It is no secret that we often use and abuse bash to write things that ought to be in a different language. But bash does have its attractions. In the modern world, it is practically everywhere. It can also be very expressive, but perhaps hard to read.
We’ve talked about Amber before, a language that is made to be easier to read and write, but transpiles to bash so it can run anywhere. The FOSDEM 2026 conference featured a paper by [Daniele Scasciafratte] that shows how to best use Amber. If you prefer slides to a video, you can read a copy of the presentation.
For an example, here’s a typical Amber script. It compiles fully to a somewhat longer bash script:
import * from "std/env" fun example(value:Num = 1) { if 1 > 0 { let numbers = [value, value] let sum = 0 loop i in numbers { sum += numbers [i] } echo "it's " + "me" return sum } fail 1 }
The slides have even more examples. The language seems somewhat Python-like, and you can easily figure out most of it from reading the examples. While bash is nearly universal, the programs a script might use may not be. If you have it, the Amber code will employ bshchk to check dependencies before execution.
According to the slides, zsh support is on the way, too. Overall, it looks like it would be a great tool if you have to deploy with bash or even if you just want an easier way to script.
We’ve looked at Amber before. Besides, there are a ton of crazy things you can do with bash.
Emails published by the Justice Department revealed cybersecurity veteran Vincenzo Iozzo emailed, and arranged to meet, Jeffrey Epstein multiple times between 2014 and 2018.
If you’ve been even casually following NASA’s return to the Moon, you’re likely aware of the recent Wet Dress Rehearsal (WDR) for the Artemis II mission. You probably also heard that things didn’t go quite to plan: although the test was ultimately completed and the towering Space Launch System (SLS) rocket was fully loaded with propellant, a persistent liquid hydrogen leak and a few other incidental issues lead the space agency to delay further testing for at least a month while engineers make adjustments to the vehicle.
This constitutes a minor disappointment for fans of spaceflight, but when you’re strapping four astronauts onto more than five million pounds of propellants, there’s no such thing as being too cautious. In fact, there’s a school of thought that says if a WDR doesn’t shake loose some gremlins, you probably weren’t trying hard enough. Simulations and estimates only get you so far, the real thing is always more complex, and there’s bound to be something you didn’t account for ahead of time.
Do Not Pass Go
So what exactly is a Wet Dress Rehearsal? In the most basic of terms, its a practice launch where everyone involved does everything exactly the way they would on a real launch, except when the countdown hits zero, nothing actually happens.
It’s the final test of the vehicle and the ground support systems, the last check of fit and function before launch. But there’a also a logistical element. In other words, it’s not just a test of whether or not the vehicle can be fully fueled, it’s also a verification of how long that process takes. Many of the operations that are performed in the WDR would have already been tested in isolation, but this may be the first, and only, time to practice running them concurrently with all of the other elements of the countdown. A real-time graphic displayed propellant load status during the Wet Dress Rehearsal live stream. There’s also the human element. Hundreds of individuals have a part to play as the clock ticks down to zero, from the team in mission control to the driver of the astronaut transport vehicle. This is where the Wet Dress Rehearsal truly earns it name. In a sense, launching a rocket is a bit like a theater production. Every player needs to not only have their individual role memorized, but they need to work together effectively with the larger ensemble on the big night.
Although a WDR is meant to simulate an actual launch as closely as possible, the rules are slightly different. If the rocket was actually going to be released there are other variables to contend with, such as the launch window, which is the period of time in which the rocket can actually leave the pad to reach its intended orbit. On a real launch, a delay significant enough to keep the vehicle from lifting off during its pre-determined launch window would generally result in an automatic abort. There is no such constraint for a rehearsal however, which gives teams more flexibility to conduct tests and repair work.
It should be noted that the Artemis II astronauts were not aboard the vehicle for the recent WDR, although ground teams did simulate the process of loading the crew into the Orion capsule. This is partly for the safety of the astronauts should something go wrong during the rehearsal, but is also due to the fact that the Moon-bound crew is kept in quarantine until the actual launch day to reduce the likelihood they will get sick during the mission.
Light the Fires
As mentioned above, for the purposes of the Wet Dress Rehearsal, nothing actually happens when the launch clock hits zero. It’s a test of the pre-launch activities, so actually starting up the engines isn’t part of the exercise.
