915 MHz Forecast: Rolling Your Own Offline Weather Station
There are a lot of options for local weather stations; most of them, however, are sensors tied to a base station, often requiring an internet connection to access all features. [Vinnie] over at vinthewrench has published his exploration into an off-grid weather station revolving around a Raspberry Pi and an RTL-SDR for communications.
The weather station has several aspects to it. The main sensor package [Vinnie] settled on was the Ecowitt WS90, capable of measuring wind speed, wind direction, temperature, humidity, light, UVI, and rain amount. The WS90 communicates at 915 MHz, which can be read using the rtl_433 project. The WS90
... mostra di più
915 MHz Forecast: Rolling Your Own Offline Weather Station
There are a lot of options for local weather stations; most of them, however, are sensors tied to a base station, often requiring an internet connection to access all features. [Vinnie] over at vinthewrench has published his exploration into an off-grid weather station revolving around a Raspberry Pi and an RTL-SDR for communications.
The weather station has several aspects to it. The main sensor package [Vinnie] settled on was the Ecowitt WS90, capable of measuring wind speed, wind direction, temperature, humidity, light, UVI, and rain amount. The WS90 communicates at 915 MHz, which can be read using the rtl_433 project. The WS90 is also available for purchase as a standalone sensor, allowing [Vinnie] to implement his own base station.
For the base station, [Vinnie] uses a weatherproof enclosure that houses a 12V battery with charger to act as a local UPS. This powers the brains of the operation: a Raspberry Pi. Hooked to the Pi is an RTL-SDR with a 915 MHz antenna. The Pi receives an update from the WS90 roughly every 5 seconds, which it can decode using the rtl_433 library. The Pi then turns that packet into structured JSON.
The JSON is fed into a weather model backend that handles keeping track of trends in the sensor data, as well as the health of the sensor station. The backend has an API that allows for a dashboard weather site for [Vinnie], no internet required.
Thanks, [Vinnie], for sending in your off-grid weather station project. Check out his site to read more about his process, and head over to the GitHub page to check out the technical details of his implementation. This is a great addition to some of the other DIY weather stations we’ve featured here.
3D printers are built for additive manufacturing. However, at heart, they are really just simple CNC motion platforms, and can be readily repurposed to other tasks. As [Arseniy] demonstrates, it’s not that hard to take a cheap 3D printer and turn it into a viable wood engraver.
The first attempt involved a simple experiment—heating the 3D printer nozzle, and moving it into contact with a piece of wood to see if it could successfully leave a mark. This worked well, producing results very similar to a cheap laser engraving machine. From there, [Arseniy] set about fixing the wood with some simple 3D-printed clamps so it wouldn’t move during more complex burning/engraving tasks. He also figured out a neat trick to simply calibrate the right Z height for wood burning by using the built i
... mostra di più
Cheap 3D Printer Becomes CNC Wood Engraver
3D printers are built for additive manufacturing. However, at heart, they are really just simple CNC motion platforms, and can be readily repurposed to other tasks. As [Arseniy] demonstrates, it’s not that hard to take a cheap 3D printer and turn it into a viable wood engraver.
The first attempt involved a simple experiment—heating the 3D printer nozzle, and moving it into contact with a piece of wood to see if it could successfully leave a mark. This worked well, producing results very similar to a cheap laser engraving machine. From there, [Arseniy] set about fixing the wood with some simple 3D-printed clamps so it wouldn’t move during more complex burning/engraving tasks. He also figured out a neat trick to simply calibrate the right Z height for wood burning by using the built in calibration routines. Further experiments involved developing a tool for creating quality G-Code for these engraving tasks, and even using the same techniques on leather with great success.
If you need to mark some patterns on wood and you already have a 3D printer, this could be a great way to go. [Arseniy] used it to great effect in the production of a plywood dance pad. We’ve featured some other great engraver builds over the years, too, including this innovative laser-based project. Video after the break.
This is a multipart series with five parts done and more to come. The PIC12F683 is an 8-pin flash-based, 8-bit microcontroller from Microchip. [Andrew] picked the PIC12F683 for decapsulation because back in 2011 it was the first microcontroller he broke read-protection on and he wanted to go back and revisit this chip, given particularly that his resources and skills had advanced in the intervening period.
