La Relazione Europea sulla Droga 2025: Tendenze e Sviluppi presenta l'ultima analisi dell'EUDA sulla situazione della droga in Europa. L’ #EUDA è l’Agenzia dell’Unione europea sulle droghe (European Union Drugs Agency). È un organismo dell’ #UE con sede a Lisbona, operativo dal 2 luglio 2024, che ha sostituito il precedente Osservatorio europeo delle droghe e delle tossicodipendenze.

Concentrandosi sul consumo di droghe illecite, sui danni correlati e sull'offerta di droga, la relazione fornisce una serie completa di dati nazionali su questi temi, nonché sui trattamenti specialistici per la tossicodipendenza e sui principali interventi di riduzione del danno.

Il report fornisce una panoramica aggiornata sulla situazione delle droghe in Europa fino alla fine del 2024, evidenziando tendenze e sviluppi rilevanti per le politiche e gli operatori del settore.

Offerta, produzione e precursori
La disponibilità di droghe illecite rimane elevata per tutte le sostanze. I dati del 2023 mostrano tendenze stabili nei sequestri e nei reati legati alla droga, con una produzione significativa e sequestri di precursori chimici.

Cannabis
È la droga illecita più consumata in Europa. I dati includono prevalenza d’uso, richieste di trattamento, sequestri, prezzo, purezza e danni associati.

Cocaina
Seconda droga più usata dopo la cannabis, con variazioni significative tra i paesi. Il report analizza uso, trattamento, sequestri, prezzo, purezza e danni.

Stimolanti sintetici
Comprendono amfetamina, metamfetamina e catinoni sintetici. L’analisi copre uso, trattamento, sequestri, prezzo, purezza e impatti sulla salute.

MDMA
Associata principalmente al contesto ricreativo e notturno. Il report esamina uso, sequestri, prezzo e purezza.

Eroina e altri oppioidi
L’eroina è l’oppioide illecito più usato e causa un notevole carico sanitario. La situazione evolve, influenzando le strategie di intervento.

Nuove sostanze psicoattive
Il mercato è dinamico, con nuove sostanze rilevate ogni anno. Include cannabinoidi sintetici, catinoni, oppioidi sintetici e nitazeni.

Altre droghe
LSD, funghi allucinogeni, ketamina, GHB e protossido di azoto sono usati in Europa. Il report analizza uso, sequestri, trattamento e danni.

Uso di droghe per via iniettiva
In calo negli ultimi dieci anni, ma ancora associato a gravi danni sanitari. Include dati su prevalenza e analisi dei residui nelle siringhe.

Malattie infettive correlate
Chi si inietta droghe è a rischio di infezioni come HIV ed epatiti B e C. Il report fornisce dati aggiornati su queste infezioni.

Morti indotte da droghe
Fondamentale per valutare l’impatto sulla salute pubblica. Include dati su overdose e sostanze coinvolte.

Trattamento con agonisti degli oppioidi
È il trattamento specialistico più comune per gli utenti di oppioidi. Il report analizza copertura, accesso e percorsi terapeutici.

Riduzione del danno
Comprende interventi per ridurre i danni sanitari, sociali ed economici. Include programmi con naloxone, stanze del consumo e trattamenti sostitutivi.

La pubblicazione è scaricabile qui edr-2025-full-book-6.06.2025-en.pdf

@Notizie dall'Italia e dal mondo

During Apple’s late-90s struggles with profitability, it made a few overtures toward licensing its software to other computer manufacturers, while at the same time trying to modernize its operating system, which was threatening to slip behind Windows. While Apple eventually scrapped their licensing plans, an interesting product of the situation was Rhapsody OS. Although Apple was still building PowerPC computers, Rhapsody also had compatibility with Intel processors, which [Omores] put to good use by running it on a relatively modern i7-3770 CPU.

[Omores] selected a Gigabyte GA-Z68A-D3-B3 motherboard because it supports IDE emulation for SATA drives, a protocol which Rhapsody requires. The operating system installer needs to run from two floppy disks, one for boot and one for drivers. The Gigabyte motherboard doesn’t support a floppy disk drive, so [Omores] used an older Asus P5E motherboard with a floppy drive to install Rhapsody onto an SSD, then transferred the SSD to the Gigabyte board. The installation initially had a kernel panic during installation caused by finding too much memory available. Limiting the physical RAM available to the OS by setting the maxmem value solved this issue.

After this, the graphical installation went fairly smoothly. A serial mouse was essential here, since Rhapsody doesn’t support USB. It detected the video card immediately, and eventually worked with one of [Omores]’s ethernet cards. [Omores] also took a brief look at Rhapsody’s interface. By default, there were no graphical programs for web browsing, decompressing files, or installing programs, so some command line work was necessary to install applications. Of course, the highlight of the video was the installation of a Doom port (RhapsoDoom).

This isn’t the first obscure Apple operating system we’ve seen; some of them have even involved updates to Apple’s original releases. We’ve also seen people build Apple hardware.

youtube.com/embed/uE6qp94InBM?…

Thanks to [Stephen Walters] for the tip!

hackaday.com/2025/06/16/bringi…

Un nuovo caso di Initial Access italiano è emerso nelle ultime ore sul dark web, confermando la continua pressione cybercriminale sul tessuto industriale del Paese. Il venditore, identificato con lo pseudonimo “samy01”, ha pubblicato su un forum underground molto frequentato un’inserzione dal titolo: “RDWeb / Italy / 24 kk / Domain User”.

