This week Jonathan talks to Robert Wolff about DevEco! How did this developer group come to be, and what is its purpose? What are the lessons learned about building communities and working with others? Watch to find out!

• linktr.ee/deveco
• linktr.ee/robertwolff
• linktr.ee/thedeveco
• thedeveco.com/
• discord.gg/deveco

youtube.com/embed/_EkNc3A4n4k?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/10/22/floss-…

If you’re blessed with high water pressure at home, you probably love how it helps blast grime from your dishes and provides a pleasant washing experience. However, it can also cause a wonderful mess when that water splashes all over your countertops. [vgmllr] has whipped up a simple solution to this problem by installing an automatic splash guard.
So tidy!
The concept is simple enough—install a pair of flat guards that raise up when the sink is running, in order to stop water getting everywhere. To achieve this, [vgmllr] grabbed an Arduino, and hooked it up to a piezo element, which acts as a water sensor.

The piezo is attached to the bottom of the sink, and effectively acts as a microphone, hooked up to one of the Arduino’s analog-to-digital pins. When water flow is detected, the Arduino commands two servos to raise a pair of 3D printed arms that run up and down the outside of the sink. Each arm is fitted with magnets, which mate with another pair of magnets on the splash shields inside the sink. When the arms go up, the splash shields go up, and when the arms go down, the splash shields go down.

It’s an ingenious design, mostly because the installation is so clean and seamless. By using magnets to move the splash shields, [vgmllr] eliminated any need to drill through the sink, or deal with any pesky seals or potential water leaks. Plus, if the splash shields are getting in the way of something, they can easily be popped off without having to disassemble the entire mechanism.

It’s a tidy little build, both practical and well-engineered. It’s not as advanced as other kitchen automations we’ve seen before, but it’s elegant in its simple utility.

hackaday.com/2025/10/22/kitche…

When the microcomputer first landed in homes some forty years ago, it came with a simple freedom—you could run whatever software you could get your hands on. Floppy disk from a friend? Pop it in. Shareware demo downloaded from a BBS? Go ahead! Dodgy code you wrote yourself at 2 AM? Absolutely. The computer you bought was yours. It would run whatever you told it to run, and ask no questions.

Today, that freedom is dying. What’s worse, is it’s happening so gradually that most people haven’t noticed we’re already halfway into the coffin.

News? Pegged.

There are always security risks when running code from untrusted sources. The stakes are higher these days when our computers are the gateways to our personal and financial lives. Credit: Screenshot
The latest broadside fired in the war against platform freedom has been fired. Google recently announced new upcoming restrictions on APK installations. Starting in 2026, Google will tightening the screws on sideloading, making it increasingly difficult to install applications that haven’t been blessed by the Play Store’s approval process. It’s being sold as a security measure, but it will make it far more difficult for users to run apps outside the official ecosystem. There is a security argument to be made, of course, because suspect code can cause all kinds of havoc on a device loaded with a user’s personal data. At the same time, security concerns have a funny way of aligning perfectly with ulterior corporate motives.

It’s a change in tack for Google, which has always had the more permissive approach to its smartphone platform. Contrast it to Apple, which has sold the iPhone as a fully locked-down device since day one. The former company said that if you own your phone, you could do what you want with it. Now, it seems Google is changing its mind ever so slightly about that. There will still be workarounds, like signing up as an Android developer and giving all your personal ID to Google, but it’s a loss to freedom whichever way you look at it.

Beginnings

Sony put a great deal of engineering into the PlayStation to ensure it would only read Sony-approved discs. Modchips sprung up as a way to get around that problem, albeit primarily so owners could play cheaper pirated games. Credit: Libreleah, CC BY-SA 4.0,
The walled garden concept didn’t start with smartphones. Indeed, video game consoles were a bit of a trailblazer in this space, with manufacturers taking this approach decades ago. The moment gaming became genuinely profitable, console manufacturers realized they could control their entire ecosystem. Proprietary formats, region systems, and lockout chips were all valid ways to ensure companies could levy hefty licensing fees from developers. They locked down their hardware tighter than a bank vault, and they did it for one simple reason—money. As long as the manufacturer could ensure the console wouldn’t run unapproved games, developers would have to give them a kickback for every unit sold.

By and large, the market accepted this. Consoles were single-purpose entertainment machines. Nobody expected to run their own software on a Nintendo, after all. The deal was simple—you bought a console from whichever company, and it would only play whatever they said was okay. The vast majority of consumers didn’t care about the specifics. As long as the console in question had a decent library, few would complain.
Nintendo created the 10NES copy protection system to ensure its systems would only play games approved by the company itself, in an attempt to exert quality control after the 1983 North American video game crash. Credit: Evan-Amos, public domain
There was always an underground—adapters to work around region locks, and bootleg games that relied on various hacks—with varying popularity over the years. Often, it was high prices that drove this innovation—think of the many PlayStation mod chips sold to play games off burnt CDs to avoid paying retail.

