This week Jonathan and Katherine talk with Jamie Abrahams about Drupal, and how AI just makes sense. No, really. Jamie makes a compelling case that Drupal is a really good tool for building AI workflows. We cover security, personal AI, and more!

• drupal.org/u/yautja_cetanu
• drupal.org/project/ai
• freelygive.io/

youtube.com/embed/dnKFN6eIJ5I?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/07/16/floss-…

Supersonic air travel is great if you want to get somewhere quickly. Indeed, the Concorde could rush you from New York to London in less than three and a half hours, over twice as fast as a conventional modern airliner. Despite the speed, though, supersonic passenger service has never really been sustainable thanks to the noise involved. Disruption from sonic booms has meant that supersonic travel over land is near-universally banned. This strictly limits the available routes for supersonic passenger jets, and thus their economic viability.

Solving this problem has been a hot research topic for some time. Now, it appears there might be a way forward for supersonic air travel over land, using a neat quirk of Earth’s atmosphere.

The Problem With Sonic Booms

The Concorde—devastatingly fast, and far too loud for its own good. Credit: Eduard Marmet, CC BY SA 3.0
When supersonic airliners were first envisaged, the issue of sonic booms was recognized, but thought to be a minor one. Unfortunately, public opinion soon made it clear that wasn’t the case. As research and military aircraft began to punch through the sound barrier, the resulting sonic booms over populated areas lead to widespread complaints and even property damage in some cases.

As the Concorde developed, hopes remained high that the issue wouldn’t be insurmountable. In 1969, British Aircraft Corporation noted that they “do not expect that its sonic boom will be unacceptable to the great majority of the public.” However, in the face of widespread protest and opposition, the writing was on the wall. The world’s first supersonic airliner would be hamstrung by regulations, almost solely able to use its Mach 2 party trick on stretches of open water.
A demonstration of a sonic boom forming at Mach 1. Credit: Jacob Bertolotti, CC0
By the time of the Concorde’s initial revenue flights in the 1970s, the sonic boom was well understood. A plane pushing through the air is much like a boat pushing out bow and stern waves as it moves through the water. As a plane approaches the sound barrier, the pressure waves emanating from the aircraft get closer and closer together. At Mach 1, they effectively collide, and form into a single large shockwave. As speed increases, a characteristic shock cone is formed, with its apex at the nose of the aircraft.

To a stationary observer on the ground, the passing shockwave appears as a fast, large rise in pressure, followed by a significant negative pressure, before returning to normal. This is referred to as an “N-wave,” due to the characteristic shape the sonic boom leaves when graphed out.
The characteristic N-wave of a sonic boom. Credit: NASA, public domain
The positive pressure spike followed by the negative pressure spike are what creates the auditory “double boom” heard by observers. The overpressure from a sonic boom is great enough to cause minor damage such as shattering glass windows on buildings under the flight path.

The loud noise also typically creates great annoyance to those in the affected area. When an aircraft is flying at altitude, it can create an uncomfortable sonic boom that covers a wide stretch of land under the flight path, dependent on altitude, and it continues to do this for as long as it flies faster than the sound barrier. The affected area is typically referred to as the “boom carpet” for this reason.

Bending The Booms

If engineers were able to reduce the volume of a sonic boom or otherwise redirect it, supersonic travel over land would no longer face public or regulatory opposition. For this reason, a great deal of research has been undertaken into ways to mitigate or eliminate sonic booms created by fast-flying aircraft.

