@Informatica (Italy e non Italy 😁)
L’Agenda di Ricerca e Innovazione per la cybersicurezza 2023-2026 si rinnova e si espande, grazie all’aggiornamento appena uscito. Nella sua complessità emerge un quadro rafforzato nel suo impianto trasversale. Molteplici sono stati gli
Informatica (Italy e non Italy) reshared this.
A wonderful twist on being an open source maintainer is when the person engaging poorly and violating the CoC is a security reporter with some valid observations.
You now have conflicting responsibilities to users' security and to your and your community's safety.
Cybersecurity & cyberwarfare reshared this.
Cybersecurity & cyberwarfare reshared this.
NexPhone: tre sistemi operativi in tasca! Il telefono che sfida il concetto stesso di PC
📌 Link all'articolo : redhotcyber.com/post/nexphone-…
#redhotcyber #news #sistemioperativi #multisistema #android #debianlinux #windows11 #smartphone #computer #tecnologia #informatica
NexPhone integra Android, Debian Linux e Windows 11 in un unico dispositivo, offrendo una soluzione multisistema.Redazione RHC (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws.Pierluigi Paganini (Security Affairs)
Cybersecurity & cyberwarfare reshared this.
BlueNoroff: il gruppo di hacker che sta rivoluzionando la criminalità informatica
📌 Link all'articolo : redhotcyber.com/post/bluenorof…
#redhotcyber #news #cybersecurity #hacking #malware #ransomware #cryptovalute #gruppodihacker #lazarus #bluenoroff #criminalitàinformatica
Scopri come il gruppo di hacker BlueNoroff sta cambiando la faccia della criminalità informatica con attacchi sempre più sofisticati e mirati.Redazione RHC (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
Altro che #Report... Microsoft ha fornito all'FBI le chiavi per sbloccare i dati crittografati, rivelando una grave falla nella privacy
Il colosso della tecnologia ha dichiarato di ricevere circa 20 richieste di chiavi BitLocker all'anno e di fornirle ai governi in risposta a validi ordini giudiziari. Ma aziende come Apple e Meta hanno configurato i loro sistemi in modo che una simile violazione della privacy non sia possibile.
reshared this
@nepenthes i cataloghi sono merce deperibile. Un'azienda che resta ancorata a un programma proprietario perché ha i cataloghi fatti con quel software, è un'azienda già morta
Informatica (Italy e non Italy) reshared this.
reshared this
Update to this. 25 days later, White Date is still down.
And Martha Root, the hacker, explained their motivations here, but not any technical details, which they promise are coming soon.
"No, this didn’t happen live on stage. And no it wasn’t a moment straight out of a hacker movie. It was mostly timing, a bit of performance and things that were already unfolding."
reshared this
Quello che un honeypot scritto dall'IA ci ha insegnato sulla fiducia nelle macchine
Il codice generato dall'IA può introdurre sottili difetti di sicurezza quando i team si fidano eccessivamente dell'output automatizzato. Intruder mostra come un honeypot scritto dall'IA abbia introdotto vulnerabilità nascoste che sono state sfruttate negli attacchi.
SnowSNAC likes this.
reshared this
Microsoft gestisce male example.com
TL;DR: Almeno da febbraio 2020,
il servizio Autodiscover di Microsoft ha instradato in modo errato i dati riservati IANA example.comai server di posta di Sumitomo Electric Industries su sei.co.jp, inviando potenzialmente lì credenziali di prova
reshared this
NEW: Microsoft handed the FBI the recovery keys to decrypt the hard drives of three laptops encrypted with BitLocker.
BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.
techcrunch.com/2026/01/23/micr…
The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam.Lorenzo Franceschi-Bicchierai (TechCrunch)
reshared this
@Informatica (Italy e non Italy 😁)
Il gruppo criminale KongTuke ha avviato la campagna CrashFix per distribuire NexShield, una finta estensione di Chrome spacciata per ad blocker che, dopo aver mandato in crash il browser, propone una finta soluzione per coprire le sue attività di intrusione nelle
Informatica (Italy e non Italy) reshared this.
