Salta al contenuto principale

PoE-powered GPIB Adapter with Ethernet and USB-C Support


In the world of (expensive) lab test equipment the GPIB (general purpose interface bus) connection is hard to avoid if you want any kind of automation, but nobody likes wrangling with the bulky cables and compatibility issues when they can just use Ethernet instead. Here [Chris]’s Ethernet-GPIB adapter provides an easy solution, with both Power over Ethernet (PoE) and USB-C power options. Although commercial adapters already exist, these are rather pricey at ~$500.

Features of this adapter include a BOM total of <$50, with power provided either via PoE (802.3af) or USB-C (5V-only). The MCU is an ATmega4809 with the Ethernet side using a Wiznet W5500 SPI Ethernet controller. There is also a serial interface (provided by a CH340X USB-UART adapter), with the firmware based on the AR488 project.

The adapter supports both the VXI-11.2 and Prologix protocols, though not at the same time (due to ROM size limitations). All design documents are available via the GitHub repository, with the author also selling assembled adapters and providing support primarily via the EEVBlog forums.


hackaday.com/2025/05/10/poe-po…


Web Dashboard and OTA Updates for the ESP32


Mongoose Wizard new project dialog.

Today we are happy to present a web-based GUI for making a web-based GUI! If you’re a programmer then web front-end development might not be your bag. But a web-based graphical user interface (GUI) for administration and reporting for your microcontroller device can look very professional and be super useful. The Mongoose Wizard can help you develop a device dashboard for your ESP32-based project.

In this article (and associated video) the Mongoose developers run you through how to get started with their technology. They help you get your development environment set up, create your dashboard layout, add a dashboard page, add a device settings page, add an over-the-air (OTA) firmware update page, build and test the firmware, and attach the user-interface controls to the hardware. The generated firmware includes an embedded web server for serving your dashboard and delivering its REST interface, pretty handy.

You will find no end of ESP32-based projects here at Hackaday which you could potentially integrate with Mongoose. We think the OTA support is an excellent feature to have, but of course there are other ways of supporting that functionality.

youtube.com/embed/nUwmnySG-FI?…

Thanks to [Toly] for this tip.


hackaday.com/2025/05/10/web-da…


Qilin domina le classifiche del Ransomware! 72 vittime solo nel mese di aprile 2025!


Il gruppo Qilin, da noi intervistato qualche tempo fa, è in cima alla lista degli operatori di ransomware più attivi nell’aprile 2025, pubblicando i dettagli di 72 vittime sul suo sito Data Leak Site (DLS). Secondo Group-IB si tratta di una cifra record: da luglio 2024 a gennaio 2025 il numero di tali pubblicazioni raramente superava le 23 al mese, ma da febbraio la curva ha registrato un forte aumento: 48 casi a febbraio, 44 ​​a marzo e già 45 nelle prime settimane di aprile.

La causa principale dell’aumento dell’attività è stata la scomparsa improvvisa del gruppo concorrente RansomHub, che in precedenza si classificava al secondo posto per numero di attacchi. Dopo il crollo, un numero significativo di aggressori affiliati si è spostato a Qilin, causando una crescita esponenziale delle loro operazioni. Secondo Flashpoint, in un solo anno, da aprile 2024 ad aprile 2025, RansomHub è riuscito a colpire 38 organizzazioni del settore finanziario prima di scomparire dalla scena.

La particolarità delle campagne Qilin è l’utilizzo di un nuovo pacchetto di componenti dannosi: il già noto modulo SmokeLoader e un nuovo loader .NET, nome in codice NETXLOADER.

I ricercatori di Trend Micro hanno studiato NETXLOADER in dettaglio e hanno notato il suo ruolo chiave nella distribuzione di malware. Questo downloader installa silenziosamente moduli dannosi, è protetto dall’analisi tramite .NET Reactor versione 6 e utilizza diverse tecniche di bypass.

NETXLOADER è estremamente difficile da analizzare: il codice è crittografato, i nomi dei metodi non sono informativi e la logica di esecuzione è confusa. Vengono utilizzate tecniche avanzate di occultamento, come gli hook JIT e il caricamento controllato delle DLL direttamente nella memoria, rendendo impossibile l’analisi statica o la ricerca di stringhe. Infatti, senza eseguirlo in un ambiente reale, è impossibile capire esattamente cosa fa questo bootloader.

Le catene di attacco iniziano molto spesso con il phishing o la compromissione di account reali, dopodiché NETXLOADER penetra nel sistema infetto. Successivamente, attiva SmokeLoader, che esegue controlli di anti-analisi, di virtualizzazione e disabilita i processi da un elenco predefinito. Nella fase finale, SmokeLoader contatta il server di controllo remoto e riceve da lì NETXLOADER, che carica già il ransomware Agenda utilizzando la tecnica Reflective DLL Loading, caricando la libreria direttamente nella memoria senza scriverla sul disco.

Agenda viene utilizzato attivamente per attaccare domini di rete, unità esterne, storage e hypervisor VCenter ESXi. Trend Micro ha osservato che le vittime più comuni sono le organizzazioni sanitarie, finanziarie, delle telecomunicazioni e delle infrastrutture IT in paesi come Stati Uniti, India, Brasile, Filippine e Paesi Bassi.

Con l’aumento del numero delle vittime e della maturità tecnica degli strumenti utilizzati, Qilin continua a consolidare la sua posizione come uno dei ransomware tecnologicamente più avanzati nel panorama della criminalità informatica.

L'articolo Qilin domina le classifiche del Ransomware! 72 vittime solo nel mese di aprile 2025! proviene da il blog della sicurezza informatica.


The Apple II MouseCard IRQ is Synced to Vertical Blanking After All


The Apple II MouseCard (Credit: AppleLogic.org)

Recently [Colin Leroy-Mira] found himself slipping into a bit of a rabbit hole while investigating why only under Apple II MAME emulation there was a lot of flickering when using the (emulated) Apple II MouseCard. This issue could not be reproduced on real (PAL or NTSC) hardware. The answer all comes down to how the card synchronizes with the system’s vertical blanking (VBL) while drawing to the screen.

The Apple II MouseCard is one of the many peripheral cards produced for the system, originally bundled with a version of MacPaint for the Apple II. While not a super popular card at the time, it nevertheless got used by other software despite this Apple system still being based around a command line interface.

According to the card’s documentation the interrupt call (IRQ) can be set to 50 or 60 Hz to match the local standard. Confusingly, certain knowledgeable people told him that the card could not be synced to the VBL as it had no knowledge of this. As covered in the article and associated MAME issue ticket, it turns out that the card is very much synced with the VBL exactly as described in The Friendly Manual, with the card’s firmware being run by the system’s CPU, which informs the card of synchronization events.


hackaday.com/2025/05/09/the-ap…


The Nuclear War You Didn’t Notice


We always enjoy [The History Guy], and we wish he’d do more history of science and technology. But when he does, he always delivers! His latest video, which you can see below, focuses on the Cold War pursuit of creating transfermium elements. That is, the discovery of elements that appear above fermium using advanced techniques like cyclotrons.

There was a brief history of scientists producing unnatural elements. The two leaders in this work were a Soviet lab, the Joint Institute of Nuclear Research, and a US lab at Berkeley.

You’d think the discovery of new elements wouldn’t be very exciting. However, with the politics of the day, naming elements became a huge exercise in diplomacy.

Part of the problem was the difficulty in proving you created a huge atom for a few milliseconds. It was often the case that the initial inventor wasn’t entirely clear.

We were buoyed to learn that American scientists named an element(Mendelevium) after a Russian scientist as an act of friendship, although the good feelings didn’t last.