The five videos are a tour de force. He begins by tak
... mostra di più
Decapsulating a PIC12F683 to Examine Its CMOS Implementation
This is a multipart series with five parts done and more to come. The PIC12F683 is an 8-pin flash-based, 8-bit microcontroller from Microchip. [Andrew] picked the PIC12F683 for decapsulation because back in 2011 it was the first microcontroller he broke read-protection on and he wanted to go back and revisit this chip, given particularly that his resources and skills had advanced in the intervening period.
The five videos are a tour de force. He begins by taking a package cross section, then decapsulating and delayering. He collects high-resolution photos as he goes along. In the process, he takes some time to explain the dangers of working with acid and the risk mitigations he has in place. Then he does what he calls a “floorplan analysis” which takes stock of the entire chip before taking a close look at the SRAM implementation.
Un bambino, una mutazione, un algoritmo: così l’AI ha sconfitto una malattia mortale
Solo un anno fa, i medici non potevano dire con certezza se KJ Muldoon sarebbe sopravvissuto al suo primo anno di vita. Oggi sta muovendo i primi passi a casa, con la sua famiglia al suo fianco.
Questa svolta è stata resa possibile da una soluzione medica che fino a poco tempo fa era solo teorica: la terapia genica personalizzata basata sulla tecnologia CRISPR, sviluppata specificamente per ogni paziente.
E tutto quanto si basa su modelli di intelligenza artificiale che consentono di effettuare quello che si chiama “Editing Genetico”.
Editing Genetico Personalizzato. L’AI che ci piace
Prima di parlare di questa storia, vogliamo spiegare cos’è il CRISPR, acronimo di Clust
... mostra di più
Un bambino, una mutazione, un algoritmo: così l’AI ha sconfitto una malattia mortale
Solo un anno fa, i medici non potevano dire con certezza se KJ Muldoon sarebbe sopravvissuto al suo primo anno di vita. Oggi sta muovendo i primi passi a casa, con la sua famiglia al suo fianco.
Questa svolta è stata resa possibile da una soluzione medica che fino a poco tempo fa era solo teorica: la terapia genica personalizzata basata sulla tecnologia CRISPR, sviluppata specificamente per ogni paziente.
E tutto quanto si basa su modelli di intelligenza artificiale che consentono di effettuare quello che si chiama “Editing Genetico”.
Editing Genetico Personalizzato. L’AI che ci piace
Prima di parlare di questa storia, vogliamo spiegare cos’è il CRISPR, acronimo di Clustered Regularly Interspaced Short Palindromic Repeats: una tecnologia di editing genetico derivata da un meccanismo di difesa naturale dei batteri contro i virus. In pratica, CRISPR funziona come un sistema di taglio e correzione del DNA: una proteina (come Cas9) viene guidata verso un punto preciso del genoma, dove può tagliare una sequenza difettosa e permettere alla cellula di ripararla o sostituirla con una versione corretta. Questo approccio consente di intervenire direttamente sulla causa genetica di una malattia, rendendo possibile una medicina di precisione che non si limita a curare i sintomi, ma modifica l’origine stessa del problema.
L’intelligenza artificiale è uno degli elementi chiave che rende possibile l’editing genetico personalizzato. Prima ancora che CRISPR venga utilizzato, l’AI analizza enormi quantità di dati genomici per identificare con precisione la mutazione responsabile della malattia, distinguendo gli errori critici da variazioni genetiche innocue. In tempi estremamente ridotti, gli algoritmi confrontano il DNA del paziente con database globali, simulano gli effetti delle modifiche e aiutano a progettare le sequenze guida di CRISPR più efficaci, riducendo al minimo il rischio di interventi fuori bersaglio. Senza questo livello di analisi automatizzata, una terapia costruita su misura per un singolo bambino sarebbe semplicemente impraticabile.
Il contributo dell’AI non si ferma alla progettazione della terapia. I modelli predittivi vengono utilizzati per stimare la sicurezza dell’intervento, definire il dosaggio più appropriato e prevedere come l’organismo potrebbe reagire nel tempo. Dopo il trattamento, l’AI supporta il monitoraggio clinico continuo, aiutando i medici a interpretare i dati biologici e a individuare precocemente eventuali segnali di rischio. In questo contesto, l’intelligenza artificiale non sostituisce i medici, ma diventa uno strumento decisivo per trasformare una cura sperimentale in una reale possibilità di vita.