A particularly promising area of research has involved the theory of the “Mach cutoff.” The idea is that the pressure waves of a sonic boom could be redirected away from the ground by using the properties of the Earth’s atmosphere.
The Mach cutoff effect uses the atmosphere itself to refract sonic booms away from the ground. Credit: Boom Supersonic
A sonic boom is effectively just a powerful pressure wave, and thus, like any wave, it’s subject to refraction. This is where a wave’s path bends when it travels through different media at different speeds. For example, light waves bend when they travel through air and water, because the speed of propagation of light is different in each. The same is true of sound travelling through air at different temperatures. At lower altitudes, the air is typically warmer and sound travels faster. At higher altitudes, the air is cooler, and sound travels slower. Thus, as the pressure waves travel downwards from an aircraft at high altitude, they reach the warmer air and are refracted, tending to bend away from the ground. The idea behind the Mach cutoff effect is to find a combination of conditions where the sonic boom is refracted such that it never hits the ground. The Mach cutoff itself refers to the critical altitude below which the sonic boom is effectively not heard.
The Boom XB-1 test aircraft, used to test the Mach cutoff effect. Credit: Boom Supersonic
This technique has been the focus of research by Boom Technology, a company aiming to bring back supersonic air travel. Working with NASA, the company has been running tests with its Boom XB-1 test aircraft. Earlier this year, the company successfully attained supersonic flight without the sonic boom reaching the ground. This was confirmed by microphone arrays under the flight path, which verified there was no characteristic N-wave or pressure spike hitting the surface as the XB-1 flew multiple passes overhead. Test flights in February saw the company’s test aircraft hit top speeds of Mach 1.12 without a sonic boom hitting the ground. The company hopes to use the learnings from these tests to guide the development of the Boom Overture, a full-sized supersonic passenger airliner.
Beneath the cutoff altitude, the N-wave pressure spike from the sonic boom is effectively not felt. There is, however, still a sound signature caused by “evanescent waves.” Research is ongoing as to the impact of these waves in the “shadow side” of the Mach cutoff altitude. Credit: NASA Paper
However, using the Mach cutoff technique is not a perfect solution to supersonic travel over land. The problem is that it’s highly dependent on ambient conditions. The local temperature, atmospheric pressure, and prevailing winds can all affect the local Mach cutoff altitude. Thus, to fly supersonic in this manner requires a flight system capable of monitoring local conditions and keeping the aircraft’s flight parameters in the region where Mach cutoff is possible. Research by NASA has also indicated that it is not possible to exploit this phenomenon at very high speeds. Above Mach 1.3, it’s not realistically possible to refract the sonic boom enough to have it miss the ground.
NASA used Schlieren imaging techniques to visualize the shockwaves created by the XB-1 in supersonic flight. Credit: NASA/Boom Supersonic
These factors mean that even when exploiting the Mach cutoff, there would be some limitations on supersonic flight over land. Most commercial airliners fly at Mach 0.75 to Mach 0.85. Boom’s hypothetical future airliner could maybe top out at Mach 1.3 over land to avoid sonic booms hitting the ground. This would still net some serious speed gains—but perhaps only slashing travel times by 40-50% on overland routes. Boom expects that it could achieve a flight from San Francisco to New York in 3 hours and 30 minutes, versus over 5 hours for standard airliners today.

Fuel use is also expected to be very high in the supersonic flight regime, thanks to the extra drag experienced at higher speeds. There is also reason to believe that different routes might face very different conditions.

A study by the University of Pennsylvania used atmospheric data to determine that the maximum speed for Mach cutoff was much higher for westbound flights across the continental US versus eastbound flights, thanks to typical prevailing weather conditions over the country and their effect on the local speed of sound. In any case, Boom still plans to ensure its airliner is capable of achieving up to Mach 1.7 when sound is not an issue, which would make it at least comparable to the Concorde’s top speed of Mach 2.04 when travelling over open ocean.

As far as supersonic passenger travel goes, things are currently looking brighter than ever. There is now a potentially viable technique for airliners to fly faster than the sound barrier over populated areas. However, the economics and practicalities will still have to work out if we are ever to see a supersonic transport in revenue service ever again.

hackaday.com/2025/07/16/mach-c…

In una nuova analisi basata su 10 milioni di password compromesse, Specops ha dimostrato quanto le reti aziendali rimangano vulnerabili all’errore umano. Tutte le password sono state estratte da un elenco di oltre un miliardo di perdite. I risultati sono stati allarmanti: solo l’1,5% di tutte le password analizzate poteva essere classificato come “forte”.

I criteri per questa definizione erano rigorosi: una password era considerata sicura se era lunga 15 caratteri e conteneva almeno due tipi di caratteri diversi, come lettere e numeri. Questa lunghezza è stata scelta per un motivo: ogni carattere aggiuntivo aumenta di molte volte il numero di combinazioni possibili.

Ad esempio, una password di 15 lettere minuscole ha 1,7 quintilioni di combinazioni. L’aggiunta di un carattere aumenta il numero di combinazioni di quasi 26 volte e, utilizzando tutti i caratteri validi (lettere, numeri e caratteri speciali), il numero totale di combinazioni raggiunge i 2,25 ottilioni. Persino i computer con GPU più potenti non saranno in grado di gestire un compito del genere nel prossimo futuro.

