Gli sviluppatori di Veeam hanno rilasciato delle patch che risolvono diverse falle in Veeam Backup & Replication (VBR), tra cui una vulnerabilità critica legata all’esecuzione di codice remoto (RCE). Il problema, a cui è stato assegnato l’identificatore CVE-2025-23121 (9,9 punti sulla scala CVSS), è stato scoperto dagli esperti di watchTowr e CodeWhite e sembrerebbe che la vulnerabilità riguardi solo le installazioni aggiunte a un dominio.

Come spiegato da Veeam in un bollettino di sicurezza, la vulnerabilità potrebbe essere sfruttata dagli utenti autenticati del dominio per eseguire codice da remoto sul server di backup. Il bug riguarda Veeam Backup & Replication versione 12 e successive ed è stato risolto nella versione 12.3.2.3617. Sebbene CVE-2025-23121 riguardi solo le installazioni VBR aggiunte a un dominio, può essere sfruttato da qualsiasi utente di dominio, facilitandone l’abuso in tali casi.

Si è notato che molte aziende collegano i propri server di backup a un dominio Windows, ignorando le raccomandazioni di Veeam, nonostante l’azienda insista sempre nell’utilizzare una foresta di Active Directory separata e nel proteggere gli account amministrativi con l’autenticazione a due fattori.

È opportuno notare che a marzo 2025 gli specialisti di watchTowr Labs avevano già scoperto una vulnerabilità simile (CVE-2025-23120), che rappresentava un problema di deserializzazione nelle classi .NET Veeam.Backup.EsxManager.xmlFrameworkDs e Veeam.Backup.Core.BackupSummary.

Questa vulnerabilità, come altri bug precedenti, era correlata a BinaryFormatter, un componente legacy che, secondo Microsoft, non è affidabile per la deserializzazione dei dati e non può essere protetto in alcun modo. In altre parole, l’applicazione non gestiva correttamente i dati serializzati, il che consentiva l’introduzione di oggetti e gadget dannosi in grado di eseguire codice pericoloso.

La radice del nuovo problema CVE-2025-23121 risiede probabilmente nella stessa area. Pertanto, a marzo, lo specialista di watchTowr Anton Gostev ha scritto che finché BinaryFormatter non verrà rimosso da VBR, tali problemi di sicurezza si ripresenteranno inevitabilmente.

Si consiglia ora alle aziende che utilizzano Veeam Backup & Replication di eseguire l’aggiornamento alla versione 12.3.2.3617 il prima possibile.

L'articolo Allarme sicurezza Veeam! falla critica consente RCE sui server di backup proviene da il blog della sicurezza informatica.

Where’s the best place for a datacenter? It’s an increasing problem as the AI buildup continues seemingly without pause. It’s not just a problem of NIMBYism; earthly power grids are having trouble coping, to say nothing of the demand for cooling water. Regulators and environmental groups alike are raising alarms about the impact that powering and cooling these massive AI datacenters will have on our planet.

While Sam Altman fantasizes about fusion power, one obvious response to those who say “think about the planet!” is to ask, “Well, what if we don’t put them on the planet?” Just as Gerald O’Niell asked over 50 years ago when our technology was merely industrial, the question remains:

“Is the surface of a planet really the right place for expanding technological civilization?”

O’Neill’s answer was a resounding “No.” The answer has not changed, even though our technology has. Generative AI is the latest and greatest technology on offer, but it turns out it may be the first one to make the productive jump to Earth Orbit. Indeed, it already has, but more on that later, because you’re probably scoffing at such a pie-in-the-sky idea.

There are three things needed for a datacenter: power, cooling, and connectivity. The people at companies like Starcloud, Inc, formally Lumen Orbit, make a good, solid case that all of these can be more easily met in orbit– one that includes hard numbers.

Sure, there’s also more radiation on orbit than here on earth, but our electronics turn out to be a lot more resilient than was once thought, as all the cell-phone cubesats have proven. Starcloud budgets only 1 kg of sheilding per kW of compute power in their whitepaper, as an example. If we can provide power, cooling, and connectivity, the radiation environment won’t be a showstopper.

Power

There’s a great big honkin’ fusion reactor already available for anyone to use to power their GPUs: the sun. Of course on Earth we have tricky things like weather, and the planet has an annoying habit of occluding the sun for half the day but there are no clouds in LEO. Depending on your choice of orbit, you do have that annoying 45 minutes of darkness– but a battery to run things for 45 minutes is not a big UPS, by professional standards. Besides, the sun-synchronous orbits are right there, just waiting for us to soak up that delicious, non-stop solar power.
Sun Synchronous Orbit, because nights are for squats. Image by Brandir via Wikimedia.
Sun-synchronous orbits (SSOs) are polar orbits that precess around the Earth once every sidereal year, so that they always maintain the same angle to the sun. For example, you might have an SSO that crosses the equator 12 times a day, each time at local 15:00, or 10:43, any other time set by the orbital parameters. With SSOs, you don’t have to worry about ever losing solar power to some silly, primitive, planet-bound concept like nighttime.

Without the atmosphere in the way, solar panels are also considerably more effective per unit area, something the Space Solar Power people have been pointing out since O’Neill’s day. The problem with Space Solar Power has always been the efficiencies and regulatory hurdles of beaming the power back to Earth– but if you use the power to train an AI model, and send the data down, that’s no longer an issue. Given that the 120 kW array on ISS has been trouble-free for decades now, we can consider it a solved problem. Sure, solar panels degrade, but the rate is in fractions of a percent per year, and it happens on Earth too. By the time solar panel replacement is likely to be the rest of the hardware is likely to be totally obsolete.

Cooling

This is where skepticism creeps in. After all, cooling is the greatest challenge with high performance computing hardware here on earth, and heat rejection is the great constraint of space operations. The “icy blackness of space” you see in popular culture is as realistic as warp drive; space is a thermos, and shedding heat is no trivial issue. It is also, from an engineering perspective, not a complex issue. We’ve been cooling spacecraft and satellites using radiators to shed heat via infrared emission for decades now. It’s pretty easy to calculate that if you have X watts of heat to reject at Y degrees, you will need a radiator of area Z. The Stephan-Boltzmann Law isn’t exactly rocket science.
Photons go out, liquid cools down. It might be rocket science, but it’s a fairly mature technology. (Image: EEATCS radiator deployment during ISS Flight 5A, NASA)
Even better, unlike on Earth where you have changeable things like seasons and heat waves, in a SSO you need only account for throttling– and if your data center is profitable, you won’t be doing much of that. So while you need a cooling system, it won’t be difficult to design. Liquid or two-phase cooling on server hardware? Not new. Plumbing cooling a loop to a radiator in the vacuum of space? That’s been part of satellite busses for years.

Aside from providing you with a stable thermal environment, the other advantage of an SSO is that if one chooses the dawn/dusk orbit along the terminator, while the solar panels always face the sun, the radiators can always face black space, letting them work to their optimal potential. This would also simplify the satellite bus, as no motion system would be required to keep the solar panels and radiators aligned into/out of the sun. Conceivably the whole thing could be stabilized by gravity gradient, minimizing the need to use reaction wheels.