Il post, come di consueto, riporta la tipologia di accessi in vendita e informazioni sul target. In particolare:

• Settore: Industrial Machinery & Equipment Manufacturing
• Tipologia di accesso: RDWeb (Remote Desktop Web Access)
• Tipologia di utenze: Domain User
• Informazioni sul dominio Active Directory:
  
  • 2 Domain Controller
  • 1 Trust attivo
  • 568 computer di dominio

  
  

• Tipologia di antivirus: SentinelOne

La dimensione dell’infrastruttura compromessa – con quasi 600 postazione di lavoro – suggerisce che si tratti di un’azienda strutturata, con una dimensione importante e una classe di fatturato (come riportato nel post) di circa 24 miliardi di dollari.

Il venditore samy01 risulta registrato da marzo 2024 ed ha all’attivo 13 post sul forum. La dicitura “Autogarant: 2” indica che ha già concluso due transazioni tramite il sistema di escrow automatico offerto da Exploit.in, a conferma dell’affidabilità come venditore sulla piattaforma.

L’inserzione è stata messa all’asta, con le seguenti condizioni:

• Prezzo di partenza: 1.000$
• Incremento minimo: 250$
• Blitz price (acquisto immediato): 2.000$
• Forum escrow disponibile per la transazione
• Contatto via PPS (point-to-point secure chat) disponibile 24 ore su 24

Il fatto che si tratti di un’azienda appartenente alla meccanica industriale la rende un obiettivo particolarmente sensibile, sia per il valore della proprietà intellettuale, sia per la possibilità di propagare attacchi verso clienti o fornitori.

Inoltre, la menzione di RDWeb come punto di accesso suggerisce che l’attaccante abbia compromesso un servizio esposto pubblicamente su Internet, probabilmente attraverso vulnerabilità note o brute force su credenziali deboli.

La presenza di SentinelOne indica che l’azienda è dotata di soluzioni di EDR (Endpoint Detection and Response), ma questo non ha impedito l’infiltrazione iniziale, a dimostrazione del fatto che la difesa perimetrale da sola non è sufficiente senza un efficace controllo degli accessi e monitoraggio continuo.

Rdp Esposto su Internet, fate attenzione!

L’esposizione del protocollo RDP (Remote Desktop Protocol) direttamente su Internet rappresenta una delle superfici d’attacco più comuni e pericolose. Gli attaccanti sfruttano costantemente motori di scansione automatizzati per individuare sistemi RDP accessibili pubblicamente, tentando poi attacchi brute-force o sfruttando vulnerabilità note.

Esporre RDP senza adeguate contromisure equivale a lasciare una porta d’ingresso aperta verso l’intera infrastruttura IT.

Gli strumenti di amministrazione remota non devono mai essere raggiungibili direttamente da Internet. Se è necessario accedervi da remoto, occorre implementare una VPN dedicata esclusivamente al management, protetta da un sistema di doppia autenticazione (2FA).

Questo approccio riduce drasticamente il rischio di accessi non autorizzati, anche in caso di compromissione delle credenziali. Una VPN di management ben configurata rappresenta una barriera fondamentale contro attacchi come ransomware, intrusioni mirate e movimenti laterali nella rete.

Un mercato fiorente per accessi corporate

L’Italia continua a rappresentare un mercato interessante per gli Initial Access Broker. Nel solo 2025, sono già decine i casi tracciati da Red Hot Cyber di aziende italiane i cui accessi sono stati messi in vendita.

Questo nuovo caso è l’ennesimo campanello d’allarme per il settore industriale italiano: l’accesso remoto deve essere protetto da MFA, i servizi esposti pubblicamente devono essere monitorati attivamente, e ogni anomalia deve essere considerata potenzialmente sintomatica di compromissione.

Il tempo che intercorre tra la vendita di un accesso e il deployment di un ransomware si misura in ore o (come osservato di recente) in minuti. La prevenzione, la segmentazione della rete e la formazione del personale sono ormai imprescindibili.

L'articolo Gli accessi ad una grande azienda italiana della meccanica industriale in vendita nel Dark Web proviene da il blog della sicurezza informatica.

A volte, è utile guardare indietro per comprendere meglio le minacce attuali. Un esempio ci arriva da una vecchia, ma sempre attuale, vulnerabilità di PHP Object Injection che interessa vBulletin 4.x.

Circa un decennio fa, il popolare software per forum web, vBulletin 4.x, fu interessato da una vulnerabilità di PHP Object Injection. Questa falla critica è stata trovata e documentata dal ricercatore di sicurezza Egidio Romano (EgiX) che ha recentemente rilevato un’altra vulnerabilità su vBulletin.

Curiosamente, questa falla fu introdotta da una patch di sicurezza del 2014 che, nel tentativo di migliorare la protezione, sostituì serialize() con json_encode(), creando involontariamente un nuovo vettore di attacco: la possibilità di eseguire una PHP Object Injection.

Questa modifica potrebbe permettere agli aggressori di firmare payload serializzati codificati in base64, portando potenzialmente ad attacchi di esecuzione di codice remoto (RCE) tramite chiamate malevole a /private.php.

La vulnerabilità risiede nella funzione verify_client_string(), progettata per prevenire la manomissione dei dati lato client. Tuttavia, a causa del modo in cui json_encode() e base64_decode() gestiscono i dati, gli aggressori possono aggirare questi controlli. Un payload ben congegnato, iniettato attraverso il parametro POST messageids in /private.php, può portare alla deserializzazione di oggetti malevoli.

L’analisi ha rivelato che, combinando questa iniezione, è possibile costruire una “POP chain” (Property Oriented Programming chain). Una POP chain è una sequenza di oggetti serializzati, che grazie a chiamate a metodi magici di PHP (__wakeup(), __destruct(), __call(), ecc.) che vengono invocate automaticamente durante la deserializzazione o la manipolazione di oggetti, potrebbero permettere all’attaccante di eseguire codice arbitrario.