L’Editing genetico e la malattia di KJ
All’inizio dell’anno, i medici del Children’s Hospital di Philadelphia hanno somministrato un trattamento che all’epoca non aveva equivalenti clinici. Hanno creato un editing genomico personalizzato per KJ, mirato a una rara malattia metabolica congenita. Tali disturbi derivano da difetti nei geni responsabili di processi biochimici chiave. Nei neonati, spesso portano a gravi complicazioni e, in alcuni casi, sono fatali nei primi mesi di vita.
KJ è stata la prima persona a ricevere una terapia genica progettata non per un gruppo di pazienti, ma per una mutazione specifica in un singolo bambino. Prima del trattamento, la sua vita veniva trascorsa quasi interamente nei reparti ospedalieri, sotto costante osservazione e monitoraggio 24 ore su 24. Dopo l’intervento, le condizioni del bambino si sono stabilizzate al punto che i medici sono stati in grado di interrompere gradualmente il monitoraggio continuo e prepararlo alle dimissioni.
KJ ha trascorso i primi dieci mesi di vita in ospedale. Solo a giugno è tornato a casa per la prima volta. Da quel momento in poi, il suo sviluppo ha preso una direzione che in precedenza sembrava improbabile. Ha iniziato ad aumentare di peso, ad acquisire competenze appropriate all’età e a raggiungere gradualmente traguardi precoci dello sviluppo che in precedenza erano rimasti incerti.
I cambiamenti non si sono limitati alle condizioni mediche. Per la famiglia, questo ha significato un ritorno a una vita quotidiana che prima potevano solo sognare. Ad agosto, KJ ha festeggiato il suo primo compleanno fuori dall’ospedale, in netto contrasto con l’anno precedente, quando ogni giorno trascorreva sotto la supervisione di medici e attrezzature. Ora sta imparando a camminare, continuando ad acquisire nuove competenze e si avvicina il suo primo Natale a casa. Un anno fa, quella festa si è svolta in una stanza d’ospedale.
Una vita salvata e un futuro promettente per la medicina
I medici sottolineano che l’obiettivo della terapia andava ben oltre la sopravvivenza. Non si trattava solo di stabilizzare le condizioni del bambino, ma anche di dargli la possibilità di vivere un’infanzia senza la costante dipendenza da procedure e apparecchiature mediche.
Il lavoro su questo approccio non si è fermato a un solo caso. Il Programma di Terapia Genica per le Malattie Metaboliche Ereditarie presso il Children’s Hospital di Philadelphia è guidato da Rebecca Ahrens-Niklas. Continua a collaborare con Kiran Musunuru dell’Università della Pennsylvania. Insieme, stanno lavorando per adattare il metodo utilizzato nel caso di KJ ad altri bambini con diagnosi simili.
Il programma si concentra sui difetti congeniti del metabolismo, un gruppo di malattie in cui difetti genetici interrompono il funzionamento di vie chimiche vitali nell’organismo. Per molte di queste patologie non esiste un trattamento efficace e la cura è limitata alla gestione per tutta la vita. I ricercatori stanno studiando, in particolare, i disturbi del ciclo dell’urea, le acidemie organiche e i disturbi dell’ossidazione degli acidi grassi. Ognuna di queste condizioni ha le sue caratteristiche genetiche e biochimiche, quindi non esiste una soluzione unica per tutti.
L’esperienza di trattamento di KJ è servita da punto di partenza per i team di ricerca. La sua risposta alla terapia ha fornito dati importanti sul dosaggio, sulla sicurezza dell’intervento e sulla necessità di un monitoraggio a lungo termine. Queste informazioni sono già utilizzate per sviluppare futuri programmi di trattamento individualizzati.
Regolamentazione delle AI e dei trattamenti personalizzati
Il caso di KJ ha sollevato anche una questione più ampia: come regolamentare i trattamenti progettati per un singolo paziente. Tali interventi non rientrano nei tipici percorsi di approvazione dei farmaci, che si basano su studi clinici su larga scala. In questo caso, la terapia è stata sviluppata, testata e implementata in tempi brevi, sulla base di una situazione medica unica.
Per le famiglie affette da malattie metaboliche rare , la storia di KJ è diventata una cauta fonte di speranza. Dimostra che gli sforzi coordinati tra medici, scienziati e autorità di regolamentazione possono cambiare i risultati anche in casi in cui in precedenza non esistevano soluzioni.