Connectivity

One word: Starlink. That’s not to say that future data centers will necessarily be hooking into the Starlink network, but high-bandwidth operations on orbit are already proven, as long as you consider 100 gigabytes per second sufficient bandwidth. An advantage not often thought of for this sort of space-based communications is that the speed of light in a vacuum is about 31% faster than glass fibers, while the circumference of a low Earth orbit is much less than 31% greater than the circumference of the planet. That reduces ping times between elements of free-flying clusters or clusters and whatever communications satellite is overhead of the user. It is conceivable, but by no means a sure thing, that a user in the EU might have faster access to orbital data than they would to a data center in the US.

The Race

This hypothetical European might want to use European-owned servers. Well, the European Commission is on it; in the ASCEND study (Advanced Space Cloud for European Net zero Emission and Data sovereignty) you can tell from the title they put as much emphasis on keeping European data European as they do on the environmental aspects mentioned in the introduction. ASCEND imagines a 32-tonne, 800 kW data center lofted by a single super-heavy booster (sadly not Ariane 6), and proposes it could be ready by the 2030s. There’s no hint in this proposal that the ASCEND Consortium or the EC would be willing to stop at one, either. European efforts have already put AI in orbit, with missions like PhiSat2 using on-board AI image processing for Earth observation.
You know Italians were involved because it’s so stylish. No other proposal has that honeycomb aesthetic for their busy AI bees. Image ASCEND.

AWS Snowcone after ISS delivery. The future is here and it’s wrapped in Kapton. (Image NASA)
The Americans, of course, are leaving things to private enterprise. Axiom Space has leveraged their existing relationship with NASA to put hardware on ISS for testing purposes, staring with an AWS snowcone in 2022, which they claimed was the first flight-test of cloud computing. Axiom has also purchased space on the Kepler Relay Network satellites set to launch late 2025. Aside from the 2.5 Gb/s optical link from Kepler, exactly how much compute power is going into these is not clear. A standalone data center is expected to follow in 2027, but again, what hardware will be flying is not stated.

There are other American companies chasing venture capital for this purpose, like Google-founder-backed Relativity Space or the wonderfully-named Starcloud mentioned above. Starcloud’s whitepaper is incredibly ambitious, talking about building an up to 5 GW cluster whose double-sided solar/radiator array would be by far the largest object ever built in orbit at 4 km by 4 km. (Only a few orders of magnitude bigger than ISS. Not big deal.) At least it is a modular plan, that could be built up over time, and they are planning to start with a smaller standalone proof-of-concept, Starcloud-2, in 2026.
You can’t accuse Starcloud of thinking small. (Image Starcloud via Youtube.)A closeup of one of the twelve “Stars” in the Three Body Computing Constellation. This times 2,800. Image ADA Space.
Once they get up there, the American and European AIs are are going to find someone else has already claimed the high ground, and that that someone else speaks Chinese. A startup called ADA Space launched 12 satellites in May 2025 to begin building out the world’s first orbital supercomputer, called the Three Body Computing Constellation. (You can’t help but love the poetry of Chinese naming conventions.)

Unlike the American startups, they aren’t shy about its capabilities: 100 Gb/s optical datalinks, with the most powerful satellite in the constellation capable of 744 trillion operations per second. (TOPS, not FLOPS. FLOPS specifically refers to floating point operations, whereas TOPS could be any operation but usually refers to operations on 8-bit integers.)

For comparison, Microsoft requires an “AI PC” like the copilot laptops to have 40 TOPS of AI-crunching capacity. The 12 satellites must not be identical, as the constellation together has a quoted capability of 5 POPS (peta-operations per second), and a storage capacity of 30 TB. That’s seems pretty reasonable for a proof-of-concept. You don’t get a sense of the ambition behind it until you hear that these 12 are just the first wave of a planned 2,800 satellites. Now that’s what I’d call a supercluster!
A man can dream, can’t he? Image NASA.
High-performance computing in space? It’s no AI hallucination, it’s already here. There is a network forming in the sky. A sky-net, if you will, and I for one welcome our future AI overlords. They already have the high ground, so there’s no point fighting now. Hopefully this datacenter build-out will just be the first step on the road Gerry O’Neill and his students envisioned all those years ago: a road that ends with Earth’s surface as parkland, and civilization growing onwards and upwards. Ad astra per AI? There are worse futures.

La svolta di Riyadh cambia tutto

Red Hot Cyber, primo e principale riferimento italiano sulla cybersecurity, è stato tra gli ospiti al We Make Future 2025 di Bologna su esclusivo invito di Search On. In questo reportage, vi portiamo dentro i laboratori dell’avvenire della fiera che ha riunito 70.000 innovatori sotto lo slogan “One World, One Future”. Dalle startup più innovative alle riflessioni critiche sull’IA, fino agli highlights esclusivi. Nei prossimi giorni pubblicheremo analisi specialistiche settore per settore.

Immaginate 70.000 innovatori uniti da un solo obiettivo: plasmare l’avvenire digitale. “One World, One Future”. Dal 4 al 6 giugno, negli spazi di BolognaFiere, dietro questo slogan si nascondeva qualcosa di molto più grande di una semplice fiera tecnologica.
_{Foto: Carlo Denza}

Non una semplice fiera, ma una rivoluzione

Dimenticatevi tutto quello che credete di sapere sulle fiere tecnologiche tradizionali. Chi si aspettava la solita esposizione tecnologica routinaria è rimasto piacevolmente spiazzato. Il WMF 2025 ha letteralmente demolito ogni schema precostituito, rivelandosi molto di più di una fiera: un’esperienza totalizzante che ha saputo mescolare magistralmente contenuti di altissimo livello con momenti di vera e propria ispirazione collettiva.

Il programma è stato davvero impressionante. I palchi specializzati non si sovrapponevano mai (miracolo dovuto ai cambiamenti logistici apportati quest’anno). Relatori internazionali sono arrivati da ogni parte del mondo. Gli eventi erano pensati e cuciti su misura per target specifici. Decine di delegazioni internazionali hanno trasformato Bologna nella “Silicon Valley” dell’innovazione per tre intensi giorni.

I numeri parlano chiaro: oltre 70.000 presenze registrate. Una partecipazione che ha dimostrato ancora una volta che l’innovazione può, e deve, essere un progetto collettivo.
_{Foto Carlo Denza}

Bologna, cuore del nuovo Triangolo Digitale

Bologna si riconferma protagonista assoluta di quello che possiamo già chiamare il “Triangolo dell’Innovazione Digitale” italiano, accanto a Milano e Torino. Non è più il triangolo industriale dei nostri nonni, ma qualcosa di completamente diverso e rivoluzionario: dove non si forgiano acciai, ma algoritmi; non si bruciano idrocarburi, si processano big data; non si costruiscono fabbriche, ma startup.

Questo ecosistema opera un continuo merge tra alta tecnologia, economia della conoscenza e manifattura 4.0, generando opportunità impensabili fino a pochi anni fa. La lezione della storia ci parla da lontano: già Adam Smith, nella Ricchezza delle Nazioni, riconosceva che la divisione del lavoro e l’accumulo di conoscenze costituiscono la linfa vitale dell’innovazione. L’Università di Bologna (1088), la più antica d’occidente, ne è la prova vivente: un magnete per visionari, ieri come oggi.
_{Foto: Carlo Denza}

Quando l’etica incontra l’algoritmo

Ecco la vera differenza rivoluzionaria del WMF 2025: in un momento storico dove le innovazioni tecnologiche corrono più veloci delle nostre riflessioni etiche, gli organizzatori hanno fatto una scelta precisa e controcorrente.