We wonder if a new element pops up, if we can get some votes for Hackadaium. Don’t laugh. You might not need a cyclotron anymore.

youtube.com/embed/GgJrnrDh8y4?…


hackaday.com/2025/05/09/the-nu…


Antique Mill Satisfies Food Cravings


Everyone knows what its like to get a hankering for a specific food. In [Attoparsec]’s case, he wanted waffles. Not any waffles would do, though; he needed waffles in the form of a labyrinth. Those don’t exist, so he had to machine his own waffle maker.
Antique pantograph millWhen computers were the size of rooms, these stood in where we’d use CNC today.
Most of us would have run this off on a CNC, but [Attoparsec] isn’t into CNCing–manual machining is his hobby, and he’s not interested in getting into another one, no matter how much more productive he admits it might make him. We can respect that. After a bit of brain sweat thinking of different ways to cut out the labyrinth shape, he has the opportunity to pick up an antique Deckle pantograph mill.

These machines were what shops used to do CNC before the ‘computer numeric’ part was a thing. By tracing out a template (which [Attoparsec] 3D prints, so he’s obviously no Luddite) complex shapes can be milled with ease. Complex shapes like a labyrnthine wafflemaker. Check out the full video below; it’s full of all sorts of interesting details about the machining process and the tools involved.

If you don’t need to machine cast iron, but are interested in the techniques seen here, a wooden pantorouter might be more your speed than a one-tonne antique. If you have a hankering for waffles but would rather use CNC, check out these design tips to help you get started. If pancakes are more your style, why not print them?

Shoutout to [the gambler] for sending this into the tip line. We think he struck the jackpot on this one. If you have a tip, don’t be shy.

youtube.com/embed/SlCJ6hp1xZY?…


hackaday.com/2025/05/09/antiqu…


Inside a Selective Voltmeter


[Martin Lorton] has a vintage Harmon 4200B selective voltmeter that needed repair. He picked it up on eBay, and he knew it wasn’t working, but it was in good condition, especially for the price. He’s posted four videos about what’s inside and how he’s fixing it. You can see the first installment below.

The 4200B is an RMS voltmeter and is selective because it has a tuned circuit to adjust to a particular frequency. The unit uses discrete components and has an analog meter along with an LCD counter.

The initial tests didn’t work out well because the analog meter was stuck, so it wouldn’t go beyond about 33% of full scale.

Since there are four videos (so far), there is a good bit of information and detail about the meter. However, it is an interesting piece of gear and part 3 is interesting if you want to see inside an analog meter movement.

By the fourth video, things seem to be working well. You might want to browse the manual for the similar 4200A manual to get oriented.

Forgot why we measure RMS? You weren’t the only one. RMS conversion in meters is a big topic and there are many ways to do it.

youtube.com/embed/P614i6uTfqk?…


hackaday.com/2025/05/09/inside…


A Single Chip Computer For The 8051 Generation


The Intel 8051 series of 8-bit microcontrollers is long-discontinued by its original manufacturer, but lives on as a core included in all manner of more recent chips. It’s easy to understand and program, so it remains a fixture despite much faster replacements appearing.

If you can’t find an original 40-pin DIP don’t worry, because [mit41301] has produced a board in a compatible 40-pin format. It’s called the single chip computer not because such a thing is a novelty in 2025, but because it has no need for the support chips which would have come with the original.

The modern 8051 clone in use is a CH558 or CH559, both chips with far more onboard than the original. The pins are brought out to one side only of the board, because on the original the other side would interface with an external RAM chip. It speaks serial, and can be used through either a USB-to-serial or Bluetooth-to-serial chip. There’s MCS-BASIC for it, so programming should be straightforward.

We can see the attraction of this board even though we reach for much more accomplished modern CPUs by choice. Several decades ago the original 8051 on Intel dev boards was our university teaching microcontoller, so there remains here a soft spot for it. We certainly see other 8051 designs, as for example this Arduino clone.


hackaday.com/2025/05/09/a-sing…


Supercon 2024: An Immersive Motion Rehabilitation Device


When you’ve had some kind of injury, rehabilitation can be challenging. You often need to be careful about how you’re using the affected parts of your body, as well as pursue careful exercises for repair and restoration of function. It can be tedious and tiring work, for patients and treating practitioners alike.

Juan Diego Zambrano, Abdelrahman Farag, and Ivan Hernandez have been working on new technology to aid those going through this challenging process. Their talk at the 2024 Hackaday Supercon covers an innovative motion monitoring device intended to aid rehabilitation goals in a medical context.

Motion Project


youtube.com/embed/_5ySbBsYnZg?…

As outlined in the talk, the team took a measured and reasoned approach to developing their device. The project started by defining the problem at hand, before proposing a potential solution. From there, it was a case of selecting the right hardware to do the job, and developing it alongside the necessary software to make it all work.
The Arduino Nano BLE33 had most of the necessary functionality for this project, out of the box.
The problem in question regarded helping children through rehabilitative therapies. Structured activities are used to help develop abilities in areas like motor skills, coordination, and balance. These can be particularly challenging for children with physical or developmental difficulties, and can be repetitive at the best of times, leading to a lack of engagement. “We wanted to solve that… we wanted to make it more interactive and more useful for the therapies and for the doctors,” Ivan explains, with an eye to increasing motivation for the individual undergoing rehabilitation.

Other challenges also exist in this arena. Traditional rehabilitation methods offer no real-time feedback to the individual on how they’re performing. There is also a need for manual monitoring and record keeping of the individual’s performance, which can be tedious and often relies on subjective assessments.
The device was demonstrated mounted on a patient’s chest, while being used in a game designed for balance work.
Having explored the literature on game-based therapy techniques, the team figured a wearable device with sensors could aid in solving some of these issues. Thus they created their immersive motion rehabilitation device.

At the heart of the build is an Arduino Nano BLE33, so named for its Bluetooth Low Energy wireless communications hardware. Onboard is an nRF52840 microcontroller, which offers both good performance and low power consumption. The real benefit of this platform, though, is that it includes an inertial measurement unit (IMU) and magnetometer on board and ready to go. The IMU in question is the BMI270, which combines a high-precision 3-axis accelerometer and 3-axis gyroscope into a single package. If you want to track motion in three dimensions, this is a great way to do it.

For user feedback, some additional hardware was needed. The team added a vibration motor, RGB LED, and buzzer for this reason. Controlling the device is simple, with the buttons on board. In order to make the device easy to use for therapists, it’s paired with a Windows application, programmed in C#. It’s used for monitoring and analysis of the wearer’s performance during regular rehabilitation activities.
The user’s motions are recorded while playing a simple game, providing useful clinical data.
The talk explains how this simple, off-the-shelf hardware was used to aid the rehabilitation experience. By gamifying things, users are prompted to better engage with the therapy process by completing tasks monitored by the device’s sensors. Fun graphics and simple gameplay ideas are used to make a boring exercise into something more palatable to children going through rehabilitation.

The team go on to explain the benefits on the clinical side of things, regarding how data collection and real time monitoring can aid in delivery. The project also involved the creation of a system for generating reports and accessing patient data to support this work, as well as a fun connection assistant called Sharky.

Overall, the talk serves as a useful insight as to how commonly-available hardware can be transformed into useful clinical tools. Indeed, it’s not so different from the gamification we see all the time in the exercise space, where smartwatches and apps are used to increase motivation and provide data for analysis. Ultimately, with a project like this, if you can motivate a patient to pursue their rehabilitation goals while collecting data at the same time, that’s useful in more ways than one.


hackaday.com/2025/05/09/superc…


Hackaday Podcast Episode 320: A Lot of Cool 3D Printing, DIY Penicillin, and an Optical Twofer


This week, Hackaday’s Elliot Williams and Kristina Panos met up across the universe to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week.

