$40 Ham Antenna Works Six Bands
[My Ham Radio Journey] wanted to see if a “common person” (in his words) could build an effective vertical ham radio antenna. If you look at the video below, the answer is apparently yes.
He started with a 24-foot fishing rod and a roll of 22 gauge wire. The height of the antenna wire is just over 20 feet long and he has several ground radials, as you might expect for a vertical antenna.
You also need a toroid to make an unun for the feed point. The details of how he mounted everything will be useful if you want to experiment with making your own version.
Vertical antennas have plusses and minuses. One advantage is they have a low angle of radiation, which is good for long distance communication. It is possible to make arrays of vertical antennas, and we are surprised we haven’t seen any of those lately.
In the end, it looks like the antenna works well. With the 4:1 transformer, the SWR on all the ham bands is within range of the radio’s tuner.
We recently saw a fishing pole antenna that used no wire at all. If you want portable and fishing isn’t your thing, try a tape measure.
youtube.com/embed/4AuFceHBcFU?…
RFID From First Principles and Saving a Cat
[Dale Cook] has cats, and as he readily admits, cats are jerks. We’d use stronger language than that, but either way it became a significant impediment to making progress with an RFID-based sensor to allow his cats access to their litterbox. Luckily, though, he was able to salvage the project enough to give a great talk on RFID from first principles and learn about a potentially tragic mistake.
If you don’t have 20 minutes to spare for the video below, the quick summary is that [Dale]’s cats are each chipped with an RFID tag using the FDX-B protocol. He figured he’d be able to build a scanner to open the door to their playpen litterbox, but alas, the read range on the chip and the aforementioned attitude problems foiled that plan. He kept plugging away, though, to better understand RFID and the electronics that make it work.
To that end, [Dale] rolled his own RFID reader pretty much from scratch. He used an Arduino to generate the 134.2-kHz clock signal for the FDX-B chips and to parse the returned data. In between, he built a push-pull driver for the antenna coil and an envelope detector to pull the modulated data off the carrier. He also added a low-pass filter and a comparator to clean up the signal into a nice square wave, which was fed into the Arduino to parse the Differential Manchester-encoded data.
Although he was able to read his cats’ chips with this setup, [Dale] admits it was a long road compared to just buying a Flipper Zero or visiting the vet. But it provided him a look under the covers of RFID, which is worth a lot all by itself. But more importantly, he also discovered that one cat had a chip that returned a code different than what was recorded in the national database. That could have resulted in heartache, and avoiding that is certainly worth the effort too.
youtube.com/embed/yirEXUiZuOM?…
Thanks for the tip, [Gustavo].
Forget Pixel Art: Try Subpixels
[Japhy Riddle] was tired of creating pixel art. He went to subpixel art. The idea is that since each color pixel is composed of three subpixels, your display is actually three times as dense as you think it is. As long as you don’t care about the colors, of course.
Is it practical? No, although it is related to the Bayer filter algorithm and font antialiasing. You can also use subpixel manipulation to hide messages in plain sight.
[Japhy] shows how it all works using Photoshop, but you could do the same steps with anything that can do advanced image manipulation. Of course, you are assuming the subpixel mask is identical is for any given device, but apparently, they are mostly the same these days. You could modify the process to account for different masks.
Of course, since the subpixels are smaller, scaling has to change. In the end, you get a strange-looking image made up of tiny dots. Strange? Yes. Surreal? You bet. Useful? Well, tell us why you did it in the comments!
Pixel art isn’t just for CRTs. However, subpixel art assumes that the pixels can be divided up, which is not always the case.
youtube.com/embed/SlS3FOmKUbE?…
Close Shave for an Old Oscilloscope Saved with a Sticky Note
When you tear into an old piece of test equipment, you’re probably going to come up against some surprises. That’s especially true of high-precision gear like oscilloscopes from the time before ASICs and ADCs, which had to accomplish so much with discrete components and a lot of engineering ingenuity.
Unfortunately, though, those clever hacks that made everything work sometimes come back to bite you, as [Void Electronics] learned while bringing this classic Tektronix 466 scope back to life. A previous video revealed that the “Works fine, powers up” eBay listing for this scope wasn’t entirely accurate, as it was DOA. That ended up being a bad op-amp in the power supply, which was easily fixed. Once powered up, though, another, more insidious problem cropped up with the vertical attenuator, which failed with any setting divisible by two.
With this curious symptom in mind, [Void] got to work on the scope. Old analog Tek scopes like this use a bank of attenuator modules switched in and out of the signal path by a complex mechanical system of cams. It seemed like one of the modules, specifically the 4x attenuator, was the culprit. [Void] did the obvious first test and compared the module against the known good 4x module in the other channel of the dual-channel scope, but surprisingly, the module worked fine. That meant the problem had to be on the PCB that the module lives on. Close examination with the help of some magnification revealed the culprit — tin whiskers had formed, stretching out from a pad to chassis ground. The tiny metal threads were shorting the signal to ground whenever the 4x module was switched into the signal path. The solution? A quick flick with a sticky note to remove the whiskers!
This was a great fix and a fantastic lesson in looking past the obvious and being observant. It puts us in the mood for breaking out our old Tek scope and seeing what wonders — and challenges — it holds.
youtube.com/embed/PXAUGl8KqbU?…
3D Printed Boat Uses Tank Tracks For Amphibious Propulsion
Boats normally get around with propellers or water jets for propulsion. Occasionally, they use paddles. [Engineering After Hours] claims he is “changing the boat game forever” with his new 3D printed boat design that uses a tank tread for propulsion instead. Forgive him for the hyperbole of the YouTuber. It’s basically a modified paddle design, but it’s also pretty cool.
The basic idea is simple enough—think “floating snowmobile” and you’re in the ballpark. In the water, the chunky tank track provides forward propulsion with its paddle-like treads. It’s not that much different from a paddle wheel steamer. However, where it diverges is that it’s more flexible than a traditional paddle wheel.
The tracked design is actually pretty good at propelling the boat in shallow water without getting stuck. In fact, it works pretty well on dirt, too! The video covers the basic concept, but it also goes into some detail regarding optimizing the design, too. Getting the float and track geometry right is key to performance, after all.
If you’re looking to build an oddball amphibious craft, maybe working with the snowmobile concept is worth your engineering time.
youtube.com/embed/6WXm4mThifs?…
Open Source, Forced Innovation, and Making Good Products
The open-source hardware business landscape is no doubt a tough one, but is it actually tougher than for closed-source hardware? That question has been on our minds since the announcement that the latest 3D printer design from former open-source hardware stalwarts Prusa Research seems like it’s not going to come with design files.
Is the act of not sharing the design files going to save them? Is it even going to matter? We would argue that it’s entirely irrelevant. We don’t have a Core One in our hands, but we can’t imagine that there is anything super secret going on inside that couldn’t be reverse engineered by any other 3DP company within a week or so. If anything, they’re playing catch up with other similar designs. So why not play to one of their greatest strengths – the engaged crowd of hackers who would most benefit from having the design files?
Of course, Prusa’s decision to not release the design files doesn’t mean that they’re turning their backs on the community. They are also going to offer an upgrade package to turn your current i3 MK4 printer into the new Core One, which is about as hacker-friendly a move as is possible. They still offer kit versions of the printers at a discount, and they continue to support their open-source slicer software.
But this one aspect, the move away from radical openness, still strikes us as bittersweet. We don’t have access to their books, of course, but we can’t imagine that not providing the design files gains them much, and it will certainly damage them a little in the eyes of their most devoted fans. We hope the Core One does well, but we also hope that people don’t draw the wrong lesson from this – that it does well because it went closed source. If we could run the experiment both ways, we’d put our money on it doing even better if they released the design files.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
WolfsBane: Il malware si sposta su Linux e sta facendo tremare gli esperti di sicurezza
Gli analisti di ESET hanno scoperto una nuova backdoor per Linux chiamata WolfsBane. Secondo i ricercatori questo malware è simile alla backdoor di Windows che il gruppo di hacker cinese Gelsemium utilizza dal 2014.
Alla scoperta di WolfsBane
WolfsBane è un malware a tutti gli effetti, che include un dropper, un launcher e una backdoor stessa e utilizza un rootkitopen source modificato per eludere il rilevamento. Non è ancora chiaro come si verifichi l’infezione iniziale, ma i ricercatori ritengono che gli aggressori stiano sfruttando qualche tipo di vulnerabilità nelle applicazioni web per creare web shell e ottenere un accesso remoto persistente.
WolfsBane stesso viene inserito nel sistema utilizzando un dropper che avvia un componente camuffato da componente desktop KDE. A seconda dei privilegi che riceve, disabilita SELinux, crea file di servizio di sistema o modifica i file di configurazione dell’utente per prendere piede nel sistema.
Il launcher scarica quindi il componente dannoso udevd, che scarica tre librerie crittografate contenenti le funzionalità principali e la configurazione C&C. E per nascondere processi, file e traffico di rete associati all’attività di WolfsBane, una versione modificata del rootkit userland open source BEURK viene caricata tramite /etc/ld.so.preload .
Linux la nuova frontiera del malware
“Il rootkit WolfsBane Hider intercetta molte funzioni standard della libreria C, tra cui open, stat, readdir e access”, spiega ESET. “Anche se finiscono per richiamare le funzioni originali, tutti i risultati relativi a WolfsBane vengono filtrati.” Il compito principale di WolfsBane è eseguire i comandi ricevuti dal server di controllo degli aggressori utilizzando collegamenti di funzioni di comando predefiniti. Inoltre, lo stesso meccanismo viene utilizzato nell’analogo del malware per Windows.
Questi comandi includono operazioni sui file, furto di dati e varie manipolazioni del sistema che forniscono a Gelsemium il controllo completo sui dispositivi compromessi. I ricercatori menzionano anche di aver scoperto un altro malware Linux, FireWood, che è chiaramente correlato al malware Project Wood che prende di mira Windows. Tuttavia, FireWood, secondo gli analisti, è uno strumento di spionaggio comune utilizzato da diverse APT cinesi. Cioè, questo non è uno sviluppo esclusivo del citato gruppo Gelsemium.
“Sembra esserci una tendenza in via di sviluppo tra gli APT verso lo spostamento del malware verso i sistemi Linux”, concludono gli analisti. “Dal nostro punto di vista, questo sviluppo può essere spiegato da una serie di progressi nel campo della sicurezza della posta elettronica e degli endpoint. L’adozione diffusa di soluzioni EDR, così come la strategia di Microsoft di disabilitare le macro VBA per impostazione predefinita, significa che gli aggressori sono costretti a cercare altri modi per attaccare”.
L'articolo WolfsBane: Il malware si sposta su Linux e sta facendo tremare gli esperti di sicurezza proviene da il blog della sicurezza informatica.
3D Space Can Be Tiled With Corner-free Shapes
Tiling a space with a repeated pattern that has no gaps or overlaps (a structure known as a tessellation) is what led mathematician [Gábor Domokos] to ponder a question: how few corners can a shape have and still fully tile a space? In a 2D the answer is two, and a 3D space can be tiled in shapes that have no corners at all, called soft cells.
A great example of a natural soft cell is found in the chambers of a nautilus shell, but this turned out to be far from obvious. A cross-section of a nautilus shell shows a cell structure with obvious corners, but it turns out that’s just an artifact of looking at a 2D slice. When viewed in full 3D — which the team could do thanks to a micro CT scan available online — there are no visible corners in the structure. Once they knew what to look for, it was clear that soft cells are present in a variety of natural forms in our world.
[Domokos] not only seeks a better mathematical understanding of these shapes that seem common in our natural world but also wonders how they might relate to aperiodicity, or the ability of a shape to tile a space without making a repeating pattern. Penrose Tiles are probably the most common example.
I Dati Della Maxar Technologies Compromessi: L’Hacking Satellitare Fa Rumore
Il produttore americano di satelliti Maxar Technologies ha confermato una fuga di dati che ha interessato i dati personali dei dipendenti. La società ha segnalato l’hacking alle agenzie governative statunitensi.
Maxar gestisce una delle più grandi costellazioni di satelliti commerciali ed è un produttore di veicoli spaziali. Maxar è da tempo un fornitore chiave di immagini satellitari per il governo degli Stati Uniti, che utilizza i dati per l’intelligence, la pianificazione operativa e la gestione dei disastri.
Il 4 ottobre un aggressore proveniente da un indirizzo IP registrato a Hong Kong è penetrato nella rete Maxar ed è riuscito ad accedere ai file con i dati personali dei dipendenti. Non è ancora stata stabilita la posizione esatta dell’hacker, poiché il server utilizzato potrebbe nascondere la reale ubicazione.
L’azienda ha scoperto la violazione l’11 ottobre e ha adottato misure rapide per impedire ulteriori accessi non autorizzati. La società ha chiarito che nessuna informazione sui conti bancari è stata divulgata a seguito dell’incidente. Tuttavia, agli attuali dipendenti interessati dalla violazione viene offerta la protezione dell’identità e il monitoraggio del credito, mentre gli ex dipendenti hanno tempo fino a metà febbraio 2025 per iscriversi ai servizi di protezione dal furto di identità.