“Nonostante lo spirito dei tempi soffi forte, e in tutte le direzioni”, We Make Future ha scelto come suo dovere fondamentale quello di indicare chiaramente la strada su come usare la tecnologia: con consapevolezza, responsabilità e uno sguardo sempre rivolto agli altri.

Il messaggio emerso dalla sezione “The Business of Tomorrow” è stato cristallino: il successo aziendale dell’avvenire poggia su tre pilastri fondamentali:

• Innovazione vera (non solo di facciata)
• Digitalizzazione intelligente
• Sostenibilità concreta

_{Foto: Carlo Denza}

Protagonisti e opportunità concrete

La qualità straordinaria degli ospiti ha fatto la differenza. Il palco ha visto alternarsi figure come Federico Faggin, il genio italiano che ha inventato il microprocessore, e firme blasonate del giornalismo italiano come, Enrico Mentana e Corrado Formigli. La letteratura e la giustizia hanno trovato una voce potente in Carlo Lucarelli, maestro indiscusso del noir italiano.
“Premiazione Dott. Federico Faggin”. (Foto: Carlo Denza)
Insieme a Luciano Baglioni hanno raccontato e sottolineato brillantemente come le moderne tecnologie avrebbero potuto fare la differenza in casi storici come quello della Banda della Uno Bianca.

In quel periodo drammatico – hanno spiegato magistralmente Lucarelli e Baglioni –“gli investigatori furono costretti a fare affidamento principalmente sul fattore umano senza il supporto degli strumenti tecnologici oggi disponibili”.

Tecnologie rivoluzionarie come Analisi Dati e AI, Videosorveglianza e Riconoscimento Facciale, Digital Forensics, avrebbero potuto accelerare significativamente l’identificazione dei responsabili, cambiando probabilmente la storia di quegli anni bui.
_{Enrico Mentana, Cosmano Lombardo. (Foto: Carlo denza)}
A completare il quadro, Nicola Gratteri ha messo in luce le nuove strategie del crimine organizzato, Mimmo Lucano ha collegato brillantemente innovazione e giustizia sociale e Sua Eminenza il Cardinale Matteo Maria Zuppi ha offerto una riflessione profonda sull’equilibrio tra progresso tecnico e valori umani.

_{Sua Eminenza il Cardinale Matteo Maria Zuppi
Magistrato Nicola Gratteri
Corrado Formigli}

Ma il WMF non è solo contenuto teorico: è business concreto. La finale della startup competition ha dimostrato quanto il panorama sia vivo e spietato, con Invigilo AI (Singapore) che ha conquistato il “biglietto d’oro” per San Francisco per competere per un milione di dollari e Electra Vehicles (Stati Uniti) che ha vinto il premio del pubblico, confermando la centralità della mobilità sostenibile.

L’asso nella manica: la svolta globale a Riyadh

E poi, il vero asso nella manica, quello che ha fatto tremare le fondamenta dell’ecosistema digitale globale. La sorpresa che ha lasciato tutti senza fiato è arrivata dal palco principale: la prima edizione saudita del We Make Future che si terrà a Riyadh dall’8 al 10 dicembre 2026!

Non una semplice espansione geografica ma una vera e propria dichiarazione di guerra al localismo tecnologico. Il WMF accelera decisamente la sua internazionalizzazione, puntando dritto al cuore di uno dei mercati più strategici e in rapida crescita del pianeta.
_{Foto: Carlo Denza}

Il sapore che resta e si rinnova

Con l’annuncio di Riyadh, We Make Future ha dimostrato di essere una piattaforma globale che collega culture, economie e visioni. L’atmosfera che si respira rievoca gli echi di un’epoca fondativa, proprio come nelle fiere tech anni Settanta dove, tra un mainframe e l’altro, si discuteva di sistemi come Unix.

È qui che, come una madeleine proustiana, ogni edizione del WMF mescola il sapore familiare di una community consolidata con l’innovazione radicale di sensazioni completamente nuove e inaspettate.

In tempi come questi, chi sa adattarsi per primo avrà un vantaggio competitivo notevole, e il WMF ha dimostrato di saper costruire attivamente l’avvenire portando la propria visione dall’Europa al Medio Oriente. Con l’edizione saudita, quel mondo è più grande, complesso e carico di prospettive che mai.

L'articolo Bologna brucia di futuro: quando 70.000 visionari ridisegnano il domani proviene da il blog della sicurezza informatica.

Vorrei leggere un libro sulla meccanica quantistica per capirci PER DAVVERO qualcosina ma per farlo bisogna che veda qualche equazione perché le spiegazioni qualitative non mi bastano più.

Quindi, mi servirebbe un libro che sia più dettagliato (anche più tecnico) di un libro divulgativo ma allo stesso tempo meno impegnativo di un testo universitario perché mi manca buona parte della matematica necessaria (sono ingegnere quindi arrivo fino ad Analisi II ma poi lì mi fermo).

Avete letto qualcosa che potrebbe fare al caso mio?

Ho visto che nella serie delle lezioni di Fisica di Feynman c'è un volume, il terzo, dedicato alla meccanica quantistica, l'avete letto? Può essere quello giusto?

("QED", di Feynman, l'ho già letto e ha cambiato il mio modo di guardare il mondo quando apro la finestra 😍)

#Fisica #fisicaDelleParticelle #meccanicaquantistica #scienza

The Humane AI Pin was ambitious, expensive, and failed to captivate people between its launch and shutdown shortly after. While the units do contain some interesting elements like the embedded projector, it’s all locked down tight, and the cloud services that tie it all together no longer exist. The devices technically still work, they just can’t do much of anything.
The Humane AI Pin had some bold ideas, like an embedded projector. (Image credit: Humane)
Since then, developers like [Adam Gastineau] have been hard at work turning the device into an experimental development platform: PenumbraOS, which provides a means to allow “untrusted” applications to perform privileged operations.

As announced earlier this month on social media, the experimental SDK lets developers treat the pin as a mostly normal Android device, with the addition of a modular, user-facing assistant app called MABL. [Adam] stresses that this is all highly experimental and has a way to go before it is useful in a user-facing sort of way, but there is absolutely a workable architecture.

When the Humane AI Pin launched, it aimed to compete with smartphones but failed to impress much of anyone. As a result, things folded in record time. Humane’s founders took jobs at HP and buyers were left with expensive paperweights due to the highly restrictive design.

Thankfully, a load of reverse engineering has laid the path to getting some new life out of these ambitious devices. The project could sure use help from anyone willing to pitch in, so if that’s up your alley be sure to join the project; you’ll be in good company.

hackaday.com/2025/06/19/floppe…

Freedom isn’t free.

Perhaps you’ve heard that before. If you grew up in the United States, you’ve certainly heard that said once or twice in your lifetime. Hell, maybe you’ve said it.

Freedom isn’t free.

Have you ever really thought about that phrase? It has a nice ring to it, but what does it mean exactly?

Freedom isn’t free.

In the United States, we often celebrate the Fourth of July as our Independence Day. We proclaimed our independence from Great Britain and, from that day forward, the rebellion became a revolution with a purpose: freedom from the crown.

July 4th, 1776 is not actually the day freedom was achieved, however. September 3rd, 1783 was the day Great Britain signed the Treaty of Paris, which recognized and granted the Thirteen Colonies their independence after their eight-year-long fight for freedom. Even then, it wouldn’t be ratified until May 12, 1784, which is over nine years removed from the Battles of Concord and Lexington.