@Informatica (Italy e non Italy 😁)
Gli aggressori sfruttano la possibilità di collaborazione della piattaforma di OpenAI per commettere frodi, immettendo testi ingannevoli, link o numeri di telefono fasulli direttamente nel campo destinato al nome dell’organizzazione. Ecco come funziona la
Informatica (Italy e non Italy) reshared this.
FortiGate e FortiCloud SSO: quando le patch non chiudono davvero la porta
📌 Link all'articolo : redhotcyber.com/post/fortigate…
#redhotcyber #news #cybersecurity #hacking #malware #ransomware #sicurezzainformatica #fortigate #vulnerabilita #patch
FortiGate compromessi anche se patchati: attacchi via FortiCloud SSO e modifiche malevole alla configurazione. Dati Shadowserver: 25.000+ esposti, 331 in Italia.Luca Stivali (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
@Informatica (Italy e non Italy 😁)
Una campagna malware rilevata nel 2025 continua a fare vittime. Usa una falsa pagina di booking.com per costringere gli utenti a copiare una porzione di codice e a incollarla nella finestra di dialogo "Esegui" di Windows
L'articolo Il caso booking.com dimostra che il cyber crimine vince perché ci
Informatica (Italy e non Italy) reshared this.
@Informatica (Italy e non Italy 😁)
Nel dark web sarebbero finiti i dati personali di 72,2 milioni di account di clienti dell'azienda statunitense Under Armour, che però minimizza e parla di "insinuazioni infondate". E c'è chi sta avviando una class action
L'articolo proviene dalla
Informatica (Italy e non Italy) reshared this.
@Informatica (Italy e non Italy 😁)
Il programma al centro dell’inchiesta di Report è l’Ecm/Sccm, un sistema Microsoft introdotto nel 2019 per gestire da remoto circa 40 mila dispositivi di uffici giudiziari. "Software in grado di spiare magistrati senza lasciare traccia" secondo la trasmissione di Rai
Informatica (Italy e non Italy) reshared this.
US CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor ZCS flaws to its Known Exploited Vulnerabilities catalogPierluigi Paganini (Security Affairs)
Cybersecurity & cyberwarfare reshared this.
Le app, che belle, tutte connesse tra loro, con la macchina con chatGPT e col campanello!
Social Debug, una volta a settimana 🦄
signorina37.substack.com/p/soc…
gli appunti di Rumore di Fondo, una volta a settimanaClaudia aka signorina37 (Rumore di Fondo)
Cybersecurity & cyberwarfare reshared this.
Il tuo MFA non basta più: kit di phishing aggirano l’autenticazione a più fattori
📌 Link all'articolo : redhotcyber.com/post/il-tuo-mf…
#redhotcyber #news #cybersecurity #hacking #malware #phishing #kitphaaS #attacchinformatici #sicurezzadigital #pagamentisicuri #firmedigitali
Nel 2025 il numero di kit di phishing è raddoppiato. Barracuda Networks analizza le minacce e l'evoluzione delle tecniche di attacco.Redazione RHC (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
After having been sent a vacuum fluorescent display (VFD) based clock for a review, [Anthony Francis-Jones] took the opportunity to explain how these types of displays work.
Although VFDs are generally praised for their very pleasant appearance, they’re also relatively low-power compared to the similar cathode ray tubes. The tungsten wire cathode with its oxide coating produces the electrons whenever the relatively low supply voltage is applied, with a positively charged grid between it and the phosphors on the anode side inducing the accelerating force.
Although a few different digit control configurations exist, all VFDs follow this basic layout. The reason why they’re also called ‘cold cathode’ displays is because the cathode doesn’t heat up nearly as hot as those of a typical vacuum tube, at a mere 650 °C. Since this temperature is confined to the very fine cathode mesh, this is not noticeable outside of the glass envelope.