Il sito web ufficiale della società afferma che Maxar impiega 2.600 persone, più della metà delle quali hanno accesso a informazioni riservate necessarie per svolgere compiti nell’interesse della sicurezza nazionale degli Stati Uniti. Che sia correlato o meno, a luglio uno degli aggressori ha affermato di aver raccolto la base di utenti di GeoHIVE, una piattaforma di intelligence geospaziale di Maxar Technologies.
Non è ancora stato chiarito quanti dipendenti siano stati interessati e se siano stati interessati dati riservati. Maxar ha completato la vendita della società alla società di investimento Advent International per 6,4 miliardi di dollari lo scorso anno, ma non ci sono stati commenti immediati da parte dei rappresentanti.
L'articolo I Dati Della Maxar Technologies Compromessi: L’Hacking Satellitare Fa Rumore proviene da il blog della sicurezza informatica.
Il Giallo dell’attacco ad INPS Servizi SpA. È stato Lynx? Li abbiamo sentiti
Il 18 Novembre 2024 è stato protagonista di un presunto attacco malware INPS Servizi S.P.A, azienda di house providing partecipata da INPS. L’attacco è stato poi confermato il 22 Novembre dal sito ufficiale di INPS tramite un breve comunicato ma ancor prima da QuAS il 19 Novembre.
Nonostante non ci siano fonti ufficiali a confermarli stanno girando rumors su una possibile responsabilità del gruppo Ransomware Lynx [1][2][3] che non ha però pubblicato nulla a riguardo sul loro Data Leak Site DLS.
Il gruppo ha delle linee guida specifiche che includono il divieto di impattare istituzioni pubbliche, governative o healthcare. Il team di DarkLab, che ha intervista Lynx recentemente, si è messa in contatto con lo staff di Lynx chiedendo spiegazioni.
Lynx, dopo aver controllato nel loro backend le vittime attualmente dichiarate dai loro attaccanti/affiliati, ci ha detto che non ha attaccato INPS Servizi S.P.A.
Lynx ha tenuto a precisare che non attaccano questo tipo di istituzioni ed aziende ed invita INPS Servizi S.P.A a contattarli in caso i loro sistemi siano davvero stati impattati dal loro ransomware per poter scusarsi e mitigare al problema vista la natura della istituzione in questione.
Siccome non abbiamo dichiarazioni ufficiali chiare su questo attacco informatico, se i rumors fossero veri diamo la nostra collaborazione per aiutare INPS Servizi S.P.A a mettersi in contatto con Lynx.
Lynx fino ad oggi non ha mai attaccato alcuna organizzazione governativa o critica.
Le linee guida e le motivazioni del gruppo sono pubblicate nel loro DLS e sono sempre stati chiari (anche nella nostra intervista) nel non avere intenzione a creare danni a questo tipo di infrastrutture.
L'articolo Il Giallo dell’attacco ad INPS Servizi SpA. È stato Lynx? Li abbiamo sentiti proviene da il blog della sicurezza informatica.
Drilling Rig Makes Accurate Holes In Seconds
Drilling holes can be quite time consuming work, particularly if you have to drill a lot of them. Think about all the hassle of grabbing a part, fixturing it in the drill press, lining it up, double checking, and then finally making the hole. That takes some time, and that’s no good if you’ve got lots of parts to drill. There’s an easy way around that, though. Build yourself a rad jig like [izzy swan] did.
The first jig we get to see is simple. It has a wooden platter, which hosts a fixture for a plastic enclosure to slot perfectly into place. Also on the platter is a regular old power drill. The platter also has a crank handle which, when pulled, pivots the platter, runs the power drill, and forces it through the enclosure in the exact right spot. It’s makes drilling a hole in the enclosure a repeatable operation that takes just a couple of seconds. The jig gets it right every time.
The video gets better from there, though. We get to see even niftier jigs that feature multiple drills, all doing their thing in concert with just one pull of a lever. [izzy] then shows us how these jigs are built from the ground up. It’s compelling stuff.
If you’re doing any sort of DIY manufacturing in real numbers, you’ve probably had to drill a lot of holes before. Jig making skills could really help you if that’s the case. Video after the break.
youtube.com/embed/AtskUPaoRio?…
Transforming Drone Drives and Flies
Vehicles that change their shape and form to adapt to their operating environment have long captured the imagination of tech enthusiasts, and building one remains a perennial project dream for many makers. Now, [Michael Rechtin] has made the dream a bit more accessible with a 3D printed quadcopter that seamlessly transforms into a tracked ground vehicle.
The design tackles a critical engineering challenge: most multi-mode vehicles struggle with the vastly different rotational speeds required for flying and driving. [Michael]’s solution involves using printed prop guards as wheels, paired with lightweight tracks. An extra pair of low-speed brushless motors are mounted between each wheel pair, driving the system via sprockets that engage directly with the same teeth that drive the tracks.
The transition magic happens through a four-bar linkage mounted in a parallelogram configuration, with a linear actuator serving as the bottom bar. To change from flying to driving configuration the linear actuator retracts, rotating the wheels/prop guards to a vertical position. A servo then rotates the top bar, lifting the body off the ground. While this approach adds some weight — an inevitable compromise in multi-purpose machines — it makes for a practical solution.
Powering this transformer is a Teensy 4.0 flight controller running dRehmFlight, a hackable flight stabilization package we’ve seen successfully adapted for everything from VTOLs to actively stabilized hydrofoils.
youtube.com/embed/f1GSzysrYtw?…
Mammalian Ancestors Shed Light on The Great Dying
As we move through the Sixth Extinction, it can be beneficial to examine what caused massive die-offs in the past. Lystrosaurus specimens from South Africa have been found that may help clarify what happened 250 million years ago. [via IFLScience]
The Permian-Triassic Extinction Event, or the Great Dying, takes the cake for the worst extinction we know about so far on our pale blue dot. The primary cause is thought to be intense volcanic activity which formed the Siberian Traps and sent global CO2 levels soaring. In Karoo Basin of South Africa, 170 tetrapod fossils were found that lend credence to the theory. Several of the Lystrosaurus skeletons were preserved in a spread eagle position that “are interpreted as drought-stricken carcasses that collapsed and died of starvation in and alongside dried-up water sources.”
As Pangea dried from increased global temperatures, drought struck many different terrestrial ecosystems and changed them from what they were before. The scientists say this “likely had a profound and lasting influence on the evolution of tetrapods.” As we come up on the Thanksgiving holiday here in the United States, perhaps you should give thanks for the prehistoric volcanism that led to your birth?
If you want to explore more about how CO2 can lead to life forms having a bad day, have a look at paleoclimatology and what it tells us about today. In more recent history, have a look at how we can detect volcanic eruptions from all around the world and how you can learn more about the Earth by dangling an antenna from a helicopter.
Lasers, Galvos, Action: A Quest for Laser Mastery
If you’re into hacking hardware and bending light to your will, [Shoaib Mustafa]’s latest project is bound to spike your curiosity. Combining lasers to project multi-colored beams onto a screen is ambitious enough, but doing it with a galvanomirror, STM32 microcontroller, and mostly scratch-built components? That’s next-level tinkering. This project isn’t just a feast for the eyes—it’s a adventure of control algorithms, hardware hacks, and the occasional ‘oops, that didn’t work.’ You can follow [Shoaib]’s build log and join the journey here.
The nitty-gritty is where it gets fascinating. Shoaib digs into STM32 Timers, explaining how modes like Timer, Counter, and PWM are leveraged for precise control. From adjusting laser intensity to syncing galvos for projection, every component is tuned for maximum flexibility. Need lasers aligned? Enter spectrometry and optical diffusers for precision wavelength management. Want real-time tweaks? A Python-controlled GUI handles the instruments while keeping the setup minimalist. This isn’t just a DIY build—it’s a work of art in problem-solving, with successes like a working simulation and implemented algorithms along the way.
If laser projection or STM32 wizardry excites you, this build will inspire. We featured a similar project by [Ben] back in September, and if you dig deep into our archives, you can eat your heart out on decades of laser projector projects. Explore Shoaib’s complete log on Hackaday.io. It is—literally—hacking at its most brilliant.
Sextortion via Microsoft 365: la nuova minaccia che supera i filtri antispam!
I criminali informatici hanno trovato un modo astuto e pericoloso per aggirare i filtri Antispam, sfruttando il Microsoft 365 Admin Portal per inviare email di Sextortion. Ma la vera sorpresa? Queste email provengono da un account Microsoft legittimo, il che le rende incredibilmente difficili da rilevare. Un attacco che sta mettendo a rischio milioni di utenti in tutto il mondo.
Minacce sessuali mascherate da comunicazioni legittime
Le email in questione sono un mix di minacce sessuali e ricatti. I truffatori affermano di avere catturato contenuti sessuali compromettenti riguardanti la vittima o il suo partner e minacciano di diffonderli se non vengono pagati tra i 500 e i 5.000 dollari. La paura di una divulgazione pubblica spinge le vittime a cedere, ma la vera insidia sta nel fatto che questi messaggi non provengono da indirizzi sospetti. Vengono inviati tramite un indirizzo o365mc@microsoft.com, che, sebbene possa sembrare sospetto, è effettivamente legittimo, ed è proprio questa la chiave del successo di questa truffa.
Bypass dei filtri Antispam
Ciò che rende questa truffa ancora più insidiosa è come i criminali riescano a superare i filtri Antispam. L’email proviene da una fonte che, per tutti gli algoritmi di sicurezza, è considerata sicura: o365mc@microsoft.com. Questo indirizzo è associato a comunicazioni legittime da Microsoft, come aggiornamenti e avvisi su nuove funzionalità. I filtri, di conseguenza, non bloccano questi messaggi, facendo sì che i truffatori possano veicolare le loro minacce senza che vengano etichettate come spam.
La chiave per aggirare i controlli risiede nel Microsoft 365 Message Center, un servizio progettato per inviare avvisi e informazioni ai clienti. Quando si condivide un messaggio, gli utenti possono aggiungere una nota personale. È proprio in questa sezione che i truffatori nascondono il loro messaggio di extorsione. Sebbene il campo di testo sia limitato a 1.000 caratteri, questo limite è facilmente aggirato utilizzando strumenti di sviluppo del browser, come l’opzione “ispeziona elemento”. Modificando il valore del limite di caratteri, i truffatori riescono a inviare messaggi molto più lunghi, senza alcuna troncatura.
Microsoft ignora il controllo lato server
Questa falla nella sicurezza è ancora più grave perché Microsoft non applica alcun controllo lato server per limitare la lunghezza dei messaggi. Nonostante il limite dei 1.000 caratteri sia presente sul lato client, senza un controllo server-side, i criminali possono facilmente eludere il sistema e inviare messaggi completi, che appaiono perfettamente legittimi. Questo errore ha permesso alla truffa di prosperare senza ostacoli.
Il colosso di Redmond è consapevole del problema e sta indagando sulla questione, ma la vulnerabilità non è ancora stata corretta. Fino a quando non verranno implementati i controlli adeguati lato server, gli utenti sono vulnerabili a questa minaccia. Se ricevi una email sospetta con minacce o richieste di denaro, è fondamentale non cedere al ricatto. Microsoft non invierà mai email del genere. Segnala immediatamente il messaggio come spam e, soprattutto, non rispondere ai truffatori. È fondamentale mantenere un livello elevato di attenzione per proteggere i propri dati e prevenire il rischio di cadere in truffe sofisticate.
Conclusione
Questo episodio mette in luce un problema cruciale: anche le piattaforme di fiducia, come Microsoft 365, non sono immuni da abusi. I criminali informatici sono sempre più ingegnosi nel mascherare le loro truffe, utilizzando metodi sofisticati per ingannare i sistemi di sicurezza e sfruttare la paura delle vittime. Le email di sextortion, che sembrano provenire da fonti affidabili, sono un chiaro esempio di come il phishing e il ricatto digitale possano evolversi.
Non c’è dubbio che la protezione dei dati e la sicurezza online debbano essere priorità assolute per tutti gli utenti, dalle grandi aziende agli utenti privati. Microsoft sta investigando sulla vulnerabilità, ma fino a quando non verranno adottati controlli adeguati, gli utenti devono rimanere cauti e segnalare tempestivamente qualsiasi attività sospetta.
In un mondo sempre più connesso, è fondamentale che tutti, dai singoli utenti alle aziende, adottino un approccio proattivo verso la sicurezza informatica. Essere consapevoli delle minacce è il primo passo per proteggere se stessi e le proprie informazioni da attacchi sempre più subdoli e dannosi.
L'articolo Sextortion via Microsoft 365: la nuova minaccia che supera i filtri antispam! proviene da il blog della sicurezza informatica.