In questo caso specifico, è stata sfruttata la classe DateTime di PHP, che, in combinazione con le strutture di classe di vBulletin, ha consentito l’esecuzione arbitraria di codice sul server. La vulnerabilità è stata testata e confermata su vBulletin versione 4.2.3 Patch Level 2, 4.2.3 e 4.2.2 con le “security patches” applicate, su PHP versione 5.6.5. Si noti infatti che questa “POP chain” funziona solo con alcune vecchie versioni di PHP (5.3.0. – 5.3.29, 5.4.0 – 5.4.37, 5.5.0 – 5.5.21, e 5.6.0 – 5.6.5).

Questa storia evidenzia i pericoli della deserializzazione insicura e i rischi derivanti dall’applicazione di patch di sicurezza affrettate a codice legacy. Anche nei sistemi più datati, le moderne tecniche di exploit possono essere estremamente efficaci. Le vulnerabilità di vBulletin, sia quelle più datate che quelle più recenti, ci ricordano l’importanza di mantenere i sistemi aggiornati e di adottare pratiche di sviluppo sicure per proteggersi da attacchi potenzialmente devastanti.

L'articolo La Macchina del Tempo delle Vulnerabilità: vBulletin 4.x e PHP Object Injection proviene da il blog della sicurezza informatica.

If you were alive when 2001: A Space Odyssey was in theaters, you might have thought it didn’t really go far enough. After all, in 1958, the US launched its first satellite. The first US astronaut went up in 1961. Eight years later, Armstrong put a boot on the moon’s surface. That was a lot of progress for 11 years. The movie came out in 1968, so what would happen in 33 years? Turns out, not as much as you would have guessed back then. [The History Guy] takes us through a trip of what could have been if progress had marched on after those first few moon landings. You can watch the video below.

The story picks up way before NASA. Each of the US military branches felt like it should take the lead on space technology. Sputnik changed everything and spawned both ARPA and NASA. The Air Force, though, had an entire space program in development, and many of the astronauts for that program became NASA astronauts.

The Army also had its own stymied space program. They eventually decided it would be strategic to develop an Army base on the moon for about $6 billion. The base would be a large titanium cylinder buried on the moon that would house 12 people.

The base called for forty launches in a single year before sending astronauts, and then a stunning 150 Saturn V launches to supply building materials for the base. Certainly ambitious and probably overly ambitious, in retrospect.

There were other moon base plans. Most languished with little support or interest. The death knell, though, was the 1967 Outer Space Treaty, which forbids military bases on the moon.

While we’d love to visit a moon base, we are fine with it not being militarized. We also want our jet packs.

youtube.com/embed/Bp6xtAtNOkQ?…

hackaday.com/2025/06/16/histor…

Most people know that they shouldn’t plug strange flash drives into their computers, but what about a USB cable? A cable doesn’t immediately register as an active electronic device to most people, but it’s entirely possible to hide a small, malicious microcontroller inside the shell of one of the plugs. [Joel Serna Moreno] and some collaborators have done just that with their Evil Crow Cable-Wind.

This cable comes in two variants: one USB-A to USB-C, and one with USB-C to USB-C. A tiny circuit board containing an ESP32-S3 hides inside a USB-C plug on each cable, and can carry out a keystroke injection attack. The cable’s firmware is open-source, and has an impressive set of features: a payload syntax checker, payload autocompletion, OS detection, and the ability to impersonate the USB device of your choice.

The cable provides a control interface over WiFi, and it’s possible to edit and deploy live payloads without physical access to the cable (this is where the syntax checker should be particularly useful). The firmware also provides a remote shell for computers without a network connection; the cable opens a shell on the target computer which routes commands and responses through the cable’s WiFi connection (demonstrated in the video below).

The main advantage of the Evil Crow Cable Wind is its price: only about $25, at which point you can afford to lose a few during deployment. We’ve previously seen a malicious cable once before. Of course, these attacks aren’t limited to cables and USB drives; we’ve seen them in USB-C docks, in a gaming mouse, and the fear of them in fans.

youtube.com/embed/FmkIHYdOxS4?…

Thanks to [rustysun9] for the tip!

hackaday.com/2025/06/16/an-ope…

We at Pirate Parties International (PPI) observe the recent escalation between Israel and Iran with profound concern. Israel claims to have launched preemptive strikes targeting Iranian nuclear and military facilities. However, the Netanyahu regime is already engaged in a devastating war in Gaza, and its military actions in Gaza, the West Bank, Lebanon, Syria, and now Iran appear driven more by the political survival and legacy of his leadership. The international community deserves clear evidence and transparency regarding these attacks.

On the other hand, the Iranian regime under Khamenei has also ruled atrociously. Iran continues to launch indiscriminate strikes on civilian centers, intentionally far from legitimate military targets. The Iranian regime’s persistent pursuit of nuclear weapons, support for terrorism targeting Jewish communities, and supplying military equipment to violent groups such as the Houthis in Yemen and Hezbollah in Lebanon must cease immediately.

Pirate Parties International emphasizes that diplomatic solutions must take precedence over military aggression. We are deeply worried by a conflict that threatens millions of innocent lives, risks severe nuclear incidents, and grows increasingly unpredictable. The public is rightly fearful that nuclear stockpiles may already be compromised, endangering civilians on all sides who cannot rely solely on missile defenses and shelters for safety.

We call unequivocally for an immediate ceasefire.

Our movement comprises members globally, including Pirate Party affiliates in Israel, sympathizers in Iran, and many individuals of Iranian descent living in exile. It is truly heartening that our Israeli and Iranian colleagues are communicating constructively about this crisis, openly exploring paths toward peace. We only wish the political leaders entrenched in both governments would exhibit similar wisdom and humanity.

