This week, Jonathan Bennett and David Ruggles chat with Sylvestre and Brian about Firefox! What’s up in the browser world, what’s coming, and what’s the new feature for Firefox on mobile that has Jonathan so excited? Watch to find out!

• mozilla.org/en-US/firefox/deve…
• briangrinstead.com/blog/firefo…
• browserbench.org/announcements…

Subscribe to catch the show live, and come to Hackaday for the rest of the story!

youtube.com/embed/8j69gjQGYqA?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2024/12/04/floss-…

In the last two articles, I talked about two systems relying on audio notifications. The first one is the Alt-Tab annihilator system – a system making use of my window monitoring code to angrily beep at me when I’m getting distracted. The other is the crash prevention system – a small script that helps me avoid an annoying failure mode where I run out of energy before getting myself comfortable for it.

I’ve been appreciating these two systems quite a bit – not only are they at my fingertips, they’re also pretty effective. To this day, I currently use these two systems to help me stay focused as I hack on my own projects or write articles, and they are definitely a mainstay in my self-hacking arsenal.

There is a particular thing I’ve noticed – audio notifications help a fair bit in a way that phone or desktop notifications never would, and, now I have a framework to produce them – in a way that calls for a purpose-tailored device. It’s just wireless headphones, Pi-powered, connected through WiFi, and a library to produce sounds on my computer, but it turns out I can squeeze out a lot out of this simple combination.

Here’s a pocketable device I’ve developed, using off-the-shelf hardware – an audio receiver/transmitter with extra IO, paired to my laptop. And, here’s how I make use of this device’s capabilities to the fullest.

Audio Output

In the “producing sound out of a Pi” article, I’ve mentioned USB-C 3.5mm soundcards. You can use them with a USB-C host port, and you don’t even need any sort of resistors for that – the soundcard doesn’t try and detect state of the CC pin, and why would it, anyway? Get VBUS, GND, D+, and D-, and you got yourself an audio card with high quality output.

I’ve also talked about the Roc toolkit – it’s a system for transferring audio over a network connection, whether LAN or WAN. It requires Linux/Mac/Android, so it fits wonderfully in my Windows-less ecosystem. I’ve been using it for years, on this kind of devices, and my friends use it with Android phones. Whenever I meet up IRL with some of my friends, at times, we might use a Roc sender on someone’s laptop to stream music or some YouTube video into everyone’s headphones at the same time.
This $10 Apple USB soundcard has been instrumental in many of my Pi audio projects – it’s just that good
A Roc receiver works wonderfully on a Pi Zero. It only made sense to marry Roc, a USB-C soundcard, and a Pi – they work wonders together. Here’s a script you can run on the Pi, coupled with an audio service, and the repo contains all the laptop-side commands you could need. You don’t need to install Pulseaudio for it or anything of the sort – it uses an Alsa card number, so as long as that remains static (very likely on a pocket system), you got it.

On the laptop side, I use pavucontrol to switch audio outputs – if your OS uses Pipewire, you can still use pavucontrol, and, you can also use qpwgraph if you ever want to route audio in a very specific way. It’s like Bluetooth headphones, except they work over WiFi, which avoids Bluetooth software nuances, antenna sharing issues, annoying pairing and battery level noises, audio quality limitations, and relatively short range, not to mention all the features I can add myself. And, the battery also works throughout the entire day – no need to take the headphones off to top them up every now and then, charging the device overnight is sufficient.

Bring The Sound Everywhere

What does this device let me do? First off, I can listen to music or videos even if I get up from my computer and go to a different room. This alone frees up a hefty amount of executive function – it’s way easier to get up from the desk and go cook some food while I am watching a video or a livestream, it just keeps playing in my ears all throughout, so I don’t have to feel like I’m missing out on something!

With Tailscale, or any other personal VPN accessible from the outside, I could also take this pocket device outside on a walk or cycling trip, connected to my phone in mobile hotspot mode, and listen through a queue of videos I was long planning to watch. Roc also let me pass the headset microphone back to my computer – which, I often use to have Discord calls with friends while going around the house and doing cleaning or other chores.

Another worthwhile addition is audio notifications, and the alt-tab annihilator audio library helps a fair bit. I already get audio notifications from some browser tabs, so I can get little beeps when someone from a select group of friends of mine messages me, and you could easily make a utility like beep to let yourself know when long-running shell scripts finish. Not to mention that you could definitely port a “beep every X minutes” script to it!