While LCDs and OLED displays have basically eradicated the VFD market, these phosphor-based displays still readily beat out LCDs when it comes to viewing angles, lack of polarization filter, brightness and low temperature performance, as LC displays become extremely sluggish in cold weather. Perhaps their biggest flaw is the need for a vacuum to work, inside very much breakable glass, as this is usually how VFDs die.
youtube.com/embed/EjIiTFet2L8?…
Quasi 2.000 bug in 100 app di incontri: così i tuoi dati possono essere rubati
📌 Link all'articolo : redhotcyber.com/post/quasi-2-0…
#redhotcyber #news #cybersecurity #hacking #vulnerabilita #appincontri #sicurezzainformatica #datisensibili #protezione #erroridiautenticazione
Un recente studio ha rilevato quasi 2.000 vulnerabilità nelle app di incontri, il 17% delle quali è stato classificato come critico.Redazione RHC (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
🚀 Vuoi entrare davvero nel Dark Web e coprire le minacce informatiche? Parte a marzo la Live Class "Dark Web & Cyber Threat Intelligence"
📌 Livello Intermedio
📌 Durata 15 ore con docente dal vivo
📌 Prerequisiti Navigazione Internet e conoscenze base di sicurezza informatica
📌 Opportunità post-corso: Accesso al laboratorio operativo DarkLab per attività pratiche di intelligence
✅ Pagina del corso redhotcyber.com/linksSk2L/acad…
✅ Presentazione del corso youtube.com/watch?v=9VaQUnTz4J…
✅ Webinar introduttivo youtube.com/watch?v=ExZhKqjuwf…
Info 📱 💬 379 163 8765 ✉️ formazione@redhotcyber.com
#redhotcyber #formazione #formazioneonline #ethicalhacking #cti #cyberthreatintelligence #cybersecurity #cybercrime #cybersecuritytraining #cybersecuritynews #privacy #cti #cyberthreat #intelligence #infosec #corsi #corsiprartici #liveclass
Vuoi conoscere il darkweb e disporre degli strumenti per accedervi in sicurezza, effettuare ricerche e comprendere i concetti di cyber threat intelligence (CTI)? Questo corso fa per te.Red Hot Cyber
Ricardo Antonio Piana likes this.
Cybersecurity & cyberwarfare reshared this.
Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal.Pierluigi Paganini (Security Affairs)
Cybersecurity & cyberwarfare reshared this.
What happens when a traditional board game company decides to break into electronic gaming? Well, if it were a UK gaming company in 1978, the result would be a Waddingtons 2001 The Game Machine that you can see in the video from [Re:Enthused] below.
The “deluxe console model” had four complete games: a shooting gallery, blackjack, Code Hunter, and Grand Prix. But when you were done having fun, no worries. The machine was also a basic calculator with a very strange keyboard. We couldn’t find an original retail price on these, but we’ve read it probably sold for £20 to £40, which, in 1978, was more than it sounds like today.
Like a board game, there were paper score sheets. The main console had die-cut panels to decorate the very tiny screen (which looks like a very simple vacuum fluorescent display) and provide labels for the buttons. While it isn’t very impressive today, it was quite the thing in 1978.
This would be a fun machine to clone and quite easy, given the current state of the art in most hacker labs. A 3D-printed case, color laser-printed overlays, and just about any processor you have lying around would make this a weekend project.
It is easy to forget how wowed people were by games like this when they were new. Then again, we don’t remember any of those games having a calculator.