Mappa di calore: lunghezza della password vs. complessità della password (Specops)

Tuttavia, nonostante queste prospettive, gli utenti continuano a scegliere combinazioni brevi e semplici. Il tipo di password più comune è composto da 8 caratteri con due tipi di caratteri (ad esempio, lettere e numeri), che rappresenta il 7,9% di tutte le password. Seguono password della stessa lunghezza, ma ancora meno affidabili: un solo tipo di carattere, il loro 7,6%. E le password lunghe fino a 8 caratteri in generale costituiscono la stragrande maggioranza e possono essere violate in poche ore.

L’analisi ha mostrato che solo il 3,3% di tutte le password superava il limite di 15 caratteri. Ciò suggerisce che le policy sulle password nelle organizzazioni non sono regolamentate o sono ignorate. Allo stesso tempo, aumentare la lunghezza anche di pochi caratteri aumenta drasticamente la resistenza agli attacchi: un’estensione di quattro caratteri di una password di 12 caratteri aumenta lo sforzo richiesto per un attacco brute-force di 78 milioni di volte.

Lo studio presta particolare attenzione alla tendenza verso una complessità insufficiente. Più della metà di tutte le password analizzate includeva un massimo di due tipi di caratteri. E sebbene le raccomandazioni moderne (in particolare quelle del NIST) si concentrino maggiormente sulla lunghezza, l’aggiunta di un terzo o quarto tipo di carattere ne aumenta significativamente la sicurezza. Tuttavia, la lunghezza rimane il fattore principale: 16-20 caratteri offrono una protezione migliore rispetto a password brevi, seppur complesse.

Per aumentare la sicurezza, si consiglia di passare dalle password tradizionali a frasi significative. Frasi lunghe ma facili da ricordare come “SunsetCoffeeMaroonReview” sono molto più affidabili e pratiche di set di caratteri come “!x9#A7b!”. Questo approccio riduce il numero di errori di digitazione, le richieste di supporto tecnico e la fatica derivante dal continuo cambio di password.

Le principali minacce legate all’utilizzo di password deboli rimangono le stesse.

• Facilità di hacking : le combinazioni brevi sono facilmente soggette ad attacchi automatizzati, soprattutto se si utilizzano acceleratori grafici e botnet.
• Riutilizzo : una password compromessa spesso consente l’accesso a più sistemi.
• Non conformità : le password deboli violano normative come GDPR, HIPAA e PCI DSS. Tutto ciò comporta multe, controlli e danni alla reputazione.

Allo stesso tempo, anche una buona implementazione dell’hashing non salva dalla debolezza della password stessa: se il database viene rubato e la password viene facilmente forzata tramite attacco brute force, né il salt né gli algoritmi saranno d’aiuto.

I risultati dello studio portano a una semplice verità: le password deboli sono ancora onnipresenti. Solo una politica completa che includa il controllo su lunghezza, complessità, unicità e aggiornamenti tempestivi può proteggere l’infrastruttura aziendale dagli attacchi più comuni. E, come dimostrano le statistiche, la maggior parte delle aziende ha ancora molto lavoro da fare in questo ambito.

L'articolo Uno studio mostra una verità shock: il 98,5% delle password è debole! proviene da il blog della sicurezza informatica.

Over on their substack [ObsoleteSony] has a new article: The Last Disc: How Blu-ray Won the War but Lost the Future.

In this article the author takes us through the history of Blu-ray media and how under Sony’s stewardship it successfully defeated the competing format of the time, HD DVD. Sony started behind the eight ball but through some deft maneuvering managed to come out on top. Perhaps the most significant contributing factor was the inclusion of Blu-ray drives in the PlayStation 3.

The person leading the Blu-ray initiative for Sony was Masanobu Yamamoto, whose legacy was the compact disc. What was needed was a personal media format which could deliver for high-definition 1080p video. As the DVD format did not have the storage capacity required, new formats needed to be developed. The enabling technology for both Blu-ray and HD DVD media was the blue laser as it allowed for more compact encoding.

Sony’s Blu-ray format became the dominating format for high-definition personal media…just as physical media died.