NEW: Researchers say hundreds of Cisco customers are vulnerable to the newly revealed Chinese government-backed hacking campaign.
It appears the attacks right now “are targeted,” according to Shadowserver’s chief executive Piotr Kijewski. Censys for now only sees 220 exposed systems.
Cisco warned that Chinese government hackers are exploiting a zero-day in some of its products. Researchers now say there are hundreds of vulnerable Cisco customers.
Hackaday Podcast Episode 350: Damnation for Spreadsheets, Praise for Haiku, and Admiration for the Hacks In Between
This week’s Hackaday Podcast sees Elliot Williams joined by Jenny List for an all-European take on the week, and have we got some hacks for you!
In the news this week is NASA’s Maven Mars Orbiter, which may sadly have been lost. A sad day for study of the red planet, but at the same time a chance to look back at what has been a long and successful mission.
In the hacks of the week, we have a lo-fi camera, a very refined Commodore 64 laptop, and a MIDI slapophone to entertain you, as well as taking a detailed look at neutrino detectors. Then CYMK printing with laser cut stencils draws our attention, as well as the arrival of stable GPIB support for Linux. Finally both staffers let loose; Elliot with an epic rant about spreadsheets, and Jenny enthusiastically describing the Haiku operating system.
Check o
... mostra di più
Hackaday Podcast Episode 350: Damnation for Spreadsheets, Praise for Haiku, and Admiration for the Hacks In Between
This week’s Hackaday Podcast sees Elliot Williams joined by Jenny List for an all-European take on the week, and have we got some hacks for you!
In the news this week is NASA’s Maven Mars Orbiter, which may sadly have been lost. A sad day for study of the red planet, but at the same time a chance to look back at what has been a long and successful mission.
In the hacks of the week, we have a lo-fi camera, a very refined Commodore 64 laptop, and a MIDI slapophone to entertain you, as well as taking a detailed look at neutrino detectors. Then CYMK printing with laser cut stencils draws our attention, as well as the arrival of stable GPIB support for Linux. Finally both staffers let loose; Elliot with an epic rant about spreadsheets, and Jenny enthusiastically describing the Haiku operating system.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
The Kodak Charmera is a tiny keychain camera produced by licencing out the name of the famous film manufacturer, and it’s the current must-have cool trinket among photo nerds. Inside is a tiny sensor and a fixed-focus M7 lens, and unlike many toy cameras it has better quality than its tiny package might lead you to expect. There will always be those who wish to push the envelope though, and [微攝 Macrodeon] is here to fit a lens mount for full-size lenses (Chinese language, subtitle translation available).
The hack involves cracking the camera open and separating the lens mount from the sensor. This is something we’re familiar with from other cameras, and it’s a fiddly process which requires a lot of care. A C-mount is then glued to the front, from which all manner of othe
... mostra di più
Attach a Full Size Lens to a Tiny Camera
The Kodak Charmera is a tiny keychain camera produced by licencing out the name of the famous film manufacturer, and it’s the current must-have cool trinket among photo nerds. Inside is a tiny sensor and a fixed-focus M7 lens, and unlike many toy cameras it has better quality than its tiny package might lead you to expect. There will always be those who wish to push the envelope though, and [微攝 Macrodeon] is here to fit a lens mount for full-size lenses (Chinese language, subtitle translation available).
The hack involves cracking the camera open and separating the lens mount from the sensor. This is something we’re familiar with from other cameras, and it’s a fiddly process which requires a lot of care. A C-mount is then glued to the front, from which all manner of other lenses can be attached using a range of adapters. The focus requires a bit of effort to set up and we’re guessing that every lens becomes extreme telephoto due to the tiny sensor, but we’re sure hours of fun could be had.
Amigos de Mastodon, se va terminando esta jornada de Viernes, por tanto llega el instante adecuado para descansar. Ojalá cada uno de ustedes hayan aprovechado de la mejor forma esta jornada. Saludos.🤗🤗🤗🤗
Surplus Industrial Robot Becomes two-ton 3D Printer
As the saying goes — when life gives you lemons, you make lemonade. When life gives you a two-ton surplus industrial robot arm, if you’re [Brian Brocken], you apparently make a massive 3D printer.