But of course, testing the engines is an important aspect of launch preparation as well. Such a test is generally referred to as a static fire, where the engines are briefly run while the vehicle is physically held down so as not to leave the pad. Operationally, a wet dress rehearsal could proceed directly into a static fire. On the other hand, a full WDR is not required to perform a static fire. An RS-25 engine during a test run. While static fire tests are common for modern rockets such as the Falcon 9, NASA has decided not to conduct them during the Artemis I and II missions. The SLS rocket uses lightly modified RS-25 Space Shuttle Main Engines (SSMEs), which are not only flight proven, but were individually tested before integration with the vehicle. There is also an argument to be made that a full-up static fire on the SLS, like the Space Shuttle before it, isn’t truly possible as the vehicle’s Solid Rocket Boosters (SRBs) can only be ignited once.
The Artemis I rocket did however conduct what NASA calls a Green Run back in 2021. This saw the first stage of the SLS fire its four RS-25 engines for eight minutes to simulate an orbital launch. The first attempt at the Green Run saw the engines shut down prematurely, but they did run for the full duration in a subsequent test.
Although such a test wasn’t conducted for Artemis II, and are not expected for any of the future SLS rockets, NASA is preparing for a Green Run test on the Exploration Upper Stage (EUS). This is an upgraded second stage for the SLS which is intended to support more ambitious missions after the Artemis III landing, although the timeline and status of those missions is tenuous at best.
The Road to the Moon
According to NASA’s latest update, the issues during the Artemis II Wet Dress Rehearsal has pushed the testing campaign back until at least March, at which point they will run a second WDR. But that certainly doesn’t mean it will be the last.
While admittedly no two missions are the same, Artemis I went through four WDRs before it flew. Even then, the last one was aborted before the countdown was completed. Interestingly it was a hydrogen leak that caused that final rehearsal to be cut short, indicating that it may be a more dynamic problem than NASA realized at the time.
Even if the second WDR for Artemis II goes off without a hitch next month, that doesn’t mean the actual launch won’t be hit with its own delays due to technical glitches, poor weather, or any one of a myriad of other possible issues. Getting a rocket off the ground is never easy, and it only gets harder when there are humans onboard and the destination is farther than anyone has flown since the 1970s. An almost endless number of things need to go exactly right before we’ll see Artemis II lift off the pad, but when it goes, you definitely won’t want to miss it.
Although at its face the results seem obvious, a recent study by [Sandrah Eckel] et al. on the impact of electric cars in California is interesting from a quantitative perspective. What percentage of ICE-only cars do you need to replace with either full electric or hybrid cars before you start seeing an improvement in air quality?
A key part of the study was the use of the TROPOMI instrument, part of the European Sentinel-5 Precursor satellite. This can measure trace gases and aerosols in the atmosphere, both of which directly correlate with air quality. The researchers used historical TROPOMI data from 2019 to 2023 in the study, combining this data with vehicle registrations in California and accounting for confounding factors, such as a certain pandemic grinding things to a halt in 2020 and massively improving air quality.
Although establishing direct causality is hard using only this observational data, the researchers did show that the addition of 200 electric vehicles would seem to be correlated to an approximate 1.1% drop in measured atmospheric NO2. This nitrogen oxide is poisonous and fatal if inhaled in large quantities. It’s also one of the pollutants that result from combustion, when at high temperatures nitrogen from the air combines with oxygen molecules. Estimated adjusted associations of annual vehicle registration counts and annual average NO2 in California from longitudinal linear mixed effects models (Sandrah Eckel et al., 2026) Considering the massive negative health impact of nitrogen dioxide on human health, any reduction here is naturally welcome. Of course, this substance is only one of the many pollutants generated by cars. We are also seeing a lot of fine particulate matter (PM2.5) generated from car tires, with a significant amount of microplastics coming from this source alone.
Add to this the environmentally toxic additive 6PPD that is added to tires along with e.g. carbon black, all of which help to make tires last longer and resist e.g. UV radiation and ozone exposure. While 6PPD isn’t necessarily directly harmful to humans, the PM2.5 pollution definitely is. As for carbon black and other additives, they’re still the subject of ongoing research.
One of the things that make statistics exciting is that of nuance from understanding the subject matter. Without that the adage of ‘Lies, Big Lies and Statistics’ applies, with spurious correlations being often promoted due to either ignorance or for unsavory purposes.