Now, you might notice – this device is output-only, and most of the tasks above could use some input capabilities. For instance, remote audio streaming could use volume control and media seek/switching – all the more so when I’m listening to my laptop’s audio while being ten kilometers away. I’m not a fan of voice commands, though you could definitely use those – for me, the headset’s single button was more than enough.

One Button For All Seasons

The USB-C soundcard has a USB HID endpoint, and it produces keypress events (for the PLAYPAUSE keycode) when I press the button – what’s more, it even keeps track of when the button is pressed and when it’s released! I’ve been working with HID devices a fair bit now – perhaps, I could extract multiple features out of that single button.
With just one button, you can make wireless multi-functional controls for anything you want
The main problem was, while the headset is connected to a Pi Zero in my pocket, the HID device is completely unused – it’s a CLI distribution of Raspbian, after all, no software would care for those keypresses. This wasn’t hard to fix – there’s two crucial elements to a HID device, first one is the descriptor, and another one is the report. Forward these aspects over the network using rawhid and uhid respectively , and you can have your device work natively over the network. I wrote a client-server application, ran the server on the pocket Pi, client on my laptop, and now I could use the headset button seamlessly as if the USB-C soundcard were connected to my laptop directly.

Now, I could pause or resume music of videos wherever I needed. I also hardcoded a feature into the server – restart the Roc streaming service once the HID device is connected, and restart it again once the device is unplugged. The Roc commandline receiver doesn’t exit on its own when an audio device disappears, instead, consuming 100% of the CPU, and it doesn’t restart by itself when the audio device disappears, either. Both of these problems were easy to solve as an aside of the HID forwarding server.

The single purpose of this button was a problem, though – not even volume controls would work. What can you do with a single button? A lot – if you can distinguish button press from a button release, and this soundcard sure can. If you’ve ever controlled your phone using headset button double presses or long presses, rejoice – reimplementing that is trivial; not that a three-button headset isn’t a more comfortable option still. I wrote a script distinguishing press length, and assigned different callbacks to different sequences.

From here, I can do a double click of the button, or a long press, or a long press followed by a double click, or long-short-long press – map different actions to different combinations and off we go. So far, I use it for volume control, seeking and pausing/resuming media, and poking some of my other self-hacking scripts remotely – but you can add features seamlessly, like running scripts of your choosing, reading out your desktop notifications through text-to-speech, setting timers, making notes of specific events in your life, or even combining it with the on-headset mic to record audio notes as you go.

Headphone Friend

All you need – a Pi Zero W, a power management board, and a USB-C host socket (no CC resistors, even!)
At this point, I have a pocket audio receiver device tied into my laptop over the local network, and, just as easily, Internet. While using it, it’s as inobtrusive as a pair of headphones paired to a wireless receiver, except that every single feature is used to the max. From a constant stream of audio, be it videos and music to notifications, to controlling my laptop remotely, this device is an augment like no other, codename’d “headphone friend” among my friends.

There’s another fun futuristic aspect to this build. With minimal modifications, it’s the kind of device I can take out of my pocket, connect to a USB-serial or USB-Ethernet adapter, wire it into a network switch in a rack, and then sit ten meters away from it on a comfy couch, reconfiguring the switch through its serial port. Or, I can hook this device onto a robot riding around, and collect telemetry through its debug port. Pair your Pi with a battery and a USB-C soundcard, and, you too can benefit from such a device – or accidentally build an even cooler platform while at it, after all, that’s how it worked out for me.

We’ve been fans of the Yosys / Nextpnr open-source FPGA toolchain for a long while now, and like [Michael] we had no idea that their oss-cad-suite installer sets up everything so that you can write in Verilog or VHDL, your choice. Very cool!

Verilog and VHDL are kind of like the C and ADA of the FPGA world. Verilog will seem familiar to you if you’re used to writing code for computers. For instance, it will turn integer variables into wires that carry the binary values for you. VHDL code looks odd from a software programmer’s perspective because it’s closer to the hardware and strongly typed: an 8-bit integer isn’t the same as eight wires in VHDL. VHDL is a bigger jump if you have software in your brain, but it’s also a lot closer to describing how the hardware actually works.