Thanks to [Stephen Walters] for writing in about this one.

hackaday.com/2025/07/16/blu-ra…

The DEW line was one of three radar early warning systems of the time.
If you grew up in the middle of the Cold War, you probably remember hearing about the Distant Early Warning line between duck-and-cover drills. The United States and Canada built the DEW line radar stations throughout the Arctic to detect potential attacks from the other side of the globe.

MIT’s Lincoln Lab proposed the DEW Line in 1952, and the plan was ambitious. In order to spot bombers crossing over the Arctic circle in time, it required radar twice as powerful as the best radar of the day. It also needed communications systems that were 99 percent reliable, even in the face of terrestrial and solar weather.

In the end, there were 33 stations built from Alaska to Greenland in an astonishing 32 months. Keep in mind that these stations were located in a very inhospitable environment, where temperatures reached down to -60 °F (-51 °C). Operators kept the stations running 24/7 for 36 years, from 1957 to 1993.

System of Systems

The DEW line wasn’t the only radar early-warning system that the US and Canada had in place, only the most ambitious. The Pinetree Line was first activated in 1951. However, its simple radar was prone to jamming and couldn’t pick up things close to the ground. It was also too close to main cities along the border to offer them much protection. Even so, the 33 major stations, along with six smaller stations, did better than expected.

youtube.com/embed/2NMfzITWxDs?…

Mid-Canada

A Mid-Canada Line site with White Alice antennas. The bistatic radar antennas look more like conventional antennas. (public domain)
The Mid-Canada Line utilized bistatic radar, where the transmitter and receiver were located in different positions. The idea is that the receiver hears the transmitter along with Doppler-shifted returns from a target. That means the total travel distance of the radar beam is almost constant.

This scheme is good for inexpensively covering a wide area, but it suffers at providing exact positions. It also has trouble rejecting things like birds near either the transmitter or the receiver.

Mid-Canada first started operating in 1956, but was shut down by 1965. The reason? Speed.

The Need for Speed

In the 1940s, when Pinetree was being planned, jet aircraft were relatively new. But they made great strides, and the faster a bomber might be, the more warning you needed. While Mid-Canada was closer to the possible path of an attack, it was clear by the time it was operational that the real threat would be from ballistic missiles. Planning for the DEW Line was already underway, but it focused on fast bombers.

Moving further north was the solution. If Pinetree was relatively easy to build, building the Mid-Canada Line was more challenging due to the terrain and weather conditions. Correct topographical information was difficult to find, and paradoxically, construction had to take place during the winter when the marshland was frozen, facilitating access to many of the sites.

The DEW Line, though, was above the Arctic Circle. Building there, near the 69th parallel, would present an even bigger challenge. Working conditions were passable during the short Arctic summer, but more difficult in the harsh winter, which included a solid month of nighttime.

Prototype

The prototype station was at a weather station in Alaska’s Barter Island. There was little data on building at such high latitudes, save for the recent work done to build the Thule Air Force Base. The prototype design needed some rework in 1953, but once things were moving, the DEW Line installations managed to run for 36 years.
DEW Line station in Alaska (public domain)
The typical station used prefabricated modules connected into “trains.” The modules were used as quarters, offices, equipment rooms, storage, and kitchens. Living quarters were 8′ x 12′ (2.4 m x 3.6 m). The bases were totally self-contained.

There were main stations that had a full crew and amenities like a library and other entertainment. Secondary stations typically had a chief, a cook, and a mechanic. The “gap filler” stations didn’t have any crew, but were serviced from the other stations when possible.

A main station might have two trains connected by a bridge. Smaller stations might have a single train of 25 modules. There were also garages for vehicles, warehouses, hangars, and dormitories for up to 24 personnel not housed in the main structures. While most of the stations were similar in design, the two on the Greenland ice cap were more like offshore drilling rigs, built on columns buried 100 feet into the ice.

Technology

A typical DEW line station used a 1.25 GHz radar with an average output of 400 watts, although it was rated for a maximum of 160 kW. The radar could probe from 3,000 feet out to 180 miles (300 km). Here are some details about the vacuum-tube-based technology in a 1980s booklet for newcomers to the line:

The radar system presently used was developed in the 1950’s and as such is a “tube” system which is experiencing reliability and maintainability problems. Good tubes are hard to find anymore. The operational performance is seriously affected, and support is becoming, so expensive, regardless of management improvements, that economic feasibility is only made possible by the absolute operational need for the system.