At the time, this approach largely stayed within the console gaming world. It didn’t spread to actual computers because computers were tools. You didn’t buy a PC to consume content someone else curated for you. You bought it to do whatever you wanted—write a novel, make a spreadsheet, play games, create music, or waste time on weird hobby projects. The openness wasn’t a bug, or even something anybody really thought about. It was just how computers were. It wasn’t just a PC thing, either—every computer on the market let you run what you wanted! It wasn’t just desktops and laptops, either; the nascent tablets and PDAs of the 1990s operated in just the same way.

Then came the iPhone, and with it, the App Store. Apple took the locked-down model and applied it to a computer you carry in your pocket. The promise was that you’d only get apps that were approved by Apple, with the implicit guarantee of a certain level of quality and functionality.
Apple is credited with pioneering the modern smartphone, and in turn, the walled garden that is the App Store. Credit: Apple
It was a bold move, and one that raised eyebrows among developers and technology commentators. But it worked. Consumers loved having access to a library of clean and functional apps, built right into the device. Meanwhile, they didn’t really care that they couldn’t run whatever kooky app some random on the Internet had dreamed up.

Apple sold the walled garden as a feature. It wasn’t ashamed or hiding the fact—it was proud of it. It promised apps with no viruses and no risks; a place where everything was curated and safe. The iPhone’s locked-down nature wasn’t a restriction; it was a selling point.

But it also meant Apple controlled everything. Every app paid Apple’s tax, and every update needed Apple’s permission. You couldn’t run software Apple didn’t approve, full stop. You might have paid for the device in your pocket, but you had no right to run what you wanted on it. Someone in Cupertino had the final say over that, not you.

When Android arrived on the scene, it offered the complete opposite concept to Apple’s control. It was open source, and based on Linux. You could load your own apps, install your own ROMs and even get root access to your device if you wanted. For a certain kind of user, that was appealing. Android would still offer an application catalogue of its own, curated by Google, but there was nothing stopping you just downloading other apps off the web, or running your own code.

Sadly, over the years, Android has been steadily walking back that openness. The justifications are always reasonable on their face. Security updates need to be mandatory because users are terrible at remembering to update. Sideloading apps need to come with warnings because users will absolutely install malware if you let them just click a button. Root access is too dangerous because it puts the security of the whole system and other apps at risk. But inch by inch, it gets harder to run what you want on the device you paid for.

Windows Watches and Waits

The walled garden has since become a contagion, with platforms outside the smartphone space considering the tantalizing possibilities of locking down. Microsoft has been testing the waters with the Microsoft Store for years now, with mixed results. Windows 10 tried to push it, and Windows 11 is trying harder. The store apps are supposedly more secure, sandboxed, easier to manage, and straightforward to install with the click of a button.
Microsoft has tried multiple times to sell versions of Windows that are locked to exclusively run apps from the Microsoft Store. Thus far, these attempts have been commercial failures. Credit: screenshot
Microsoft hasn’t pulled the trigger on fully locking down Windows. It’s flirted with the idea, but has seen little success. Windows RT and Windows 10 S were both locked to only run software signed by Microsoft—each found few takers. Desktop Windows remains stubbornly open, capable of running whatever executable you throw at it, even if it throws up a few more dialog boxes and question marks with every installer you run these days.

How long can this last? One hopes a great while yet. A great deal of users still expect a computer—a proper one, like a laptop or desktop—to run whatever mad thing they tell it to. However, there is an increasing userbase whose first experience of computing was in these locked-down tablet and smartphone environments. They aren’t so demanding about little things like proper filesystem access or the ability to run unsigned code. They might not blink if that goes away.

For now, desktop computing has the benefit of decades of tradition built in to it. Professional software, development tools, and specialized applications all depend on the ability to install whatever you need. Locking that down would break too many workflows for too many important customers. Masses of scientific users would flee to Linux the moment their obscure datalogger software couldn’t afford an official license to run on Windows;. Industrial users would baulk at having to rely on a clumsy Microsoft application store when bringing up new production lines.

Apple had the benefit that it was launching a new platform with the iPhone; one for which there were minimal expectations. In comparison, Microsoft would be climbing an almighty mountain to make the same move on the PC, where the culture is already so established. Apple could theoretically make moves in that direction with OS X and people would be perhaps less surprised, but it would still be company making a major shift when it comes to customer expectations of the product.