In the case of this study by [Sandrah Eckel] et al., it would seem that they did their due diligence, and the correlation makes sense objectively, in that having fewer ICE cars in favor of non-ICE cars would improve air quality. That said, as the tires of electric vehicles tend to wear faster due to their heavier weight, it remains to be seen whether it’s a net positive.
Il buco nel registro elettronico, su Google documenti di identità di chi lavora nelle scuole: il caso Nuvola
Abbiamo scoperto documenti e dati sensibili di docenti e personale scolastico caricati su Nuvola e indicizzati su Google: cosa è successo e quali sono i rischi per gli utenti.
@scuola Non capisco perché la PA non si doti di una piattaforma di sua proprietà, ma basata su open source e con crittografia end to end. Tra l'altro, da docente, mi sembra di fare il testimonial dei prodotti Google con i miei allievi, in modo da fidelizzarli fin da giovani
@lucianoaruta @scuola Sostanzialmente quello che Microsoft perseguiva già agli albori. tollerare le copie pirata di windows per abituare la gente ad usarlo, così che poi in azienda fossero obbligati ad averlo dato che i loro dipendenti sapevano già usarlo.
L'articolo è abbastanza fumoso però. Senza capire se è un errore di progetto, un bug o se si tratta di utenti maldestri mi sembra difficile farsi un opinione completa sulla situazione. In genere l'acronimo PEBKAC (Problem Exists Between Keyboard And Chair) è in grado di spiegare queste situazioni.
@lmillucci IPOTIZZO che gli URL dei files caricati abbiano un percorso casuale impossibile da indovinare, ma accessibile senza autenticazione a chi lo conosce.
In questo caso evitare l'indicizzazione sarebbe solo harm reduction, andrebbero impiegati URL presigned di S3 come fa un competitor.
@BucciaBuccia Certo, se il problema è quello che descrivi degli URL presigned sarebbero una buona soluzione. E se mi dici che un competitor fa questa cosa e loro no lo reputo un buon indizio che sia come dici. Sicuramente una migliore formazione degli utenti (sia dal punto di vista informatico che della cultura della privacy) minimizzerebbe molti casi del genere a prescindere dall'esistenza di problemi tecnici delle piattaforme.
Security researcher Eugene Lim has released Vulnerability Spoiler Alert, a service that monitors open-source repositories and uses Claude AI to detect when commits are patching security vulnerabilities before a CVE is even assigned or an update is released
#DarwinDay2026: la guerra, come entropia della storia; la pace, come ritmo della vita
Il nostro tributo al #DarwinDay2026 è dedicato alla #guerra e ai motivi per cui essa non debba mai essere considerata un fattore positivo per l'evoluzione umana e sociale
Darwin Day 2026: la guerra, come entropia della storia; la pace, come ritmo della vita
Il nostro tributo al #DarwinDay del 2026 è dedicato alla #guerra e ai motivi per cui essa non debba mai essere considerata un fattore positivo per l’evoluzione umana e sociale informapirata.it/2026/02/12/da…
Microsoft segnala un aumento degli attacchi di IA Recommendation Poisoning, una tecnica che manipola le risposte degli assistenti AI tramite link e pulsanti.
@Informatica (Italy e non Italy) Il parere congiunto di EDPB ed EDPS sul pacchetto Digital omnibus ha una parola d’ordine: semplificazione senza rinunciare a innovazione e competitività. Ecco come semplificare il GDPR, cioè l’intero quadro normativo digitale della UE, per
Bellissimo progetto, grazie per aver condiviso. Il cyberpandino è l'essenza di quello che noi (non so tu, ma io sicuramente), gente stagionata, ricerca con affanno e insistenza: la non-omologazione, la bellezza dell'essere diverso, la curiosità di sapere come funziona quello che abbiamo tra le mani, il riciclo di vecchie tecnologie per trasformarle in nuove esperienze e non ultima, la condivisione. E mi fermo qui 😀
Meta condannata a pagare 30 milioni a Deutsche Telekom per l’uso della rete. Il “fair share” deciso dai giudici
Una corte tedesca ha condannato una filiale di Meta al pagamento di 30 milioni di euro a Deutsche Telekom per servizi di rete utilizzati dalle piattaforme del gruppo (Facebook, Instagram e Whatsapp). Sarà un precedente per le future dispute fra telco e OTT nell'ambito del Digital Networks Act?