The Bell Companies played a crucial role in the development of the DEW Line. There’s an old AT&T archive video of the project that you can see below.

youtube.com/embed/q7hFJZf9fWk?…

White Alice

White Alice antennas at Barter Island, Alaska (public domain)
Because of the challenging radio conditions above the Arctic, the stations used a system known as White Alice to communicate. Short distances used microwave links. Giant tropospheric scatter antennas provided connections beyond the horizon at 900 MHz.

The system used two antennas for reliability and also transmitted on two frequencies. For shorter hops, a 60 ft (18 m) antennas would transmit 10 kW. Longer paths used 120 ft (36 m) antennas and 50 kW. Short links used 30 ft (9 m) dishes with 1 kW of power.

Museum

Check out the DEW Line virtual museum, which tells the story from construction to the debris left to be cleaned up. There’s also an extensive collection of related videos like the one embedded below.

youtube.com/embed/-Mfwcp6rTjc?…

The DEW Line is just part of the tech history of the Cold War. Some of it was downright cloak-and-dagger.

hackaday.com/2025/07/16/the-de…

Nell’ambito delle indagini condotte dalla Procura della Repubblica di Roma e con il coordinamento della Direzione Nazionale Antimafia e Antiterrorismo, la Polizia Postale ha portato a termine importanti attività investigative nell’Operazione Eastwood nei confronti gruppo hacker filorusso noto come “NoName057(16)”, contemporaneamente ad analoghe attività in Germania, Stati Uniti, Olanda, Svizzera, Svezia, Francia e Spagna.

Il gruppo NONAME dal marzo del 2022 ad oggi, ha portato migliaia di attacchi verso siti governativi, della pubblica amministrazione, di infrastrutture di trasporto pubblico, istituti bancari, sanità e telecomunicazioni in diversi paesi europei.

Le indagini, coordinate a livello internazionale da Eurojust ed Europol hanno consentito di identificare numerosi aderenti al gruppo, disvelando chi si celava dietro ai server remoti, agli account Telegram e ai pagamenti in criptovaluta riconducibili alla crew hacker.

Cinque mandati di arresto internazionali sono stati altresì emessi nei confronti di altrettanti soggetti di nazionalità russa, 2 dei quali ritenuti vertici dell’organizzazione. Più di 600 server in vari Paesi sono stati disattivati ed in parte sottoposti a sequestro, in quanto server costituenti l’infrastruttura criminale da cui partivano gli attacchi.

NONAME reclutava simpatizzanti, distribuendo gli elenchi dei target occidentali da colpire e rivendicando poi gli attacchi attraverso ipropri canali anonimi Telegram. Con il canale DDosia Project, NONAME metteva a disposizione un software per entrare e operare nel gruppo.

L’infrastruttura criminale è risultata articolata su un livello centrale di comando e controllo nella Federazione russa, server intermedi dedicati alla anonimizzazione del segnale e alla dispersione delle tracce e, quindi in migliaia di computer messi a disposizione di NONAME dagli aderenti per gli attacchi.

NONAME ha coordinato gli attacchi dal territorio russo, remunerando in criptovalute gli aderenti. Gli attacchi “DDOS” (Distributed Denial of Service), con ingenti quantità di connessioni simultanee dai computer verso i siti da colpire, sono stati mirati a provocarne il collasso e la temporanea inservibilità, con ripercussioni anche rilevanti sull’erogazione dei servizi pubblici.

In Italia, le indagini delCNAIPIC, con i Centri operativi della Polizia Postale di Piemonte, Lombardia, Veneto, Friuli-VG, Emilia-Romagna e Calabria, hanno condotto alla identificazione di 5 soggetti, ritenuti aderenti al gruppo avendo effettuato attacchi ad infrastrutture nazionali ed europee.

Nei confronti degli stessi la Procura della Repubblica di Roma ha emesso decreti di perquisizione eseguiti dai medesimi uffici. Sono inoltre al vaglio altre posizioni. Si sottolinea che le persone sottoposte ad indagine nei cui confronti si procede, debbono ritenersi innocenti fino a quando la loro colpevolezza non sia stata legalmente accertata con una sentenza definitiva.