In Hackaday news, the 2025 Pet Hacks Contest rolls on. You have until June 10th to show us what you’ve got, so head over to Hackaday.IO and get started today!

On What’s That Sound, Kristina actually got it this time, although she couldn’t quite muster the correct name for it, however at Hackaday we’ll be calling it the “glassophone” from now on. Congratulations to [disaster_recovered] who fared better and wins a limited edition Hackaday Podcast t-shirt!

After that, it’s on to the hacks and such, beginning with a complete and completely-documented wireless USB autopsy. We take a look at a lovely 3D-printed downspout, some DIY penicillin, and a jellybean iMac that’s hiding a modern PC. Finally, we explore a really cool 3D printing technology, and ask what happened to typing ‘www.’.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

html5-player.libsyn.com/embed/…

Download in DRM-free MP3 and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:



Episode 320 Show Notes:

News:



What’s that Sound?


  • Congratulations to [disaster_recovered] for the glass armonica pick!


Interesting Hacks of the Week:



Quick Hacks:



Can’t-Miss Articles:



hackaday.com/2025/05/09/hackad…


Oscilloscope Digital Storage, 1990s Style


You’re designing an oscilloscope with modest storage — only 15,000 samples per channel. However, the sample rate is at 5 Gs/s, and you have to store all four channels at that speed and depth. While there is a bit of a challenge implied, this is quite doable using today’s technology. But what about in the 1990s when the Tektronix TDS 684B appeared on the market? [Tom Verbure] wondered how it was able to do such a thing. He found out, and since he wrote it up, now you can find out, too.

Inside the scope, there are two PCBs. There’s a CPU board, of course. But there’s not enough memory there to account for the scope’s capability. That much high-speed memory would have been tough in those days, anyway. The memory is actually on the analog board along with the inputs and digitizers. That should be a clue.

The secret is the ADG286D from National Semiconductor. While we can’t find any info on the chip, it appears to be an analog shift register, something all the rage at the time. These chips often appeared in audio special effect units because they could delay an analog signal easily.

In practice, the device worked by charging a capacitor to an input signal and then, using a clock, dumping each capacitor into the next one until the last capacitor produced the delayed output. Like any delay line, you could feed the output to the input and have a working memory device.

The scope would push samples into the memory at high speed. Then the CPU could shift them back out on a much slower clock. A clever design and [Tom] gives us a great glimpse inside a state-of-the-art 1990s-era scope.

While we haven’t seen the ADG286D before, we have looked at analog shift registers, if you want to learn more.


hackaday.com/2025/05/09/oscill…


This Week in Security: Encrypted Messaging, NSO’s Judgement, and AI CVE DDoS


Cryptographic messaging has been in the news a lot recently. Like the formal audit of WhatsApp (the actual PDF). And the results are good. There are some minor potential problems that the audit highlights, but they are of questionable real-world impact. The most consequential is how easy it is to add additional members to a group chat. Or to put it another way, there are no cryptographic guarantees associated with adding a new user to a group.

The good news is that WhatsApp groups don’t allow new members to read previous messages. So a user getting added to a group doesn’t reveal historic messages. But a user added without being noticed can snoop on future messages. There’s an obvious question, as to how this is a weakness. Isn’t it redundant, since anyone with the permission to add someone to a group, can already read the messages from that group?

That’s where the lack of cryptography comes in. To put it simply, the WhatsApp servers could add users to groups, even if none of the existing users actually requested the addition. It’s not a vulnerability per se, but definitely a design choice to keep in mind. Keep an eye on the members in your groups, just in case.

The Signal We Have at Home


The TeleMessage app has been pulled from availability, after it was used to compromise Signal communications of US government officials. There’s political hay to be made out of the current administration’s use and potential misuse of Signal, but the political angle isn’t what we’re here for. The TeleMessage client is Signal compatible, but adds message archiving features. Government officials and financial companies were using this alternative client, likely in order to comply with message retention laws.

While it’s possible to do long term message retention securely, TeleMessage was not doing this particularly well. The messages are stripped of their end-to-end encryption in the client, before being sent to the archiving server. It’s not clear exactly how, but those messages were accessed by a hacker. This nicely demonstrates the inherent tension between the need for transparent archiving as required by the US government for internal communications, and the need for end-to-end encryption.

The NSO Judgement


WhatsApp is in the news for another reason, this time winning a legal judgement against NSO Group for their Pegasus spyware. The $167 Million in damages casts real doubt on the idea that NSO has immunity to develop and deploy malware, simply because it’s doing so for governments. This case is likely to be appealed, and higher courts may have a different opinion on this key legal question, so hold on. Regardless, the era of NSO’s nearly unrestricted actions is probably over. They aren’t the only group operating in this grey legal space, and the other “legal” spyware/malware vendors are sure to be paying attention to this ruling as well.

The $5 Wrench


In reality, the weak point of any cryptography scheme is the humans using it. We’re beginning to see real world re-enactments of the famous XKCD $5 wrench, that can defeat even 4096-bit RSA encryption. In this case, it’s the application of old crime techniques to new technology like cryptocurrency. To quote Ars Technica:

We have reached the “severed fingers and abductions” stage of the crypto revolution


The flashy stories involve kidnapping and torture, but let’s not forget that the most common low-tech approach is simple deception. Whether you call it the art of the con, or social engineering, this is still the most likely way to lose your savings, whether it’s conventional or a cryptocurrency.

The SonicWall N-day


WatchTowr is back with yet another reverse-engineered vulnerability. More precisely, it’s two CVEs that are being chained together to achieve pre-auth Remote Code Execution (RCE) on SonicWall appliances. This exploit chain has been patched, but not everyone has updated, and the vulnerabilities are being exploited in the wild.

The first vulnerability at play is actually from last year, and is in Apache’s mod_rewrite module. This module is widely used to map URLs to source files, and it has a filename confusion issue where a url-encoded question mark in the path can break the mapping to the final filesystem path. A second issue is that when DocumentRoot is specified, instances of RewriteRule take on a weird dual-meaning. The filesystem target refers to the location inside DocumentRoot, but it first checks for that location in the filesystem root itself. This was fixed in Apache nearly a year ago, but it takes time for patches to roll out.

SonicWall was using a rewrite rule to serve CSS files, and the regex used to match those files is just flexible enough to be abused for arbitrary file read. /mnt/ram/var/log/httpd.log%3f.1.1.1.1a-1.css matches that rule, but includes the url-encoded question mark, and matches a location on the root filesystem. There are other, more interesting files to access, like the temp.db SQLite database, which contains session keys for the currently logged in users.

The other half of this attack is a really clever command injection using one of the diagnostic tools included in the SonicWall interface. Traceroute6 is straightforward, running a traceroute6 command and returning the results. It’s also got good data sanitization, blocking all of the easy ways to break out of the traceroute command and execute some arbitrary code. The weakness is that while this sanitization adds backslashes to escape quotes and other special symbols, it stores the result in a fixed-length result buffer. If the result of this escaping process overflows the result buffer, it writes over the null terminator and into the buffer that holds the original command before it’s sanitized. This overflow is repeated when the command is run, and with some careful crafting, this results in escaping the sanitization and including arbitrary commands. Clever.