Build Yourself A Useful Resistor Decade Box
If you’ve ever worked with guitar pedals or analog audio gear, you’ve probably realized the value of a resistor decade box. They substitute for a resistor in a circuit and let you quickly flick through a few different values at the twist of a knob. You can still buy them if you know where to look, but [M Caldeira] decided to build his own.
At its core, the decade box relies on a number of 11-position rotary switches. Seven are used in this case—covering each “decade” of resistances, from 1 ohm to 10 ohm and all the way up to 1 megaohm. The 11 positions on each switch allows the selection of a given resistance. For example, position 7 on the 100 ohm switch selects 700 ohms, and adds it to the total resistance of the box.
[M Caldeira] did a good job of building the basic circuit, as well as assembling it in an attractive, easy-to-use way. It should serve him well on his future audio projects and many others besides. It’s a simple thing, but sometimes there’s nothing more satisfying than building your own tools.
We’ve seen other neat designs like this in the past, including an SMD version and this neat digital decade box. Video after the break.
youtube.com/embed/Wq_XsgqvS1k?…
OLED Screen Mounting, Without The Pain
There was a time when no self-respecting electronics engineer would build a big project without at least one panel meter. They may be a rare part here in 2024, but we find ourselves reminded of them by [24Eng]’s project. It’s a 3D printed housing for one of those common small OLED displays, designed to be mounted on a panel with just a single round hole. Having had exactly this problem in the past trying to create a rectangular hole, we can immediately see the value in this.
It solves the problem by encasing the display in a printed shell, and passing a coarsely threaded hollow cylinder behind it for attachment to the panel and routing wires. This is where we are reminded of panel meters, many of which would have a similar sized protrusion on their rear housing their mechanism.
The result is a neatly made OLED display mounting, with a hole that’s ease itself to create. Perhaps now you’ll not be afraid to make your own panels.
Hack On Self: The Un-Crash Alarm
Ever get home, tired after work, sit down on a couch, and spend an hour or two sitting down without even managing to change into your home clothes? It’s a seriously unpleasant in-between state – almost comfortable, but you know you’re not really at rest, likely hungry, and even your phone battery is likely about to die. This kind of tiredness can get self-reinforcing real quick – especially if you’re too tired to cook food, or you’re stuck in an uncomfortable position. It’s like the inverse of the marshmallow test – instead of a desire, you’re dealing with lack thereof.
I’ve been dealing with this problem a lot within the last two years’ time. Day to day, I could lose hours to this kind of tiredness. It gets worse when I’m sick, and, it’s gotten worse on average after a few bouts of COVID. It’s not just tiredness, either – distractability and tiredness go hand in hand, and they play into each other, too.
My conclusion, so far, was pretty simple. When I’m tired, delayed but proper rest is way better than “resting” in a half-alert state, even if that takes effort I might not have yet. So, it’s important that I can get up, even if I’m already in a “crashed” position. Sure, I could use tricks like “do not sit down until I’m ready to rest”, but that only works sometimes – other times, the tiredness is too much to handle.
Audio files and sound playback library in hand, negative reinforcement methods fresh in my mind, I went and cooked together a very simple solution.
Anti-Crash Script
When I noticed myself being tired and in a “crash” state, I would think “oh, no worries, I’m going to get up any minute now”. Of course, it was never just a minute, and I decided to hook into that realization, subsurface but close enough that I could justify some intervention to myself.
Would you be surprised if I told you the solution was to ring a siren into my headphones? The algorithm is simple – every time I’m “crashed” and planning to get up “real soon”, I press a button that starts a five-minute timer, programmed to ring a siren into my headphones. When the seconds stop ticking and the siren triggers, I have a choice – get up and then re-trigger the alarm for five more minutes. There is no second choice, really – I don’t give myself one. The part where I get up before turning the siren off is crucial, of course – though, in case of missing willpower, an accelerometer measuring activity could do as well.
Not that much of my willpower would be required – turned out, it typically would be enough of a shock to realize just how quickly five minutes have passed. Consistently, every time I got tired, time would pass much quicker than I could feel it, and the “oh damn it’s been five minutes already” thought made for a surprisingly powerful reality check.
Initially, the script was a tiny local webserver – I had some Flask examples fresh in my mental toolbox, so I took those and wrote two tiny HTML pages, crash and uncrash. The crash page received a seconds argument, indicating how many seconds to wait before ringing the alarm, and the uncrash page stopped the alarm. Keep the two webpages open, and hit Ctrl+R on the page I need – simple enough.
Resistance Is Counterproductive
Later on, I beautified the pages a little – adding background colours, so that it’d be easy for me to find the pages in my laptop’s window switcher and not get confused between them. That was my first attempt to make the crash/uncrash “hooks” more accessible – since, unsurprisingly, having to Alt-Tab a couple times before finding the right page required some mental energy, so I would often forget about them altogether, and developing a habit of using these pages was significantly harder. Thinking back to the very first article and principles I outlined in it – reducing resistance to use was a must.
So, the “crash” webpages got turned into keybinds accessible on my laptop globally. Surprisingly, despite the crash endpoint’s arbitrary integer delay, I didn’t need much granularity. Right now, I only use three buttons , “uncrash”, “crash in 300 seconds” (5 minutes), and “crash in 1 second” (immediate). The “immediate crash” button was a surprisingly helpful one, too. See, the “oh, five minutes truly can pass quicker than expected” lesson has stuck with me – so, when I’d notice myself crashing, I knew better than to waste time trusting in the “just a few minutes” notice.
The keybinds got me to use the script more often – which has helped me find more usecases, and use it even when I’m not sick or super tired. Really, most of the trouble nowadays is noticing when I need to press the button – which, generally, is in the mornings, when I am still groggy and a scheduled appointment might not feel as important as it actually is.
One important aspect turned out to be retriggering the alarm instead of turning it off after five minutes. I get up either way, but usually, the crash doesn’t – I might “crash” immediately afterwards, or a minute-two later. Stopping the alarm ended up being a very intentional “crash is over” decision – so, the “stop” button never got into my muscle memory. I’ve indeed had muscle-memory cycle restarts, giving myself five more minutes without realizing – but I’ve never had muscle-memory stops, which is nice, because stopping the script without even realizing it would be a critical failure condition.
Retrospective: It’s Great, Somehow
Anything missing? Definitely! For one, there are some good keybinds I could add, even if maybe they wouldn’t fundamentally impact how the script is functioning. Say I’ve woken up, and I have to get somewhere early – so I use the “crash” script to get up and get with the gravity of my current situation. As I run around the house doing morning chores, five minutes pass and the alarm rings again, even though I’m currently actively doing something around the house.
Now, running back to the laptop and pressing a keybind isn’t a problem. The problem is that I could be pressing the “reset alarm” button in two different states – either I’m doing well, or I’m not, but it’s the same button. Making two different buttons, one “doing good” and one “still crashed”, would help me collect metadata I could use for a good purpose – and, quite likely, add a trigger for some sort of positive reinforcement.
Other than that? This script has eliminated yet another common failure mode from my life – and, once again, helped improve focus. It’s as simple as simple goes, and, it’s gotten me to a more comfortable point – often, making a difference between an evening lost to tiredness, and an evening of recuperation.
One thing you might notice – to actually work properly, this script requires always-on, wireless headphones. In the next article, I’ll talk about the wireless headphone device I’ve built, why I had to build one instead of buying one, and how that device has helped me solved a bunch of other problems I didn’t realize I had.
Enhiker Helps You Decide if its a Good Day to Hike
Many of us check the weather before heading out for the day — we want to know if we’re dressed (or equipped) properly to handle what Mother Nature has planned for us. This is even more important if you’re going out hiking, because you’re going to be out in a more rugged environment. To aid in this regard, [Mukesh Sankhla] built a tool called Enhiker.
The concept is simple; it’s intended to tell you everything you need to know about current and pending conditions before heading out on a hike. It’s based around Unihiker, a single-board computer which also conveniently features a 2.8-inch touch screen. It’s a quad-core ARM device that runs Debian and has WiFi and Bluetooth built in, too. The device is able to query its GPS/GNSS receiver for location information, and then uses this to get accurate weather data online from OpenWeatherMap. It makes some basic analysis, too. For example, it can tell you if it’s a good time to go out, or if there’s a storm likely rolling in, or if the conditions are hot enough to make heat stroke a concern.
It’s a nifty little gadget, and it’s neat to have all the relevant information displayed on one compact device. We’d love to see it upgraded further with cellular connectivity in addition to WiFi; this would make it more capable when out and about.
We’ve seen some other neat hiking hacks before, too, like this antenna built with a hiking pole. Meanwhile, if you’ve got your own neat hacks for when you’re out on the trail, don’t hesitate to let us know!
This Week in Security: Footguns, Bing Worms, and Gogs
The world of security research is no stranger to the phenomenon of not-a-vulnerability. That’s where a security researcher finds something interesting, reports it to the project, and it turns out that it’s something other than a real security vulnerability. There are times that this just means a researcher got over-zealous on reporting, and didn’t really understand what was found. There is at least one other case, the footgun.
A footgun is a feature in a language, library, or tool that too easily leads to catastrophic mistake — shooting ones self in the foot. The main difference between a footgun and a vulnerability is that a footgun is intentional, and a vulnerability is not. That line is sometimes blurred, so an undocumented footgun could also be a vulnerability, and one possible solution is to properly document the quirk. But sometimes the footgun should really just be eliminated. And that’s what the article linked above is about. [Alex Leahu] takes a look at a handful of examples, which are not only educational, but also a good exercise in thinking through how to improve them.
The first example is Tesla from the Elixer language. Tesla is an HTTP/HTTPS client, not unlike libcurl, and the basic usage pattern is to initialize an instance with a base_url defined. So we could create an instance, and set the URL base to [url=https://hackaday.com/feed/]https://hackaday.com/feed/[/url]. Then, to access a page or endpoint on that base URL, you just call a Tesla.get(), and supply the client instance and path. The whole thing might look like:
client = build_client(config, "https://hackaday.com", headers)
response = Tesla.get(client, "/floss")All is well, as this code snippet does exactly what you expect. The footgun comes when your path isn’t just /floss. If that path starts with a scheme, like http:// or https://, the base URL is ignored, and path is used as the entire URL instead. Is that a vulnerability? It’s clearly documented, so no, definitely not. Is this a footgun, that is probably responsible for vulnerabilities in other code? Yes, very likely. And here’s the interesting question: What is the ideal resolution? How do you get rid of the footgun?
There are two related approaches that come to mind. The first would be to add a function to the library’s API, a Tesla.get_safe() that will never replace the base URL, and update the documentation and examples to use the safe version. The related solution is to then take the extra step of deprecating the unsafe version of the function.
The other example we’ll look at is Psychopg, a PostSQL driver library for Python. The example of correctly using the driver is cur.execute("INSERT INTO numbers VALUES (%s, %s)", (10, 20)), while the incorrect example is cur.execute("INSERT INTO numbers VALUES (%s, %s)" % (10, 20)). The difference may not seem huge, but the first example is sending the values of 10 and 20 as arguments to the library. The second example is doing an printf-like Python string formatting with the % operator. That means it bypasses all the protections this library has to prevent SQL injection. And it’s trivially easy because the library uses % notation. The ideal solution here is pretty straightforward. Deprecate the % SQL notation, and use a different character that isn’t overloaded with a particularly dangerous language functino.
Wormable Bing
[pedbap] went looking for a Cross-Site Scripting (XSS) flaw on Microsoft’s services. The interesting thing here is that Bing is part of that crowd of Microsoft websites, that users automatically get logged in to with their Microsft accounts. An XSS flaw there could have interesting repercussions for the entire system. And since we’re talking about it, there was obviously something there.
The flaw in question was found on Bing maps, where a specific URL can load a map with custom features, though the use of json file specified in the URL. That json file can also include a Keyhole Markup Language file, a KML. These files have a lot of flexibility, like including raw HTML. There is some checking to prevent running arbitrary JavaScript, but that was defeated with a simple mixed case string: jAvAsCriPt:(confirm)(1337). Now the example does require a click to launch the JS, so it’s unclear if this is actually wormable in the 0-click sort of way. Regardless, it’s a fun find, and netted [pedbap] a bounty.
youtube.com/embed/_brKdFmYGdI?…
Right There in Plain Text
[Ian] from Shells.Systems was inside a Palo Alto Global Protect installation, a VPN server running on a Windows machine. And there was something unusual in the system logs. The log contained redacted passwords. This is an odd thing to come across, particularly for a VPN server like this, because the server shouldn’t ever have the passwords after creation.
So, to prove the point, [Ian] wrote an extractor program, that grabs the plaintext passwords from system memory. As far as we can tell, this doesn’t have a CVE or a fix, as it’s a program weakness rather than a vulnerability.
Your Gogs Need to Go
Speaking of issues that haven’t been patched, if you’re running gogs, it’s probably time to retire it. The latest release has a Remote Code Execution vulnerability, where an authenticated user can create a symlink to a real file on the gogs server, and edit the contents. This is a very quick route to arbitrary code execution.