We advocate greater freedom, transparency, and human rights for all affected populations. We strongly urge renewed grassroots dialogue and open communication channels between civilians in Israel and Iran, who share a common interest in peace and reconciliation. Past efforts to unite these communities remind us that solidarity and understanding are achievable.

We call on all parties to prioritize civilian life above all political ambitions. Pirate Parties International stands firmly for peace, transparency, and the power of people over regimes.

pp-international.net/2025/06/i…

We at Pirate Parties International (PPI) observe the recent escalation between Israel and Iran with profound concern. Israel claims to have launched preemptive strikes targeting Iranian nuclear and military facilities. However, the Netanyahu regime is already engaged in a devastating war in Gaza, and its military actions in Gaza, the West Bank, Lebanon, Syria, and now Iran appear driven more by the political survival and legacy of his leadership. The international community deserves clear evidence and transparency regarding these attacks.

On the other hand, the Iranian regime under Khamenei has also ruled atrociously. Iran continues to launch indiscriminate strikes on civilian centers, intentionally far from legitimate military targets. The Iranian regime’s persistent pursuit of nuclear weapons, support for terrorism targeting Jewish communities, and supplying military equipment to violent groups such as the Houthis in Yemen and Hezbollah in Lebanon must cease immediately.

Pirate Parties International emphasizes that diplomatic solutions must take precedence over military aggression. We are deeply worried by a conflict that threatens millions of innocent lives, risks severe nuclear incidents, and grows increasingly unpredictable. The public is rightly fearful that nuclear stockpiles may already be compromised, endangering civilians on all sides who cannot rely solely on missile defenses and shelters for safety.

We call unequivocally for an immediate ceasefire.

Our movement comprises members globally, including Pirate Party affiliates in Israel, sympathizers in Iran, and many individuals of Iranian descent living in exile. It is truly heartening that our Israeli and Iranian colleagues are communicating constructively about this crisis, openly exploring paths toward peace. We only wish the political leaders entrenched in both governments would exhibit similar wisdom and humanity.

We advocate greater freedom, transparency, and human rights for all affected populations. We strongly urge renewed grassroots dialogue and open communication channels between civilians in Israel and Iran, who share a common interest in peace and reconciliation. Past efforts to unite these communities remind us that solidarity and understanding are achievable.

We call on all parties to prioritize civilian life above all political ambitions. Pirate Parties International stands firmly for peace, transparency, and the power of people over regimes.

pp-international.net/2025/06/e…

Balancing robots are always fun to see, as they often take forms we’re not used to, such as a box standing on its corner. This project, submitted by [Alexchunlin], showcases a cool single motor reaction cube, where he dives into many lessons learned during its creation.

At the outset, [Alexchunlin] thought this would be a quick, fun weekend project, and while he achieved that, it took longer than a weekend in the end. The cube’s frame was a simple 3D print with provisions to mount his MotorGo AXIS motor controller. This motor controller was initially designed for another project, but it’s great to see him reuse it in this build.

Once the parts were printed and assembled, the real work began: figuring out the best way to keep the cube balanced on its corner. This process involved several steps. The initial control code was very coarse, simply turning the motor on and off, but this didn’t provide the fine control needed for delicate balancing. The next step was implementing a PID control loop, which yielded much better results and allowed the cube to balance on a static surface for a good amount of time. The big breakthrough came when moving from a single PID loop to two control loops. In this configuration, the PID loop made smaller adjustments, while another control loop focused on the system’s total energy, making the cube much more stable.

By the end of the build, [Alexchunlin] had a cube capable of balancing in his hand, but more importantly, it was a great learning experience in controls. Be sure to visit the project page for more details on this build and check out his video below, which shows the steps he took along the way. If you find this project interesting, be sure to explore some of our other featured reaction wheel projects.

youtube.com/embed/OeoIK913tRk?…

hackaday.com/2025/06/16/cube-t…

It is a well-known reality of rescuing certain older electronic devices that, at some point, you’re likely going to have to replace a busted capacitor. This is the stage [Kevin] is at in the 3rd installment in his saga of reviving a 50-year-old Military Tektronix oscilloscope.

[Kevin] recently discovered a failed capacitor in the power supply for this vintage analog scope. Having identified and removed the culprit, it was time to find a way to replace the faulty component with a modern equivalent. The original capacitor is out of fashion to the degree that a perfect replacement would be impractical and likely not desirable. This job would call for a bit of adaptation.

Starting with the recently desoldered pads on the power supply board as a template, [Kevin] walks us through his process of transferring his meticulously acquired measurements to KiCAD for the purpose of creating an adapter PCB. Once the original pads are mapped, he then draws in pads matching the leads of the new component, referencing the manufacturer’s schematic of the replacement part.

With everything drawn in place and design rule checks satisfied, it’s a quick turnaround from the PCB fabricator before this Tektronix scope moves one step closer to happy tracing again.

While the end product of this kludge is about as simple of a PCB as you might imagine, [Kevin’s] documentation is a thorough tutorial on the process for retrofitting components via adapter boards, covering some of the subtleties that you might miss if you’ve never been through it before.

youtube.com/embed/u-VB3HTjkvM?…

We are looking forward to the next installment of Kevin’s undertaking. In the meantime, you can delve into other oscilloscope repair projects, here, here and here, or go deep on why capacitors fail as in the capacitor plague of the early 2000s (though these are not the same vintage or necessarily the same reason for failure as in [ Kevin’s ] device).

hackaday.com/2025/06/16/kludge…

Predicting the future is a dangerous occupation. Few people can claim as much success as Arthur C. Clarke, the famous science and science fiction author. Thanks to the BBC and the Australian Broadcasting Company, we can see what Sir Arthur thought about the future in 1964 and then ten years later in 1974.