The AI CVE DDoS


[Daniel Stenberg], lead developer of curl, is putting his foot down. We’ve talked about this before, even chatting with Daniel about the issue when we had him on FLOSS Weekly. Curl’s bug bounty project has attracted quite a few ambitious people, that don’t actually have the skills to find vulnerabilities in the curl codebase. Instead, these amateur security researchers are using LLMs to “find vulnerabilities”. Spoiler, LLMs aren’t yet capable of this task. But LLMs are capable of writing fake vulnerability reports that look very convincing at first read. The game is usually revealed when the project asks a question, and the fake researcher feeds the LLM response back into the bug report.

This trend hasn’t slowed, and the curl project is now viewing the AI generated vulnerability reports as a form of DDoS. In response, the curl Hackerone bounty program will soon ask a question with every entry: “Did you use an AI to find the problem or generate this submission?” An affirmative answer won’t automatically disqualify the report, but it definitely puts the burden on the reporter to demonstrate that the flaw is real and wasn’t hallucinated. Additionally, “AI slop” reports will result in permanent bans for the reporter.

It’s good to see that not all AI content is completely disallowed, as it’s very likely that LLMs will be involved in finding and describing vulnerabilities before long. Just not in this naive way, where a single prompt results in a vulnerability find and generates a patch that doesn’t even apply. Ironically, one of the tells of an AI generated report is that it’s too perfect, particularly for someone’s first report. AI is still the hot new thing, so this issue likely isn’t going away any time soon.

Bits and Bytes


A supply chain attack has been triggered against several hundred Magento e-commerce sites, via at least three software vendors distributing malicious code. One of the very odd elements to this story is that it appears this malicious code has been incubating for six years, and only recently invoked for malicious behavior.

On the WordPress side of the fence, the Ottokit plugin was updated last month to fix a critical vulnerability. That update was force pushed to the majority of WordPress sites running that plugin, but that hasn’t stopped threat actors from attempting to use the exploit, with the first attempts coming just an hour and a half after disclosure.

It turns out it’s probably not a great idea to allow control codes as part of file names. Portswigger has a report of a couple ways VS Code can do the wrong thing with such filenames.

And finally, this story comes with a disclaimer: Your author is part of Meshtastic Solutions and the Meshtastic project. We’ve talked about Meshtastic a few times here on Hackaday, and would be remiss not to point out CVE-2025-24797. This buffer overflow could theoretically result in RCE on the node itself. I’ve seen at least one suggestion that this is a wormable vulnerability, which may be technically true, but seems quite impractical in practice. Upgrade your nodes to at least release 2.6.2 to get the fix.


hackaday.com/2025/05/09/this-w…


EU-US tech: a changing of the guard


EU-US tech: a changing of the guard
HERE'S A BONUS DIGITAL POLITICS to finish your week. I'm Mark Scott, and you find me on a train to York (in the north of England) on my way to a workshop to discuss social media data access. Oh, what a glamorous life.

Below are two analyses that I wrote for Tech Policy Press where I am a contributing editor. They build on this week's newsletter to drill down on different aspects of the transatlantic tech relationship.

Taken together, they offer dueling perspectives on what is going on in Washington and Brussels. The first places Donald Trump's administration in the global context. The second explains the European Union's vibe shift on tech.

Let's get started:



digitalpolitics.co/newsletter0…


Triggering Lightning and Safely Guiding It Using a Drone


Every year lightning strikes cause a lot of damage — with the high-voltage discharges being a major risk to buildings, infrastructure, and the continued existence of squishy bags of mostly salty water. While some ways exist to reduce their impact such as lightning rods, these passive systems can only be deployed in select locations and cannot prevent the build-up of the charge that leads up to the plasma discharge event. But the drone-based system recently tested by Japan’s NTT, the world’s fourth largest telecommunications company, could provide a more proactive solution.

The idea is pretty simple: fly a drone that is protected by a specially designed metal cage close to a thundercloud with a conductive tether leading back to the ground. By providing a very short path to ground, the built-up charge in said cloud will readily discharge into this cage and from there back to the ground.

To test this idea, NTT researchers took commercial drones fitted with such a protective cage and exposed them to artificial lightning. The drones turned out to be fine up to 150 kA which is five times more than natural lightning. Afterwards the full system was tested with a real thunderstorm, during which the drone took a hit and kept flying, although the protective cage partially melted.

Expanding on this experiment, NTT imagines that a system like this could protect cities and sensitive areas, and possibly even use and store the thus captured energy rather than just leading it to ground. While this latter idea would need some seriously effective charging technologies, the idea of proactively discharging thunderclouds is perhaps not so crazy. We would need to see someone run the numbers on the potential effectiveness, of course, but we are all in favor of (safe) lightning experiments like this.

If you’re wondering why channeling lightning away from critical infrastructure is such a big deal, you may want to read up on Apollo 12.


hackaday.com/2025/05/09/trigge…


Scan Your Caliper for Physical Part Copies


We’ve certainly seen people take a photo of a part, bring it into CAD, and then scale it until some dimension on the screen is the same as a known dimension of the part. We like what [Scale Addition] shows in the video below. In addition to a picture of the part, he also takes a picture of a vernier caliper gripping the part. Now your scale is built into the picture, and you can edit out the caliper later.

He uses SketchUp, but this would work on any software that can import an image. Given the image with the correct scale, it is usually trivial to sketch over the image or even use an automatic tracing function. You still need some measurements, of course. The part in question has a vertical portion that doesn’t show up in a flat photograph. We’ve had good luck using a flatbed scanner before, and there’s no reason you couldn’t scan a part with a caliper for scale.

This is one case where a digital caliper probably isn’t as handy as an old-school one. But it would be possible to do the same trick with any measurement device. You could even take your picture on a grid of known dimensions. This would also allow you to check that the distances at the top and bottom are the same as the distances on the right and left.

Of course, you can get 3D scanners, but they have their own challenges.

youtube.com/embed/XSrSXhhsehk?…


hackaday.com/2025/05/09/scan-y…


Hacky Shack? The TRS-80 Model I Story


The 1970s saw a veritable goldrush to corner the home computer market, with Tandy’s Z80-powered TRS-80 probably one of the most (in)famous entries. Designed from the ground up to be as cheap as possible, the original (Model I) TRS-80 cut all corners management could get away with. The story of the TRS-80 Model I is the subject of a recent video by the [Little Car] YouTube channel.

Having the TRS-80 sold as an assembled computer was not a given, as kits were rather common back then, especially since Tandy’s Radio Shack stores had their roots in selling radio kits and the like, not computer systems. Ultimately the system was built around the lower-end 1.78 MHz Z80 MPU with the rudimentary Level I BASIC (later updated to Level II), though with a memory layout that made running the likes of CP/M impossible. The Model II would be sold later as a dedicated business machine, with the Model III being the actual upgrade to the Model I. You could also absolutely access online services like those of Compuserve on your TRS-80.

While it was appreciated that the TRS-80 (lovingly called the ‘Trash-80’ by some) had a real keyboard instead of a cheap membrane keyboard, the rest of the Model I hardware had plenty of issues, and new FCC regulations meant that the Model III was required as the Model I produced enough EMI to drown out nearby radios. Despite this, the Model I put Tandy on the map of home computers, opened the world of computing to many children and adults, with subsequent Tandy TRS-80 computers being released until 1991 with the Model 4.

youtube.com/embed/Z0Ckj6wZ2dQ?…


hackaday.com/2025/05/08/hacky-…


Understanding Linear Regression


Although [Vitor Fróis] is explaining linear regression because it relates to machine learning, the post and, indeed, the topic have wide applications in many things that we do with electronics and computers. It is one way to use independent variables to predict dependent variables, and, in its simplest form, it is based on nothing more than a straight line.

