from the site while the license is now (belatedly) being enforced.
Although it’s going to be a bit of an adjustment with this license enforcement, ultimately the idea of Creative Commons licenses was that they set clear rules for usage, which become meaningless if not observed.
Thanks to [JohnU] for the tip.
NVIDIA Distrugge i Sogni del Quantum Computing: Ancora 20 o 30 Anni di Attesa!
Le azioni delle aziende nel settore della computazione quantistica, come Rigetti Computing, IonQ e D-Wave, hanno subito un duro colpo dopo le dichiarazioni di Jensen Huang, CEO di Nvidia, durante un evento di settore. Huang ha affermato che i computer quantistici pratici potrebbero essere lontani dai 15 ai 30 anni, una previsione che contrasta con l’ottimismo prevalente tra molte startup e investitori. La dichiarazione ha generato un’ondata di vendite che ha fatto crollare le azioni delle principali aziende del settore.
Rigetti Computing e D-Wave hanno avuto un calo significativo a seguito alle dichiarazioni di Huang. Questa reazione riflette la sensibilità del mercato a prospettive a lungo termine e all’incertezza legata ai progressi tecnologici. Le valutazioni delle aziende quantistiche, molte delle quali sono diventate pubbliche tramite fusioni con SPAC, erano già sotto pressione a causa delle difficoltà nel dimostrare applicazioni pratiche e redditività nel breve termine.
Huang, considerato un’autorità nel campo della tecnologia avanzata, ha messo in dubbio la possibilità che i computer quantistici possano raggiungere livelli di utilità diffusi nel futuro prossimo.
“Se avessi detto 15 anni per computer quantistici molto utili, probabilmente saresti stato un po’ presto”, ha detto durante l’analista di Nvidia. “Se avessi detto 30, probabilmente saresti stato un po’ tardi. Ma se avessi scelto 20, penso che un bel po’ di noi ci avrebbe creduto”. Ha sottolineato che, sebbene i progressi nel settore siano impressionanti, ci sono ancora ostacoli significativi da superare, inclusi problemi legati alla correzione degli errori e alla scalabilità.
La computazione quantistica ha il potenziale per rivoluzionare settori come la chimica, la finanza e l’intelligenza artificiale, grazie alla sua capacità di elaborare informazioni a una velocità immensamente superiore rispetto ai computer tradizionali. Tuttavia, la tecnologia è ancora nella sua infanzia e richiede enormi investimenti in ricerca e sviluppo. Nonostante le sfide, molte aziende del settore continuano a sostenere che i progressi siano sufficienti per giustificare l’entusiasmo degli investitori.
Gli analisti ritengono che le parole di Huang rappresentino una dose di realismo per un mercato che spesso sopravvaluta l’imminenza di rivoluzioni tecnologiche. Mentre alcune aziende stanno mostrando progressi promettenti, come lo sviluppo di algoritmi quantistici per problemi specifici, la strada verso un’adozione diffusa rimane lunga e incerta. Le dichiarazioni di Huang potrebbero spingere gli investitori a rivedere le loro aspettative e a concentrarsi su settori tecnologici con ritorni più immediati.
In questo contesto, Nvidia stessa sta investendo in tecnologie che supportano la computazione quantistica, come le simulazioni quantistiche sui supercomputer. Questo suggerisce che, nonostante le sue previsioni prudenti, Huang riconosca il potenziale a lungo termine della tecnologia.
Per ora, però, il mercato sembra aver preso atto che la promessa della computazione quantistica potrebbe richiedere decenni per realizzarsi pienamente.
L'articolo NVIDIA Distrugge i Sogni del Quantum Computing: Ancora 20 o 30 Anni di Attesa! proviene da il blog della sicurezza informatica.