Perhaps his best-known prediction was that of communication satellites, but he called quite a few other things, too. Like all prognosticators, he didn’t bat a thousand, and he missed a wrinkle or two, but overall, he has a very impressive track record.

Horizon

In the 1964 BBC show, Horizon: The Knowledge Explosion, Clarke himself talked about how hard it is to predict the future. He then goes on to describe ultra-modern cities prior to the year 2000. However, he thought that after the year 2000, we won’t care about cities. We’ll communicate with each other without regard to location. Shades of the Internet and cell phone!

He clearly saw the work-from-home revolution. However, he also thought that we’d enslave other animals, which–mercifully–didn’t come to pass. His thoughts on computers were much more on point, although we still don’t quite have what he thought we would.

Direct information dumps to your brain are probably not happening anytime soon. Suspended animation isn’t very popular, either. Of course, all of this could still happen, and it would be totally spooky if he’d been 100% right.

To wrap up, he talks about a replicator when K. Eric Drexler was not even ten years old. We won’t say he called out the 3D printer, exactly, but he was on the track.

youtube.com/embed/YwELr8ir9qM?…

The Home Computer

Fast forward to 1974. A science reporter brought his son with him to an old-school mainframe room and pointed out to Clarke that in the year 2001, the boy would be an adult. Clarke predicted that the boy would have a computer in his house that would connect to other computers to get all the information he needed.

Once again, Clarke was really interested in being able to work from anywhere in the world. Of course, he moved to Sri Lanka and still managed to work, so maybe he just thought we should all enjoy the same privilege.

youtube.com/embed/sTdWQAKzESA?…

Two Years Later

In 1976, Clarke spoke with an AT&T interviewer about the future. He clearly saw the Internet for news and communications with — you guessed it — working from home.

He also brought up the smart watch, another invention to add to his yes column. About the only thing in that interview that we haven’t had luck with yet is contact with extraterrestrials.

youtube.com/embed/D1vQ_cB0f4w?…

Our Guess

We try not to make too many predictions. But we are going to guess that at least some of Clarke’s predictions are yet to come. There is one thing we are pretty sure of, though. When anyone predicts the future — even Clarke — they rarely see the gritty details. Sure, he saw the cell phone, but not the cell phone plan. Or malware. Or a host of other modern problems that would perplex anyone back in the 1960s.

Clarke has a better track record than most. We love looking at what people thought we’d be doing here in the future.

hackaday.com/2025/06/16/retrot…

If you’re a mechanical engineering wonk, you might appreciate this latest video from [Henry Segerman] wherein he demonstrates his various expanding racks.

[Henry] explains how the basic “double-rack” unit can be combined to make more complex structures. These structures are similar in spirit to the Hoberman sphere, which is a compact structure that can be expanded to fill a large space.

The double-rack units get a lot more interesting when you combine two or more of them. They each have rails that accommodate additional double-racks, holding the double-racks together. Because of how the gears from each double-rack are connected to the teeth of the others, expanding two double-racks causes all connected units to also expand.

Through the rest of the video, [Henry] shows you the marvelous myriad ways the basic structures can be combined to make remarkable expanding racks. He also explains some of the missteps and gotchas that his latest designs avoid based on his experience.

If you’re interested in such things, you might also like to check out Lathe Gears Make A Clock or Gear Up: A 15-Minute Intro On Involute Gears.

Do you have your own mechanical engineering hacks? Let us know on the tips line!

youtube.com/embed/iWknov3Xpts?…

hackaday.com/2025/06/16/expand…

Secondo una nota interna ottenuta dalla CNN , degli hacker hanno tentato di violare gli account email dei giornalisti del Washington Post . Il potenziale attacco mirato è stato scoperto giovedì, spingendo il giornale ad avviare un cambio password di emergenza per tutti i dipendenti venerdì.

Un portavoce del Washington Post ha dichiarato che l’indagine è in corso, ma un’analisi preliminare suggerisce che l’attacco abbia interessato solo un numero limitato di account di posta elettronica. Coloro i cui account sono stati effettivamente compromessi sono stati avvisati separatamente. Nessun altro sistema della redazione è stato interessato e non ci sono prove di una fuga di dati di lettori o clienti.

Non è ancora stato determinato chi sia esattamente dietro il tentativo di hacking. Tuttavia, i giornalisti rimangono tradizionalmente un bersaglio prioritario sia per le spie informatiche statali che cercano di intercettare i materiali prima che vengano pubblicati, sia per i gruppi criminali a caccia di opportunità per ricattare ed estorcere denaro. Allo stesso tempo, il quotidiano stesso si è rifiutato di commentare le ipotesi sui possibili organizzatori dell’attacco.

Il Wall Street Journal ha segnalato il primo tentativo di attacco , e in particolare non si tratta del primo incidente nel settore. Nel 2022, è stata segnalata una campagna di hacking su larga scala e a più livelli contro il Journal stesso, sospettata di essere stata condotta da strutture informatiche cinesi. All’epoca, l’obiettivo erano giornalisti che lavoravano su materiale relativo alla Cina. Il precedente è diventato uno degli attacchi più eclatanti al settore dei media degli ultimi anni.

Il breve incidente al Washington Post non si è ancora trasformato in una crisi grave, ma il fatto che una violazione così mirata si sia verificata nel contesto di noti attacchi su larga scala evidenzia il rischio continuo per i lavoratori delle redazioni di tutto il mondo, in particolare per coloro che si occupano di giornalismo investigativo delicato.

L'articolo Hacker contro il Washington Post: giornalisti sempre più nel mirino del cyberspionaggio proviene da il blog della sicurezza informatica.