Freedom isn’t free.

But with all that being said, none of those dates actually represent “freedom” in its purest, most unadulterated form. That day is June 19th, 1865. 160 years ago today.

Now this is not an article about Juneteenth. This is an article posted on the date of Juneteenth to drive home the point of the article.

Freedom isn’t free.

The American Civil War is the United States of America’s defining tragedy of the 19th century. Brother versus brother, bloodshed and battles to maintain bondage. While I do believe it is fascinating to research the War Between the States, I also find very little honor in the conflict. I find it more tragic than anything else.

But in the American Civil War, comes a story of a man so remarkable, so brave, that I can’t help but marvel in awe when I think about it.

This is about Robert Smalls, the man who was born a slave and sailed his way to freedom.

Freedom isn’t free.

Robert Smalls was born in a cabin behind his slavemaster’s house at 511 Prince Street in Beaufort, South Carolina. At age 12, he was sent to Charleston to labor. It was there that he was introduced to working on the docks and wharves, where after years of work, the still-enslaved Smalls became a wheelman (a helmsman without the proper title) of the CSS Planter.

Robert Smalls would gain invaluable experience that would directly benefit him on what would be the most important day of his life: May 12th, 1862.

Freedom isn’t free.

Smalls, having spent his time studying the Captain’s signals and mannerisms, hatched a plan to escape. Then, on the night of May 12th, the ship’s white crew left Smalls and other slaves in charge while the crew spent the night ashore.

Smalls, knowing this would be the opportunity, asked if the families of the slaves could visit while the crew was ashore. With that permission granted, the life or death plan went into action.

Robert Smalls, when the time became opportune, disguised himself in the Captain’s clothing and hat, mimicking his mannerisms and signals. Having been able to pass not one, but four checkpoints, Smalls, the other enslaved people and their families sailed toward the Union blockade. Still flying high on the Planter, they removed the Confederate flag and replaced it with a white bedsheet; this crew of Pirates had successfully sailed their way to freedom.

“I am delivering this war material including these cannons and I think [President] Lincoln can put them to good use,” is reportedly the words uttered by Smalls upon the surrender of the ship.

Freedom isn’t free.

For Smalls and the families he helped escape that night, freedom had come. But freedom in this country was not accomplished with men and women still in bondage; and for Smalls: the fight wasn’t over yet either.

For his bravery and deliverance of the CSS Planter, Robert Smalls was named the first black Captain of the US Navy, became an overnight sensation in the Union and a pariah in the Confederacy. The bounty on the life of Robert Smalls from the Richmond government nearly half of what the D.C. government valued the Planter at.

During the war, Smalls would captain the now USS Planter in battle against the Confederacy. The man who was sent to involuntary service and bondage aboard this ship was now the man commanding it.

It was Smalls and his actions that convinced Lincoln to allow freedmen to fight for the Union cause. If the North’s purpose was to maintain the Union when the war first broke out, it was the actions of Smalls and the bravery of many free black soldiers that turned the purpose of the war into preserving the Union and abolishing slavery where it remained.

It was on New Year’s Day, January 1st, 1863, did President Lincoln issue the Emancipation Proclamation, declaring all enslaved peoples within the rebelling states to be free. But that news didn’t reach everyone quite as quick.

It wouldn’t be until June 19th, 1865, 160 years ago today, that the final people in bondage were told about their freedom. It would be June 19th that marked the day that, finally, 90 years removed from the Revolution against Great Britain could it be stated: All citizens are free.

Freedom isn’t free.

The United States Pirate Party, as part of our platform, advocates for self-determination. As outlined in our platform: “We advocate for the right to free association and self-determination. People living in a political entity should have the right to maintain, alter or conclude their relationship to larger entities, or join in union, if it is the will of the people.”

People have asked members of the party how they feel about the confederacy when this point is brought up, asking if we would support their calls and desire for secession.

The answer is “no”.

The CSA was a slaver nation. So long as folks were held in bondage, then “people living in a political entity” doesn’t apply to all people of the Confederacy, and thus the CSA is not something the US Pirate Party supports. We support the will of the people.

What Robert Smalls did, not only for himself and the people he saved, is nothing short of heroic. The Union was the freedom that wouldn’t come free, and Smalls sailed straight to it. People look back on the Civil War and remember the heroes of the Union Army and occasionally get caught up in the Grants or Shermans or some might focus on the Lees or Jacksons. But today, on the day that marks freedom for all of us in the United States, we remember Captain Smalls.

Robert Smalls would go on to become one of the most important and influential politicians of the Reconstruction era and in South Carolina. He would return to Beaufort to purchase his new home: 511 Prince Street. The home he was once a slave in was now the home he owned.

It is on this day we should take the time to remember that freedom, something that we associate with the United States, wasn’t simply granted to us on the July 4th, 1776. It is important to remember not everyone was freed on New Year’s Day, 1863. It is today, June 19th, that deserves the name “Freedom Day”.

So in honor of Robert Smalls, his bravery and the struggles many in this country had to face just to be considered free citizens, we must not only remember, but never forget.

Freedom isn’t free.

uspirates.org/through-the-spyg…

Il ransomware Anubis ha acquisito la funzionalità di cancellazione dei dati ed è ora in grado di distruggere i file presi di mira.

Anubis è stato individuato per la prima volta dagli specialisti della sicurezza informatica nel dicembre 2024 e ha iniziato a mostrare attività all’inizio di quest’anno. Come riportato all’epoca dagli analisti di F6, i creatori di Anubis offrivano ai loro partner tre diversi schemi di attacco: Anubis Ransomware, Anubis Data Ransom e Access Monetization. Di conseguenza, i partner del gruppo potevano ricevere fino all’80% dei “ricavi” ottenuti tramite gli attacchi.

Come hanno ora segnalato gli esperti di Trend Micro, gli autori di Anubis stanno attivamente migliorando il loro malware e lavorando all’aggiunta di nuove funzionalità, una delle quali è la funzione di distruzione dei file.

I ricercatori ritengono che la funzionalità di cancellazione dei dati, recentemente introdotta, venga utilizzata per esercitare ulteriore pressione sulle vittime affinché paghino più rapidamente anziché ritardare o ignorare le negoziazioni con gli aggressori.

Anubis è molto diverso dagli altri RaaS e utilizza una funzionalità di distruzione dei file progettata per ostacolare qualsiasi tentativo di recupero anche dopo la crittografia

spiega Trend Micro. “Questa tattica distruttiva aumenta la pressione sulle vittime e aumenta la posta in gioco di un attacco già devastante.”

Il wiper viene attivato utilizzando il parametro della riga di comando /WIPEMODE, che richiede l’autenticazione basata su chiave. Una volta attivato, tutto il contenuto dei file viene cancellato, le loro dimensioni vengono ridotte a 0 KB e i nomi e la struttura rimangono intatti. In altre parole, la vittima sarà ancora in grado di visualizzare tutti i file, ma il loro contenuto verrà distrutto in modo irreversibile e il ripristino sarà impossibile.

L’analisi di Trend Micro ha inoltre dimostrato che Anubis supporta diversi comandi al momento dell’avvio, tra cui comandi di escalation dei privilegi, l’esclusione di determinate directory e la specifica di percorsi di destinazione per la crittografia. Inoltre, il malware elimina le copie shadow del volume e termina processi e servizi che potrebbero interferire con il ransomware.