Risultati complessivi dell’operazione Eastwood

• 2 arresti (1 arresto preliminare in Francia e 1 in Spagna)
• 7 mandati di arresto emessi (6 dalla Germania e 1 dalla Spagna)
• 24 perquisizioni domiciliari (2 in Repubblica Ceca, 1 in Francia, 3 in Germania, 5 in Italia, 12 in Spagna, 1 in Polonia)
• 13 persone intervistate (2 in Germania, 1 in Francia, 4 in Italia, 1 in Polonia, 5 in Spagna)
• Oltre 1.000 sostenitori, di cui 15 amministratori, sono stati avvisati della loro responsabilità legale tramite un’app di messaggistica
• Oltre 100 server interrotti in tutto il mondo
• La maggior parte dell’infrastruttura principale di NoName057(16) è stata messa offline

Paesi partecipanti

• Repubblica Ceca – Agenzia nazionale antiterrorismo, estremismo e criminalità informatica
• Finlandia – Ufficio nazionale investigativo (NBI)
• Francia – Unità nazionale di sicurezza informatica della Gendarmeria nazionale, Procura della Repubblica di Parigi – Giurisdizione nazionale contro la criminalità organizzata (JUNALCO)
• Germania – Ufficio federale di polizia criminale (Bundeskriminalamt), Procura generale di Francoforte sul Meno – Centro per la criminalità informatica
• Italia – Polizia di Stato (Polizia di Stato)
• Lituania – Polizia nazionale
• Paesi Bassi – Polizia nazionale (Politie), Procura della Repubblica
• Polonia – Ufficio centrale per la criminalità informatica
• Spagna – Guardia Civil, Polizia Nazionale (Policía Nacional)
• Svezia – Polisen
• Svizzera – Ufficio federale di polizia fedpol e Ministero pubblico della Confederazione (MPC)
• Stati Uniti – Federal Bureau of Investigation

Paesi di supporto

• Belgio
• Canada
• Danimarca
• Estonia
• Lettonia
• Romania
• Ucraina

Agenzie UE partecipanti

• Europol
• Eurojust
• ENISA

L'articolo Operazione Eastwood: Smantellato il gruppo hacker filorusso NoName057(16) proviene da il blog della sicurezza informatica.

For decades there has been this tantalizing idea being pitched of pulling CO₂ out of the air and using the carbon molecules for something more useful, like making plastics. Although this is a fairly simple process, it is also remarkably inefficient. Recently Caltech researchers have managed to boost the efficiency somewhat with a new two-stage process involving electrocatalysis and thermocatalysis that gets a CO₂ utilization of 14%, albeit with pure CO₂ as input.
The experimental setup with the gas diffusion electrode (GDE) and the copolymerization steps. (Credit: Caltech)
The full paper as published in Angewandte Chemie International is sadly paywalled with no preprint available, but we can look at the Supplemental Information for some details. We can see for example the actual gas diffusion cell (GDE) starting on page 107 in which the copper and silver electrodes react with CO₂ in a potassium bicarbonate (KHCO₃) aqueous electrolyte, which produces carbon monoxide (CO) and ethylene (C₂H₄). These then react under influence of a palladium catalyst in the second step to form polyketones, which is already the typical way that these thermoplastics are created on an industrial scale.

The novelty here appears to be that the ethylene and CO are generated in the GDEs, which require only the input of CO₂ and the potassium bicarbonate, with the CO2 recirculated for about an hour to build up high enough concentrations of CO and C₂H₄. Even so, the researchers note a disappointing final quality of the produced polyketones.

Considering that a big commercial outfit like Novomer that attempted something similar just filed for Chapter 11 bankruptcy protection, it seems right to be skeptical about producing plastics on an industrial scale, before even considering using atmospheric CO₂ for this at less than 450 ppm.

hackaday.com/2025/07/16/caltec…

Cloudflare ha registrato un netto calo degli attacchi DDoS nel secondo trimestre del 2025, bloccandone 7,3 milioni, rispetto ai 20,5 milioni segnalati nel primo trimestre. Nonostante il calo complessivo degli attacchi, la quota di incidenti estremi è aumentata significativamente.