You might remember from school that a straight line can be described by: y=mx+b. Here, m is the slope of the line and b is the y-intercept. Another way to think about it is that m is how fast the line goes up (or down, if m is negative), and b is where the line “starts” at x=0.

[Vitor] starts out with a great example: home prices (the dependent variable) and area (the independent variable). As you would guess, bigger houses tend to sell for more than smaller houses. But it isn’t an exact formula, because there are a lot of reasons a house might sell for more or less. If you plot it, you don’t get a nice line; you get a cloud of points that sort of group around some imaginary line.

There are mathematical ways to figure out what line you should imagine, but you can often eyeball it, too. The real trick is evaluating the quality of that imaginary line.

To do that, you need an error measure. If you didn’t know better, you’d probably think expressing the error in terms of absolute value would be best. You know, “this is 10 off” or whatever. But, as [Vitor] explains, the standard way to do this is with a squared error term R2. Why? Read the post and find out.

For electronics, linear regression has many applications, including interpreting sensor data. You might also use it to generalize a batch of unknown components, for example. Think of a batch of transistors with different Beta values at different frequencies. A linear regression will help you predict the Beta and the error term will tell you if it is worth using the prediction or not. Or, maybe you just want to make the perfect cup of coffee.


hackaday.com/2025/05/08/unders…


DIY Driving Simulator Pedals


In the driving simulator community, setups can quickly grow ever more complicated and expensive, all in the quest for fidelity. For [CNCDan], rather than buy pedals off the shelf, he opted to build his own.

[Dan] has been using some commercial pedals alongside his own DIY steering wheel and the experience is rather lackluster in comparison. The build starts with some custom brackets. To save on cost, they are flat with tabs to let you know where to bend it in a vise. Additionally, rather than three sets of unique brackets, [Dan] made them all the same to save on cost. The clutch and throttle are a simple hall effect sensor with a spring to provide feedback. However, each bracket provides a set of spring mounting holes to adjust the curve. Change up the angle of the spring and you have a different curve. The brake pedal is different as rather than measure position, it measures force. A load cell is perfect for this. The HX711 load cell sensor board that [Dan] bought was only polling at 10hz. Lifting a pin from ground and bodging it to VDD puts the chip in 80hz, which is much more usable for a driving sim setup.

[Dan] also cleverly uses a 3d printed bushing without any walls as resistance for the pedal. Since the bushing is just the infill, the bushing stiffness is controlled by the infill percentage. Aluminum extrusion forms the base so [Dan] can adjust the exact pedal positions. To finish it off, a bog standard Arduino communicates to the PC as a game controller.

The project is on GitHub. Perhaps the next version will have active feedback, like this DIY pedal setup.

youtube.com/embed/44LWekyILmk?…


hackaday.com/2025/05/08/diy-dr…


SignalGate: l’ombra di un’app non ufficiale sulla sicurezza nazionale USA


Il 1° maggio 2025, una fotografia scattata durante una riunione di gabinetto ha mostrato il Consigliere per la Sicurezza Nazionale, Mike Waltz, mentre utilizzava un’applicazione di messaggistica sconosciuta ai più.

L’app in questione era TM SGNL, una versione modificata di Signal sviluppata da TeleMessage, azienda israeliana specializzata in soluzioni di archiviazione per comunicazioni sicure. L’immagine ha sollevato interrogativi sulla sicurezza delle comunicazioni ai massimi livelli del governo statunitense.

TM SGNL è progettata per archiviare messaggi da piattaforme come Signal, WhatsApp e Telegram, permettendo alle agenzie governative di conservare comunicazioni per scopi normativi e di conformità. Tuttavia, l’implementazione di queste funzionalità ha introdotto vulnerabilità significative nel sistema.

Il 4 maggio, il sito 404 Media ha riportato che un hacker ha violato i sistemi di TeleMessage, ottenendo accesso a dati sensibili, tra cui contenuti di chat, informazioni di contatto di funzionari governativi e credenziali di accesso al backend del servizio. L’attacco è stato descritto come sorprendentemente semplice: “Mi è bastata una ventina di minuti,” ha dichiarato l’hacker, sottolineando la facilità con cui ha penetrato i sistemi dell’azienda.

Sebbene i messaggi di Waltz e di altri membri del gabinetto non siano stati compromessi, l’incidente ha evidenziato gravi lacune nella sicurezza delle comunicazioni governative. I dati sottratti includevano informazioni su funzionari della Customs and Border Protection (CBP), dipendenti di Coinbase e altri enti sensibili.

In seguito alla divulgazione dell’attacco, TeleMessage ha sospeso temporaneamente tutti i suoi servizi per indagare sull’incidente, come confermato dalla società madre Smarsh. Un portavoce ha dichiarato: “Abbiamo agito rapidamente per contenere l’incidente e abbiamo coinvolto una società di cybersicurezza esterna per supportare le nostre indagini.”

L’incidente ha sollevato preoccupazioni sulla pratica di modificare applicazioni di messaggistica cifrate per scopi di archiviazione, poiché tali modifiche possono compromettere la sicurezza intrinseca delle comunicazioni. Signal, l’applicazione originale su cui si basa TM SGNL, ha dichiarato di non poter garantire la sicurezza di versioni non ufficiali del suo software.

L’uso di TM SGNL da parte di alti funzionari governativi, combinato con le vulnerabilità evidenziate dall’attacco, ha sollevato interrogativi sulla sicurezza delle comunicazioni ai vertici del potere. L’incidente, soprannominato “SignalGate”, ha portato alla rimozione di Mike Waltz dal suo incarico, sebbene sia stato successivamente nominato come prossimo ambasciatore degli Stati Uniti presso le Nazioni Unite.

Questo episodio mette in luce la necessità di valutare attentamente le soluzioni tecnologiche adottate per la gestione delle comunicazioni sensibili, bilanciando le esigenze di conformità normativa con la protezione della sicurezza nazionale.

Fonti



L'articolo SignalGate: l’ombra di un’app non ufficiale sulla sicurezza nazionale USA proviene da il blog della sicurezza informatica.


The Signal Clone the Trump Admin Uses Was Hacked


A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages, 404 Media has learned. The data stolen by the hacker contains the contents of some direct messages and group chats sent using its Signal clone, as well as modified versions of WhatsApp, Telegram, and WeChat. TeleMessage was recently the center of a wave of media coverage after Mike Waltz accidentally revealed he used the tool in a cabinet meeting with President Trump.

The hack shows that an app gathering messages of the highest ranking officials in the government—Waltz’s chats on the app include recipients that appear to be Marco Rubio, Tulsi Gabbard, and JD Vance—contained serious vulnerabilities that allowed a hacker to trivially access the archived chats of some people who used the same tool. The hacker has not obtained the messages of cabinet members, Waltz, and people he spoke to, but the hack shows that the archived chat logs are not end-to-end encrypted between the modified version of the messaging app and the ultimate archive destination controlled by the TeleMessage customer.

Data related to Customs and Border Protection (CBP), the cryptocurrency giant Coinbase, and other financial institutions are included in the hacked material, according to screenshots of messages and backend systems obtained by 404 Media.

💡
Do you know anything else about TeleMessage? I would love to hear from you. Using a non-work device, you can message me securely on Signal at signalaccount.05 or send me an email at joseph@404media.co.

The breach is hugely significant not just for those individual customers, but also for the U.S. government more widely. On Thursday, 404 Media was first to report that at the time U.S. National Security Advisor Waltz accidentally revealed he was using TeleMessage’s modified version of Signal during the cabinet meeting. The use of that tool raised questions about what classification of information was being discussed across the app and how that data was being secured, and came after revelations top U.S. officials were using Signal to discuss active combat operations.