For a world covered in oceans, getting a drink of water on Planet Earth can be surprisingly tricky. Fresh water is hard to come by even on our water world, so much so that most sources are better measured in parts per million than percentages; add together every freshwater lake, river, and stream in the world, and you’d be looking at a mere 0.0066% of all the water on Earth.

Of course, what that really says is that our endowment of saltwater is truly staggering. We have over 1.3 billion cubic kilometers of the stuff, most of it easily accessible to the billion or so people who live within 10 kilometers of a coastline. Untreated, though, saltwater isn’t of much direct use to humans, since we, our domestic animals, and pretty much all our crops thirst only for water a hundred times less saline than seawater.

While nature solved the problem of desalination a long time ago, the natural water cycle turns seawater into freshwater at too slow a pace or in the wrong locations for our needs. While there are simple methods for getting the salt out of seawater, such as distillation, processing seawater on a scale that can provide even a medium-sized city with a steady source of potable water is definitely a job for Big Chemistry.

Biology Backwards

Understanding an industrial chemistry process often starts with a look at the feedstock, so what exactly is seawater? It seems pretty obvious, but seawater is actually a fairly complex solution that varies widely in composition. Seawater averages about 3.5% salinity, which means there are 35 grams of dissolved salts in every liter. The primary salt is sodium chloride, with potassium, magnesium, and calcium salts each making a tiny contribution to the overall salinity. But for purposes of acting as a feedstock for desalination, seawater can be considered a simple sodium chloride solution where sodium anions and chloride cations are almost completely dissociated. The goal of desalination is to remove those ions, leaving nothing but water behind.

While thermal desalination methods, such as distillation, are possible, they tend not to scale well to industrial levels. Thermal methods have their place, though, especially for shipboard potable water production and in cases where fuel is abundant or solar energy can be employed to heat the seawater directly. However, in most cases, industrial desalination is typically accomplished through reverse osmosis RO, which is the focus of this discussion.

In biological systems, osmosis is the process by which cells maintain equilibrium in terms of concentration of solutes relative to the environment. The classic example is red blood cells, which if placed in distilled water will quickly burst. That’s because water from the environment, which has a low concentration of solutes, rushes across the semi-permeable cell membrane in an attempt to dilute the solutes inside the cell. All that water rushing into the cell swells it until the membrane can’t take the pressure, resulting in hemolysis. Conversely, a blood cell dropped into a concentrated salt solution will shrink and wrinkle, or crenellate, as the water inside rushes out to dilute the outside environment.
Water rushes in, water rushes out. Either way, osmosis is bad news for red blood cells. Reversing the natural osmotic flow of a solution like seawater is the key to desalination by reverse osmosis. Source: Emekadecatalyst, CC BY-SA 4.0.
Reverse osmosis is the opposite process. Rather than water naturally following a concentration gradient to equilibrium, reverse osmosis applies energy in the form of pressure to force the water molecules in a saline solution through a semipermeable membrane, leaving behind as many of the salts as possible. What exactly happens at the membrane to sort out the salt from the water is really the story, and as it turns out, we’re still not completely clear how reverse osmosis works, even though we’ve been using it to process seawater since the 1950s.

Battling Models

Up until the early 2020s, the predominant model for how reverse osmosis (RO) worked was called the “solution-diffusion” model. The SD model treated RO membranes as effectively solid barriers through which water molecules could only pass by first diffusing into the membrane from the side with the higher solute concentration. Once inside the membrane, water molecules would continue through to the other side, the permeate side, driven by a concentration gradient within the membrane. This model had several problems, but the math worked well enough to allow the construction of large-scale seawater RO plants.

The new model is called the “solution-friction” model, and it better describes what’s going on inside the membrane. Rather than seeing the membrane as a solid barrier, the SF model considers the concentrate and permeate surfaces of the membrane to communicate through a series of interconnected pores. Water is driven across the membrane not by concentration but by a pressure gradient, which drives clusters of water molecules through the pores. The friction of these clusters against the walls of the pores results in a linear pressure drop across the membrane, an effect that can be measured in the lab and for which the older SD model has no explanation.

As for the solutes in a saline solution, the SF model accounts for their exclusion from the permeate by a combination of steric hindrance (the solutes just can’t fit through the pores), the Donnan effect (which says that ions with the opposite charge of the membrane will get stuck inside it), and dielectric exclusion (the membrane presents an energy barrier that makes it hard for ions to enter it). The net result of these effects is that ions tend to get left on one side of the membrane, while water molecules can squeeze through more easily to the permeate side.

Turning these models into a practical industrial process takes a great deal of engineering. A seawater reverse osmosis or SWRO, plant obviously needs to be located close to the shore, but also needs to be close to supporting infrastructure such as a municipal water system to accept the finished product. SWRO plants also use a lot of energy, so ready access to the electrical grid is a must, as is access to shipping for the chemicals needed for pre- and post-treatment.

Pores and Pressure

Seawater processing starts with water intake. Some SWRO plants use open intakes located some distance out from the shoreline, well below the lowest possible tides and far from any potential source of contamination or damage, such a ship anchorages. Open intakes generally have grates over them to exclude large marine life and debris from entering the system. Other SWRO plants use beach well intakes, with shafts dug into the beach that extend below the water table. Seawater filters through the sand and fills the well; from there, the water is pumped into the plant. Beach wells have the advantage of using the beach sand as a natural filter for particulates and smaller sea critters, but do tend to have a lower capacity than open intakes.

Aside from the salts, seawater has plenty of other unwanted bits, all of which need to come out prior to reverse osmosis. Trash racks remove any shells, sea life, or litter that manage to get through the intakes, and sand bed filters are often used to remove smaller particulates. Ultrafiltration can be used to further clarify the seawater, and chemicals such as mild acids or bases are often used to dissolve inorganic scale and biofilms. Surfactants are often added to the feedstock, too, to break up heavy organic materials.