We learned Verilog, because it’s what Yosys supported. But thanks to GHDL, a VHDL analyzer and synthesizer, and the yosys-ghdl-plugin, you can write your logic in VHDL too. Does this put an end to the FPGA-language holy wars? Thanks, Yosys.

[Michael] points out that this isn’t really news, because the oss-cad-suite install has been doing this for a while now, but like him, it was news to us, and we thought we’d share it with you all.

Want to get started with FPGAs and the open-source toolchain? Our own [Al Williams] wrote up a nice FPGA Boot Camp series that’ll take you from bits to blinking in no time.

hackaday.com/2024/12/04/did-yo…

Le agenzie di sicurezza informatica di Stati Uniti, Australia, Canada, Nuova Zelanda e Regno Unito hanno emesso un avvertimento congiunto sulle attività di spionaggio da parte degli hacker cinesi. Gli aggressori hanno compromesso le reti delle principali società di telecomunicazioni del mondo per condurre una massiccia campagna di raccolta di informazioni.

Secondo il rapporto gli aggressori sfruttano le vulnerabilità presenti nell’infrastruttura delle reti di telecomunicazione per penetrare e successivamente raccogliere informazioni. L’enfasi principale è sulla compromissione dei dispositivi di rete: router, switch e firewall.

Gli esperti sottolineano che gli aggressori sfruttano attivamente le vulnerabilità note nella configurazione dei dispositivi di rete, ma non è stato ancora individuato alcun segno dell’utilizzo di nuovi metodi.

Raccomandazioni per migliorare la sicurezza

Le principali misure di sicurezza della rete includono:

• Monitoraggio della configurazione. È necessario monitorare tutte le modifiche nelle configurazioni dei dispositivi di rete, identificare e analizzare le modifiche sospette. Gli esperti consigliano di utilizzare l’archiviazione centralizzata delle configurazioni, eliminando la possibilità di gestire direttamente i dispositivi.
• Analisi del traffico di rete. Per monitorare la trasmissione dei dati, si consiglia di posizionare sistemi di raccolta del traffico nei nodi chiave della rete, che consentono di identificare rapidamente anomalie e potenziali minacce.
• Protezione del registro. I registri di sistema devono essere crittografati e archiviati in più luoghi per evitare perdite o modifiche non autorizzate. Si propone di utilizzare sistemi di registrazione centralizzati con la capacità di analizzare grandi volumi di dati.

Gli autori del documento sottolineano l’importanza della segmentazione della rete. VLAN (Virtual Local Area Networks) e zona demilitarizzata (DMZ) aiutano a isolare i sistemi critici dalle minacce esterne. Si consiglia inoltre di limitare l’accesso ai dispositivi tramite Internet. La gestione dovrebbe essere effettuata solo da dispositivi attendibili attraverso canali di comunicazione sicuri.

Inoltre, si consiglia di disabilitare i protocolli non utilizzati come Telnet, FTP e le versioni legacy di SSH. Un elemento importante è il passaggio ai moderni standard di crittografia, come TLS 1.3 e AES-256, per ridurre la probabilità di uno sfruttamento efficace delle vulnerabilità.

Cisco nel mirino ma anche l’esigenza di una Security By Design ben fatta

Gli esperti hanno identificato le apparecchiature Cisco come una delle più frequentemente attaccate. Per ridurre al minimo i rischi, si consiglia di disabilitare i servizi Cisco Smart Install e implementare una protezione tramite password più rigorosa. Si consiglia inoltre di utilizzare versioni aggiornate del software ed evitare di utilizzare algoritmi di crittografia obsoleti.

Uno dei compiti chiave è aumentare il livello di visibilità dei processi nelle reti. Ciò implica la capacità delle organizzazioni di monitorare, analizzare e comprendere ciò che sta accadendo nell’infrastruttura. L’elevata visibilità consente di identificare rapidamente minacce, anomalie e vulnerabilità. Per raggiungere tali obiettivi, si consiglia di implementare soluzioni SIEM in grado di raccogliere e analizzare dati da varie fonti.

Inoltre, si propone di verificare tutti i dispositivi di rete, compreso il controllo degli account utente e la disattivazione degli account inattivi. I dispositivi devono essere protetti dal controllo remoto da parte di fonti non autorizzate.

