Renato Gabriele
@remagio.bsky.social
"If you have a garden and a library, you have everything you need." by Cicero.
https://www.journalismfestival.com/speaker/renato-gabriele
https://www.journalismfestival.com/speaker/renato-gabriele
Pinned
Reposted by Renato Gabriele
“To some extent, it moves stalking and harassment more easily from online to the real world, which is always the problem with wearables…”
Meta smart glasses pose a threat to women, campaigners say
Reports of covert filming have prompted privacy fears as experts are concerned that the devices would be altered to ‘nudify’ women without their consent
www.thetimes.com
January 2, 2026 at 11:07 PM
“To some extent, it moves stalking and harassment more easily from online to the real world, which is always the problem with wearables…”
Reposted by Renato Gabriele
If you are a resident of California, the state now has a portal where you can demand deletion of your personal data from 500+ registered data brokers with a single request form, for free.
consumer.drop.privacy.ca.gov
consumer.drop.privacy.ca.gov
consumer.drop.privacy.ca.gov
January 2, 2026 at 2:26 AM
If you are a resident of California, the state now has a portal where you can demand deletion of your personal data from 500+ registered data brokers with a single request form, for free.
consumer.drop.privacy.ca.gov
consumer.drop.privacy.ca.gov
Reposted by Renato Gabriele
#RaspberryPi display + battery case. This project utilizes the Adafruit DPI Display Kippah "hat-like" board to drive a 5" TFT display without the extra cost and baggage of an HDMI decoder! learn.adafruit.com/portable-kippah-pi #DIY #Electronics #3DPrinting #Adafruit youtube.com/watch?v=BPKfPo0GPXU
January 2, 2026 at 1:45 PM
#RaspberryPi display + battery case. This project utilizes the Adafruit DPI Display Kippah "hat-like" board to drive a 5" TFT display without the extra cost and baggage of an HDMI decoder! learn.adafruit.com/portable-kippah-pi #DIY #Electronics #3DPrinting #Adafruit youtube.com/watch?v=BPKfPo0GPXU
Reposted by Renato Gabriele
The fun thing about watching the movie 2001 in 2025 is you realize HAL is just an LLM and so *obviously* it’s going to murder its crewmembers every few flights due to malformed JSON.
January 2, 2026 at 1:27 AM
The fun thing about watching the movie 2001 in 2025 is you realize HAL is just an LLM and so *obviously* it’s going to murder its crewmembers every few flights due to malformed JSON.
Reposted by Renato Gabriele
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
You've been targeted by government spyware. Now what? | TechCrunch
Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO's Pegasus or Paragon's Graphite. What happens after re...
techcrunch.com
December 29, 2025 at 4:27 PM
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
Reposted by Renato Gabriele
NEW: Meet the folks at AccessNow's Digital Security Helpline, who have been investigating government spyware for more than a decade, helping journalists and dissidents all over the world.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
Meet the team that hunts government spyware
For years, Access Now’s Digital Security Helpline has been aiding journalists and dissidents who have been targeted with government spyware. This is how they operate.
techcrunch.com
December 27, 2025 at 6:52 PM
NEW: Meet the folks at AccessNow's Digital Security Helpline, who have been investigating government spyware for more than a decade, helping journalists and dissidents all over the world.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
Reposted by Renato Gabriele
💥💥💥💥💥 age v1.3.0 💥💥💥💥💥
Post-quantum keys, seeking DecryptReaderAt API, age-inspect CLI tool, built-in recipients compatible with hardware plugins, non-interactive passphrase input, Go framework for implementing plugins, and sooooo many improved errors.
Six years to the day after the first beta!
Post-quantum keys, seeking DecryptReaderAt API, age-inspect CLI tool, built-in recipients compatible with hardware plugins, non-interactive passphrase input, Go framework for implementing plugins, and sooooo many improved errors.
Six years to the day after the first beta!
age v1.3.0: post-quantum (and more)!
Exactly six years after the first age beta release, v1.3.0 brings post-quantum resistance to age, along with a couple long-requested features, built-in support for recipients compatible with hardwa...
github.com
December 27, 2025 at 10:44 PM
💥💥💥💥💥 age v1.3.0 💥💥💥💥💥
Post-quantum keys, seeking DecryptReaderAt API, age-inspect CLI tool, built-in recipients compatible with hardware plugins, non-interactive passphrase input, Go framework for implementing plugins, and sooooo many improved errors.