As a side note, Waddingtons was most famous for their special production of Monopoly games at the request of MI9 during World War II. The games contained silk maps, money, and other aids to help prisoners of war escape.
youtube.com/embed/QMk79fnd0VE?…
MacSync: il malware per macOS che ti svuota il wallet… dopo settimane
📌 Link all'articolo : redhotcyber.com/post/macsync-i…
#redhotcyber #news #macos #malware #cybersecurity #hacking #macsync #cloudsecurity #socialengineering #malwareasaservice #sitiwebfasulli
Una nuova campagna malware su macOS, alimentata da MacSync, utilizza il social engineering per rubare criptovalute e dati sensibili.Redazione RHC (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
🇮🇹 Centauri, cyborg o self-automators: che tipo di utilizzatore di Intelligenza Artificiale siete? Secondo studi di MIT, Harvard e Boston Consulting Group, emergono tre macro tipi di persone che usano l’Intelligenza Artificiale: tre comportamenti ric…Web Staff MCC (Marco Camisani Calzolari)
Cybersecurity & cyberwarfare reshared this.
Cybercrime e confusione: “The Gentlemen” prende di mira il trasporto italiano, sbaglia bersaglio?
📌 Link all'articolo : redhotcyber.com/post/cybercrim…
#redhotcyber #news #ransomware #cybersecurity #hacking #malware #settoreTrasporti #sitasud #theGentlemen #attacchinformatici #dataleaksite
Attacco ransomware Sita Sud: The gentlemen rivendica il colpo, ma usa il logo di sudtrasporti. Errore di targeting o bluff? L'analisi tecnicaVincenzo Miccoli (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
La sottile linea rossa della responsabilità penale nella cybersecurity
📌 Link all'articolo : redhotcyber.com/post/la-sottil…
#redhotcyber #news #sicurezzainformatica #cybersecurity #leggevigenti #responsabilitapenali #professionisticybersecurity #legge90_2024
Scopri le responsabilità penali dei professionisti della cybersecurity in Italia e come evitare di diventare imputati.Paolo Galdieri (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
La mente dietro le password. Imparare giocando: perché l’esperienza batte la spiegazione (Puntata 6)
📌 Link all'articolo : redhotcyber.com/post/la-mente-…
#redhotcyber #news #sicurezzadigitale #psicologiadellasicurezza #vulnerabilita #identitaonline #formazionecontinua #allenamentomentale
I serious game applicati alla cybersecurity allenano la mente agli attacchi reali, superando i limiti della formazione solo teorica.Simone D'Agostino (Red Hot Cyber)
Cybersecurity & cyberwarfare reshared this.
Arrivò in America con 200 dollari e finì in un riformatorio: oggi controlla il 90% dell’IA mondiale
📌 Link all'articolo : redhotcyber.com/post/arrivo-in…
#redhotcyber #news #intelligenzaartificiale #nvidia #ceo #jensenhuang #taiwan #usa #patrimonio #dollari
Dalle notti come lavapiatti da Denny's ai 5.000 miliardi di capitalizzazione: scopri la storia di Jensen Huang e come Nvidia ha conquistato il dominio assoluto sull'intelligenza artificiale partendo da soli 200 dollariCarlo Denza (Red Hot Cyber)
reshared this
Over on YouTube [Nic Barker] gives us: UTF-8, Explained Simply.
If you’re gonna be a hacker eventually you’re gonna have to write software to process and generate text data. And when you deal with text data, in this day and age, there are really only two main things you need to know: 7-bit ASCII and UTF-8. In this video [Nic] explains 7-bit ASCII and Unicode, and then explains UTF-8 and how it relates to Unicode and ASCII. [Nic] goes into detail about some of the clever features of Unicode and UTF-8 such as self-synchronization, single-byte ASCII, multi-byte codepoints, leading bytes, continuation bytes, and grapheme clusters.
[Nic] mentions about UTF-16, but UTF-16 turned out to be a really bad idea. UTF-16 combines all of the disadvantages of UTF-8 with all of the disadvantages of UTF-32. In UTF-16 there are things known as “surrogate pairs”, which means a single Unicode codepoint might require two UTF-16 “characters” to describe it. Also the Byte Order Marks (BOM) introduced with UTF-16 proved to be problematic. Particularly if you cat files together you can end up with stray BOM indicators randomly embedded in your new file. They say that null was a billion dollar mistake, well, UTF-16 was the other billion dollar mistake.
tl;dr: don’t use UTF-16, but do use 7-bit ASCII and UTF-8.