Viene utilizzato ancora ECIES (un algoritmo di crittografia basato su curve ellittiche), il che è piuttosto raro. Nel loro rapporto, gli esperti sottolineano la somiglianza di questa implementazione con i malware EvilByte e Prince.

L'articolo Anubis Ransomware: Ora Distrugge i File! Se non paghi e non li cacci dalla rete, cancellano tutto proviene da il blog della sicurezza informatica.

Creating strong permanent magnets without using so-called rare earth elements is an ongoing topic of research. An interesting contestant here are iron nitride magnets (α”-Fe₁₆N₂), which have the potential to create permanents magnets on-par with with neodymium (Nd₂Fe₁₄B) magnets. The challenging aspect with Fe-N magnets is their manufacturing, with recently [Ben Krasnow] giving it a shot over at the [Applied Science] YouTube channel following the method in a 2016 scientific paper by [Yanfeng Jiang] et al. in Advanced Engineering Materials.

This approach uses a ball mill (like [Ben]’s planetary version) with ammonium nitrate (NH₄NO₃) as the nitrogen source along with iron. After many hours of milling a significant part of the material is expected to have taken on the α”-Fe₁₆N₂ phase, after which shock compaction is applied to create a bulk magnet. After the ball mill grinding, [Ben] used a kiln at 200°C for a day to fix the desired phase. Instead of shock compaction, casting in epoxy was used as alternative.

We have covered Fe-N magnets before, along with the promises they hold. As one can see in [Ben]’s video, oxidation is a big problem, with the typical sintering as with other magnet types not possible either. Ultimately this led to the resulting magnet being fairly weak, with a DIY magnetometer used to determine the strength of the created magnet.

Interestingly, there’s a much newer paper by [Tetsuji Saito] et al. from 2024 in Metals that does use sintering, specifically spark plasma sintering with dynamic compression (SPS-DC). SPS-DC can be done at fairly low temperatures (373 – 573 K, or 99.85 – 299.85 °C), producing much stronger magnets than [Ben] accomplished.

Although Fe-N magnets hold a lot of promise, they have lower coercivity. This means that they demagnetize easier, which is another aspect that weighs against them. For now it would seem that we aren’t quite ready to say farewell to Nd-Fe-B magnets.

youtube.com/embed/M6XIgdS1rzs?…

hackaday.com/2025/06/19/iron-n…

Nel noto marketplace underground Exploit.in, il threat actor chestniybro ha messo all’asta un accesso RDP a una non meglio identificata azienda italiana operante nel settore retail di gioielli e orologi.

Secondo il post pubblicato dal venditore, l’azienda presenta un fatturato superiore ai 20 milioni di dollari, impiega oltre 250 dipendenti, e protegge la propria infrastruttura con l’antivirus CrowdStrike Falcon, uno dei più noti strumenti EDR in ambito enterprise.

Inoltre, l’infrastruttura tecnica compromessa sarebbe composta da più di 350 host distribuiti su 5 data center, un dato che lascia intuire una realtà aziendale di dimensioni non trascurabili.

L’accesso offerto è di tipo RDP con privilegi di Domain User, il che lo rende potenzialmente utile a gruppi ransomware per movimenti laterali o escalation di privilegi. Il prezzo di partenza dell’asta è 1.000 dollari, con rilanci da 100 e un “Buy Now” a 1.400 dollari.

Non è la prima volta che aziende italiane finiscono nel mirino dei cyber criminali. In passato abbiamo documentato la vendita di accessi simili a realtà dei settori industriale, logistico e sanitario. Tuttavia, l’interesse verso il mondo del retail di fascia alta evidenzia una diversificazione degli obiettivi da parte dei threat actors, forse attratti dal valore dei dati, dalle potenziali frodi finanziarie o dalla capacità di pagare riscatti.

La presenza di una soluzione EDR avanzata come CrowdStrike Falcon non ha impedito la compromissione, il che potrebbe indicare una cattiva configurazione, l’assenza di segmentazione di rete o l’uso di credenziali valide ottenute tramite phishing, infostealer o insider.

Secondo i dati disponibili, l’account chestniybro è attivo dal 2017, ha pubblicato 13 post ed è identificato con il badge “Autogarant 1”, ovvero una vendita andata a buon fine con garanzia del servizio escrow del forum, elemento che potrebbe incentivare l’acquisto da parte di attori ransomware-as-a-service. Degno di nota anche il fatto che, negli ultimi giorni, lo stesso utente ha messo in vendita ben otto accessi analoghi riferiti ad aziende di diversi Paesi, tra cui Stati Uniti e Australia

Questa ennesima vendita di accessi a infrastrutture italiane evidenzia come il mercato dell’inizial access sia ormai una componente chiave dell’ecosistema cyber criminale. Monitorare queste attività, intervenire rapidamente su eventuali segnali di compromissione e rafforzare le difese proattive rimane essenziale per proteggere il tessuto economico nazionale.

L'articolo Preludio al ransomware: In vendita gli accessi a un’azienda italiana del settore retail di gioielli e orologi proviene da il blog della sicurezza informatica.

Negli ultimi due anni ho lavorato principalmente con large language models, occupandomi di training, fine-tuning, prompting e così via, poiché era molto richiesto dal mercato e dagli utenti. Ma credo che gli LLM che lavorano principalmente con il testo siano solo l’inizio della GenAI. A un certo punto, tutti vorranno un’AI fisica, in cui i modelli possano vedere, sentire, percepire e ragionare in modo più concreto e umano.

Quindi iniziamo con la multimodalità. In questo notebook introduco LLaVA, un’architettura in grado di interpretare sia immagini che testo per generare risposte multimodali.

In questo tutorial utilizzeremo componenti più leggeri, adatti a far girare il notebook in un ambiente gratuito come Google Colab.

I componenti che utilizzeremo sono:

1️⃣ CLIP-ViT B/32 come image encoder
2️⃣ TinyLlama-1.1B come language model
3️⃣ Un MLP adapter a 2 layer per collegare i due modelli

Dal paper Visual Instruction Tuning (NeurIPS 2023)

Setup

Prima di inziare a scrivere codice dobbiamo creare il nostro environment.

Installiamo e importiamo le librerie necessarie.

!pip install -U datasets

import json
from pathlib import Path

import requests
import safetensors
import torch
from datasets import load_dataset
from huggingface_hub import hf_hub_download
from PIL import Image
from transformers import (
AutoConfig,
AutoTokenizer,
LlamaTokenizer,
LlavaConfig,
LlavaForConditionalGeneration,
LlavaProcessor,
Seq2SeqTrainer,
Seq2SeqTrainingArguments,
)
from transformers.models.clip.modeling_clip import CLIPVisionModel
from transformers.models.clip.image_processing_clip import CLIPImageProcessor

Download dei componenti pre-addestrati

Il nostro modello LLaVA sarà composto da :

• Un encoder pre-addestrato CLIP openai/clip-vit-base-patch32

• Un decoder pre-addestrato Tiny LLaMA TinyLlama/TinyLlama-1.1B-Chat-v1.0
• Due layer MLP tra i due che usiamo per il mapping delle dimensioni

vision_backbone_name = "openai/clip-vit-base-patch32"
text_backbone_name = "TinyLlama/TinyLlama-1.1B-Chat-v1.0"

_ = hf_hub_download(
vision_backbone_name, filename="pytorch_model.bin", local_dir="/content"
)
_ = hf_hub_download(
text_backbone_name, filename="model.safetensors", local_dir="/content"
)

Modello

Instanziamo un nuovo modello LLaVA

vision_config = AutoConfig.from_pretrained(vision_backbone_name).vision_config
text_config = AutoConfig.from_pretrained(text_backbone_name)

llava_config = LlavaConfig(vision_config=vision_config, text_config=text_config)

model = LlavaForConditionalGeneration(llava_config).cuda()

model

E’ ora di fare qualche modifica interna al nostro modello

In precedenza abbiamo detto che è possibile costruire un modello LLaVA partendo da un image encoder pre-addestrato e un LLM pre-addestrato. Facciamolo davvero!