Here’s what bothers me most: we’re losing the idea that you can just try things with computers. That you can experiment. That you can learn by doing. That you can take a risk on some weird little program someone made in their spare time. All that goes away with the walled garden. Your neighbour can’t just whip up some fun gadget and share it with you without signing up for an SDK and paying developer fees. Your obscure game community can’t just write mods and share content because everything’s locked down. So much creativity gets squashed before it even hits the drawing board because it’s just not feasible to do it.

It’s hard to know how to fight this battle. So much ground has been lost already, and big companies are reluctant to listen to the esoteric wishers of the hackers and makers that actually care about the freedom to squirt whatever through their own CPUs. Ultimately, though, you can still vote with your wallet. Don’t let Personal Computing become Consumer Computing, where you’re only allowed to run code that paid the corporate toll. Make sure the computers you’re paying for are doing what you want, not just what the executives approved of for their own gain. It’s your computer, it should run what you want it to!

hackaday.com/2025/10/22/what-h…

La Nigeria stringe le maglie sulle operazioni di cyber-crimine all’interno del suo territorio e sta procedendo a un’ampia operazione di espulsione dei residenti stranieri sospettati di attività illecite.

L’Organized Crime and Corruption Reporting Project (Occrp) ha segnalato l’espulsione avvenuta a ottobre di 192 sospetti con cittadinanza di Cina, Filippine, Tunisia, Malesia, Pakistan, Kirghizistan e Timor Est arrestati e condannati per cyberterrorismo, frode informatica e reati correlati.

I soggetti in questione erano accusati di contribuire a uno schema di riciclaggio internazionale connesso alla conversione di denaro “sporco” in criptovalute e alla costruzione di schemi Ponzi. La presenza tra gli espulsi di esponenti dei Paesi dell’Asia orientale e del Kirghizistan, hub centroasiatico dell’aggiramento delle sanzioni da parte della Russia tramite gli exchange di criptovalute, alimenta la solidità di questa tesi. E non finisce qui. Ad agosto 50 cittadini cinesi e 102 soggetti in totale erano stati espulsi per un’analoga violazione della legge anti-cybercrimine nel Paese più popolato dell’Africa.

Come ha ricordato la Bbc:

La Nigeria è nota per le frodi online e le truffe sentimentali sono all’ordine del giorno. Secondo la Commissione per i reati economici e finanziari (EFCC), i casi di criminalità informatica sono stati tra i reati più diffusi in Nigeria lo scorso anno.

La Nigeria sta da tempo prendendo consapevolezza di essere un epicentro di catene del valore criminali transnazionali che seguono un principio di filiera e divisione del lavoro paragonabile a quello delle attività lecite sfruttando i meccanismi, soprattutto digitali e tecnologici, della globalizzazione.

Il Nigeria Cybercrimes Act del 2024 sostenuto dal presidente Bola Tinbu offre alla polizia e alle agenzie di sicurezza nazionali la possibilità di intercettare comunicazioni riservate di molti sospetti anche prima dell’emissione di un mandato dei tribunali in casi di percepito rischio securitario. Si è chiesto alle compagnie di telecomunicazioni di estendere i tempi di conservazione dei dati, alle banche di segnalare i bonifici sospetti tempestivamente, agli operatori fintech di prevenire le transazioni non autorizzate o illegali con le cripto.

Il “Guardian” di Lagos, una delle maggiori testate del Paese, ha scritto che “la Nigeria ha promosso attivamente delle partnership, tra cui un recente accordo di cooperazione in materia di sicurezza informatica con il Regno Unito nell’aprile 2025 e un accordo con l’FBI e il governo cambogiano, per intensificare gli sforzi contro la criminalità informatica internazionale” e avviato con l’appoggio di Londra e del Commonwealth un Joint Case Team on Cybercrime che riunisce “le principali agenzie di giustizia e sicurezza per migliorare l’individuazione, l’indagine e il perseguimento dei reati informatici”.

Da un lato, dunque, Abuja sta pensando a promuovere una serie di scenari operativi finalizzati a una maggiore sicurezza internazionale e alla prevenzione del cybercrime. Dall’altro, le normative introdotte internamente appaiono assai complesse e articolate e potenzialmente sospettabili di aprire la strada a repressioni della libertà d’espressione e a una sorveglianza estesa. In parallelo, l’assenza di un ragionamento politico sul ruolo delle mafie, specie quella nazionale, nel processo e lo scaricabarile su singoli soggetti – per quanto problematici – di nazionalità straniera potrebbe ridurre la percezione di un fenomeno che, a conti fatti, è di rango globale.

L'articolo La stretta della Nigeria sul cyber-crimine straniero proviene da InsideOver.