The hacker did not access all messages stored or collected by TeleMessage, but could have likely accessed more data if they decided to, underscoring the extreme risk posed by taking ordinarily secure end-to-end encrypted messaging apps such as Signal and adding an extra archiving feature to them.

“I would say the whole process took about 15-20 minutes,” the hacker said, describing how they broke into TeleMessage’s systems. “It wasn’t much effort at all.” 404 Media does not know the identity of the hacker, but has verified aspects of the material they have anonymously provided.
A screenshot provided by the hacker. Redactions by 404 Media.
The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers. The data is not representative of all of TeleMessage’s customers or the sorts of messages it covers; instead, it is snapshots of data passing through TeleMessage’s servers at a point in time. The hacker was able to login to the TeleMessage backend panel using the usernames and passwords found in these snapshots.

A message sent to a group chat called “Upstanding Citizens Brigade” included in the hacked data says its “source type” is “Signal,” indicating it came from TeleMessage’s modified version of the messaging app. The message itself was a link to this tweet posted on Sunday which is a clip of an NBC Meet the Press interview with President Trump about his memecoin. The hacked data includes phone numbers that were part of the group chat.

One hacked message was sent to a group chat apparently associated with the crypto firm Galaxy Digital. One message said, “need 7 dems to get to 60.. would be very close” to the “GD Macro” group. Another message said, “Just spoke to a D staffer on the senate side - 2 cosponsors (Alsobrooks and gillibrand) did not sign the opposition letter so they think the bill still has a good chance of passage the senate with 5 more Ds supporting it.”
playlist.megaphone.fm?p=TBIEA2…
This means a hacker was able to steal what appears to be active, timely discussion about the efforts behind passing a hugely important and controversial cryptocurrency bill; Saturday, Democratic lawmakers published a letter explaining they would oppose it. Bill cosponsors Maryland Sen. Angela Alsobrooks and New York Sen. Kirsten Gillibrand did not sign that letter.

One screenshot of the hacker’s access to a TeleMessage panel lists the names, phone numbers, and email addresses of CBP officials. The screenshot says “select 0 of 747,” indicating that there may be that many CBP officials included in the data. A similar screenshot shows the contact information of current and former Coinbase employees.

Another screenshot obtained by 404 Media mentions Scotiabank. Financial institutions might turn to a tool like TeleMessage to comply with regulations around keeping copies of business communications. Governments have legal requirements to preserve messages in a similar way.

Another screenshot indicates that the Intelligence Branch of the Washington D.C. Metropolitan Police may be using the tool.
A screenshot provided by the hacker. Redactions by 404 Media.
The hacker was able to access data that the app captured intermittently for debugging purposes, and would not have been able to capture every single message or piece of data that passes through TeleMessage’s service. However, the sample data they captured did contain fragments of live, unencrypted data passing through TeleMessage’s production server on their way to getting archived.

404 Media verified the hacked data in various ways. First, 404 Media phoned some of the numbers listed as belonging to CBP officials. In one case, a person who answered said their name was the same as the one included in the hacked data, then confirmed their affiliation with CBP when asked. The voicemail message for another number included the name of an alleged CBP official included in the data.

404 Media ran several phone numbers that appeared to be associated with employees at crypto firms Coinbase and Galaxy through a search tool called OSINT Industries, which confirmed that these phone numbers belonged to people who worked for these companies.

The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia. By reviewing the source code of TeleMessage’s modified Signal app for Android, 404 Media confirmed that the app sends message data to this endpoint. 404 Media also made an HTTP request to this server to confirm that it is online.

TeleMessage came to the fore after a Reuters photographer took a photo in which Waltz was using his mobile phone. Zooming in on that photo revealed he was using a modified version of Signal made by TeleMessage. The photograph came around a month after The Atlantic reported that top U.S. officials were using Signal to message one another about military operations. As part of that, Waltz accidentally added the editor-in-chief of the publication to the Signal group chat.

TeleMessage offers governments and companies a way to archive messages from end-to-end encrypted messaging apps such as Signal and WhatsApp. TeleMessage does this by making modified versions of those apps that send copies of messages to a remote server. A video from TeleMessage posted to YouTube claims that its app keeps “intact the Signal security and end-to-end encryption when communicating with other Signal users.”

“The only difference is the TeleMessage version captures all incoming and outgoing Signal messages for archiving purposes,” the video continues.

It is not true that an archiving solution properly preserves the security offered by an end-to-end encrypted messaging app such as Signal. Ordinarily, only someone sending a Signal message and their intended recipient will be able to read the contexts of the message. TeleMessage essentially adds a third party to that conversation by sending copies of those messages somewhere else for storage. If not stored securely, those copies could in turn be susceptible to monitoring or falling into the wrong hands.

That theoretical risk has now become very real.

A Signal spokesperson previously told 404 Media in email “We cannot guarantee the privacy or security properties of unofficial versions of Signal.”

White House deputy press secretary Anna Kelly previously told NBC News in an email: “As we have said many times, Signal is an approved app for government use and is loaded on government phones.”

The hacker told 404 Media that they targeted TeleMessage because they were “just curious how secure it was.” They did not want to disclose the issue to the company directly because they believed the company might “try their best to cover it up.”

“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said.

404 Media is not explaining in detail how the hacker managed to obtain this data in case others may try to exploit the same vulnerability.

According to public procurement records, TeleMessage has contracts with a range of U.S. government agencies, including the State Department and Centers for Disease Control and Prevention.

Guy Levit, CEO of TeleMessage, directed a request for comment to a press representative of Smarsh, TeleMessage’s parent company. That representative did not immediately respond to an email or voicemail.

Recently, after the wave of media coverage about Waltz’s use of the tool, TeleMessage wiped its website. Before then it contained details on the services it offers, what its apps were capable of, and in some cases direct downloads for the archiving apps themselves.

Neither CBP, Coinbase, Scotiabank, Galaxy Digital, nor Washington D.C. Metropolitan Police responded to a request for comment.



Edison Phonograph Plays the Cylinders


You might be old enough to remember record platters, but you probably aren’t old enough to remember when records were cylinders. The Edison Blue Amberol records came out in 1912 and were far superior to the earlier wax cylinders. If you had one today, how could you play it? Easy. Just build [Palingenesis’] record player. You can even hear it do its thing in the video below.

The cylinders are made of plaster with a celluloid wrapper tinted with the namesake blue color. They were more durable than the old wax records and could hold well over four minutes of sound.

The player is mostly made from wood cut with a mill or a laser. There are some bearings, fasteners, and — of course — electronics. The stylus requires some care. Conventional records use a lateral-cut groove, but these old records use a vertical-cut. That means the pickup moves up and down and has a rounder tip than a conventional needle.

Rather than try to control the motor to an exact speed, you get to set the speed with a potentiometer and see the resulting RPM on a small display. Overall, an involved but worthwhile project.

We recently looked at some players that would have been new about the same time as the blue record in the video. We don’t think you could modify one of these to play stereo, but if you do, let us know immediately!

youtube.com/embed/N8NWpFI_Xdw?…


hackaday.com/2025/05/08/edison…


Let the Wookie Win with this DIY Holochess Table


If you have seen Star Wars, you know what is being referenced here. Holochess appeared as a diversion built into the Millennium Falcon in the very first movie, way back in 1977. While not quite as iconic a use of simulated holograms as tiny Princess Leia begging for hope, it evidently struck a chord with [Maker Mac70], given the impressive effort he’s evidently gone through to re-create the game table from the film.