Il modello originale di LLaVA è inizializzato a partire da un CLIP-ViT L/14 e un Vicuna v1.5 7B. Per rendere il tutto più gestibile con le risorse offerte dal piano gratuito di Google Colab, utilizzeremo invece un CLIP-ViT B/16 e un TinyLlama 1.1B.

L’unico componente che addestreremo sarà un MLP adapter a 2 layer che collega i due modelli.

def load_weights(path_to_weights: str):
if path_to_weights.endswith(".safetensors"):
return load_safetensors_weights(path_to_weights)
elif path_to_weights.endswith(".bin"):
return load_bin_weights(path_to_weights)
else:
raise ValueError(f"Unsupported weights file: {path_to_weights}")

def load_bin_weights(path_to_weights: str):
return torch.load(path_to_weights, weights_only=True)

def load_safetensors_weights(path_to_weights: str):
return safetensors.torch.load_file(path_to_weights)

vision_backbone_state_dict = load_weights("/content/pytorch_model.bin")
text_backbone_state_dict = load_weights("/content/model.safetensors")

Iniettiamo i pesi del vision backbone nel modello 💉

incompatible_keys = model.vision_tower.load_state_dict(
vision_backbone_state_dict, strict=False
)

assert len(incompatible_keys.missing_keys) == 0, (
f"Missing keys in state dict: {incompatible_keys.missing_keys}"
)

incompatible_keys.unexpected_keys

Iniettiamo i pesi del text backbone nel modello 💉

incompatible_keys = model.language_model.load_state_dict(
text_backbone_state_dict, strict=True
)

Congeliamo i componenti pre-addestrati ❄️

_ = model.vision_tower.requires_grad_(False)
_ = model.language_model.requires_grad_(False)

def count_parameters(model, trainable_only=False):
return sum(
p.numel()
for p in model.parameters()
if not trainable_only or p.requires_grad
)

print(f"Total parameters: {count_parameters(model)}")
print(f"Trainable parameters: {count_parameters(model, trainable_only=True)}")

Processor

tokenizer = LlamaTokenizer.from_pretrained(
text_backbone_name, additional_special_tokens=["", ""]
)
tokenizer.pad_token_id = 32001

Qui sotto è mostrato il formato che useremo per interagire con il nostro modello LLaVA.

La prima parte è il cosiddetto system prompt, che contiene linee guida generali su come il modello dovrebbe rispondere all’utente.

La seconda parte è un Jinja template (fondamentalmente codice) che determina come viene resa la conversazione a partire da un input strutturato (vedi esempio sotto).

LLAVA_CHAT_TEMPLATE = (
"A chat between a curious user and an artificial intelligence assistant. The assistant gives helpful, detailed, and polite answers to the user's questions. "
"{% for message in messages %}{% if message['role'] == 'user' %}USER: {% else %}ASSISTANT: {% endif %}{% for item in message['content'] %}{% if item['type'] == 'text' %}{{ item['text'] }}{% elif item['type'] == 'image' %}{% endif %}{% endfor %}{% if message['role'] == 'user' %} {% else %}{{eos_token}}{% endif %}{% endfor %}"
)
tokenizer.chat_template = LLAVA_CHAT_TEMPLATE

sample_messages = [
{
"content": [
{
"index": 0,
"text": None,
"type": "image"
},
{
"index": None,
"text": "\nWhat potential activities might be popular at this location?",
"type": "text"
}
],
"role": "user"
},
{
"content": [
{
"index": None,
"text": (
"At this location, with a sandy path leading to the ocean where multiple boats, including "
"sailboats, are moored, popular activities might include boating, sailing, swimming, and "
"beachcombing. Additionally, the sandy path and shoreline provide an ideal setting for leisurely "
"strolls and picnics, while the ocean view offers a serene environment for relaxation and "
"photography. Depending on the specific area and available facilities, other water sports such as "
"kayaking, paddleboarding, and snorkeling could also be prevalent."
),
"type": "text"
}
],
"role": "assistant"
}
]

tokenizer.apply_chat_template(
sample_messages, tokenize=False, add_generation_prompt=False
)

processor = LlavaProcessor(
image_processor=CLIPImageProcessor.from_pretrained(vision_backbone_name),
tokenizer=tokenizer,
patch_size=model.config.vision_config.patch_size,
)
processor.chat_template = LLAVA_CHAT_TEMPLATE

model.resize_token_embeddings(len(tokenizer), pad_to_multiple_of=8)

Dataset

train_dataset = load_dataset(
"HuggingFaceH4/llava-instruct-mix-vsft", split="train", streaming=True
)

Come sono fatti in nostri dati di training?

next(iter(train_dataset))

Come creiamo un batch di esempio?

def get_data_collator(processor, ignore_index):
def collate_examples(examples):
# Extract texts and images from the raw examples
texts =
[] images =
[] for example in examples:
messages = example["messages"]
text = processor.tokenizer.apply_chat_template(
messages, tokenize=False, add_generation_prompt=False
)
texts.append(text)
images.append(example["images"][0])

# Process the inputs (tokenize text and transform images)
batch = processor(texts, images, return_tensors="pt", padding=True)

# Create labels
labels = batch["input_ids"].clone()
if processor.tokenizer.pad_token_id is not None:
labels[labels == processor.tokenizer.pad_token_id] = ignore_index
batch["labels"] = labels

return batch

return collate_examples

# NOTE: this does a bit more than a collate function should...

Training

args = Seq2SeqTrainingArguments(
output_dir="/content/training_output",
per_device_train_batch_size=2,
gradient_accumulation_steps=4,
learning_rate=2e-4,
max_steps=350,
lr_scheduler_type="cosine_with_min_lr",
lr_scheduler_kwargs={"min_lr": 2e-5},
warmup_ratio=0.05,
logging_strategy="steps",
logging_steps=5,
fp16=True,
remove_unused_columns=False, # Important!
optim="adamw_torch",
report_to="none",
save_strategy="no", # let's not save the checkpoint to disk, otherwise it'll take 5 mins
)

trainer = Seq2SeqTrainer(
model=model,
args=args,
data_collator=get_data_collator(
processor, ignore_index=model.config.ignore_index,
),
train_dataset=train_dataset,
)

trainer.train()

Inferenza

È importante notare che, per garantire che l’inferenza funzioni come previsto, bisognerebbe utilizzare modelli più pesanti e addestrare per un periodo di tempo più lungo.