By the time pretreatment is complete, the seawater is remarkably free from suspended particulates and silt. Pretreatment aims to reduce the turbidity of the feedstock to less than 0.5 NTUs, or nephelometric turbidity units. For context, the US Environmental Protection Agency standard for drinking water is 0.3 NTUs for 95% of the samples taken in a month. So the pretreated seawater is almost as clear as drinking water before it goes to reverse osmosis.
SWRO cartridges have membranes wound into spirals and housed in pressure vessels. Seawater under high pressure enters the membrane spiral; water molecules migrate across the membrane to a center permeate tube, leaving a reject brine that’s about twice as saline as the feedstock. Source: DuPont Water Solutions.
The heart of reverse osmosis is the membrane, and a lot of engineering goes into it. Modern RO membranes are triple-layer thin-film composites that start with a non-woven polyester support, a felt-like material that provides the mechanical strength to withstand the extreme pressures of reverse osmosis. Next comes a porous support layer, a 50 μm-thick layer of polysulfone cast directly onto the backing layer. This layer adds to the physical strength of the backing and provides a strong yet porous foundation for the active layer, a cross-linked polyamide layer about 100 to 200 nm thick. This layer is formed by interfacial polymerization, where a thin layer of liquid monomer and initiators is poured onto the polysulfone to polymerize in place.
An RO rack in a modern SWRO desalination plant. Each of the white tubes is a pressure vessel containing seven or eight RO membrane cartridges. The vessels are plumbed in parallel to increase flow through the system. Credit: Elvis Santana, via Adobe Stock.
Modern membranes can flow about 35 liters per square meter every hour, which means an SWRO plant needs to cram a lot of surface area into a little space. This is accomplished by rolling the membrane up into a spiral and inserting it into a fiberglass pressure vessel, which holds seven or eight cartridges. Seawater pumped into the vessel soaks into the backing layer to the active layer, where only the water molecules pass through and into a collection pipe at the center of the roll. The desalinated water, or permeate, exits the cartridge through the center pipe while rejected brine exits at the other end of the pressure vessel.

The pressure needed for SWRO is enormous. The natural osmotic pressure of seawater is about 27 bar (27,000 kPa), which is the pressure needed to halt the natural flow of water across a semipermeable membrane. SWRO systems must pressurize the water to at least that much plus a net driving pressure (NPD) to overcome mechanical resistance to flow through the membrane, which amounts to an additional 30 to 40 bar.

Energy Recovery

To achieve these tremendous pressures, SWRO plants use multistage centrifugal pumps driven by large, powerful electric motors, often 300 horsepower or more for large systems. The electricity needed to run those motors accounts for 60 to 80 percent of the energy costs of the typical SWRO plant, so a lot of effort is put into recovering that energy, most of which is still locked up in the high-pressure rejected brine as hydraulic energy. This energy used to be extracted by Pelton-style turbines connected to the shaft of the main pressure pump; the high-pressure brine would spin the pump shaft and reduce the mechanical load on the pump, which would reduce the electrical load. Later, the brine’s energy would be recovered by a separate turbo pump, which would boost the pressure of the feed water before it entered the main pump.

While both of these methods were capable of recovering a large percentage of the input energy, they were mechanically complex. Modern SWRO plants have mostly moved to isobaric energy recovery devices, which are mechanically simpler and require much less maintenance. Isobaric ERDs have a single moving part, a cylindrical ceramic rotor. The rotor has a series of axial holes, a little like the cylinder of an old six-shooter revolver. The rotor is inside a cylindrical housing with endcaps on each end, each with an inlet and an outlet fitting. High-pressure reject brine enters the ERD on one side while low-pressure seawater enters on the other side. The slugs of water fill the same bore in the rotor and equalize at the same pressure without much mixing thanks to the different densities of the fluids. The rotor rotates thanks to the momentum carried by the incoming water streams and inlet fittings that are slightly angled relative to the axis of the bore. When the rotor lines up with the outlet fittings in each end cap, the feed water and the brine both exit the rotor, with the feed water at a higher pressure thanks to the energy of the reject brine.

For something with only one moving part, isobaric ERDs are remarkably effective. They can extract about 98% of the energy in the reject brine, pressuring the feed water about 60% of the total needed. An SWRO plant with ERDs typically uses 5 to 6 kWh to produce a cubic meter of desalinated water; ERDs can slash that to just 2 to 3 kWh.
Isobaric energy recovery devices can recover half of the electricity used by the typical SWRO plant by using the pressure of the reject brine to pressurize the feed water. Source: Flowserve.

Finishing Up

Once the rejected brine’s energy has been recovered, it needs to be disposed of properly. This is generally done by pumping it back out into the ocean through a pipe buried in the seafloor. The outlet is located a considerable distance from the inlet and away from any ecologically sensitive areas. The brine outlet is also generally fitted with a venturi induction head, which entrains seawater from around the outlet to partially dilute the brine.

As for the permeate that comes off the RO racks, while it is almost completely desalinated and very clean, it’s still not suitable for distribution into the drinking water system. Water this clean is highly corrosive to plumbing fixtures and has an unpleasantly flat taste. To correct this, RO water is post-processed by passing it over beds of limestone chips. The RO water tends to be slightly acidic thanks to dissolved CO₂, so it partially dissolves the calcium carbonate in the limestone. This raises the pH closer to neutral and adds calcium ions to the water, which increases its hardness a bit. The water also gets a final disinfection with chlorine before being released to the distribution network.

hackaday.com/2025/06/16/big-ch…

Nacque a Livorno il 16 giugno 1901 con il nome di Federazione Italiana Operai Metallurgici.[2] Nel 1906 partecipò alla fondazione della Confederazione Generale del Lavoro (CGdL, oggi CGIL).