The key component of this unit is a plate from Japanese firm ASKA3D that scatters light from displays inside the table in just such a way that the diverging rays are focused at a point above its surface, creating the illusion of an image hovering in space. Or in this case, hovering at the surface of a acrylic chessboard. Granted, this technique only works from one viewing angle, and so is not a perfect recreation of a sci-fi holoprojector. But from the right angle, it looks really good, as you can see in the video below.

There are actually six SPI displays, driven by an Arduino GIGA, positioned and angled to project each character in the game. Placing two of the displays on 3D printed gantries allows them to move, allowing two creatures to battle in the center of the table. As [Maker Mac70] admits, this is quite a bit simpler than the Holochess game seen in the film, but it’s quite impressive for real world hardware.

If this all seems a little bit familiar, we covered an earlier floating display by [Maker Mac70] last year. This works on similar principles, but uses more common components which makes the technique more accessible. If chess isn’t your forte, why not a volumetric display that plays DOOM? If you’re interested in real holograms, not Sci-Fi, our own [Maya Posch] did a deep dive you may find interesting.

youtube.com/embed/uMe7RNvCW6g?…


hackaday.com/2025/05/08/let-th…


The Owon HDS160 Reviewed


These days, if you are in the market for a capable digital voltmeter, you might as well consider getting one with an oscilloscope built-in. One choice is the Owon HDS160, which [Kerry Wong] covers in the video below. The model is very similar to the HDS120, but the multimeter in the HDS160 has more counts–60,000 vs 20,000 as you might expect from the model number.

The internal chip is an HY3131, which is rated at 50,000 counts which is odd since the meter is 60,000 counts, but presumably the meter uses some capability of the chip, possibly putting it out of spec. The oscilloscope is the same between the two models. Almost everything else works the same, other than the capacitance measuring feature, as the video shows.

The difference in cost between the two units isn’t much, so if you are shopping, the small extra cost is probably worth it. Not that a 20,000 count meter isn’t perfectly fine for most normal uses.

[Kerry] really likes scopemeters. He gets excited about bench scopes, too.

youtube.com/embed/d9-kKOfWF98?…


hackaday.com/2025/05/08/the-ow…


Flow Visualization with Schlieren Photography


The word “Schlieren” is German, and translates roughly to “streaks”. What is streaky photography, and why might you want to use it in a project? And where did this funny term come from?

Think of the heat shimmer you can see on a hot day. From the ideal gas law, we know that hot air is less dense than cold air. Because of that density difference, it has a slightly lower refractive index. A light ray passing through a density gradient faces a gradient of refractive index, so is bent, hence the shimmer.

Heat shimmer: the refractive index of the air is all over the place. Image: “Livestock crossing the road in Queensland, Australia” by [AlphaLemur]German lens-makers started talking about “Schelieren” sometime in the 19th century, if not before. Put yourself in the shoes of an early lensmaker: you’ve spent countless hours laboriously grinding away at a glass blank until it achieves the perfect curvature. Washing it clean of grit, you hold it to the light and you see aberration — maybe spatial, maybe chromatic. Schliere is the least colourful word you might say, but a schliere is at fault. Any wonder lens makers started to develop techniques to detect the invisible flaws they called schlieren?

When we talk of schlieren imagery today, we generally aren’t talking about inspecting glass blanks. Most of the time, we’re talking about a family of fluid-visualization techniques. We owe that nomenclature to German physicist August Toepler, who applied these optical techniques to visualizing fluid flow in the middle of the 19th century. There is now a whole family of schlieren imaging techniques, but at the core, they all rely on one simple fact: in a fluid like air, refractive index varies by density.

Toepler’s pioneering setup is the one we usually see in hacks nowadays. It is based on the Foucault Knife Edge Test for telescope mirrors. In Foucault’s test, a point source shines upon a concave mirror, and a razor blade is placed where the rays focus down to a point. The sensor, or Foucault’s eye, is behind the knife edge such that the returning light from the pinhole is interrupted. This has the effect of magnifying any flaws in the lens, because rays that deviate from the perfect return path will be blocked by the knife-edge and miss the eye.

[Toepler]’s single-mirror layout is quick and easy.Toepler’s photographic setup worked the same way, save for the replacement of the eye with a photographic camera, and the use of a known-good mirror. Any density changes in the air will refract the returning rays, and cause the characteristic light and dark patterns of a schlieren photograph. That’s the “classic” schlieren we’ve covered before, but it’s not the only game in town.

Fun Schlieren Tricks


Color schlieren image of a candle plumeA little color can make a big difference for any kind of visualization. (Image: “Colored schlieren image“ by [Settles1])For example, a small tweak that makes a big aesthetic difference is to replace the knife edge with a colour filter. The refracted rays then take on the colour of the filter. Indeed, with a couple of colour filters you can colour-code density variations: light that passes through high-density areas can be diverted through two different colored filters on either side, and the unbent rays can pass through a third. Not only is it very pretty, the human eye has an easier time picking up on variations in colour than value. Alternatively, the light from the point source can be passed through a prism. The linear spread of the frequencies from the prism has a similar effect to a line of colour filters: distortion gets color-coded.

A bigger tweak uses two convex mirrors, in two-mirror or Z-path schlieren. This has two main advantages: one, the parallel rays between the mirrors mean the test area can be behind glass, useful for keeping sensitive optics outside of a high-speed wind tunnel. (This is the technique NASA used to use.) Parallel rays also ensure that the shadow of both any objects and the fluid flow are no issue; having the light source off-centre in the classic schrilien can cause artifacts from shadows. Of course you pay for these advantages: literally, in the sense that you have to buy two mirrors, and figuratively in that alignment is twice as tricky. The same colour tricks work just as well, though, and was in often use at NASA.
The z-fold allows for parallel rays in the test area.
There’s absolutely no reason that you could not substitute lenses for mirrors, in either the Z-path or classical version, and people have to good effect in both cases. Indeed, Robert Hooke’s first experiment involved visualizing the flow of air above a candle using a converging lens, which was optically equivalent to Toepler’s classic single-mirror setup. Generally speaking, mirrors are preferred for the same reason you never see an 8” refracting telescope at a star party: big mirrors are way easier to make than large lenses.
T-34s captured in flight with NASA’s AirBOS technique. Image credit : NASA.
What if you want to visualize something that doesn’t fit in front of a mirror? There are actually several options. One is background-oriented schrilien, which we’ve covered here. With a known background, deviations from it can be extracted using digital signal processing techniques. We showed it working with a smart phone and a printed page, but you can use any non-uniform background. NASA uses the ground: by looking down, Airborn Background Oriented Schlieren (AirBOS) can provide flow visualization of shockwaves and vortices around an airplane in flight.

In the days before we all had supercomputers in our pockets, large-scale flow-visualization was still possible; it just needed an optical trick. A pair of matching grids is needed: one before the lamp, creating a projection of light and dark, and a second one before the lens. Rays deflected by density variations will run into the camera grid. This was used to good effect by Gary S. Styles to visualize HVAC airflows in 1997
Can’t find a big mirror? Try a grid.
Which gets us to another application, separate from aerospace. Wind tunnel photos are very cool, but let’s be honest: most of us are not working on supersonic drones or rocket nozzles. Of course air flow does not have to be supersonic to create density variations; subsonic wind tunnels can be equipped with schlieren optics as well.
A commercial kitchen griddle and exhaust hood in use with cooking fumes made visible by the schlieren technique.HVAC as you’ve never seen it before. Imagine those were ABS fumes? (Image from Styles, 1997.)
Or maybe you are more concerned with airflow around components? To ID a hotspot on a board, IR photography is much easier. On the other hand, if your hotspot is due to insufficient cooling rather than component failure? Schlieren imagery can help you visualize the flow of air around the board, letting you optimize the cooling paths.