The real problem here isn’t this specific vulnerability, or that it hasn’t been patched yet, or even that gogs hasn’t seen a release since 2023. The real problem is that the project seems to have been almost completely abandoned. The last change was only 2 weeks ago, but looking through the change log, almost all of the recent changes appear to be automated changes. The vulnerability was reported back in August, the 90 day disclosure deadline came and went, and there was never a word from the project. That’s concerning. It’s reminiscent of the sci-fi trope, when some system keeps running itself even after all the humans have left.
Bits and bytes
The NPM account takeover hack now has an Open Source checking tool. This is the issue of expired domains still listed on the developer email addresses on NPM packages. If an attacker can register the dangling domain, it’s possible to take over the package as well. The team at Laburity are on it, with the release of this tool.
Lutra Security researchers have an interesting trick up their sleeves, when it comes to encrypted emails. What if the same encrypted text encrypted to different readable messages for each different reader? With some clever use of both encryption and the multipart/alternative MIME type, that;s what Salamander/MIME pulls off.
And finally, it’s time to dive in to DOMPurify bypasses again. That’s the JavaScript library for HTML sanitizing using the browser’s own logic to guarantee there aren’t any inconsistent parsing issues. And [Mizu] has the lowdown on how to pull off an inconsistent parsing attack. The key here is mutations. When DOMPurify runs an HTML document through the browser’s parsing engine, that HTML is often modified — hence the Purify in the title. What’s not obvious is that a change made during this first iteration through the document can have unexpected consequences for the next iteration through the document. It’s a fun read, and only part one, so keep your eyes peeled for the rest of it!
A Surprisingly Simple Omnidirectional Display
Old-school technology can spark surprising innovations. By combining the vintage zoetrope concept with digital displays, [Mike Ando] created the Andotrope, a surprisingly simple omnidirectional display.
Unlike other 3D displays, the Andotrope lets you view a normal 2D video or images that appear identical irrespective of your viewing angle. The prototype demonstrated in the video below consists of a single smart phone and a black cylinder spinning at 1,800 RPM. A narrow slit in front of each display creates a “scanning” view that our brain interprets as a complete image, thanks to persistence of vision. [Mike] has also created larger version with a higher frame rate, by mounting two tablets back-to-back.
Surprisingly, the Andotrope appears to be an original implementation, and neither [Mike] nor we can find any similar devices with a digital display. We did cover one that used a paper printout in a a similar fashion. [Mike] is currently patenting his design, seeing the potential for smaller displays that need multi-angle visibility. The high rotational speed creates significant centrifugal force, which might limit the size of installations. Critically, display selection matters — any screen flicker becomes glaringly obvious at speed.
This device might be the first of its kind, but we’ve seen plenty of zoetropes over the years, including ones with digital displays or ingenious time-stretching tricks.
youtube.com/embed/YxkUCFis668?…
Come i Threat Actors Bypassano gli EDR con un semplice e banale Reboot
Sono venuto a conoscenza di questa tecnica circa 9 mesi fa e ora sto analizzando un attacco condotto da Qilin Ransomware Gang, quindi è giunto il momento di parlarne per far conoscere questa nuova tecnica.
Una delle cose più importanti per la sicurezza negli EDR è la possibilità di intercettare le chiamate al kernel. A questo scopo, i venditori di EDR utilizzano i driver MiniFilter che si caricano all’avvio. Ma cosa succede quando questi driver vengono forzati a essere disabilitati dall’attaccante? L’attaccante può tranquillamente effettuare chiamate al kernel senza essere intercettato dagli EDR.
Quando Windows carica un driver MiniFilter, c’è un ordine per caricarlo; questo ordine è specificato con un parametro che Microsoft fornisce ai driver MiniFilter, chiamato Altitudine. Questa tecnica è semplice e altamente efficace.
Ora vediamo come funziona questo attacco e come fermarlo.
In questa schermata possiamo vedere che abbiamo diversi driver MiniFilter caricati nel nostro sistema e uno di questi è quello dell’EDR. La terza colonna è l’Altitudine del driver.
Cosa succede se modifichiamo l’Altitudine di questi driver, come FileInfo in quella dell’EDR?
Per fare questo possiamo modificare una chiave di registro REG_MULTI_SZ.
Andiamo a modificare questa chiave specifica con Altitude dal MultiFilter Driver di EDR.
Per rendere effettiva la modifica dobbiamo riavviare l’endpoint. Ora possiamo verificare che la nostra modifica sia effettiva.
Possiamo vedere che ora FileInfo contiene l’altitudine del driver MiniFilter dell’EDR.
Possiamo vedere anche il MiniFilter dell’EDR che prima era caricato ora non lo è più a causa della nostra modifica. Con questa modifica del registro possiamo interagire con i Kernel Callbacks ad esempio senza essere segnalati dagli EDR.
Ho fatto questo test con 6 EDR negli ultimi mesi e NESSUNO di loro ha segnalato la modifica del registro come malevola. Ora, come possiamo monitorarlo? È semplice, possiamo monitorare la modifica di qualsiasi MiniFilter Altitude nel registro e segnalarla come malevola. Con questa tecnica, il Threat Actor
(Qilin Ransomware) che ho visto in un recente attacco in natura, esegue LaZagne senza essere segnalato da EDR.
Spero che i fornitori di EDR possano aggiungere questa telemetria ai loro prodotti, in modo che la tecnica diventi inutile.
L'articolo Come i Threat Actors Bypassano gli EDR con un semplice e banale Reboot proviene da il blog della sicurezza informatica.
Learn About Robot Arms By Building Pedro 2.0
Whether you’re a kid or a kid at heart, learning about science and engineering can be a lot more fun if it’s practical. You could sit around learning about motors and control theory, or you could build a robot arm and play with it. If the latter sounds like your bag of hammers, you might like Pedro 2.0.
Pedro 2.0 is a simple 3D-printable robot arm intended for STEAM education. If you’re new to that acronym, it basically refers to the combination of artistic skills with education around science, technology, engineering and mathematics.
The build relies on components that are readily available pretty much around the world—SG90 servo motors, ball bearings, and an Arduino running the show. There’s also an NRF24L01 module for wireless remote control. All the rest of the major mechanical parts can be whipped up on a 3D printer, and you don’t need a particularly special one, either. Any old FDM machine should do the job just fine if it’s calibrated properly.
If you fancy dipping your toes in the world of robot arms, this is a really easy starting point that will teach you a lot along the way. From there, you can delve into more advanced designs, or even consider constructing your own tentacles. The world really is your octopus oyster.
I Siti delle Pubbliche Amministrazioni stanno scomparendo Google! Cosa sta succedendo?
Nella giornata di ieri, arriva in redazione una segnalazione da parte del Dott. Ilario Capurso, Responsabile Servizio Sistemi Informativi del Comune di Calenzano risultata interessante e allo stesso tempo allarmante. I siti delle Pubbliche Amministrazioni italiane stanno letteralmente scomparendo da Google, il motore più utilizzato da tutti gli “essere digitali”. Perché accade questo?
A partire dall’inizio di Novembre su forum.italia.it (gestito da AgID e Dipartimento per la Trasformazione Digitale) si sono moltiplicate le segnalazioni di malfunzionamento di indicizzazione dei siti web ufficiali di molte pubbliche amministrazioni locali italiane da parte di Google Search.
In alcuni casi si è assistito ad una repentina deindicizzazione delle pagine, in altri casi sono scomparsi interi domini di terzo livello riconducibili alla PA (nel formato comune.nomecomune.provincia.it).
Il problema riscontrato
Nel dibattito conseguente non è stata trovata una “causa comune” che potrebbe aver portato a questa deindicizzazione massiva (almeno da parte dei tecnici o incaricati della PA). Dapprima l’ipotesi più quotata pareva essere quella relativa all’implementazione del template “Design Italia”(designers.italia.it/) a cui gli enti pubblici sono obbligati ad allinearsi e che ha come scopo la standardizzazione dei contenuti ed una corretta accessibilità (e condizione necessaria per l’accesso ai finanziamenti PNRR in particolare la misura 1.4.1 “Esperienza del cittadino nei servizi pubblici”).
Questo uno screenshot relativo al mio Ente (Comune di Calenzano) che ci è stato inviato in redazione dal Comune stesso, con un confronto con il mese scorso sulle visite in arrivo da Google:
Effettuando ulteriori verifiche attraverso la Google Search Console si è scoperta una continua deindicizzazione delle pagine senza che venga segnalato un problema specifico.
Ancora nessuna risposta da Google
Sono state cercate incongruenze rispetto a piattaforme di hosting diverse, diversi provider, diversi template del sito, file robots.txt, file di sitemap.xml e diversi fornitori esterni ma non sembra esserci un fattor comune. Fatto da non tralasciare è che i siti incriminati sono normalmente raggiungibili e ricercabili da altri motori di ricerca.
Google è a conoscenza del problema (anche se non c’è una dichiarazione ufficiale) e “non è possibile fare altro che aspettare” riportano i comuni della Pubblica Amministrazione. Probabilmente qualche modifica nell’algoritmo di ranking ha generato il problema (qualcuno suppone l’introduzione dell’AI che è “scappata di mano”). Fatto sta che dopo 3 settimane il problema non è stato risolto.
Questo ha sollevato anche una discussione più ad ampio raggio su quanto i servizi messi a disposizione dei cittadini siano in verità dipendenti da Google che può far “sparire” una PA dall’oggi al domani (tant’è che si è registrato un forte calo nelle visite attraverso i vari analytics).
L'articolo I Siti delle Pubbliche Amministrazioni stanno scomparendo Google! Cosa sta succedendo? proviene da il blog della sicurezza informatica.
Quick and Very Dirty Repair Gets Smoked PLC Back in the Game
When electronics release the Magic Smoke, more often than not it’s a fairly sedate event. Something overheats, the packaging gets hot enough to emit that characteristic and unmistakable odor, and wisps of smoke begin to waft up from the defunct component. Then again, sometimes the Magic Smoke is more like the Magic Plasma, as was the case in this absolutely smoked Omron programmable logic controller.
Normally, one tasked with repairing such a thing would just write the unit off and order a replacement. But [Defpom] needed to get the pump controlled by this PLC back online immediately, leading to the somewhat unorthodox repair in the video below. Whatever happened to this poor device happened rapidly and energetically, taking out two of the four relay-controlled outputs. [Defpom]’s initial inspection revealed that the screw terminals for one of the relays no longer existed, one relay enclosure was melted open, its neighbor was partially melted, and a large chunk of the PCB was missing. Cleaning up the damaged relays revealed what the “FR” in “FR4” stands for, as the fiberglass weave of the board was visible after the epoxy partly burned away before self-extinguishing.
With the damaged components removed and the dangerously conductive carbonized sections cut away, [Defpom] looked for ways to make a temporary repair. The PLC’s program was locked, making it impossible to reprogram it to use the unaffected outputs. Instead, he redirected the driver transistor for the missing relay two to the previously unused and still intact relay one, while adding an outboard DIN-mount relay to replace relay three. In theory, that should allow the system to work with its existing program and get the system back online.
Did it work? Sadly, we don’t know, as the video stops before we see the results. But we can’t see a reason for it not to work, at least temporarily while a new PLC is ordered. Of course, the other solution here could have been to replace the PLC with an Arduino, but this seems like the path of least resistance. Which, come to think of it, is probably what caused the damage in the first place.
youtube.com/embed/yZbEM-Sy79Q?…
Creating and Control of Magnetic Skyrmions in Ferromagnetic Film Demonstrated
Magnetic skyrmions are an interesting example of solitons that occurs in ferromagnetic materials with conceivable solutions in electronics, assuming they can be created and moved at will. The creation and moving of such skyrmions has now been demonstrated by [Yubin Ji] et al. with a research article in Advanced Materials. This first ever achievement by these researchers of the Korea Research Institute of Standards and Science (KRISS) was more power efficient than previously demonstrated manipulation of magnetic skyrmions in thicker (3D) materials.
Magnetic skyrmions are sometimes described as ‘magnetic vortices’, forming statically stable solitons. In a broader sense skyrmions are a topologically stable field configuration in particle physics where they form a crucial part of the emerging field of spintronics. For magnetic skyrmions their stability comes from the topological stability, as changing the atomic spin of the atoms inside the skyrmion would require overcoming a significant energy barrier.
In the case of the KRISS researchers, electrical pulses together with a magnetic field were used to create magnetic skyrmions in the ferromagnetic (Fe3GaTe2, or FGaT) film, after which a brief (50 µs) electric current pulse was applied. This demonstrated that the magnetic skyrmions can be moved this way, with the solitons moving parallel to the electron flow injection, making them quite steerable.
While practical applications of magnetic skyrmions are likely to be many years off, it is this kind of fundamental research that will enable future magnetic storage and spintronics-related devices.