Oh, and as we’re here, and talking about Unicode, did you know that you can support The Unicode Consortium with Unicode Adopt-a-Character? You send money to sponsor a character and they put your name up in lights! Win, win! (We noticed while doing the research for this post that Jeroen Frijters of IKVM fame has sponsored #, a nod to C#.)
If you’re interested in learning more about Unicode check out Understanding And Using Unicode and Building Up Unicode Characters One Bit At A Time.
youtube.com/embed/vpSkBV5vydg?…
Paolo Redaelli reshared this.
It’s possible to improve your 3D prints in all kinds of ways. You can tune your printer’s motion, buy better filament, or tinker endlessly with any number of slicer settings. Or, as [Dirt-E-Bikes] explains, you could grab yourself some silica gel.
If you’re unfamiliar with silica gel, it’s that stuff that comes in the “DO NOT EAT” packet when you buy a new pair of shoes. It’s key feature is that it’s hygroscopic—which means it likes to suck up moisture from the atmosphere. When it comes to 3D printing, this is a highly useful property—specifically because it can help keep filament dry. Over time, plastic filament tends to pick up some moisture on its own from the atmosphere, and this tends to interfere with print quality. This can be avoided by storing filament in a sealed or semi-seaeled environment with silica gel. The gel will tend to suck up most of the moisture from the air in the sealed container, helping to keep the filament drier.
[Dirt-E-Bikes] does a great job of explaining how best to integrate silica gel with your filament spools and automatic material changer (if you have one). He also explains the value of color changing silica gel which indicates when the material is saturated with water, as well as how to dry it out for reuse. You can even combine some of the color changing beads with the more common plain white beads recycled from your shoe boxes, since you only need a few colored beads to get an idea of the water content.
We’ve explored other filament drying solutions before, too. Video after the break.
youtube.com/embed/Ue3A35s2yeQ?…
[Thanks to Keith Olson for the tip!]
After the swivel by Helium Inc. towards simply running distributed WiFi hotspots after for years pushing LoRaWAN nodes, many of the associated hardware became effectively obsolete. This led to quite a few of these Nebra LoRa Miners getting sold off, with the [Buy it Fix it] channel being one of those who sought to give these chunks of IP-67-rated computing hardware a new life.
Originally designed to be part of the Helium Network Token (HNT) cryptocurrency mining operation, with users getting rewarded by having these devices operating, they contain fairly off-the-shelf hardware. As can be glanced from e.g. the Sparkfun product page, it’s basically a Raspberry Pi Compute Module 3+ on a breakout board with a RAK 2287 LoRa module. The idea in the video was to convert it into a Meshcore repeater, which ought to be fairly straightforward, one might think.
Unfortunately the unit came with a dead eMMC chip on the compute module, the LoRa module wasn’t compatible with Meshcore, and the Nebra breakout board only covers the first 24 pins of the standard RPi header on its pin header.
The solutions involved using a µSD card for the firmware instead of the eMMC, and doing some creative routing on the bottom of the breakout board to connect the unconnected pins on the breakout’s RPi header to the pins on the compute module’s connector. This way a compatible LoRa module could be placed on this header.
Rather than buying an off-the-shelf LoRa module for the RPi and waiting for delivery, a custom module was assembled from an eByte E22 LoRa module and some stripboard to test whether the contraption would work at all. Fortunately a test of the system as a Meshcore repeater showed that it works as intended, serving as a pretty decent proof-of-concept of how to repurpose those systems from a defunct crypto mining scheme into a typical LoRa repeater, whether Meshcore or equivalent.
youtube.com/embed/TTZOLLRgsGU?…
SnowSNAC likes this.
reshared this
Entro sei settimane, non solo non sarà più supportata, ma verrà anche rimossa dal Microsoft StoreSpcnet.it
@Informatica (Italy e non Italy 😁)
EDPB ed EDPS frenano sul Digital Omnibus AI: semplificazione sì, ma non a costo dei diritti fondamentali. Criticità su dati sensibili per bias detection, registrazione sistemi e ruolo DPA nelle sandbox UE. Servono tempistiche
Informatica (Italy e non Italy) reshared this.