Il documento sottolinea inoltre l’importanza di adottare un approccio Secure by Design nello sviluppo di software e dispositivi di rete. Il metodo implica che i produttori di hardware e software debbano fornire il massimo livello di protezione nella fase di sviluppo. Le organizzazioni sono incoraggiate a richiedere ai fornitori di aderire a tali principi.

Gli attacchi legati alla Cina

Gli attacchi informatici legati alla Cina continuano a rappresentare una seria minaccia per le reti di telecomunicazioni globali. Gli esperti sottolineano l’importanza di una risposta tempestiva alle minacce, eliminando le vulnerabilità e applicando metodi di sicurezza moderni. Le organizzazioni che gestiscono infrastrutture critiche sono fortemente incoraggiate ad attuare le misure descritte per migliorare la resilienza della sicurezza informatica.

L'articolo CISA: Attacco alle Reti! Gli Hacker Cinesi Minacciano la Sicurezza Mondiale proviene da il blog della sicurezza informatica.

The London Underground is an iconic piece of Victorian era engineering. What started in 1863 quickly became a core piece of infrastructure that would define the modern character of the British capital. It’s grown and changed immensely in the many years that have passed. Sadly, increasing patronage and more trains have created problems that the original designers never envisaged.

Deep in those London tunnels lies an engineering challenge. The Tube is literally cooking itself. Every day, millions of commuters descend into a network of tunnels that have been absorbing heat since the reign of Queen Victoria. Those clay-lined tubes have been soaking up excess thermal energy like a giant underground radiator, and now they’re giving it back with interest. The tunnels are simply too hot, and cooling them down is inordinately difficult.

The Perfect Storm of Thermal Chaos

The Tube’s heat problem isn’t just about one thing gone wrong – it’s about everything gone wrong at once. When Victorian engineers designed these tunnels, cooling wasn’t a major consideration. The tight, compact tunnels were built deep, nestled in the clay beneath London. In the early days, temperatures in the Underground were considered comfortably low.

“The Underground’s the only spot for comfort when the days are hot; it is cooler below.” – London Underground poster, 1926

Originally, the clay surrounding the tunnels sat at around 14°C, acting as a heat sink for the network. However, over the years, with more trains coming and going and more heat pouring in, the temperature has risen. It now typically sits anywhere from 19° to 26 °C. That’s just the earth around the tunnels, though. Air temperatures are worse—hitting as high as 47°C during a 2006 heatwave. The problem has been a continual bugbear of the beloved Tube, with concerns that future heatwaves could see temperatures rise ever higher.
Victoria and Central have been the hottest lines in recent years, according to TfL data.
The problem varies depending on which part of the Tube you’re on; some lines are worse than others. The Central Line is worthy of the nickname “The Central Heat Line”, with temperatures historically reaching 35°C. That’s not just uncomfortable – it’s approaching the limit of what the human body can handle efficiently. Much of this is due to the tunnel’s design. Opened in 1900, it featured two compact tunnels buried over 20 meters underground with minimal space for ventilation. It’s one of the so-called “deep-level” lines on the Underground network. Meanwhile, the Victoria line hit 31°C at its peak in 2023, and actually overtook the Central line as the hottest line, recording an average temperature of 28°C last year. Contrast that with the newer Jubilee line, which recorded an average temperature of just 22°C—far more comfortable.

To understand the problem, we need to know where the heat is coming from. A breakdown of heat sources was provided by Rail Engineering in 2007. Trains using their brakes, converting kinetic energy to heat, contributed 38% of the total heat input to the underground. The rest was put down to mechanical sources (22%) and the drivetrain (16%)—because those big electric motors get hot in operation.

As we wrap up for cooler temperatures outside, remember to remove coats whilst travelling to prevent overheating.

— TfL (@TfL) November 6, 2018

TfL at times has to remind customers that the Underground is warm even when it’s cold outside.

The rest of the heat came from a variety of sources, with train auxiliary equipment and tunnel support systems making up 13% and 4% respectively. The human factor can’t be ignored—each passenger is basically a 100-watt heater on legs. Multiply that by the millions of commuters that pass through each day, and you can see the scale of the problem. Indeed, passengers contributed the final 7% of heat generation in the Tube system. Of all the heat generated in the Tube, 79% passed into the tunnel walls, with 11% going into the tunnel itself. The remainder—just 10%—was removed via ventilation.