Dopo il fascismo fu rifondata, nell'ambito della nuova CGIL unitaria, con il IX Congresso che si tenne a Torino nel 1946, presieduto da Giovanni Roveda, e durante il quale cambiò il proprio nome in Federazione Impiegati Operai Metallurgici, lasciando invariata la sigla ma allargando la propria rappresentanza.

it.wikipedia.org/wiki/Federazi…

sindacato di categoria affiliato alla CGIL

^{Contributori ai progetti Wikimedia (Wikimedia Foundation, Inc.)}

Da gennaio 2025, i social network Meta sono diventati meno sicuri: questa è la conclusione a cui sono giunti gli autori di un sondaggio su larga scala che ha coinvolto 7.000 utenti di Facebook, Instagram e Threads. Lo studio è stato condotto tra i rappresentanti dei cosiddetti “gruppi protetti”, ovvero persone discriminate per razza, etnia, disabilità, religione, casta, orientamento sessuale, genere, identità di genere o gravi malattie. L’età media degli intervistati è di 50 anni.

Il sondaggio, condotto da tre organizzazioni indipendenti: UltraViolet, All Out e GLAAD, ha chiesto agli utenti se si sentissero al sicuro da contenuti dannosi sulle piattaforme Meta a seguito delle modifiche alla politica di moderazione entrate in vigore all’inizio di quest’anno e se avessero subito personalmente molestie o abusi. I risultati sono stati allarmanti.

Un intervistato su sei ha ammesso di essere stato bersaglio di attacchi basati sul genere o sull’orientamento sessuale dall’inizio dell’anno. Due terzi hanno visto contenuti d’odio rivolti ad altri. Con contenuto “dannoso”, i ricercatori intendevano i post che attaccavano direttamente una persona sulla base di una delle caratteristiche protette, che si tratti di sessismo, razzismo, transfobia o altre forme di discriminazione.

Oltre il 90% degli intervistati ha dichiarato di essere preoccupato e di sentirsi meno sicuro a causa dell’indebolimento delle politiche di Meta contro i contenuti dannosi. Uno dei partecipanti al sondaggio ha descritto la situazione in questo modo: Da gennaio 2025, ho assistito a un’enorme impennata di incitamenti all’odio rivolti a diversi gruppi vulnerabili. Inoltre, sono apparse numerose pagine false che diffondevano storie inventate per far arrabbiare chi è già contrario alle comunità emarginate.

Un altro utente si lamenta non solo dell’atmosfera, ma anche di come sia cambiata l’esperienza utente stessa: Vedo a malapena i post dei miei amici. Mi ritrovo con immagini sessuali finte direttamente nel mio feed, e pubblicità di ogni genere di spazzatura in cima. Sto già passando a Bluesky e Substack, almeno lì non è così disgustoso.

404 Media, che si occupa dei cambiamenti nelle piattaforme di intelligenza artificiale, ha precedentemente riportato che Meta sta sempre più permettendo allo spam generato da reti neurali di soppiantare contenuti di qualità generati da esseri umani. Gli utenti lamentano che i loro feed siano disseminati di assurdità aggressive di cui nessuno è ritenuto responsabile.

La situazione si è aggravata a gennaio, quando Mark Zuckerberg, CEO di Meta, ha annunciato l’abrogazione di diverse regole di moderazione. In email interne trapelate, i dipendenti hanno espresso indignazione. Un esperto di policy ha scritto in una chat aziendale che la modifica ha consentito, tra le altre cose, di etichettare gli omosessuali come “malati mentali” e gli immigrati come “spazzatura”. L’obiettivo, ha affermato, era “fermare la deriva della missione” e “tornare al principio fondamentale della libertà di parola”.

Le nostre piattaforme ora consentono la discussione e la controreazione su argomenti difficili. Certo, questo potrebbe risultare offensivo per alcuni, ma permette a tutte le parti di esprimersi. In pratica, tuttavia, questo ha portato a un notevole aumento dei discorsi ostili. Un intervistato scrive:

Un utente ha detto che le donne dovrebbero sapere qual è il loro posto se si suppone che sostengano l’America. Ricevo messaggi in cui le persone commentano il mio aspetto e si offrono di incontrarmi. Ho iniziato a essere molestata a causa delle mie opinioni politiche. Come sottolinea il rapporto, numerosi studi confermano che la crescita della retorica aggressiva sui social network è direttamente collegata alla violenza fisica offline. Non si tratta solo di parole sgradevoli, ma della coltivazione di un odio che prima o poi travalica gli schermi.

Gli autori del rapporto hanno chiesto a Meta di nominare un ente indipendente per analizzare l’impatto delle modifiche alle policy sulla diffusione di contenuti dannosi e ripristinare i vecchi standard di moderazione. Sottolineano che il vecchio sistema era imperfetto, ma almeno frenava la diffusione della crudeltà. Ora, affermano, Zuckerberg “non si limita a tollerare ciò che peggiora le piattaforme: ignora il problema e spende miliardi in una ‘superintelligenza’ che peggiora ulteriormente la situazione”.

L'articolo Zuckerberg elimina le regole: esplosione di odio e molestie su Meta. Il Sondaggio proviene da il blog della sicurezza informatica.

Così mi dice il sito di Poste Italiane dopo aver inserito il mio indirizzo di posta elettronica in risposta a questo invito.

Inserendo il tuo numero di cellulare e/o indirizzo di posta elettronica, Poste Italiane, titolare del trattamento dei dati, potrà informarti sulla consegna della tua spedizione.

Ho controllato, l'indirizzo è giusto e non ci sono spazi né prima né dopo.

Errore semantico...