Gear Up: A 15-Minute Intro on Involute Gears
If you’re into CNC machining, mechanical tinkering, or just love a good engineering rabbit hole, you’re in for a treat. Substack’s [lcamtuf] has written a quick yet insightful 15-minute introduction to involute gears that’s as informative as it is accessible. You can find the full article here. Compared to Hackaday’s more in-depth exploration in their Mechanisms series over the years, this piece is a beginner-friendly gateway into the fascinating world of gear design.
Involute gears aren’t just pretty spirals. Their unique geometry minimizes friction and vibration, keeps rotational speeds steady, and ensures smooth torque transfer—no snags, no skips. As [lcamtuf] points out, the secret sauce lies in their design, which can’t be eyeballed. By simulating the meshing process between a gear and a rack (think infinite gear), you can create the smooth, rolling movement we take for granted in everything from cars to coffee grinders.
From pressure angles to undercutting woes, [lcamtuf] explores why small design tweaks matter. The pièce de résistance? Profile-shifted gears—a genius hack for stronger teeth in low-tooth-count designs.
Whether you’re into the theory behind gear ratios, or in need of a nifty tool to cut them at home, Hackaday has got you covered. Inspired? Read the full article by [lcamtuf] here.
Custom Mouse Rocks Neat Thumbstick Design
A mouse is just two buttons, and a two-dimensional motion tracking system, right? Oh, and a scroll wheel. And a third button. And…now you’re realizing that mice can be pretty complicated. [DIY Yarik] proves that in spades with his impressive—and complex—mouse build. The only thing is, you might argue it isn’t really a mouse.
The inspiration for the mouse was simple. [Yarik] wanted something that was comfortable to use. He also wanted a mouse that wouldn’t break so often—apparently, he’s had a lot of reliability issues with mice in recent years. Thus, he went with a custom 3D-printed design with a wrist rest at the base. This allows his hand to naturally rest in a position where he can access multiple buttons and a central thumbstick for pointing. In fact, there’s a secondary scroll control and a rotary dial as well. It’s a pretty juicy control surface.
The use of a thumbstick is controversial—some might exclaim “this is not a mouse!” To them, I say, “Fine, call it a pointing device.” It’s still cool, and it look like a comfortable way to interface with a computer.
We’ve seen some other neat custom mice over the years, too, like this hilarious force-feedback mouse. Video after the break.
youtube.com/embed/GpYnQJRw7pw?…
FREE-WILi Turns DC32 Badge Into Hardware Dev Tool
With few exceptions, electronic event badges are often all but forgotten as soon as the attendee gets back home. They’re a fun novelty for the two or three days they’re expected to be worn, but after that, they end up getting tossed in a drawer (or worse.) As you might imagine, this can be a somewhat depressing thought thought for the folks who design and build these badges.
But thanks to a new firmware released by the FREE-WILi project, at least one badge is going to get a shot at having a second life. When loaded onto the RP2350-powered DEF CON 32 badge, the device is turned into a handy hardware hacking multi-tool. By navigating through a graphical interface, users will be able to control the badge’s GPIO pins, communicate over I2C, receive and transmit via infrared, and more. We’re particularly interested in the project’s claims that the combination of their firmware and the DC32 badge create an ideal platform for testing and debugging Simple Add-Ons (SAOs).
It’s a bit like an even more capable Bus Pirate 5, which considering how many tricks that particular device can pull off, is saying something. As an added bonus, apparently you can even wear the FREE-WILi on your wrist for mobile hardware hacking action!
Anyway, while the hardware in the FREE-WILi is clearly more capable than what’s under the hood of the DC32 badge, there’s enough commonality between them that the developers were able to port a few of the key features over. It’s a clever idea — there’s something like 30,000 of these badges out there in the hands of nerds all over the world, and by installing this firmware, they’ll get a taste of what the project is capable of and potentially spring for the full kit.
If you give your DC32 badge the FREE-WILi treatment, be sure to let us know in the comments.
USB-C For Hackers: Reusing Cables
Your project needs a cable, and since USB-C cables are omnipresent now, it’s only natural to want to reuse them for your evil schemes. Ever seen USB 3.0 cables used for PCIe link carrying duty? It’s because USB 3.0 cables are built to a reasonably high standard, both sockets and cables are easy to find, and they’re cheap. Well, USB-C cables beat USB 3.0 cables by all possible metrics.
Let’s go through USB-C cable reuse in great detail, and see just what exactly you get when you buy either a gas station C-C USB 2.0 cable, or, the fanciest all-features-supported 240 W Thunderbolt cable that money can buy. Looking for a cable to cut, or something to pass a seriously high-speed link? You’re reading the right article.
The Omnipresent Cables
USB-A to USB-C cables are the least interesting. They’re equivalent to a microUSB to USB-A cable, except there’s a resistor on the USB-C plug, connected from VBUS to one of the CC pins. That’s it. The cable contains four conductors, there’s really not much new. Save these cables for all the devices still built without the 5.1 kΩ resistors.
Now, a USB-C to USB-C cable – let’s say, 60 W max, the default USB-C cable capability. If your cable says anything less than 60 W, say, “2 A” or “15 W”, that’s a lie – it can handle 60 W no problem, all USB-C to C cables can do 60 W. This cable is also cool – for one, it has five conductors; GND, VBUS, D+, D-, and CC. Two of them (GND and VBUS) are guaranteed to be thick enough to carry 3 A without much voltage drop if any, too!
What does this mean? If you need a five-wire cable to fix your headphones, and you want something solid, a USB-C cable is probably your best bet ever – and you have a ton of choice here. You will inevitably end up with a heap of broken USB-C cables, which means you’ll never be short of 5-conductor cables – the kind of cable that has always been kind of a rarity, unless you’re pilfering headphone cables for your projects.
What about 100 W to 240 W cables? There’s good news and bad news. Good news is, the cable is likely to contain six wires. One extra wire is for VCONN – power for the emarker chip inside the cable plug, a memory chip you can read over the CC line, letting the PSU know whether the cable is indeed capable of carrying over 5 A – required for the 61 W to 240 W range.
Bad news is – there could still be five wires, if the cable is built using the alternative scheme with two emarkers, one per plug. The VCONN wire won’t be present then, and there’s no way to know until you cut the wire apart, so if you’re looking for a six-wire cable, you might have to try a few different cables. Also, the VCONN wire doesn’t connect the two plugs together – it’s isolated at one end, so don’t expect it to help if you use USB-C sockets instead of cutting the cable.
Now, you don’t always want to cut the cable – you can use USB-C sockets and apply your custom five-wire scheme to them. An idea I hear often is using USB-C cables for 3D printer hotends. It makes sense – such cables can handle 60 W of power without breaking a sweat, and you could likely do a fair bit more. Put extruder power onto the VBUS and GND pins, and use the three wires left for a thermistor and a limit switch. But the cable and socket mechanicals might be a dealbreaker. If your extruder-powering cable vibrates out of the socket, you might end up with a high-resistance-contact high-current connection on your hands – a recipe for melted plastic and possibly flames. Try it at your own risk!
You also won’t be able to make such cable reuse standard-compliant, and such port won’t be safe for any USB-C devices someone might plug into it, so label it accordingly, please.
What About Voltages?
What about putting arbitrary voltages onto VBUS, without PD negotiation? Again, it won’t be standards-compliant unless you really put some effort in – mark your jury-rigged sockets and cables accordingly, or they will eat your devices for breakfast. Also, SPR (100 W) cables contain 30 V 10 nF capacitors at each plug end, and EPR cables contain 63 V ones – reach these limits at your own risk, those capacitors are known to fail short-circuit.
Another factor is if you decide to go for the 48 V / 5 A target while bypassing the USB-C standard, because 48 V support is not as simple as putting 48 V on VBUS. If you just put 48 V on the VBUS pins, you’ll really want to figure out spark management, so that suddenly unplugging the cable won’t burn either the plug or the socket or both – PD has ways to deal with that, but they do require you to actually implement PD, specifically, EPR, which brings a heap of safety guarantees due to exceeding the 20 V limit.
That’s about it when it comes to reusing the cheapest kinds of USB-C cables – you get an extra wire compared to previous USB standards, it can handle a fair bit more power, and you can even use USB-C sockets. However, it will kill your devices if you’re not careful, and you need to take extra care if you go over 25 V or so. What about if you want to get more wires and pull some differential pairs instead?
Up The Speed
Fully-featured USB-C cables and sockets are genuinely wonderful for pulling high-speed communications over them. They are built to a solid standard, with proper impedance controls, shielding, and a modern-day understanding of digital transmission standards. Now, what exactly do you get from a fully-featured USB-C cable?
Short answer is, you get six differential pairs, and one single-ended wire (CC), in addition to VBUS and GND. You might want to keep GND at a stable level here, and perhaps don’t mess too much with VBUS. There’s a ton you can do with these six diffpairs – two USB3 ports, or a PCIe x2 link, or two SATA, or HDMI, or CSI/DSI. You can even do Ethernet if you really want to – just don’t expect galvanic isolation to work.
There are nuances, of course! Ever see a teardown or an X-ray of a fancy fully-featured cable? There’s typically all sorts of ICs inside each plug. The first one is the emarker chip, and it’s a fun one to keep in mind. For a start, it will result in some ESD diodes between GND and CC – watch out, don’t bring CC below 0 V or above 5 V.
A second kind of IC is the signal re-driver, used in active cables. You have to provide power to these redrivers through either VBUS or VCONN, just like emarkers. If you don’t do it, your high-speed lines might just be unresponsive to any high-speed signal you apply to the pins.
What about rotation? That’s a tough one – unless your signal is very much like USB3/DisplayPort/Thunderbolt, you might not be able to find a suitable mux chip to rotate your signals. As such, you will likely want to stick to a single rotation and wire your signals directly. Then, if you plug in the cable in an unexpected way, it won’t work, so you should probably consider using the CC pin or the two SBU pins for lighting up LEDs. showing you whether you’re good, or whether you should unplug the cable, rotate it, and plug it back in, like in the good old days.
There’s one last thing you might care about. USB-C cables connect TX on one end to RX on another end, and vice-versa. This is nice for PCIe purposes, since it, too, flips pair naming at the connector. For any other signal, you’ll want to keep it in mind – RX1 won’t go to RX1 on the other end, it will go to TX1, and you’ll have to re-layout accordingly. Unfortunately, I’m not intimately familar with active cable inner workings – so, it’s hard for me to tell whether any active cable redriver chips would reject certain sorts of signaling, perhaps, signals that don’t match USB3, DisplayPort or Thunderbolt signaling types.
And One Last Hack
These are the basics of what you should know before you try and reuse a USB-C cable, no matter its complexity. That said, here’s an extra hack before we conclude!
Only one USB2 pair is actually connected at the USB-C cable end – the pair on the same side as the CC pin. My guess is, this was initially done to avoid stubs and cable plug PCB routing complications, as well as to accomodate standards like VirtualLink. Regretfully, we never got VirtualLink cables, which would allow us to use seven differential pairs at a time, but there is another hack we still get out of this!
What does this mean for you? If you use two USB2-grade 2:1 muxes, you can get two extra differential signals out of a fully-compliant USB socket, and they won’t even interfere with standard-compliant cables. Use this for SWD, JTAG, or whatever else, with your signals broken out through a custom plug – just make sure you dutifully switch the muxes depending on cable orientation, then you can keep your USB2 cake and eat it, too.
There’s Now a Wiki For Hacking Redbox Machines
With the rapidly evolving situation surrounding the Redbox vending machines still out in the wild, it’s about time somebody put together a Wiki to keep it all straight.
The unredbox wiki has information on the various different hardware revisions that Redbox put out into the wild, from the regular outdoor machines to the weird indoor blue variant. The site also has breakdowns on individual components. For example, it covers the computers inside the machines, built by Dell, Lenovo, and Premio, and bits and pieces like the DVD carousel and the modems used inside.
Basically, if you’re working with these machines and you don’t have a manual, this resource could help you out. As could the neat video below that shows the internals of a Redbox machine during the reloading process.
Whatever you do, though, don’t steal the kiosks. There’s folks handling that already, you’re not allowed to just walk up and haul them away. Check out our earlier coverage of people that are still out there renting from these machines, too.
youtube.com/embed/X7XRjBMUoh0?…
Blended Wing Body Passenger Airplanes and the End of Winged Tubes
Ask someone to picture an airplane and they’re likely to think of what is essentially a tube with wings and a stabilizing tail tacked onto one end of said tube. Yet it is also no secret that the lift produced by such a tube is rather poor, even if they’re straightforward for loading cargo (static and self-loading) into them and for deciding where to put in windows. Over the decades a number of alternative airplane designs have been developed, with some of them also ending up being produced. Here most people are probably quite familiar with the US Air Force’s B-2 Spirit bomber and its characteristic flying wing design, while blended wing body (BWB) maintains a somewhat distinctive fuselage, as with for example the B-1 Lancer.
Outside of military airplanes BWBs are a pretty rare sight. Within the world of passenger airplanes the tube-with-wings pattern that the first ever passenger airplanes adopted has persisted with the newest designs, making it often tricky to distinguish one airplane from another. This could soon change, however, with a strong interest within the industry for passenger-oriented BWBs. The reason for this are the significant boosts in efficiency, quieter performance and more internal (useful) volume, which makes airline operators very happy, but which may also benefit passengers.