Useremo questa immagine per l’inferenza:

conversation = [
{
"content": [
{
"type": "image"
},
{
"text": "\nWhat is represented in the image?",
"type": "text"
}
],
"role": "user"
}
]

image_url = "https://llava-vl.github.io/static/images/monalisa.jpg"

inputs_for_generation = processor(
images=Image.open(requests.get(image_url, stream=True).raw),
text=processor.apply_chat_template(conversation, add_generation_prompt=True),
return_tensors="pt",
)

inputs_for_generation = inputs_for_generation.to(device=model.device)
output = trainer.model.generate(
**inputs_for_generation, max_new_tokens=200, do_sample=False
)

print(processor.decode(output[0], skip_special_tokens=True))

Miglioramenti possibili

• Utilizza un image encoder più grande (es. CLIP-ViT Large) e un LLM più potente (es. Llama 3.1 8B)
• Allena il modello più a lungo. Serve tempo affinché il modello impari a seguire le istruzioni in presenza di image features
• Segui la procedura di addestramento multi-stadio adottata dal LLaVA originale:
  
  • Stage 1: Pre-training for Feature Alignment → addestra il modello su dati di istruzioni a singola interazione, dove viene chiesto di descrivere brevemente l’immagine. Image encoder e LLM sono congelati ❄️
  • Stage 2: Fine-tuning End-to-End → addestra il modello su dati di istruzioni multi-turno. Solo l’image encoder rimane congelato ❄️

  
  

🔗 Demo funzionante: huggingface.co/spaces/badayvedat/LLaVA

Conclusioni

Penso che questo piccolo progetto sia interessante per capire meglio come funzionano i modelli multimodali come LLaVA. Anche se abbiamo utilizzato modelli più piccoli, l’idea principale rimane la stessa: combinare visione e linguaggio in un unico sistema capace di comprendere le immagini e parlarne.

Ovviamente, i risultati ottenuti in questo toy example non sono particolarmente buoni, c’è molto margine di miglioramento. Ma far funzionare LLaVA in un ambiente con risorse limitate è già di per sé una bella sfida.

L'articolo Implementazione di Modelli Multimodali con LLaVA proviene da il blog della sicurezza informatica.

Even if you don’t cast or forge metal yourself, you’re probably aware that you need to get the material very, very hot to make that happen. While some smiths might still stoke coal fires, that’s a minority taste these days; most, like [mikeandmertle] use gas burners to generate the heat. Tired of expensive burners or finicky DIY options [mikeandmertle] built their own Better Burner out of easily-available parts.

Everything you need to make this burner comes from the hardware store: threaded iron pipes of various sizes, hoses and adapters– except for one key piece: a 3D printer nozzle. The nozzle is used here as the all-important gas jet that introduces flammable gas into the burner’s mixing chamber. A demo video below shows it running with a 0.3mm nozzle, which looks like it is putting out some serious heat, but [mikeandmertle] found that could go out if the breather was opened too wide (allowing too much air in the mixture). Eventually he settled on a 0.4mm nozzle, at least for the LPG that is common down under. If one was to try this with propane, their mileage would differ.

That’s the great thing about using printer nozzles, though: with a tapped M6 hole on the cap of the gas pipe serving as intake, one can quickly and easily swap jets without worrying about re-boring. Printer nozzles are machined to reasonable accuracy and you can get a variety pack with all available sizes (including ones so small you’re probably better off using resin) very cheaply.

These sorts of use-what-you-have-on-hand hacks seem to be [mikeandmertle]’s specialty– we’ve seen their PVC thumb nut and their very simple mostly-wooden wood lathe here before.

youtube.com/embed/SpwoR4yHE8U?…

hackaday.com/2025/06/18/gas-bu…

Due gravi vulnerabilità di sicurezza sono state individuate nei dispositivi NetScaler ADC e NetScaler Gateway (precedentemente noti come Citrix ADC e Gateway). Queste falle possono permettere a un attaccante di accedere a dati sensibili e compromettere l’infrastruttura di rete aziendale.

Il Cloud Software Group, sviluppatore di queste soluzioni, ha diffuso un avviso urgente invitando tutti i clienti ad aggiornare immediatamente i dispositivi interessati. Le vulnerabilità, catalogate come CVE-2025-5349 e CVE-2025-5777, hanno ricevuto punteggi CVSS di 8,7 e 9,3, indicando un livello di rischio critico.

Le vulnerabilità sono state scoperte tramite divulgazione responsabile da parte dei ricercatori di sicurezza di Positive Technologies e ITA MOD CERT (CERTDIFESA), che hanno collaborato con Cloud Software Group per proteggere i clienti prima della divulgazione al pubblico.

Cloud Software Group raccomanda vivamente ai clienti interessati di installare immediatamente le versioni aggiornate. L’azienda ha rilasciato versioni patchate, tra cui NetScaler ADC e Gateway 14.1-43.56, la versione 13.1-58.32 e i relativi aggiornamenti conformi allo standard FIPS.

Le falle di sicurezza interessano numerose versioni dei prodotti NetScaler attualmente in uso presso organizzazioni in tutto il mondo. Tra i sistemi vulnerabili figurano le versioni 14.1 (precedente alla 14.1-43.56) di NetScaler ADC e Gateway, la versione 13.1 (precedente alla 13.1-58.32) e diverse versioni conformi allo standard FIPS.

Particolarmente preoccupante è il fatto che le versioni 12.1 e 13.0 di NetScaler, ora designate come End of Life (EOL), rimangano vulnerabili e non siano disponibili patch di sicurezza. Anche le organizzazioni che utilizzano Secure Private Access in distribuzioni on-premise o ibride con istanze NetScaler sono a rischio e devono aggiornare immediatamente i propri sistemi.

Dopo il processo di aggiornamento, gli amministratori devono eseguire comandi specifici per terminare tutte le sessioni ICA e PCoIP attive su tutte le appliance NetScaler in coppie o cluster ad alta disponibilità. Ciò garantisce una protezione completa contro potenziali tentativi di exploit.

Le organizzazioni che utilizzano l’infrastruttura NetScaler dovrebbero dare priorità a questi aggiornamenti, data la natura critica di queste vulnerabilità e il loro potenziale di consentire l’accesso non autorizzato a dati aziendali sensibili e risorse di rete.

L'articolo Allarme NetScaler ADC e Gateway: Due bug gravi mettono a rischio le aziende in tutto il mondo proviene da il blog della sicurezza informatica.

There’s a famous old story about [Charles Steinmetz] fixing a generator for [Henry Ford]. He charged a lot of money for putting a chalk X in the spot that needed repair. When [Ford] asked for an itemization, the bill read $1 for the chalk, and the balance for knowing where to draw the X. With today’s PCB layout tools, it seems easy to put components down on a board. But, as [Kasyan TV] points out in the video below, you still have to know where to put them.

The subject components are inductors, which are particularly picky about placement, especially if you have multiple inductors. After all, inductors affect one another — that’s how transformers work. So there are definite rules about good and bad ways to put a few inductors on a board.

However, in the video, air-core coils go through several orientations to see which configuration has the most and least interference. Using a ferrite core showed similar results. The final examples use toroids and shielded inductors.

One reason ferrite toroids are popular in radio designs is that coils made this way are largely self-shielding. This makes placement easier and means you don’t need metal “cans” to shield the inductors. How much do they shield? The orientation makes a little difference, but not by much. It is more important to give them a little space between the coils. Shields work, too, but note that they also change the inductance value.