@Informatica (Italy e non Italy 😁)
Il mercato europeo dello spionaggio digitale continua a prosperare nell’ombra, con software spyware che infettano smartphone e trasformano dispositivi personali in strumenti di sorveglianza totale, nonostante scandali ripetuti in numerosi paesi dell’Unione Europea. Queste tecnologie, spesso vendute a governi e
Lo stato dell’arte sul rischio spyware in Europa
Si parla di:
Toggle
Il mercato europeo dello spionaggio digitale continua a prosperare nell’ombra, con software spyware che infettano smartphone e trasformano dispositivi personali in strumenti di sorveglianza totale, nonostante scandali ripetuti in numerosi paesi dell’Unione Europea. Queste tecnologie, spesso vendute a governi e agenzie private senza alcun controllo significativo, sfruttano vulnerabilità zero-day per ottenere accesso completo: lettura di messaggi, attivazione di microfoni e fotocamere, estrazione di dati sensibili, il tutto in modo invisibile e persistente, aggirando protezioni native come sandboxing e crittografia end-to-end.La diffusione incontrollata
Programmi come Pegasus o tool di RCS Lab penetrano nei sistemi operativi mobili attraverso catene di exploit complessi, che iniziano con link malevoli in SMS o app legittime e culminano con l’installazione di rootkit kernel-level capaci di sopravvivere a reboot e aggiornamenti. Casi documentati riguardano Spagna, Polonia, Ungheria, Grecia, Italia, Slovacchia e Serbia, dove giornalisti, attivisti per i diritti umani, politici e oppositori sono stati presi di mira da agenzie statali, con operazioni che violano sistematicamente la proporzionalità e la necessità richieste dalle norme sui diritti fondamentali. L’assenza di “linee rosse” a livello UE permette a vendor commerciali di operare con impunità, ricevendo persino fondi pubblici europei, mentre le vittime rimangono prive di notifiche o rimedi legali efficaci.Il ruolo di EDRi e il document pool
European Digital Rights (EDRi) ha lanciato un “spyware document pool”, una repository pubblica che aggrega analisi, indagini giornalistiche, valutazioni sui diritti umani e documenti ufficiali, inclusi i rapporti del comitato PEGA del Parlamento Europeo del 2023, per tracciare abusi e spingere verso un divieto totale. Questa risorsa centralizza evidenze frammentate: da report su scandali nazionali a ricerche tecniche su exploit, evidenziando come lo spyware comprometta l’integrità dei dispositivi e esponga dati massivi senza possibilità di oversight giudiziario adeguato. EDRi richiede un bando completo su produzione, vendita e uso di spyware commerciale, sanzioni mirate ai venditori, stop agli appalti pubblici e accesso prioritario a forensics digitali per le vittime.Implicazioni tecniche e politiche
Dal punto di vista tecnico, questi malware evadono EDR aziendali e protezioni OS attraverso tecniche di offuscamento dinamico, iniezione di processi legittimi e persistence via meccanismi come launch daemons su iOS o servizi system su Android, rendendo la rilevazione forense un’impresa ardua che richiede analisi reverse engineering avanzata. Politicamente, la Commissione Europea non ha risposto alle raccomandazioni PEGA con legislazione vincolante, lasciando i vendor liberi di proliferare minacce transnazionali che erodono la fiducia democratica. Coalizioni di ONG e giornalisti insistono su riforme strutturali, inclusa la accountability politica e rimedi transfrontalieri per cause legali.Lo stato dell'arte sul rischio spyware in Europa - (in)sicurezza digitale
Il mercato europeo dello spionaggio digitale continua a prosperare nell'ombra, con software spyware che infettano smartphone e trasformano dispositiviDario Fadda (inSicurezzaDigitale.com)
Informatica (Italy e non Italy) reshared this.