The arm in question is an ABB IRB6400, a serious machine that can sling 100 to 200 kilograms depending on configuration. Compared to that, the beefiest 3D printhead is effectively weightless, and the Creality Sprite unit he’s using isn’t all that beefy. Getting the new hardware attached uses (ironically) a 3D printed mount, which is an easy enough hack. The hard work, as you might imagine, is in software.
As it turns out, there’s no profile in Klipper for this bad boy. It’s 26-year-old contr
... mostra di più
Surplus Industrial Robot Becomes two-ton 3D Printer
As the saying goes — when life gives you lemons, you make lemonade. When life gives you a two-ton surplus industrial robot arm, if you’re [Brian Brocken], you apparently make a massive 3D printer.
The arm in question is an ABB IRB6400, a serious machine that can sling 100 to 200 kilograms depending on configuration. Compared to that, the beefiest 3D printhead is effectively weightless, and the Creality Sprite unit he’s using isn’t all that beefy. Getting the new hardware attached uses (ironically) a 3D printed mount, which is an easy enough hack. The hard work, as you might imagine, is in software.
As it turns out, there’s no profile in Klipper for this bad boy. It’s 26-year-old controller doesn’t even speak G-code, requiring [Brian] to feed the arm controller the “ABB RAPID” dialect it expects line-by-line, while simultaneously feeding G-code to the RAMPS board controlling the extruder. If you happen to have the same arm, he’s selling the software that does this. Getting that synchronized reliably was the biggest challenge [Brian] faced. Unfortunately that means things are slowed down compared to what the arm would otherwise be able to do, with a lot of stop-and-start on complex models, which compromises print quality. Check the build page above for more pictures, or the video embedded below.
[Brian] hopes to fix that by making better use of the ABB arm’s controller, since it does have enough memory for a small buffer, if not a full print. Still, even if it’s rough right now, it does print, which is not something the engineers at ABB probably ever planned for back before Y2K. [Brian]’s last use of the arm, carving a DeLorean out of styrofoam, might be closer to the original design brief.
As one might expect, it all starts with a Server Side Request Forgery (SSRF). That’s a flaw where sending traffic to a server can manipulate something on the server side to send a request somewhere else. The trick here is that a webhook worker can be primed to po
... mostra di più
This Week in Security: PostHog, Project Zero Refresh, and Thanks For All the Fish
As one might expect, it all starts with a Server Side Request Forgery (SSRF). That’s a flaw where sending traffic to a server can manipulate something on the server side to send a request somewhere else. The trick here is that a webhook worker can be primed to point at localhost by sending a request directly to a system API.
One of the systems that powers a PostHog install is the Clickhouse database server. This project had a problem in how it sanitized SQL requests, namely attempting to escape a single quote via a backslash symbol. In many SQL servers, a backslash would properly escape a single quote, but Clickhouse and other Postgresql servers don’t support that, and treat a backslash as a regular character. And with this, a read-only SQL API is vulnerable to SQL injection.
These vulnerabilities together just allow for injecting an SQL string to create and run a shell command from within the database, giving an RCE and remote shell. The vulnerabilities were reported through ZDI, and things were fixed earlier this year.
FreePBX
Speaking of SQL injections, FreePBX recently fixed a handful of SQL injections and an authentication bypass, and researchers at horizon3.ai have the scoop. None of these particular issues are vulnerable without either questionable configuration changes, or access to a valid PHP session ID token. The weakness here seems to be a very similar single quote injection.
Another fun SQL injection in FreePBX requires the authorization type swapped to webserver. But with that setting in place, an injected authentication header with only a valid user name is enough to pull off an SQL injection. The attack chosen for demonstration was to add a new user to the users table. This same authentication header spoof can be used to upload arbitrary files to the system, leading to an easy webshell.
Google Project Zero’s Refresh
We’ve often covered Google’s Project Zero on this column, as their work is usually quite impressive. As their blog now points out, the homepage design left something to be desired. That’s changed now, with a sleek and modern new look! And no, that’s not actually newsworthy here; stop typing those angry comments. The real news is the trio of new posts that came with the refresh.
The most recent is coverage of a VirtualBox VM excape via the NAT network driver. It’s covering a 2017 vulnerability, so not precisely still relevant, but still worth a look. The key here is a bit of code that changes the length of the data structure based on the length of the IP header. Memory manipulation from an untrusted value. The key to exploitation is to manipulate memory to control some of the memory where packets are stored. Then use IP fragmentation packets to interleave that malicious data together and trigger the memory management flaw.