AI startup Quesma has open-sourced BinaryAudit, an open-source benchmark for evaluating AI agents' ability to find backdoors hidden in compiled binaries
Gli hacker del gruppo UNC3886 hanno infiltrato le reti di tutti e quattro i principali operatori di telecomunicazioni di Singapore. L'operazione di bonifica è durata 11 mesi.
Israeli authorities charge a reservist and a civilian for allegedly using classified information to bet on military operations on Polymarket (Financial Times)
pkg.geomys.dev is a simple service to view the canonical source of a Go module, and it comes with Chrome/Firefox extensions to replace pkg.go.dev source links.
A legitimate Outlook add-in was abandoned by its developer and silently taken over by a phishing operation. Over 4,000 credentials were stolen through Microsoft's own add-in store.
Omnibus digitale - Audizioni - Presidente del Garante per la protezione dei dati personali, Brando Benifei, Anitec-Assinform, Confcommercio, ANCE, AIxIA, Google, Asstel
La Commissione Politiche Ue della Camera, nell’ambito dell’esame congiunto, ai fini della verifica della conformità al principio di sussidiarietà, della proposta di regolamento del Parlamento europeo e del Consiglio che modifica i regolamenti (UE) 2024/1689 e (UE) 2018/1139
@Informatica (Italy e non Italy) In occasione del Patch Tuesday di febbraio 2026 Microsoft ha rilasciato gli aggiornamenti per 59 vulnerabilità, incluse sei zero-day che sarebbero state già sfruttate diffusamente in attacchi reali. Focus su RCE, privilege
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26."
Water wells are simple things, but that doesn’t mean they are maintenance-free. It can be important to monitor water levels in a well, and that gets complicated when the well is remote. Commercial solutions exist, of course, but tend to be expensive and even impractical in some cases. That’s where [Hans Gaensbauer]’s low-cost, buoyancy-based well monitor comes in. An Engineers Without Border project, it not only cleverly measures water level in a simple way — logging to a text file on a USB stick in the process — but it’s so low-power that a single battery can run it for years. The steel cable (bottom left) is attached to a submerged length of pipe, and inside the cylinder is a custom load cell. The lower the water level, the higher the apparent weight of the submerged pipe. The monitor [Hans] designed works in the following way: suspend a length of pipe inside the well, and attach that pipe to a load cell. The apparent weight of the pipe will be directly proportional to how much of the pipe is above water. The fuller the well, the less the pipe will seem to weigh. It’s very clever, requires nothing to be in the well that isn’t already water-safe, and was designed so that the electronics sit outside in a weatherproof enclosure. Cost comes out to about $25 each, which compares pretty favorably to the $1000+ range of industrial sensors.
The concept is clever, but it took more that that to create a workable solution. For one thing, space was an issue. The entire well cap was only six inches in diameter, most of which was already occupied. [Hans] figured he had only about an inch to work with, but he made it work by designing a custom load cell out of a piece of aluminum with four strain gauges bonded to it. The resulting sensor is narrow, and sits within a nylon and PTFE tube that mounts vertically to the top of the well cap. Out from the bottom comes a steel cable that attaches to the submerged tube, and out the top comes a cable that brings the signals to the rest of the electronics in a separate enclosure. More details on the well monitor are in the project’s GitHub repository.
All one has to do after it’s installed is swap out the USB stick to retrieve readings, and every once in a long while change the battery. It sure beats taking manual sensor readings constantly, like meteorologists did back in WWII.
Top of an RBMK at the Leningrad plant. Control panels of a pre-digitalization nuclear plant look quite daunting, with countless dials, buttons and switches that all make perfect sense to a trained operator, but seem as random as those of the original Enterprise bridge in Star Trek to the average person. This makes the reconstruction of part of the RBMK reactor control by the [Chornobyl Family] on YouTube a fun way to get comfortable with one of the most important elements of this type of reactor’s controls.
The section that is built here pertains to the control rods of the RBMK’s reactor, its automatic regulations and emergency systems like AZ-5 and BAZ. The goal is not just to have a shiny display piece that you can put on the wall, but to make it function just like the real control panel, and to use it for demonstrations of the underlying control systems. The creators spent a lot of time talking with operators of the Chornobyl Nuclear Plant – which operated until the early 2000s – to make the experience as accurate as possible.
Although no real RBMK reactor is being controlled by the panel, its ESP32-powered logic make it work like the real deal, and even uses a dot-matrix printer to provide logging of commands. Not only is this a pretty cool simulator, it’s also just the first element of what will be a larger recreation of an RBMK control room, with more videos in this series to follow.