While we like the idea of grabbing a breadboard and a scope to measure things, we want to point out that you can also simulate. If you didn’t understand the title, you probably don’t listen to Propellerheads.

youtube.com/embed/VhruG2Hu7iY?…

hackaday.com/2025/06/18/a-numb…

This week Jonathan chats with Geekwife! What does a normal user really think of Linux on the desktop and Open Source options? And what is it really like, putting up with Jonathan’s shenanigans? Watch to find out!

youtube.com/embed/2sPOsnGacAE?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/06/18/floss-…

Dear Friend of Press Freedom,

It’s the 87th day that Rümeysa Öztürk is facing deportation by the United States government for writing an op-ed it didn’t like, and journalists covering protests are still facing aggression from law enforcement. Read on to learn how you can help.

Five ways to help journalists covering protests

Like other protests, recent immigration raid protests in Los Angeles and elsewhere have proven to be dangerous places for journalists. Reporters and protestors are especially vulnerable to attacks by the police. In response, we’ve put together five ideas for how anyone who cares about press freedom and doesn’t want to see the authorities abuse the First Amendment can help.

From providing financial support to reporters and news outlets to filming attacks when it’s safe to filing public records requests, there are many things people can do to stand up for journalists and freedom of the press in this moment. With your help, journalists can and will continue to report the truth. Read more here.

And a shoutout to the California journalists and press freedom groups taking the Los Angeles Police Department to court over its abuses.

Remembering Daniel Ellsberg

Monday marked the second anniversary of the passing of legendary whistleblower, anti-war hero, and FPF co-founder Daniel Ellsberg. His courageous decision to leak the Pentagon Papers to the press in 1971 led to the most important Supreme Court case for press freedom in the century.

Read the moving tribute that our executive director, Trevor Timm, wrote for the Guardian after Ellsberg’s passing. You can also check out The Classifieds to see the work that Harper, our Daniel Ellsberg Chair on Government Secrecy, has been doing.

And if you’re considering following in Ellsberg’s footsteps, here’s a Reddit “Ask Me Anything” about how the public can safely share information with the press and use available tools to do so, featuring FPF’s Chief Information Security Officer and Director of Digital Security Harlo Holmes and SecureDrop Staff Engineer Kevin O’Gorman.

Agencies hijack the ‘public interest’ to attack free speech

Federal Communications Commission Chair Brendan Carr has turned the investigatory power of the agency against the press, while the Department of Justice is pursuing investigations into nonprofits connected to left-leaning causes.

One hook both are using to intrude on First Amendment activity is requirements that broadcast licensees and nonprofits operate in the “public interest” or for the “public benefit,” which the Trump administration interprets to mean kowtowing to its political agenda. To learn more, we spoke to FCC Commissioner Anna Gomez and nonprofit lawyer Ezra Reese. Read more and watch the conversation here.

Preparing devices for travel through a US border

Our digital security team at Freedom of the Press Foundation (FPF), in collaboration with the Electronic Frontier Foundation, put together a detailed checklist to help journalists prepare for transit through a U.S. port of entry while preserving the confidentiality of their most sensitive information, such as unpublished reporting materials or source contact information. Read it here. FPF and its partners are also conducting two in-person training programs for journalists and freelancers who cover migration and events on the U.S. border with Mexico.

Public records shouldn’t be blocked by copyright

FPF joined an amicus brief led by Americans for Prosperity in a case that raises the increasingly common issue of whether the Copyright Act allows government agencies to withhold public records. In short, it doesn’t. Read the brief here.

Pushing back on secrecy through public records

Join us on June 24 at 1 p.m. ET for an online conversation about using public records to push back on government secrecy, featuring Nate Jones, Freedom of Information Act Director at The Washington Post, Michael Morisy, CEO of MuckRock, investigative journalist and author Miranda Spivack and FPF’s Daniel Ellsberg Chair on Government Secrecy, Lauren Harper. Register here.

What we’re reading

Arrested in Georgia protest, immigrant journalist now in ICE custody (WRDW). There is absolutely no reason to deport a longtime journalist who is authorized to work in the United States. The Dekalb County Sheriff’s Office should not have released Mario Guevara to ICE.

Australian deported from US says he was ‘targeted’ due to writing on pro-Palestine student protests (The Guardian). The administration is using every tool at its disposal to retaliate against journalists and others who expose facts it wants kept secret or hold opinions it doesn’t like.

Trump to again extend TikTok’s reprieve from U.S. ban (The New York Times). Isn’t it weird how all the national security hawks have gone silent about the imminent, serious threat to the U.S. that TikTok supposedly poses? It’s almost like it was BS the whole time.

Mayor Adams says he’s banning Daily News reporter from pressers for ‘calling out’ questions (New York Daily News). What can we say about Eric Adams that a grand jury hasn’t already said? Not much, but here’s something: He’s a thin-skinned bully who apparently can’t handle unexpected questions from the press without throwing a tantrum.

Israeli strike on Iranian state TV fills studio with dust and debris during live broadcast (Associated Press). News outlets, even propagandist ones, are not legitimate military targets. Bombing a studio during a live broadcast will not impede Iran’s nuclear program. It’s not the work of the world’s “most moral army” and is not something the U.S. should support.

In a Sacramento federal courtroom, immigration hearings evoked the Dark Ages (Sacramento Bee). “At a time when there is great public interest in ICE and the Trump Administration’s plan for mass deportations, keeping the public and the press at bay will only stoke mistrust and is in no one’s best interest.”

Court dismisses father’s lawsuit against Burlington newspaper over lack of basketball coverage (VTDigger). The worst part is that this random Vermont basketball dad’s nonsense lawsuit objectively isn’t any more frivolous than legal theories advanced by our president.

freedom.press/issues/how-to-he…

You might think that a nuclear explosion is not something you need a detector for, but clearly not everyone agrees. [Bigcrimping] has not only built one, the BhangmeterV2, but he has its output publicly posted at hasanukegoneoff.com, in case you can’t go through your day without checking if someone has nuked Wiltshire.

The Bhangmeter is based on an off-the-shelf “nuclear event detector”, the HSN-1000L by Power Device Corporation.
The HSN 1000 Nuclear Event Detector at the heart of the build. We didn’t know this thing existed, never mind that it was still available.
Interfacing to the HSN-1000L is very easy: you give it power, and it gives you a pin that stays HIGH unless it detects the characteristic gamma ray pulse of a nuclear event. The gamma ray pulse occurs at the beginning of a “nuclear event” precedes the EMP by some microseconds, and the blast wave by perhaps many seconds, so the HSN-1000 series seems be aimed at triggering an automatic shutdown that might help preserve electronics in the event of a nuclear exchange.

[Bigcrimping] has wired the HSN-1000L to a Raspberry Pi Pico 2 W to create the BhangmeterV2. In the event of a nuclear explosion, it will log the time the nuclear event detector’s pin goes low, and the JSON log is pushed to the cloud, hopefully to a remote server that won’t be vaporized or bricked-by-EMP along with the BhangmeterV2. Since it is only detecting the gamma ray pulse, the BhangmeterV2 is only sensitive to nuclear events within line-of-sight, which is really not where you want to be relative to a nuclear event. Perhaps V3 will include other detection methods– maybe even a 3D-printed neutrino detector?

If you survive the blast this project is designed to detect, you might need a radiation detector to deal with the fallout. For identifying exactly what radionuclide contamination is present, you might want a gamma-ray spectrometer.

It’s a sad comment on the modern world that this hack feels both cold-war vintage and relevant again today. Thanks to [Tom] for the tip; if you have any projects you want to share, we’d love to hear from you whether they’d help us survive nuclear war or not.

hackaday.com/2025/06/18/bhangm…