Six years to the day after the first beta!
Post-quantum keys, seeking DecryptReaderAt API, age-inspect CLI tool, built-in recipients compatible with hardware plugins, non-interactive passphrase input, Go framework for implementing plugins, and sooooo many improved errors.
Six years to the day after the first beta!
Reposted by Renato Gabriele
MIT Technology Review profiles @rondeibert.bsky.social, who understood that civil society needed digital defense long before just about anyone else and has been doing it ever since.
www.technologyreview.com/2025/12/24/1...
www.technologyreview.com/2025/12/24/1...
Meet the man hunting the spies in your smartphone
Ronald Deibert and his research group, the Citizen Lab, have rigorously worked to unveil alarming digital threats for the past two decades. Now, he warns, this kind of work is under threat.
www.technologyreview.com
December 24, 2025 at 9:44 PM
MIT Technology Review profiles @rondeibert.bsky.social, who understood that civil society needed digital defense long before just about anyone else and has been doing it ever since.
www.technologyreview.com/2025/12/24/1...
www.technologyreview.com/2025/12/24/1...
Reposted by Renato Gabriele
Moderation shouldn’t be set from the top down. What works for one community may not work for everyone.
@jay.bsky.team, CEO of @bsky.app, and @rabble.nz explain why moderation needs local & cultural context, as well as the disability rights slogan “nothing about us, without us.”
Full ep out now.
@jay.bsky.team, CEO of @bsky.app, and @rabble.nz explain why moderation needs local & cultural context, as well as the disability rights slogan “nothing about us, without us.”
Full ep out now.
December 23, 2025 at 8:08 PM
Moderation shouldn’t be set from the top down. What works for one community may not work for everyone.
@jay.bsky.team, CEO of @bsky.app, and @rabble.nz explain why moderation needs local & cultural context, as well as the disability rights slogan “nothing about us, without us.”
Full ep out now.
@jay.bsky.team, CEO of @bsky.app, and @rabble.nz explain why moderation needs local & cultural context, as well as the disability rights slogan “nothing about us, without us.”
Full ep out now.
Reposted by Renato Gabriele
When the 53-year-old tape was found, early last month, I wrote a story for the Register explaining its significance:
https://www.theregister.com/2025/11/07/unix_fourth_edition_tape_rediscovered/
https://www.theregister.com/2025/11/07/unix_fourth_edition_tape_rediscovered/
Unix V4: Only known copy may lurk on recently unearthed tape
: It might have the first-ever version of UNIX written in C
www.theregister.com
December 21, 2025 at 12:57 PM
When the 53-year-old tape was found, early last month, I wrote a story for the Register explaining its significance:
https://www.theregister.com/2025/11/07/unix_fourth_edition_tape_rediscovered/
https://www.theregister.com/2025/11/07/unix_fourth_edition_tape_rediscovered/
Reposted by Renato Gabriele
Woah
The atomic ensemble time scale at the NIST Boulder campus has failed.
December 21, 2025 at 12:55 AM
Woah
Reposted by Renato Gabriele
What can you do about an ISP outage—on Thanksgiving day? If you're Blacksmith, you use Tailscale Services to build an immediate, zero-config proxy for GitHub traffic, so it doesn't happen again: tailscale.com/blog/blacksm...
Building a transparent proxy around ISP routing failures with Tailscale Services
How Blacksmith built a secure load-balancing proxy with Tailscale Services
tailscale.com
December 18, 2025 at 3:38 PM
What can you do about an ISP outage—on Thanksgiving day? If you're Blacksmith, you use Tailscale Services to build an immediate, zero-config proxy for GitHub traffic, so it doesn't happen again: tailscale.com/blog/blacksm...
Reposted by Renato Gabriele
I'm running a TamaGo VM on Google Compute Engine. No CVEs to worry about other than Go ones, just own code and runtime, starts and reboots instantly.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
December 16, 2025 at 9:39 AM
I'm running a TamaGo VM on Google Compute Engine. No CVEs to worry about other than Go ones, just own code and runtime, starts and reboots instantly.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
Open with no-auth SSH. As a cybersecurity professional this would be unthinkable, but TamaGo brings tattack surface close to 0.