With that said, how close are we truly to the first BWB passenger airplane delivery to an airline?
Heavier Than Air Aerodynamics
When regarding the first ever airplanes to make a successful powered flight, in particular the Wright Flyer, it’s notable where the focus was put in the design. The Wright Flyer doesn’t have much of a fuselage, but is mostly wing, along with some means for control by changing the shape of the wings (wing warping) in addition to the dual elevators and rudders. As an early attempt at controlled (powered) flight, it rather mimicked the way that birds control their flight by changing the shape of their wings.
As airplane designs evolved and saw explosive growth throughout World War I with practically weekly new designs, we saw the appearance of the now familiar design with a distinct fuselage and control scheme including wing-mounted ailerons and similar methods. Bi- and tri-planes gave way to monoplanes, and especially for passenger jets the tube fuselage ended up being extremely useful as a way to add more internal capacity by lengthening said tube or widen it (so-called wide-body jets).
Despite experiments with early BWBs such as the 1924 Westland Dreadnought prototype, 1938’s Miles M.30, 1944’s McDonnell XP-67 interceptor and Canadian Burnelli CBY-3, only these last two saw significant usage, albeit with the XP-67 failing US Army trials. The single CBY-3 airplane that was built did see significant use as a commercial airliner until its retirement in 1964 after which it was restored and moved into the collection of the New England Air Museum in Windsor Locks, Connecticut.
With seemingly an endless string of failures and one quite unremarkable non-military airplane resulting from BWB research by the 1960s, one might be excused for thinking that the BWB advantages are mostly hot air. Here the designs that began to appear by the 1970s began to turn heads, however.
Trade-offs
The advantages of blending the wings into the body are obvious: it first of all reduces the wetting surface (i.e. the wetting aspect ratio), meaning that there’s less of the airplane’s structure interacting with the atmosphere and thus less drag. Second, it makes it possible to turn more or all of the fuselage into part of the airfoil, and thus have it too generate lift. The disadvantages mostly lie in that it makes controlling the airplane more complex as you abandon the inherent aerodynamic stability of a tube. The more extreme examples of this issue are found in both flying wings and lifting body design.
A flying wing design such as the Northrop B-2 Spirit bomber is a purely fly-by-wire design, as only the lightning-fast reflexes of a computerized system can keep what is ultimately an inherently unstable aerodynamic shape stable. This is an approach which was pioneered for a large part in the Lockheed F-117 airplane, which got referred to in such loving terms as for example ‘the flying brick’ due to its rather poor aerodynamic properties.
The move from a tube to a blended wing design can be likened to creating arrows that abandon the cylindrical shape for a blended fletching design: you lose the natural stability (and radar cross-section) that comes with a cylinder-with-fletching. This is of course great if you are designing an agile jet fighter that has to pull off dramatic course changes, or a long-distance (stealth) bomber, but less great if you’re designing a passenger airplane. In a naturally risk-averse industry like commercial aviation, this has kept airplane designs roughly as exciting and innovative as when the Boeing 737 first rolled off the production line, with mostly incremental tweaks and improvements, including to the engines.
End Of The Road
Within the limitations of the tube-with-wings design incredible feats of optimizations have been performed over the decades, with each successive generation being a bit more efficient and their engines more quiet and easier on fuel consumption. New gains within these same limitations are however becoming increasingly harder and more expensive, while a commercial BWB jet liner could see multi-digit percentage fuel savings, increase space for cargo and passengers, while reducing the noise produced by the engines. All with just the first generation of such passenger airplanes.
Most of the fuel savings come simply from the reduced wetting area, and a boost to the airfoil ratio. Together with the ability to move the position of the engines and other tweaks, there is nothing about a passenger BWB airplane that’s truly groundbreaking or revolutionary. The main challenge will be to create an airplane that will both please organizations like the FAA and its international equivalents, and appeal to passengers. Here we have a number of startups and incumbents vying for the limelight, including Nautilus with its Horizon airplane, JetZero and Airbus, as well as NASA research projects like the N3-X BWB.
Of these efforts, the Airbus MAVERIC BWB is a scale model UAV that Airbus used to test and validate the basic BWB design, until 2020 to help design its next-generation airplanes. The Nautilus Horizon is roughly at this level too, with the 2016-founded company working towards building a first full-scale prototype. Meanwhile JetZero got picked by the US Air Force to work on BWB designs for cargo and in-air refueling tankers, which has them cooperating with Northrop Grumman on a full-scale model to demonstrate that is the direction that the US Air Force would want to move into.
Suffice it to say that tapping into the US defense budget is not a bad way to finance a startup, with the know-how and experiences translating into commercial cargo and passenger BWB airplanes. Currently the JetZero Pathfinder 1:8 scale model is test flying at Edwards Air Force Base, with JetZero hoping to have a passenger airplane in service by 2030.
New Skies
Passenger BWB airplanes would be both something very new and exciting, but also very old-school. In a way it would see the commercial aviation market hesitantly abandon the designs that it has been perfecting roughly since Douglas DC-3 propeller airplanes roamed the skies in the 1930s. From new construction methods, new materials, jet engines instead of propellers, to big boosts in efficiency and automation, today’s commercial aviation is both alien and very familiar to that of the 1930s and 1950s.
Even as military airplanes began to morph into new shapes and experiment with pushing every single envelope they could find, commercial aviation became more concerned with not spending money while being dragged by regulators into an era of increased safety and efficiency even as leg space and carry-on luggage size decreased. Now it would seem that, perhaps ironically, the only way forward for commercial aviation is to look at designs that have long since been adopted by air forces.
While for cargo variants of commercial BWB airplanes the question of seating arrangements and windows aren’t very relevant, perhaps the biggest fight will be over how to partition up the much larger inner volume for self-loading freight (i.e. passengers), as SLF is rather partial to having access to a window, an aisle, as much leg space as possible and other such critter comforts. In this 2020 article about the Airbus MAVERIC scale model some sci-fi renders of potential interiors are shown, but as the first BWB passenger airplanes get shown off by the airlines that ordered them, there will surely be very strong opinions by the peanut gallery about whether flying tubes or BWB airplanes are ‘better’.
One thing is certain, however, with the current crisis enveloping Boeing and their lagging behind on fulfilling new airplane orders, if there ever was a decade ripe for big shifts in commercial aviation, this one might just be it. For now all we can do is strap ourselves in and see where things will be in six years or so from now.
Featured image: Rendering of a JetZero blended wing body aircraft with US Air Force markings. (Credit: US Air Force)
Zyxel sotto Attacco: Come il Ransomware Helldown Sfrutta la Falla nei Dispositivi VPN
È stato scoperto il ransomware Helldown che penetra nelle reti aziendali attraverso le vulnerabilità dei firewall Zyxel. Helldown è stato descritto per la prima volta dagli analisti di Cyfirma nell’estate del 2024 e in ottobre i ricercatori di Cyberint hanno parlato del suo lavoro.
Ora gli esperti Sekoia, che hanno studiato i recenti attacchi di Helldown, hanno dedicato un rapporto anche alla nuova minaccia. Secondo loro, questo ransomware non è uno dei principali attori nel “mercato” dell’estorsione, ma sta rapidamente guadagnando slancio e sul sito web degli aggressori compaiono messaggi su nuove vittime.
All’inizio di novembre 2024 sul sito web degli aggressori sono state pubblicate informazioni su 31 vittime. La maggior parte delle vittime erano piccole e medie imprese degli Stati Uniti e dei paesi europei. Ora il loro numero è sceso a 28, il che potrebbe indicare che alcune delle vittime hanno pagato un riscatto agli hacker.
È noto che la variante Linux del ransomware prende di mira i file VMware e contiene codice per elencare e spegnere le macchine virtuali, oltre a crittografare le immagini. Tuttavia questa funzionalità è abilitata solo parzialmente poiché il malware è ancora in fase di sviluppo.
La versione di Helldown per Windows, secondo gli esperti Sekoia, si basa sulle fonti trapelate del ransomware LockBit 3 e presenta anche somiglianze con i malware Darkrace e Donex. Tuttavia, sulla base dei dati disponibili, non è stato possibile stabilire collegamenti esatti tra queste famiglie di malware.
Allo stesso tempo, gli esperti scrivono che il ransomware non sembra particolarmente avanzato. Ad esempio, utilizza file batch per completare le attività, il che significa che questa funzionalità non è integrata nel malware stesso.
Va inoltre notato che gli operatori di Helldown non sono troppo selettivi quando si tratta di furto di dati e pubblicano immediatamente grandi dump sul loro sito Web (in un caso la perdita ha raggiunto 431 GB).
Sulla base di questi dati, gli esperti Sekoia suggeriscono che Helldown può sfruttare la vulnerabilità CVE-2024-42057 associata all’iniezione di comandi nella VPN IPSec. Questo bug consente a un utente malintenzionato non autenticato di eseguire comandi inviando un nome utente falso (l’attacco avrà successo solo se il dispositivo è configurato per l’autenticazione PSK basata sull’utente e il nome utente è più lungo di 28 caratteri).
La vulnerabilità è stata risolta nella versione firmware 5.39 all’inizio di settembre di quest’anno. Poiché i dettagli sullo sfruttamento del problema non sono ancora stati resi pubblici, i ricercatori ritengono che gli autori di Helldown potrebbero avere accesso a exploit privati di n-day.
L'articolo Zyxel sotto Attacco: Come il Ransomware Helldown Sfrutta la Falla nei Dispositivi VPN proviene da il blog della sicurezza informatica.
Measuring the Mighty Roar of SpaceX’s Starship Rocket
SpaceX’s Starship is the most powerful launch system ever built, dwarfing even the mighty Saturn V both in terms of mass and total thrust. The scale of the vehicle is such that concerns have been raised about the impact each launch of the megarocket may have on the local environment. Which is why a team from Brigham Young University measured the sound produced during Starship’s fifth test flight and compared it to other launch vehicles.
Published in JASA Express Letters, the paper explains the team’s methodology for measuring the sound of a Starship launch at distances ranging from 10 to 35 kilometers (6 to 22 miles). Interestingly, measurements were also made of the Super Heavy booster as it returned to the launch pad and was ultimately caught — which included several sonic booms as well as the sound of the engines during the landing maneuver.
The paper goes into considerable detail on how the sound produced Starship’s launch and recovery propagate, but the short version is that it’s just as incredibly loud as you’d imagine. Even at a distance of 10 km, the roar of the 33 Raptor engines at ignition came in at approximately 105 dBA — which the paper compares to a rock concert or chainsaw. Double that distance to 20 km, and the launch is still about as loud as a table saw. On the way back in, the sonic boom from the falling Super Heavy booster was enough to set off car alarms at 10 km from the launch pad, which the paper says comes out to a roughly 50% increase in loudness over the Concorde zooming by.
OK, so it’s loud. But how does it compare with other rockets? Running the numbers, the paper estimates that the noise produced during a Starship launch is at least ten times greater than that of the Falcon 9. Of course, this isn’t hugely surprising given the vastly different scales of the two vehicles. A somewhat closer comparison would be with the Space Launch System (SLS); the data indicates Starship is between four and six times as loud as NASA’s homegrown super heavy-lift rocket.
That last bit is probably the most surprising fact uncovered by this research. While Starship is the larger and more powerful of the two launch vehicles, the SLS is still putting out around half the total energy at liftoff. So shouldn’t Starship only be twice as loud? To try and explain this dependency, the paper points to an earlier study done by two of the same authors which compared the SLS with the Saturn V. In that paper, it was theorized that the arrangement of rocket nozzles on the bottom of the booster may play a part in the measured result.
La NIS2 applicata con esempi pratici – Parte 1
A cura diManuel Roccon e Matteo Brandi
Se i criminali informatici non dormono mai, anche le normative sulle sicurezza informatica si muovono. Ormai la direttiva NIS2, recepita con il Decreto Legislativo 138 del 4 settembre 2024, si è messa in moto. Con la NIS2, la nuova direttiva europea per la sicurezza informatica, le aziende devono prendere sul serio la protezione dei dati e garantire la business continuity e rispetto alla NIS questa si estende anche alla loro supplychain.
Noi con elmetto e piccone (sicurezza first!) abbiamo scavato a fondo nella NIS2 per portarvi solo le pepite d’oro: quei punti che riteniamo fondamentali per proteggere la tua azienda contro i criminali informatici applicando la norma.
Caro lettore, due avvertimenti però:
- Non troverai se la tua azienda ricade o meno nella direttiva, per quello c’è articolo di Sandro Sana
- Non troverai una analisi degli obblighi di comunicazione e/o iscrizione a piattaforme varie
- La NIS2 comprende anche la sicurezza fisica, i disastri ambientali e la mancanza di connettività e di energia elettrica.Mancano solo le cavallette. Noi ci siamo concentrati sul cyber. Per un gruppo elettrogeno, provvedi da solo.