Nel secondo trimestre, Cloudflare ha registrato una media di 71 attacchi ipervolumetrici al giorno, portando il totale a oltre 6.500. Questi attacchi, caratterizzati da un’intensità estrema, sono diventati particolarmente evidenti nel contesto del calo generale. Un incidente di questo tipo ha raggiunto il picco di 7,3 terabit al secondo e 4,8 miliardi di pacchetti al secondo in meno di un minuto. Questi picchi di traffico sono accompagnati non solo da attacchi di forza bruta, ma anche da tecniche più subdole, come la scansione delle vulnerabilità in background, che consente agli aggressori di aggirare le difese standard.

Il numero di attacchi L3/L4 è diminuito dell’81% rispetto al primo trimestre, attestandosi a 3,2 milioni, mentre gli attacchi HTTP sono aumentati del 9%, raggiungendo quota 4,1 milioni. Oltre il 70% degli attacchi HTTP proveniva da botnet note. I metodi più frequentemente utilizzati si basavano sul sovraccarico tramite protocolli DNS, TCP SYN e UDP.

I criminali informatici hanno preso di mira più spesso le aziende di telecomunicazioni e i fornitori di servizi, seguiti dai settori di Internet, dei servizi IT e del gioco d’azzardo. Le regioni più colpite sono state Cina, Brasile, Germania, India, Corea del Sud, Turchia, Hong Kong, Vietnam, Russia e Azerbaigian. La maggior parte degli attacchi ha avuto origine da Indonesia, Singapore, Hong Kong, Argentina e Ucraina.

Di particolare rilievo è l’aumento degli attacchi che superano la soglia dei 100 milioni di pacchetti al secondo, con un aumento del 592% rispetto al trimestre precedente. Anche gli attacchi ransomware sono aumentati del 68%. In questi casi, gli aggressori minacciano di lanciare un attacco DDoS o ne stanno già eseguendo uno, chiedendo poi un compenso per fermarlo.

Cloudflare sottolinea che gli attacchi di grandi dimensioni stanno diventando sempre più frequenti. Su 100 attacchi HTTP, sei superano un milione di richieste al secondo e su 10.000 attacchi L3/L4, cinque superano 1 terabit al secondo, con un aumento del 1.150% in un trimestre.

L’azienda ha anche segnalato l’attività della botnet DemonBot , che prende di mira i sistemi Linux, principalmente i dispositivi IoT vulnerabili. Il malware sfrutta porte aperte e password deboli per ingaggiare i dispositivi in attacchi DDoS su larga scala a livello UDP, TCP e applicazione. DemonBot è controllato tramite server di comando e controllo ed è in grado di generare enormi quantità di traffico, attaccando servizi di gaming, hosting e aziendali.

La diffusione di tali minacce è associata a problemi tipici: scarsa sicurezza dei dispositivi IoT, porte SSH aperte e software obsoleto. Tali vulnerabilità, in combinazione con tecniche come attacchi TCP riflessi, amplificazione DNS e burst di traffico ingannevoli, vengono sempre più analizzate nei report di Cloudflare sulla sicurezza delle minacce e delle API.

L'articolo Cloudflare: Calo degli attacchi DDoS nel secondo trimestre del 2025, ma aumentano quelli estremi proviene da il blog della sicurezza informatica.

For home HVAC systems, heat pumps seem to be the way of the future. When compared to electric heating they can be three to four times more efficient, and they don’t directly burn fossil fuels. They also have a leg up over standard air conditioning systems since they can provide both cooling and heating, and they can even be used on water heating systems. Their versatility seems unmatched, but it does come at a slight cost of complexity as [Janne] learned while trying to bring one back to life.

The heat pump here is a Samsung with some physical damage, as well as missing the indoor half of the system. Once the damage to the unit was repaired and refilled with refrigerant, [Janne] used an Optidrive E3 inverter controlled by an Arduino Mega to get the system functional since the original setup wouldn’t run the compressor without the indoor unit attached. The Arduino manages everything else on the system as well including all of the temperature sensors and fan motor control.

With everything up and running [Janne] connected the system to a swimming pool, which was able to heat the pool in about three hours using 60 kWh of energy. The system is surprisingly efficient especially compared to more traditional means of heating water, and repairing an old or damaged unit rather than buying a new one likely saves a significant amount of money as well. Heat pump projects are getting more common around here as well, and if you have one in your home take a look at this project which adds better climate control capabilities. to a wall mount unit.

hackaday.com/2025/07/16/arduin…