Also covered in this video are the changes made after the Chernobyl Nuclear Plant’s #4 accident, which served to make RBMKs significantly safer, albeit at the cost of more complexity on the control panel.
Attraverso laboratori isolati e replicabili, potrai sperimentare: ✅Ricognizione e analisi delle vulnerabilità ✅Exploitation controllata e post-exploitation in sicurezza ✅Uso professionale di strumenti come Nmap, Metasploit, BloodHound e Nessus
Per ricevere il link al webinar e per iscrizioni: 📞 379 163 8765 ✉️ formazione@redhotcyber.com
Corso in Live Class di Cyber Offensive Fundamentals: scopri penetration testing, vulnerabilità e strumenti pratici per la sicurezza informatica offensiva.
Internet batte le leggi degli Stati? Forse sì. E spesso vincono le aziende. Ogni volta che uno Stato prova a imporre una regola su internet, emerge un fatto semplice: il potere tecnico non è più solo pubblico.
Un gruppo di hacker ha compromesso l'infrastruttura di aggiornamento di Notepad++, un popolare editor di testo. Scopri come è avvenuto l'attacco e come proteggerti.
Домен мессенджера WhatsApp (принадлежит Meta, признанной экстремистской и запрещенной в РФ) исчез из записей Национальной системы доменных имен (НСДИ) — инфраструктуры, созданной в рамках закона о «суверенном Рунете».
The best place to start is at the beginning, so the video demonstrates a simple cube wireframe drawn by connecting eight points together with lines. This is simple enough, but modern 3D graphics are really triangles stitched together to make essentially every shape we see on the screen. For [NCOT Technology]’s software, he’s using the Utah Teapot, essentially the “hello world” of 3D graphics programming. The first step is drawing all of the triangles to make the teapot wireframe. Then the triangles are made opaque, which is a step in the right direction but isn’t quite complete. The next steps to make it look more like a teapot are to hide the back faces of the triangles, figure out which of them face the viewer at any given moment, and then make sure that all of these triangles are drawn in the correct orientation.
Rendering a teapot is one thing, but to get to something more modern-looking like a first-person shooter, he also demonstrates all the matrix math that allows the player to move around an object. Technically, the object moves around the viewer, but the end effect is one that eventually makes it so we can play our favorite games, from DOOM to DOOM Eternal. He notes that his code isn’t perfect, but he did it from the ground up and didn’t use anything to build it other than his computer and his own brain, and now understands 3D graphics on a much deeper level than simply using an engine or API would generally allow for. The 3D world can also be explored through the magic of Excel.
Luciano
in reply to informapirata ⁂ • • •Non capisco perché la PA non si doti di una piattaforma di sua proprietà, ma basata su open source e con crittografia end to end.
Tra l'altro, da docente, mi sembra di fare il testimonial dei prodotti Google con i miei allievi, in modo da fidelizzarli fin da giovani
reshared this
Informatica (Italy e non Italy), informapirata ⁂, el Celio 🇪🇺 🇺🇦 e deny reshared this.
el Celio 🇪🇺 🇺🇦
in reply to Luciano • • •beh, sì.
Informatica (Italy e non Italy) reshared this.
m3nhir
in reply to Luciano • • •reshared this
informapirata ⁂ reshared this.
deny
in reply to Luciano • • •@lucianoaruta @scuola
Concordo.
Sarebbe magnifico poter far pressione su questa cosa.
reshared this
Informatica (Italy e non Italy) e informapirata ⁂ reshared this.
Lorenzo Millucci
in reply to informapirata ⁂ • • •Informatica (Italy e non Italy) reshared this.
Buccia
in reply to Lorenzo Millucci • • •@lmillucci
IPOTIZZO che gli URL dei files caricati abbiano un percorso casuale impossibile da indovinare, ma accessibile senza autenticazione a chi lo conosce.
In questo caso evitare l'indicizzazione sarebbe solo harm reduction, andrebbero impiegati URL presigned di S3 come fa un competitor.
informapirata ⁂ reshared this.
Lorenzo Millucci
in reply to Buccia • • •Sicuramente una migliore formazione degli utenti (sia dal punto di vista informatico che della cultura della privacy) minimizzerebbe molti casi del genere a prescindere dall'esistenza di problemi tecnici delle piattaforme.