- Questa è la nostra interpretazione pratica della norma, con alcuni (piccoli e pochi ma importanti) esempi applicati realmente.
Per una applicazione pratica della NIS2, il pilastro principale è l’articolo è l’art.21, in particolare nel paragrafo 2, i cui concetti sono riportati anche nell’art.24 del decreto di recepimento (DLGS 138 del 4 Settembre 2024).
Abbiamo diviso questo articolo in due parti, in questo pezzo ci dedicheremo ad approfondire fino al punto e del art. 21 del NIS2.
Articolo 21 NIS2
eur-lex.europa.eu/legal-conten…
DLGS 138 art 24
gazzettaufficiale.it/eli/id/20…
Andiamo a vederli nel dettaglio:
Politiche di analisi dei rischi e di sicurezza dei sistemi informatici
Pensare che la protezione dei sistemi aziendali consista solo in firewall e antivirus potrebbe essere l’errore numero uno. Certo, fanno parte del quadro, ma non sono la soluzione completa. Le politiche di sicurezza informatica vanno molto più in profondità: devono valutare tutti i punti deboli di un’azienda e aggiornarsi costantemente.
Ad esempio, hai mai considerato che un dipendente non formato può diventare il miglior alleato dei criminali informatici? Basta una email di phishing cliccata senza pensarci troppo.
Inoltre quanto sono importanti i tuoi dati se finissero in mani sbagliate? Molto importanti anche i sistemi DLP che monitorano e mitigano la esfiltrazione dei dati, come il blocco delle chiavette o altri supporti di memorizzazione esterni così da evitare che vengano copiati dati e portati via e/o dimenticati in giro. Possono essere create anche regole per tipologia di documento o contenuto, in modo da bloccare questi quando vengono caricati anche in internet (es. un impiegato infedele che esegue upload su qualche drive online).
È per questo che l’analisi dei rischi è fondamentale: significa mappare ogni vulnerabilità, anticipare possibili scenari e sapere come reagire. Una buona analisi dei rischi non solo individua i punti critici ma ti aiuta a distribuire meglio le risorse per la difesa, concentrando l’attenzione dove serve di più.
Sembra un foschia impenetrabile? Un faro c’è e si chiama ISO 27001. L’ISO 27001 è il sistema di gestione della sicurezza informatica che mette ordine nella tua azienda, stabilendo standard chiari su come proteggere i dati e minimizzare i rischi di attacchi informatici. Con un approccio strutturato e una protezione continua, questo strumento potente ti aiuta a chiudere le porte ai criminali informatici.
link redhotcyber.com/post/cosa-si-i…
Gestione degli incidenti
Quando i criminali informatici colpiscono, non c’è tempo per tentennamenti o “la prossima volta andrà meglio”. La tua azienda è sotto attacco e senza un piano solido, rischi di vedere tutto andare in fumo. La gestione degli incidenti informatici è la tua unica ancora di salvezza: un set di strategie per reagire all’impatto devastante di attacchi, violazioni e perdite di dati.
Quanti piani servono? Fondamentalmente due: il Disaster Recovery Plan ed il Response Plan. Vediamoli.
Disaster Recovery Plan
Un disaster recovery plan non è solo un elenco di cose da fare, ma una strategia solida che garantisce che ogni dato, file o sistema critico sia protetto e ripristinabile.
Il piano deve prevedere eventi come:
- Attacchi da criminali informatici
- Guasti ai PC
- Incendi
- Alluvioni
- Furti
- Smarrimenti
- Terremoti
- Strategie di backup
- Mancanza di energia elettrica
- Mancanza di connettività ad internet
Un piano di ripristino da disastro deve avere come minimo queste informazioni:
- Dati di contatto (chi devo chiamare)
- Calcolo del danno stimato
- Piano di recupero delle attività (come si risolve)
- Piano di continuità aziendale (come si continua nel mentre)
- Copie dei contratti ed accordi in essere
- Piano di esercitazione (una volta scritto, va testato per farlo conoscere a tutti)
- Lista dei sistemi e dati critici
- Lista degli obblighi normativi da rispettare
- Strategia comunicativa per i clienti e gli organi di stampa
Ovviamente non deve rimanere “lettera morta”, deve essere testato, corretto e ti devi assicurare tutti abbiamo compreso quale è il proprio ruolo.
La strategia comunicativa non è un punto da sottovalutare. In base a quello che si dice e come lo si comunica, la situazione, che già non è rosea, peggiora drammaticamente se lo si fa in modo errato. Avere comunicati studiati e preparati in anticipo, è il modo per non fare ulteriori danni.
Se ti serve un template lo trovi qui: https://www.microfocus.com/media/unspecified/disaster_recovery_planning_template_revised.pdf
Response Plan
Il response plan è il fratello del disaster recovery, ma più immediato, pronto all’azione. Serve quando un criminale informatico fa il primo passo e sei già nel pieno dell’incidente. Questo piano ha un obiettivo semplice: contenere, limitare i danni e, se possibile, bloccare l’attacco. I punti cardine sono:
- Preparazione (preparation)
- Identificazione (identification)
- Contenimento (containment)
- Eradicazione (eradication)
- Recupero (recovery)
- Lezione imparata (lesson learned)
Preparazione: tanto banale quanto fondamentale ma anche disattesa: essere preparati. Tutto qui.
Identificazione: riconoscere l’evento che dovrebbe essere classificato come incidente informatico.
Contenimento: isolare l’incidente e non consentire che si propaghi.
Eradicazione: risolvere il problema.
Ripristino: Riparare i sistemi compromessi, recuperare i dati e far ripartire le attività interrotte durante l’incidente.
Lezione appresa: È la parte più importante. È un documento dove si descrive l’accaduto, le procedure adottate, quello che ha funzionato ma soprattutto quello che non ha funzionato.
Se non tieni traccia del passato, è difficile pianificare il futuro.
Continuità operativa, gestione del backup, ripristino in caso di disastro e gestione delle crisi
Il punto focale della normativa è la continuità operativa. La norma prevede di minimizzare e ridurre il più possibile gli effetti di un Cyber attacco nella business continuity sia sulla tua attività che sulla catena di fornitura.
Cosa di più importante di un backup per ripristinare i dati in caso di compromissione? In particolare che sia certo di riuscire a ripristinarli in tempo accettabile, anzi mi fermerei prima di riuscire a ripristinarli.
E’ di fondamentale importanza valutare bene che i nostri backup siano robusti, affidabili e inattaccabili dalle minacce informatiche e possano essere ripristinati in tempi certi e accettabili compatibili con il proprio business e quello dei nostri processi aziendali.
Come ad esempio eseguire la regola del 3-2-1 in cui utilizzare 3 copie su 2 tipologie di supporto di diverso, di cui uno offsite, che di recente, con l’aiuto delle nuove tecnologie, si è evoluto in 3-2-1-1-0, aggiungendo l’immutabilità del dato. Lo 0 finale poi sta a significare che il sistema riesca a verificare che ci siano 0 errori, così da essere sicuro che quando servono i backup, siano usabili al 100%.
Ma la tecnologia non basta. Occorre una valutazione dei tempi di RTO e RPO per valutare bene la quantità accettabile di dati che possa essere persa dall’ultimo backup ed i tempi di ripristino che siano allineati con il business dell’azienda. Considerare inoltre di tenere un numero sufficientemente di backup per non rischiare che quelli creati non siano tutti compromessi da un infezione presente sui sistemi da molto tempo!
Molti non lo considerano, ma un backup incrementale tradizionale compresso e cifrato di qualche TB in una rete, potrebbe essere ripristinabile in 1 o 2 giornate, ma per comprendere bene questo tempo è necessario fare dei test di cui parleremo tra poco…
Parliamo dei famosi backup in cloud.
“Sono tranquillo, ho il backup in cloud inattaccabile”.
Ok tutto bello e magari anche vero, ma quanto tempo ci vuole per ripristinarlo con la tua linea da 10mb/s Tera e Tera di dati? Forse è meglio pensare di andare a prenderli in bicicletta… il tuo provider ti permette di far avere i dati in tempi accettabili? Una tecnologia iperconvergente (HCI), per esempio, impiegherebbe poche decine di minuti per ripristinare i dati nel virtual storage di un’intera organizzazione.
Quindi la domanda è: le tue tecnologie attuali sono corrette e soddisfacenti per soddisfare la tua business continuity? Smarcato il piano tecnico, inoltre, sono fondamentali le esercitazioni e i test di ripristino periodici per verificare nel piano pratico che tutto funzioni. E’ necessario scrivere un documento che evidenzi cosa fare in caso di disastro, cosa iniziare a ripristinare prima in accordo con il business.
Piano che dovrebbe essere già presente per i guasti hardware, da integrare per quelli cyber, inserendo anche quelli di natura cyber.
Il famoso Disaster Recovery Plan
Finché facciamo i test interni in totale tranquillità andrà sempre tutto bene, pensiamo a un Lunedì mattina quando scopriamo che i sistemi siano totalmente offline e oltre a ripristino dei sistemi dobbiamo coordinare i vari fornitori, i clienti, la comunicazione con l’esterno, i vari reparti per arrivare al DPO in conformità alle normative vigenti in caso di data breach.
Tanto per la legge di Murphy queste cose succedono o il Venerdì sera con la variante del Sabato oppure il Lunedì mattina. In queste situazioni senza una linea da adottare ben definita il panico è assicurato e così anche la capacità di prendere scelte lucide e ponderate è seriamente compromessa.
Per cui è necessario aver già definito i possibili scenari e tutti gli step per arrivare al ripristino totale, a istituire un unità di crisi con delle persone ben identificate assieme a procedure e checklist ben definite. Nulla deve essere lasciato al caso in queste situazioni. Ne abbiamo già parlato in “Gestione degli incidenti” ma…repetita juvant!
Sicurezza della catena di approvvigionamento, compresi aspetti relativi alla sicurezza riguardanti i rapporti tra ciascun soggetto e i suoi diretti fornitori o fornitori di servizi
Nella NIS 2 aspetti relativi alla sicurezza non riguardano solo soggetti direttamente impattati, ma si estende anche alla catena di fornitura. Una particolarità: il soggetto coinvolto è responsabile (pecuniariamente) di verificare che la NIS2 venga applicata nella sua catena (situazione un po’ complicata). In poche parole i fornitori di soggetti che entrano nella NIS2, devo aver messo in pratica le raccomandazioni principali per non impattare sui clienti in caso di incidente informatico.
Questo per due motivi. Il primo è che la compromissione di un fornitore possa impattare il suo diretto cliente e bloccarne operatività. Pensiamo a un fornitore IT con i dati di accesso dei clienti che viene compromesso: il passaggio ai propri clienti potrebbe essere molto rapido. L’altro aspetto riguarda la continuità operativa: un blocco di un fornitore potrebbe impattare sull’operatività dei propri clienti con conseguente blocco della produzione.
Possiamo avere un quadro più chiaro leggendo il regolamento di esecuzione della Commissione Europea della normativa al punto 5.
eur-lex.europa.eu/legal-conten…
Il testo spiega che dovresti accertarti di verificare che la tua catena di fornitura abbia adottato i requisiti minimi per difendere se stessa e i suoi clienti.
Quindi cosa posiamo fare?
Leggendo il decreto attuativo della Commissione Europea per la direttiva 2022/2555 (NIS2), che risulta ancora in consultazione pubblica, si intravede la possibilità che nel caso in cui il fornitore non riesca a dare garanzie sulla propria sicurezza informatica, questa possa essere gestita dal cliente stesso.
Vi è mai capitato di trovare delle vulnerabilità sui software che un fornitore vi sviluppa o fornisce? Succede spesso trovarsi di fronte a un muro di gomma quando chiediamo di riconoscere la vulnerabilità sistemarla oppure chiedere delle ulteriori misure di sicurezza non previste, esempio l’implementazione del MFA. Cose sicuramente che ai fornitori costa tempo e denaro implementare….
Quindi si pone l’opzione di revisione dei contratti con i fornitori (come suggerito dal punto 5.1.4) aggiungendo per esempio delle SLA sulla risoluzione di segnalazioni incluse anche penali o rescissione del contratto. Potrebbe essere necessario verificare il background di fornitori (hanno già subito databreach in passato?) e i suoi dipendenti oltre ad obblighi di far pervenire delle prove di audit, come penetration test o vulnerability assessment fatti regolarmente sui sistemi e software dei fornitori.
Un ulteriore approfondimento di Sandro Sana qui (redhotcyber.com/post/enisa-avv…)
Sicurezza dell’acquisizione, sviluppo e della manutenzione dei sistemi informatici e di rete, compresa la gestione delle vulnerabilità
Sicuramente il legislatore vuole software più sicuri. Come? I casi sono così tanti che non se ne può fare un elenco. Devono essere più sicuri.