The second post is on Windows exploitation through race conditions and path lookups. This one isn’t an exploit, but an examination of techniques that you could use to slow the Windows kernel down, when doing a path lookup, to exploit a race condition. The winner seems to be a combination of nested directories, with shadow directories and symbolic links. This combination can cost the kernel a whopping three minutes just to parse a path. Probably enough time.
The third entry is on an image-based malware campaign against Samsung Android phones. Malicious DNG files get processed by the Quram image processing library on Samsung devices. DNG images are a non-proprietary replacement for .raw image files, and the DNG format even includes features like embedding lens correction code right in the file format. This correction code is in the form of opcodes, that are handled very much like a script or small program on the host device. The Quram library didn’t handle those programs safely, allowing them to write outside of the allocated memory for the image.
Bits and Bytes
The E-note domain and servers have been seized by law enforcement. It’s believed that $70 million worth of ransomware and cryptocurrency theft has passed through this exchange service, as part of a money laundering operation. A Russian national has been named as the man behind the service, and an indictment has been made, but it seems that no actual arrests have been made.
And lastly, on a personal note: Thank you to all the readers of this column over the last six years, and to the Hackaday editors for making it happen. I’ve found myself in the position of having four active careers at once, and with the birth of my son in November, I have four children as well. Something has to give, and it’s not going to be any of the kids, so it’s time for me to move on from a couple of those careers. This Week in Security has been a blast, ever since the first installment back in May of 2019. With any luck, another writer will pick up the mantle early next year. (Editor’s note: We’re working on it, but we’ll miss you!)
Vulnerabilità critica in FreeBSD: eseguibile codice arbitrario via IPv6
Una nuova vulnerabilità nei componenti FreeBSD responsabili della configurazione IPv6 consente l’esecuzione remota di codice arbitrario su un dispositivo situato sulla stessa rete locale dell’aggressore. Il problema riguarda tutte le versioni supportate del sistema operativo e richiede un’azione immediata per proteggere i dispositivi.
È stata scoperta una vulnerabilità nelle utility “rtsold” e “rtsol“, utilizzate per elaborare i messaggi pubblicitari del router come parte del meccanismo di configurazione automatica degli indirizzi IPv6. È stato scoperto che questi programmi non convalidano il parametro del suffisso di dominio passato in tali messaggi, inviandolo di
... mostra di più
Vulnerabilità critica in FreeBSD: eseguibile codice arbitrario via IPv6
Una nuova vulnerabilità nei componenti FreeBSD responsabili della configurazione IPv6 consente l’esecuzione remota di codice arbitrario su un dispositivo situato sulla stessa rete locale dell’aggressore. Il problema riguarda tutte le versioni supportate del sistema operativo e richiede un’azione immediata per proteggere i dispositivi.
È stata scoperta una vulnerabilità nelle utility “rtsold” e “rtsol“, utilizzate per elaborare i messaggi pubblicitari del router come parte del meccanismo di configurazione automatica degli indirizzi IPv6. È stato scoperto che questi programmi non convalidano il parametro del suffisso di dominio passato in tali messaggi, inviandolo direttamente all’utility “resolvconf“, responsabile dell’aggiornamento della configurazione DNS.
Tuttavia, “resolvconf” è scritto come uno script shell e non filtra i dati in arrivo. L’assenza di escape implica che qualsiasi codice dannoso passato tramite il parametro domain list può essere eseguito sul sistema. Pertanto, un aggressore sulla stessa subnet può eseguire comandi sul dispositivo di destinazione senza richiedere privilegi di amministratore o interazioni precedenti.
Secondo gli sviluppatori di FreeBSD , il problema è limitato alle reti locali, poiché gli annunci del router non vengono instradati e non possono attraversare i confini dei segmenti di rete. Tuttavia, riguarda tutti i sistemi che utilizzano l’autoconfigurazione IPv6, in particolare le interfacce con il flag “ACCEPT_RTADV” abilitato, verificabile tramite “ifconfig“.
Per gli utenti che non utilizzano IPv6, non vi è alcun rischio. In caso contrario, si consiglia di aggiornare urgentemente il sistema all’ultima versione.