@Informatica (Italy e non Italy 😁)
Attraverso il programma Microsoft ECM/SCCM installato su 40mila computer dell’amministrazione giudiziaria italiana si potrebbe potenzialmente accedere da remoto ai pc di procure e tribunali. La vicenda solleva interrogativi sulla segretezza delle indagini
Informatica (Italy e non Italy) reshared this.
[Clough42] created a 3D print for a lathe tool and designed in some support to hold the piece on the bed while printing. It worked, but removing the support left unsightly blemishes on the part. A commenter mentioned that the support doesn’t have to exactly touch the part to support it. You can see the results of trying that method in the video below.
In this case [Cloug42] uses Fusion, but the idea would be the same regardless of how you design your parts. Originally, the support piece was built as a single piece along with the target object. However, he changed it to make the object separate from the support structure. That’s only the first step, though. If you import both pieces and print, the result will be the same.
Instead, he split the part into the original two objects that touch but don’t blend together. The result looks good.
We couldn’t help but notice that we do this by mistake when we use alternate materials for support (for example, PETG mixed with PLA or PLA with COPE). Turns out, maybe you don’t have to switch filament to get good results.
youtube.com/embed/1Zocl7n98xY?…
A new Android click-fraud trojan uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniquesPierluigi Paganini (Security Affairs)
Cybersecurity & cyberwarfare reshared this.
Pontiff Fractal Tiam
in reply to Filippo Valsorda • • •xyhhx 🔻
in reply to Filippo Valsorda • • •Filippo Valsorda
in reply to xyhhx 🔻 • • •xyhhx 🔻
in reply to Filippo Valsorda • • •Filippo Valsorda
in reply to xyhhx 🔻 • • •@xyhhx so you should not hear them out to figure out if there is a security issue you need to fix to protect your users (which are not the same population as your developer community)?
I don't know what the right answer is exactly, but I am pretty sure it is more nuanced than this.
xyhhx 🔻
in reply to Filippo Valsorda • • •i did say you should still be triaging their reports (so long as it's in good faith etc), just bearing in mind what you know of them if anything at all
with regards to your community, the coc should always be respected for your community's safety
tbf it wasn't clear to me that your users and your community aren't the same population
Raphaël Vinot
in reply to Filippo Valsorda • • •When a dickhead shows up in a place (online/offline), and breaks a code of conduct, it is preferable that someone handles it and at least attempts to deescalate the situation. That person needs to have the capacity at that time to handle the situation and nobody else needs to be dragged in the conversation.
Typically, as a white CIS dude, I'll take care of the racist/sexist asshole and *not* throw my queer black colleague under the bus
Daenney
in reply to Filippo Valsorda • • •Filippo Valsorda
in reply to Daenney • • •@ohno so to be clear you would just block them and lock the thread and stop replying to the emails to security@ before they could finish discussing the apparently valid security issue which threatens your users' security?
I don't know what the right answer is exactly, but I am pretty sure it is more nuanced than this.
Özgür Kesim
in reply to Filippo Valsorda • • •I'm afraid you won't get more nuanced answers, when the problem statement is only captured with broad brush strokes.
It is not clear from your toot what the CoC states, how that person violated it, why or how your community's safety is affected, what the potential risks and damages are if not engaging with that person. I think a nuanced approach would depend on answers to those questions.
Have you tried reaching out to other maintainers of similar systems and with similar CoCs and asked them for advice directly, also providing more context?
Simon Ser
in reply to Filippo Valsorda • • •Filippo Valsorda
in reply to Simon Ser • • •@emersion big contributors and leadership positions are high-power roles that have nothing to do with a drive-by security reporter that is volunteering information that might be relevant to your users' security, who trust you.
I don't know what the answer is but it's not this simple.
Sumana Harihareswara
in reply to Filippo Valsorda • • •Filippo Valsorda
in reply to Sumana Harihareswara • • •Filippo Valsorda
Unknown parent • • •