Inoltre il decreto legislativo di recepimento il quale all’art.27 al comma 1 recita: “L’Autorità nazionale competente NIS,[…], può imporre ai soggetti essenziali e ai soggetti importanti di utilizzare categorie di prodotti TIC, servizi TIC e processi TIC, di cui, rispettivamente, all’articolo 2, comma 1, lettere ff), gg) e hh), sviluppati dal soggetto essenziale o importante o acquistati da terze parti, che siano certificati nell’ambito dei sistemi europei di certificazione della cybersicurezza di cui all’articolo 49 del regolamento (UE)”
Mentre il citato articolo 49 del regolamento UE 2019/881 dice: “Strategie efficaci in materia di cibersicurezza dovrebbero essere basate su buoni metodi di valutazione dei rischi, sia nel settore pubblico che in quello privato. I metodi di valutazione dei rischi sono utilizzati a diversi livelli, e non esiste una prassi comune per quanto riguarda le modalità per una loro applicazione efficiente. […]”
Ma allora??
Ci illumina il comma 2 dell’art.27 del decreto di recepimento: “Nelle more dell’adozione di pertinenti sistemi europei di certificazione della cybersicurezza di cui all’articolo 49 del regolamento (UE) 2019/881, l’Autorità nazionale competente NIS, secondo le modalita’ di cui all’articolo 40, comma 5, puo’ imporre ai soggetti essenziali e ai soggetti importanti di utilizzare categorie di prodotti TIC, servizi TIC e processi TIC, sviluppati dal soggetto essenziale o importante o acquistati da terze parti, che siano certificati nell’ambito di schemi di certificazione riconosciuti a livello nazionale o europeo.”
Qui ci viene in soccorso l’art. 58 della NIS2 che cita le ISO/IEC 30111 e ISO/IEC 29147 che “forniscono orientamenti sulla gestione delle vulnerabilità e sulla divulgazione delle vulnerabilità” mentre l’art.79 “[…] Le misure di gestione dei rischi di cibersicurezza dovrebbero pertanto affrontare anche la sicurezza fisica e dell’ambiente dei sistemi informatici e di rete includendo misure volte a proteggere detti sistemi da guasti del sistema, errori umani, azioni malevole o fenomeni naturali, in linea con le norme europee e internazionali, come quelle di cui alla serie ISO/IEC 27000”
Prima di aprire il portafoglio per l’acquisto di un software, ti dovrai sincerare sia su come viene gestita la sicurezza dello stesso che sulle clausole contrattuali per la gestione e la risoluzione delle vulnerabilità scoperte lungo il cammino. Per chi sviluppa software poi, diventa una pratica molto consigliabile quella di far fare i test di sicurezza a soggetti che non abbiano preso parte allo sviluppo: quasi sempre più guardi il codice e meno vedi. Un paio di occhi freschi spesso sono la soluzione.
Speriamo che fin qui questi spunti ti siano stati utili, nel prossimo articolo tratteremo i rimanenti punti del art. 21 f, g, h, i, j della direttiva.
L'articolo La NIS2 applicata con esempi pratici – Parte 1 proviene da il blog della sicurezza informatica.
Simple Hydrogen Generator Makes Bubbles and Looks Cool
Hydrogen! It’s a highly flammable gas that seems way too cool to be easy to come by. And yet, it’s actually trivial to make it out of water if you know how. [Maciej Nowak] has shown us how to do just that with his latest build.
The project in question is a simple hydrogen generator that relies on the electrolysis of water. Long story short, run a current through water and you can split H2O molecules up and make H2 and O2 molecules instead. From water, you get both hydrogen to burn and the oxygen to burn it in! Even better, when you do burn the hydrogen, it combines with the oxygen to make water again! It’s all too perfect.
This particular hydrogen generator uses a series of acrylic tanks. Each is fitted with electrodes assembled from threaded rods to pass current through water. The tops of the tanks have barbed fittings which allow the gas produced to be plumbed off to another storage vessel for later use. The video shows us the construction of the generator, but we also get to see it in action—both in terms of generating gas from the water, and that gas later being used in some fun combustion experiments.
Pedants will point out this isn’t really just a hydrogen generator, because it’s generating oxygen too. Either way, it’s still cool. We’ve featured a few similar builds before as well.
youtube.com/embed/zlCg-qMO9ck?…
INPS Servizi colpita da un Ransomware riporta QuAS. Ma il silenzio è assordante!
“Il mesto mietitore ha, talvolta, non una falce tra le mani, ma una tastiera sotto le dita.” Agostino Pellegrino.
Un aforisma che, nella sua crudezza, coglie l’essenza di una realtà sempre più pressante: la sicurezza informatica, specialmente quando riguarda enti pubblici di primaria importanza, non può essere sottovalutata.
Nella giornata di ieri, sul sito della QuAS (Cassa Assistenza Sanitaria Quadri), è apparso un messaggio all’ingresso del loro sito web che riporta quanto segue:
Avviso: Attacco Informatico al fornitore Inps Servizi – Attività a Tutela degli Iscritti
Il 19/11/24 Inps Servizi, che fornisce a QuAS i dati cumulativi dei contributi versati dalle Aziende con modello F24, ha comunicato di aver subito un attacco informatico di tipo ransomware in data 18 novembre 2024.
Precisiamo che i dati che Inps Servizi gestisce per QuAS sono unicamente relativi al totale dei contributi versati da ciascuna Azienda, senza nessun dettaglio relativo ai singoli iscritti.
L’evento non è in alcun modo riconducibile a QuAS, ma riguarda esclusivamente i sistemi di Inps Servizi e non ha avuto nessun effetto sui sistemi informatici di QuAS.
QuAS si è prontamente attivata per informare il Garante per la protezione dei dati personali e rispettare tutti gli obblighi di legge a tutela degli iscritti.
Grazie per la comprensione e la fiducia.
Sembrerebbe quindi che INPS Servizi in data 18 novembre 2024 abbia subito un attacco ransomware e abbia comunicato a QuAD che utilizza i suoi servizi l’incidente informatico. QuAD precisa che “L’evento non è in alcun modo riconducibile a QuAS, ma riguarda esclusivamente i sistemi di Inps Servizi e non ha avuto nessun effetto sui sistemi informatici di QuAS.”
Chi INPS Servizi
INPS Servizi S.p.a. (così si legge sul loro sito internet raggiungibile attraverso il capture della wayback machine) è una società per azioni in house providing interamente partecipata da INPS, sorta in data 11 giugno 2021 a seguito della modifica di denominazione, oggetto sociale e Statuto di Italia Previdenza SISPI S.p.a..
Tali modifiche sono state disposte sulla base delle previsioni contenute nell’art. 5bis del decreto legge 101/2019, convertito con modificazioni dalla legge 128/2019, con il quale è stato previsto l’affidamento ad INPS Servizi S.p.a. delle attività di Contact center multicanale (CCM) verso l’utenza dell’Istituto previdenziale e la prosecuzione delle attività che già costituivano l’oggetto sociale di Italia Previdenza SISPI S.p.a., che era stata costituita nel 2001, con il compito di fornire prodotti\servizi amministrativo-contabili, in particolare per la riscossione dei contributi e di erogazione delle prestazioni dei Fondi di previdenza complementare e integrativa e servizi di ricerca e consulenza per il mercato dell’area della previdenza e assistenza in genere.
Il sito web di INPS Servizi è Offline
Al momento in qui scriviamo (mercoledì 21/11/2024 alle 07:12) il sito di INPS Servizi risulta offline, come mostrano le print screen successive.
Sempre all’interno della sezione “chi siamo” di INPS Servizi viene riportato che l’azienda si occupa di:
- attività finalizzate alla liquidazione, in favore dei dipendenti di Poste Spa, delle buonuscite maturate fino al 28 febbraio 1998, data di trasformazione dell’Ente Poste in società per azioni, che sono materialmente erogate dalla Gestione Commissariale Fondo Buonuscita per i lavoratori di Poste Italiane S.p.a.;
- fornitura dei dati contenuti nei flussi F24 ed Uniemens, insieme con altri servizi amministrativi, necessari agli enti bilaterali per l’acquisizione dei contributi e per le altre finalità istituzionali previste dalla contrattazione collettiva in favore di lavoratori dipendenti dalle aziende che applicano i CCNL di categoria;
Con un ruolo così cruciale, INPS Servizi rappresenta un pilastro nella gestione dei dati sensibili di milioni di cittadini italiani, rendendola un obiettivo di alto valore per i cyberattacchi. L’evento non ha trovato spazio né sulla stampa nazionale né in comunicazioni ufficiali.
La lezione mancata
La sicurezza informatica degli enti pubblici italiani deve affrontare una transizione culturale.
Non si tratta solo di installare sistemi di difesa, ma di creare un ecosistema in cui la trasparenza e il coinvolgimento dei cittadini diventino principi fondanti.
INPS Servizi ha il dovere di comunicare con chiarezza, non solo per rispettare la legge, ma anche per trasparenza verso i cittadini. In un mondo in cui il “mietitore digitale” colpisce silenziosamente, è responsabilità delle istituzioni assicurarsi che nessuna tastiera, per quanto pericolosa, rimanga nell’ombra.
La fiducia dei cittadini verso le istituzioni passa non solo dall’efficienza dei servizi, ma anche dalla capacità di proteggere i dati e di affrontare con trasparenza le crisi. Gli incidenti di sicurezza informatica, specialmente quando coinvolgono realtà come INPS Servizi, non possono essere trattati come episodi marginali.
L'articolo INPS Servizi colpita da un Ransomware riporta QuAS. Ma il silenzio è assordante! proviene da il blog della sicurezza informatica.
Simple Stack of Ferrites Shows How Fluxgate Magnetometers Work
Have you ever wondered how a magnetometer works? We sure have, which was why we were happy to stumble upon this article on simple homebrew fluxgate magnetometers.
As [Maurycy] explains, clues to how a fluxgate magnetometer works can be found right in the name. We all know what happens when a current is applied to a coil of wire wrapped around an iron or ferrite core — it makes an electromagnet. Wrap another coil around the same core, and you’ve got a simple transformer.
Now, power the first coil, called the drive coil, with alternating current and measure the induced current on the second, or sense coil. Unexpected differences between the current in the drive coil and the sense coil are due to any external magnetic field. The difference indicates the strength of the field. Genius!
For [Maurycy]’s homebrew version, binocular ferrite cores were stacked one on top of each other and strung together with a loop of magnet wire passing through the lined-up holes in the stack. That entire assembly formed the drive coil, which was wrapped with copper foil to thwart eddy currents. The sense coil was made by wrapping another length of magnet wire around the drive coil package; [Maurycy] found that this orthogonal of coils worked better than an antiparallel coil setup at reducing interference from the powerful drive coil field.
Driving the magnetometer required adding a MOSFET amp to give a function generator a little more oomph. [Maurycy] mentions that scope probes will attenuate the weak sense coil current, so we assume that the sense coil output goes right into the oscilloscope via coax. Calibrating the instrument was accomplished with a homebrew coil and some simple calculations.
This was a great demo of magnetometry methods and some of the intricacies of measuring weak fields with simple instruments. We’ve covered fluxgate magnetometer basics before and even talked about how they made pre-GPS car navigation possible.
Stepping On LEGO For Science
You might say that the worst LEGO to step on is any given piece that happens to get caught underfoot, but have you ever thought about what the worst one would really be? For us, those little caltrops come to mind most immediately, and we’d probably be satisfied with believing that was the answer. But not [Nate Scovill]. He had to quantitatively find out one way or another.
And how did [Nate] narrow down which pieces to try? He took to the proverbial streets and asked redditors and Discordians to help him come up with a list of subjects.
If you love LEGO to the point where you can’t bear to see it destroyed, then this video is not for you. But if you need to know the semi-scientific answer as badly as we did, then go for it. The best part is round two, when [Nate] makes a foot out of ballistics gel to rate the worst from the first test. So, what’s the worst LEGO to step on? The answer may surprise you.
And what’s more dangerous than plain LEGO? A LEGO Snake, we reckon.
youtube.com/embed/smpxDVEPb-A?…
A Tube Stereo Amplifier, From Scratch
A conventional tube amplifier has a circuit whose fundamentals were well in place around a hundred years ago, so there are few surprises to be found in building one today. Nevertheless, building one is still a challenge, as [Mike Freda shows us with a stereo amplifier in the video below the break.
The tubes in question are the 12AU7 double triode and 6L6 tetrode, in this case brand new PSVANE parts from China. The design is a very conventional single-ended class A circuit, with both side of the double triode being used for extra gain driving the tetrode. The output uses a tapped transformer with the tap going to the other grid in the tertode, something we dimly remember as being an “ultra-linear” circuit.
There’s an element of workshop entertainment in the video, but aside from that we think it’s the process of characterising the amp and getting its voltages right which is the take-away here. It’s not something many of us do these days, so despite the apparent simplicity of the circuit it’s worth a look.
These modern tubes come from a variety of different sources, we’ve attempted to track them down in the past.
youtube.com/embed/zx6BmNJ8dFY?…