Gli aggiornamenti sono ora disponibili per tutte le branch di FreeBSD supportate, incluse le versioni 15.0, 14.3 e 13.5. L’aggiornamento è possibile sia tramite il meccanismo di patching binario integrato sia applicando modifiche al codice sorgente.
L’identificatore della vulnerabilità registrata è CVE-2025-14558. Le correzioni sono state pubblicate il 16 dicembre 2025 e sono incluse nei rami stabile e di rilascio di FreeBSD.
Cybersicurezza, senza cultura digitale l’Italia preda dei pirati” Rubrica Pillole di Eta Beta andata in onda su Rai Radio 1 alle 11.45, con ospite Arturo Di Corinto, consigliere dell’Agenzia per la cybersicurezza nazionale
The German railway tracks are overcrowded, fast trains and regional trains share the same tracks, so every small problem stacks up. At the same time there is a maintenance and personell problem. Investments hadn't been done in the necessary amount for a long time.
Since October the Deutsche Bahn now has got a new CEO, Evelyn Palla. She wants to change a lot. For example she wants to half the size of the top management, she is also the only board member who has got a train driver's licence.
@Politica interna, europea e internazionale Dal 23 al 25 gennaio il Palazzo Ducale di Genova ospiterà “Democrazia alla prova”, una tre giorni di dibattiti organizzata dal Forum Disuguaglianze e Diversità e dal Palazzo Ducale e curata in particolare dall’ex ministro Fabrizio Barca (co-coordinatore
Proviamo anche NodeBB. Anzi, proviamole tutte. Ogni strumento è un ponte possibile, ogni tentativo è un passo in più per far sedere gli admin delle istanze italiane allo stesso tavolo — non per “vincere” una discussione, ma per costruire collaborazione.
Proviamo anche NodeBB. Anzi, proviamole tutte. Ogni strumento è un ponte possibile, ogni tentativo è un passo in più per far sedere gli admin delle istanze italiane allo stesso tavolo — non per “vincere” una discussione, ma per costruire collaborazione. Perché ricordiamocelo, il vero problema non siamo noi. Non è “tra di noi” che si gioca la partita. Il fastidio lo diamo altrove, a quei social commerciali che prosperano su rumore, dipendenza e recinti dorati. E se gli diamo fastidio… significa che stiamo facendo qualcosa di giusto. 😄 Quindi basta con le zavorre, lasciamo dietro il passato. Mettiamo davanti l’unica cosa che conta, il futuro. E già che ci siamo… facciamolo esistere. Perché sì, se ne avremo uno, dipende anche da quanto siamo capaci di parlarci, coordinarci, e remare nella stessa direzione.
follow #hashtags, using #Channels; or a better way?
@Friendica Support hello, i would like some help please to understand how to solve my confusion about the "right" way to follow #hashtags, using #Channels ... or otherwise some better way.
i follow a large number of hashtags [as a glance at my profile would attest]. afaict / afaik, fediverse posts bearing these tags appear [or are supposed to] in my "Network" timeline [with "Everybody" Circle & "Latest posts" Channel selected].
of my many tags, possibly my most "important" ones are #AusPol, #FOSS, & #Linux. in order to be able to efficiently locate all posts with these tags each day, rather than have to meticulously scroll down the full "
... mostra di più
@Friendica Support hello, i would like some help please to understand how to solve my confusion about the "right" way to follow #hashtags, using #Channels ... or otherwise some better way.
i follow a large number of hashtags [as a glance at my profile would attest]. afaict / afaik, fediverse posts bearing these tags appear [or are supposed to] in my "Network" timeline [with "Everybody" Circle & "Latest posts" Channel selected].
of my many tags, possibly my most "important" ones are #AusPol, #FOSS, & #Linux. in order to be able to efficiently locate all posts with these tags each day, rather than have to meticulously scroll down the full "Network" timeline [which is dissipated via also having all the other tags, & all my Followed accounts' posts], in Settings i created three dedicated Channels [one for each of those tags, ofc]. then i added each of those custom Channels to my Timelines, in Display Settings.
however, the result is just hopeless; really disappointing & frustrating. over recent years i have had several Friendica accounts, ie, at several instances, & doing the above has never worked properly in any of them, not only my current instance.
using the AusPol Channel for example, as it is the worst by far, every time i check it, its most recent post is several hours old, & often as bad as 12 - 18 hours old, with numerous other posts entirely missing.
i say "missing" because otoh, reviewing my Saved Search for #AusPol shows all these other posts, which therefore also appear, buried, in my full "Network" timeline.
over the months & years in exasperation, i have revisited the dedicated Channels in Settings, & for the Circle/Channel field have tried each of Latest posts, Latest Creation, Global community, & Latest activity, but none of them has solved the problem [indeed, a few make it even worse!].
please, what am i doing wrong? what aspect of Friendica's Settings have i been consistently misunderstanding / misusing, that causes this disappointment?