Nella giornata di oggi, migliaia di utenti Fastweb in tutta Italia hanno segnalato problemi di connessione alla rete fissa, con interruzioni improvvise del servizio Internet e difficoltà a navigare o accedere ai principali siti web.

Le segnalazioni, raccolte su piattaforme come DownDetector, hanno iniziato a crescere rapidamente dalle prime ore del mattino, raggiungendo oltre 35.000 segnalazioni nel giro di poche ore.
Le aree più colpite sembrano essere Milano, Roma, Torino, Bologna, Napoli, Palermo e Firenze, ma i disservizi si sono estesi anche ad altre zone del Paese.

Molti utenti hanno lamentato assenza totale di connessione, problemi di routing e DNS, oltre a difficoltà nell’accesso a servizi Google, social network e piattaforme di streaming.

Dopo la pubblicazione del nostro articolo, Fastweb ha contattato Red Hot Cyber, fornendo una comunicazione ufficiale sullo stato della situazione:

Fastweb conferma che è in corso un disservizio temporaneo su rete fissa. I tecnici sono al lavoro per ripristinare i servizi nel minor tempo possibile. Fastweb si scusa con i clienti coinvolti e provvederà ad aggiornare tempestivamente sull’avanzamento dei lavori.

Al momento, i tecnici dell’azienda stanno lavorando per individuare la causa precisa del guasto e ripristinare progressivamente i collegamenti. La società invita i clienti coinvolti a monitorare i propri canali ufficiali per ricevere aggiornamenti in tempo reale sull’avanzamento dei lavori.

Red Hot Cyber continuerà a seguire la vicenda e a fornire aggiornamenti non appena saranno disponibili nuove informazioni.

L'articolo Fastweb conferma il problema e fornisce una dichiarazione ufficiale proviene da Red Hot Cyber.

I ricercatori hanno scoperto 131 estensioni per automatizzare il funzionamento di WhatsApp Web nello store ufficiale di Chrome. Tutte venivano utilizzate per inviare spam di massa agli utenti brasiliani.

Secondo gli analisti di Socket, tutte queste estensioni condividono la stessa base di codice, gli stessi design pattern e la stessa infrastruttura. Insieme, contano circa 20.905 utenti attivi.

“Non si tratta di un malware classico; è una campagna di spam automatizzata ad alto rischio che viola le regole della piattaforma”, spiega Kirill Boychenko, specialista di Socket. “Il codice viene iniettato direttamente nella pagina Web di WhatsApp, collaborando con gli script di WhatsApp per automatizzare gli invii di massa e la pianificazione in modo da aggirare la protezione anti-spam.”

L’obiettivo finale di questa campagna è inviare messaggi di massa tramite WhatsApp in modo da aggirare i limiti di frequenza dei messaggi e la protezione antispam della piattaforma. I ricercatori scrivono che questa attività è in corso da almeno nove mesi, con nuovi download e aggiornamenti delle estensioni osservati solo il 17 ottobre 2025.

Ogni estensione utilizza un nome e un logo diversi, ma la maggior parte è pubblicata dagli sviluppatori WL Extensão e WLExtensao. A volte, le estensioni vengono pubblicizzate come strumenti CRM per WhatsApp, promettendo di massimizzare le vendite tramite la versione web del messenger.

Gli esperti ritengono che tali differenze nel branding siano il risultato del franchising, che consente agli operatori di estensioni di inondare il Chrome Web Store con cloni dell’estensione ZapVende originale creata da DBX Tecnologia.

“Trasforma WhatsApp in un potente strumento di vendita e gestione dei contatti. Con Zap Vende avrai accesso a un CRM intuitivo, all’automazione dei messaggi, all’invio di email di massa, a un funnel di vendita visivo e molto altro”, si legge nella descrizione di un’estensione nel Chrome Web Store. “Organizza il servizio clienti, monitora i lead e pianifica i messaggi in modo pratico ed efficace.”

Secondo Socket, DBX Technology pubblicizza un programma di rivendita white-label che consente ai potenziali partner di rinnovare il marchio e vendere l’estensione WhatsApp Web con il proprio marchio. I ricercatori sottolineano che tutto ciò viola la politica antispam e antiabuso del Chrome Web Store. In particolare, agli sviluppatori e ai loro partner è vietato ospitare più estensioni con funzionalità duplicate sulla piattaforma.

Inoltre, è stato scoperto che DBX aveva pubblicato su YouTube dei video su come aggirare gli algoritmi anti-spam di WhatsApp quando si utilizzano tali estensioni.

L'articolo Scoperte 131 estensioni Chrome per WhatsApp Web utilizzate per spam di massa proviene da Red Hot Cyber.