Reposted by Renato Gabriele
Serious question: if you get a threat notification from Apple, WhatsApp, Google...and you are not a journalist ot dissident so you can't go to Citizen Lab/Amnesty/AccessNow, where do you go?
Asking for an article, not for someone who's gotten that notification.
Asking for an article, not for someone who's gotten that notification.
December 10, 2025 at 5:27 PM
Serious question: if you get a threat notification from Apple, WhatsApp, Google...and you are not a journalist ot dissident so you can't go to Citizen Lab/Amnesty/AccessNow, where do you go?
Asking for an article, not for someone who's gotten that notification.
Asking for an article, not for someone who's gotten that notification.
Reposted by Renato Gabriele
It’s almost time for my @BSidesCapeTown talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it!
github.com/sensepost/pi...
github.com/sensepost/pi...
December 6, 2025 at 1:56 PM
It’s almost time for my @BSidesCapeTown talk, and I’ve just open sourced pipetap. My Windows named pipe proxy & multi-tool. Excited to see what you do with it!
github.com/sensepost/pi...
github.com/sensepost/pi...
Reposted by Renato Gabriele
Wherever there's spyware, there's always an Italian angle...
Interesting artefact in the uploaded JSKit code used by Intellexa from Google's Threat Intelligence Group.
"//TODO: va bene solo per ios 15 perchè l'exploit è uguale per tutte le version 15.0.x infatti se inferiore a 15.1 restituisce sempre 15.0" - some italian....
cloud.google.com/blog/topics/...
"//TODO: va bene solo per ios 15 perchè l'exploit è uguale per tutte le version 15.0.x infatti se inferiore a 15.1 restituisce sempre 15.0" - some italian....
cloud.google.com/blog/topics/...
Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.
cloud.google.com
December 4, 2025 at 9:30 PM
Wherever there's spyware, there's always an Italian angle...
Reposted by Renato Gabriele
I just found this little solar robot bug I made 20 years ago.
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
December 3, 2025 at 2:41 AM
I just found this little solar robot bug I made 20 years ago.
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
It captures many qualities:
- Art & Design Constraint
- electrical hacks, using components “the wrong way”
- extreme minimalism for max results
Also, something interesting changed while it sat for 20 years!
Let me explain…
(🧵)
Reposted by Renato Gabriele
Upgrading from #FreeBSD 14.3-RELEASE to 15.0-RELEASE?
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
December 2, 2025 at 2:12 PM
Upgrading from #FreeBSD 14.3-RELEASE to 15.0-RELEASE?
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Do not ignore the very important instructions in the release notes¹:
freebsd-update fetch
freebsd-update install
on 14.3-RELEASE _before_ upgrade or else² …
__
¹ www.freebsd.org/releases/15....
² bugs.freebsd.org/bugzilla/sho...
Reposted by Renato Gabriele
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
November 26, 2025 at 1:27 PM
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Reposted by Renato Gabriele
Make a Gravity defying NeoPixel Ring Lamp! Guide: learn.adafruit.com/neopixel-rin... youtu.be/p_5DRfurpYg #Adafruit #3DPrinting
November 23, 2025 at 12:37 PM
Make a Gravity defying NeoPixel Ring Lamp! Guide: learn.adafruit.com/neopixel-rin... youtu.be/p_5DRfurpYg #Adafruit #3DPrinting
Reposted by Renato Gabriele
Cybersecurity isn’t ready for the conversation about how bad sexism and ageism are in the whole pen test / red team community, or how influencer culture and the saturated market are enabling it to get worse. www.linkedin.com/pulse/tryhac...
TryHackMe's Advent of Cyber 2025: Zero Women Creators - A Critical Look at Representation in Cybersecurity Education
THE PROBLEM 18 creators. Zero women.
www.linkedin.com
November 22, 2025 at 4:33 AM
Cybersecurity isn’t ready for the conversation about how bad sexism and ageism are in the whole pen test / red team community, or how influencer culture and the saturated market are enabling it to get worse. www.linkedin.com/pulse/tryhac...
Reposted by Renato Gabriele
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch
Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.
techcrunch.com
November 21, 2025 at 7:11 PM
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
Reposted by Renato Gabriele
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 6:34 PM
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."