Fuoriposto, Giarre, Piazza Mazzini, 15, venerdì 26 dicembre alle ore 21:00 CET
𝐕𝐄𝐍𝐄𝐑𝐃Ì 𝟐𝟔 𝐃𝐈𝐂𝐄𝐌𝐁𝐑𝐄 • 𝐃𝐀𝐋𝐋𝐄 𝟐𝟏:𝟎𝟎
Emanuele Piazza, aka 𝗠𝗿. 𝗦𝗾𝘂𝗲𝗿𝗲, è un instancabile sperimentatore: DJ, fonico, musicista elettronico (Panda49) e, soprattutto, un fratello p
Emanuele Piazza, aka 𝗠𝗿. 𝗦𝗾𝘂𝗲𝗿𝗲, è un instancabile sperimentatore: DJ, fonico, musicista elettronico (Panda49) e, soprattutto, un fratello per Fuoriposto.Presenza costante e generosa della scena catanese, metterà a disposizione la sua strumentazione per dare a chiunque la possibilità di far girare i propri vinili più disparati.
Quindi bando alla pigrizia: iniziate a rovistare nei meandri delle vostre dimore 𝗮𝗹𝗹𝗮 𝗿𝗶𝗰𝗲𝗿𝗰𝗮 𝗱𝗶 𝘃𝗶𝗻𝗶𝗹𝗶.
𝗦𝗰𝗲𝗴𝗹𝗶 𝘂𝗻 𝗱𝗶𝘀𝗰𝗼, lo metti in consolle e fai partire la musica: se non l’hai mai fatto, ti spieghiamo come.
𝐏𝐨𝐜𝐡𝐞 𝐫𝐞𝐠𝐨𝐥𝐞:
niente liquidi vicino a consolle e vinili, spazio a tutti per suonare.
📍Giarre, Piazza Mazzini, 15
(di fronte la stazione FS)
👉 𝗜𝗻𝗴𝗿𝗲𝘀𝘀𝗼 𝗿𝗶𝘀𝗲𝗿𝘃𝗮𝘁𝗼 𝗮𝗶 𝘀𝗼𝗰𝗶 𝗔𝗿𝗰𝗶.
(Se non hai ancora la tessera, puoi farla direttamente in sede: costa 8€, vale fino a settembre 2026 ed è valida in tutti i circoli Arci d’Italia.)
Scoperta vulnerabilità critica in FreeBSD che consente esecuzione remota di codice arbitrario tramite IPv6. Aggiornamenti disponibili per tutte le versioni supportate.
@Informatica (Italy e non Italy 😁) Gli LLM hanno l'effetto di accelerare il ciclo di vita del ransomware, ma senza trasformarlo in maniera radicale. Ecco i tre cambiamenti strutturali che si stanno verificando in parallelo L'articolo LLM e ransomware: la minaccia cambia marcia, ma senza
Apple was very smart to send Ivan Krstić, who's been fighting spyware and exploit makers for years now, to Hexacon, a conference attended by a lot of spyware and exploit makers.
We apply a transparency log to a centralized keyserver step-by-step, in less than 500 lines, with privacy protections, anti-poisoning, and witness cosigning.
Hypolite Petovan
in reply to The Human Capybara • • •Michael 🇺🇦
in reply to Hypolite Petovan • • •The German railway tracks are overcrowded, fast trains and regional trains share the same tracks, so every small problem stacks up. At the same time there is a maintenance and personell problem. Investments hadn't been done in the necessary amount for a long time.
Since October the Deutsche Bahn now has got a new CEO, Evelyn Palla. She wants to change a lot. For example she wants to half the size of the top management, she is also the only board member who has got a train driver's licence.