While the Tube had been slowly getting hotter for some time, the problem really started coming to a head in the mid-2000s, particularly when the European heatwave hit in 2006. Solutions were demanded, but the Underground wasn’t going to make it easy. The oldest parts of the network presented the greatest challenges, with precious little space to fit additional equipment for cooling. Many lines were simply too tight to allow for air conditioners to be retrofitted to existing trains, for example. Even if they were fitted, there would be a further problem of how to remove the additional waste heat generated from the tunnels, which were already too tight to ventilate effectively.
Victoria Station has had plenty of attention in recent decades, with TfL installing new cooling systems. Credit: Oxyman, GNU Free Documentation License
The quagmire had even prompted then-Mayor Ken Livingstone to put forth a £100,000 bounty for anyone that could solve the problem. However, it went unawarded. Despite over 3,500 proposals, the Underground authorities found only unworkable or unaffordable solutions, or ones they were already considering.

As you might expect, the problem hasn’t just gone away. Indeed, British media have begun regularly putting out articles on the hottest tube lines each year, as well as updates on what is to be done. Looking ahead, climate change is only going to make this underground sauna more challenging to manage. TfL’s engineers are in a race against time and physics, trying to cool a system that was never designed to be cooled.

Transport for London’s engineers haven’t taking this lying down, however. In recent decades, they’ve thrown a range of complicated solutions at this difficult problem. Victoria Station saw major upgrades, with the successful trial of a groundwater-based cooling system and heavily-upgraded ventilation. On the toasty Central line, engineers realized there was an additional heat input into the system. Trains travelled above ground for part of their route, which would see them heat up in the sun and then bring that energy underground. Countermeasures included installing reflective material on train roofs and solar-reducing films on the windows.

Trials of a new panel-based cooling system have also taken place in recent years at the disused Holborn station, with TfL considering a rollout to various stations after successful trials. The system involves circulating cold water through a curved metal structure. Air is chilled by blowing it through the curved panels and into the station. The system is designed specifically to operate in stations on the deep parts of the Tube network, with an eye to keeping maintenance and operation of the system as practical as possible.
Subsurface lines have been running S-Stock trains, which feature full air conditioning to keep passengers comfortable. Credit: (c) Transport for London
Some Tube lines have been lucky enough to get air-conditioned trains, too. These can be found on the Circle, District, Hammersmith & City, and Metropolitan lines. The modern S-Stock trains run largely on the less-deep sub-surface Tube lines, where it’s possible to easily deal with the hot exhaust of the air conditioning systems. These trains also have regenerative brakes, which turn some kinetic energy back into electricity to feed into the tube network. This cuts the amount of kinetic energy turned into heat, which aids in keeping the network cooler.

The Picadilly line is due to gain air conditioning in 2025, when it abandons its 1973 Stock trains for newer models. Other lines will have to wait longer. Central Line is slated to receive new air-conditioned trains in early 2030, which will replace the aging 1992 Stock models operating on that line. Bakerloo, Waterloo and City, and Jubilee lines are slated to receive upgraded trains “within the next 20 years” according to a Transport for London statement late last year.
The Picadilly line will see its aging trains replaced with newer air-conditioned models starting in 2025.
Air conditioned trains will help to some degree by cooling passengers on the move. However, those air conditioners will necessarily pump heat out of carriages and straight into the tunnels the trains are travelling through, plus some waste heat to boot. That heat will have to be dealt with one way or another, lest the network heat up further. There’s also the problem that passengers on platforms will still be exposed to high temperatures. Ultimately, both the stations and the trains need to be brought down to reasonable temperature levels. Ideally, the tunnels would be, too, in order to protect any customers that get stuck in a tunnel on a broken-down service. TfL also needs to find a way to bring temperatures under control if it wants to increase services. More trains means more heat going into the system—so it’s important to find a way to pull more heat out, too.

Overall, the problem is still a long way from being solved. The fact is that the London Underground has 11 lines, 272 stations, and more than 4,000 trains. Upgrading all of those at once simply isn’t economically viable. Instead, it appears that Transport for London will keep chipping away at the issue, bit by bit, over the years to come. Ideally, this will outpace any increases in average temperatures brought on by our seemingly-ever-hotter climate. For now, London’s commuters will continue their daily descent into one of the world’s most interesting thermal management case studies. Just remember to bring a bottle of water and some breathable clothing– you’re going to need it.

hackaday.com/2024/12/04/the-lo…