That’s probably going to be easiest with the background-oriented version: you can just stick the background on one side of your project’s enclosure and go to work. I think that if any of you start using schlieren imaging in your projects, this might be the killer app that will inspire you to do so.

Another place we use air? In the maker space. I have yet to see someone use schlieren photography to tweak the cooling ducts on their 3D printer, but you certainly could. (It has been used to see shielding gasses in welding, for example.) For that matter, depending what you print, proper exhaust of the fumes is a major health concern. Those fumes will show up easily, given the temperature difference, and possibly even the chemical composition changing the density of the air.

Remember that the key thing being imaged isn’t temperature difference, but density difference. Sound waves are density waves, can they be imaged in this way? Yes! The standing waves in ultrasonic levitation rigs are a popular target. Stroboscopic effects can be used for non-standing waves, though keep in mind that the sound pressure level is the inverse of frequency, so audible frequencies may not be practical if you like your eardrums.
Standing waves in an ultrasonic levitation device, visualized.Schlieren photograph of a sugar cube dissolving under
Schlieren photography isn’t limited to air. Density variations in liquids and solids are game, too. Want to see how multiple solutions of varying density or tempeature are mixing? Schlieren imaging has you covered. Watch convection in a water tank? Or, if you happen to be making lenses, you could go right back to basics and use one of the schlieren techniques discussed here to help you make them perfect.

The real reason I’m writing about these techniques aren’t the varied applications I hope you hackers can put them to: it’s an excuse to collect all the pretty pictures of flow visualization I can cram into this article. So if you read this and thought “I have no practical reason to use this technique, but it does seem cool” – great! We’re in the same boat. Let’s make some pretty pictures. It still counts as a hack.


A Constant-Fraction Discriminator for Sub-Nanosecond Timing


An oscilloscope display is shown, showing two plots. A blue plot is shown at one level, and over multiple exposures at different places, it jumps to a higher level. Another yellow trace is shown which, at some point after the blue trace has jumped to a higher level, also jumps cleanly to a higher level. The yellow line is labeled "CFD output," while the blue line is labeled "leading edge discriminator."

Detecting a signal pulse is usually basic electronics, but you start to find more complications when you need to time the signal’s arrival in the picoseconds domain. These include the time-walk effect: if your circuit compares the input with a set threshold, a stronger signal will cross the threshold faster than a weaker signal arriving at the same time, so stronger signals seem to arrive faster. A constant-fraction discriminator solves this by triggering at a constant fraction of the signal pulse, and [Michael Wiebusch] recently presented a hacker-friendly implementation of the design (open-access paper).

A constant-fraction discriminator splits the input signal into two components, inverts one component and attenuates it, and delays the other component by a predetermined amount. The sum of these components always crosses zero at a fixed fraction of the original pulse. Instead of checking for a voltage threshold, the processing circuitry detects this zero-crossing. Unfortunately, these circuits tend to require very fast (read “expensive”) operational amplifiers.

This is where [Michael]’s design shines: it uses only a few cheap integrated circuits and transistors, some resistors and capacitors, a length of coaxial line as a delay, and absolutely no op-amps. This circuit has remarkable precision, with a timing standard deviation of 60 picoseconds. The only downside is that the circuit has to be designed to work with a particular signal pulse length, but the basic design should be widely adaptable for different pulses.

[Michael] designed this circuit for a gamma-ray spectrometer, of which we’ve seen a few examples before. In a spectrometer, the discriminator would process signals from photomultiplier tubes or scintillators, such as we’ve covered before.


hackaday.com/2025/05/08/a-cons…


3D Printed TPU Bellows with PLA Interface Layers


Of all FDM filament types, flexible ones such as TPU invite a whole new way of thinking, as well as applications. Case in point the TPU-based bellows that the [Functional Part Friday] channel on YouTube recently demonstrated.

The idea is quite straightforward: you print TPU and PLA in alternating layers, making sure that the TPU is connected to its previous layer in an alternating fashion. After printing, you peel the PLA and TPU apart, remove the PLA layers and presto, you got yourself bellows.

There were some issues along the way, of course. Case in point the differences between TPU from different brands (Sainsmart, Sunlu) that caused some headaches, and most of all the incompatibility between the Bambu Lab AMS and TPU that led to incredibly brittle TPU prints. This required bypassing the feed mechanism in the AMS, which subsequently went down a rabbit hole of preventing the PTFE tube from getting sucked into the AMS. Being able to print TPU & PLA at the same time also requires a printer with two independent extruders like the Bambu Lab H2D used here, as both materials do not mix in any way. Great news for H2D and IDEX printer owners, of course.

As for practical applications for bellows, beyond printing your own 1900s-era camera, accordion or hand air bellows, you can also create lathe way covers and so on.

youtube.com/embed/UFrWfnwD3aU?…


hackaday.com/2025/05/08/3d-pri…


LockBit hacked! Deface dei loro siti ed esposizione dei dati degli affiliati!


La scorsa notte, il gruppo ransomware LockBit ha subito un grave attacco informatico che ha compromesso la sua infrastruttura nel dark web. Gli affiliati e gli amministratori del gruppo hanno trovato i loro pannelli di controllo compromessi e le home modificate con il messaggio: “Don’t do crime CRIME IS BAD xoxo from Prague”, accompagnato da un link per scaricare un file denominato “paneldb_dump.zip” contenente un dump del database MySQL del gruppo.

L’archivio trapelato include informazioni altamente sensibili, tra cui:

  • 59.975 indirizzi Bitcoin utilizzati per le transazioni del gruppo.
  • 4.442 messaggi di negoziazione tra LockBit e le sue vittime, datati tra dicembre 2024 e aprile 2025.
  • Configurazioni dei ransomware utilizzati negli attacchi, inclusi dettagli su quali file o sistemi evitare.
  • Elenco di 75 affiliati e amministratori, con password in chiaro come “Weekendlover69” e “Lockbitproud231”.



Il leader del gruppo, noto come “LockBitSupp”, ha confermato la violazione, affermando che non sono state compromesse chiavi private o dati critici.

Da un’analisi veloce del dump SQL abbiamo notato che il database è stato esfiltrato il 29 Aprile, quindi possiamo ragionevolmente supporre che in quella data xoxo From Prague (o chiunque ci sia dietro a questo data leak) abbia dumpato il database e solo nella notte fra il 7 e l’8 Maggio sia stato eseguito il deface dei siti.

Questo attacco rappresenta un duro colpo per LockBit, già indebolito da precedenti operazioni delle forze dell’ordine, come “Operation Cronos”, che aveva portato al sequestro di server, arresti e sanzioni internazionali.

La fuga di dati offre agli esperti di sicurezza e alle autorità un’opportunità unica per analizzare le operazioni interne di LockBit e potrebbe accelerare ulteriori azioni legali contro i suoi membri.

Per adesso chiudiamo l’articolo con una dichiarazione di LockBitSUP

!!! LockBitSupp statement: “It’s Not Scary to Fall – It’s Scary Not to Get Up”


L'articolo LockBit hacked! Deface dei loro siti ed esposizione dei dati degli affiliati! proviene da il blog della sicurezza informatica.


Jellybean Mac Hides Modern PC


The iMac G3 is an absolute icon of industrial design, as (or perhaps more) era-defining than the Mac Classic before it. In the modern day, if your old iMac even boots, well, you can’t do much with it. [Rick Norcross] got a hold of a dead (hopefully irreparable) specimen, and stuffed a modern PC inside of it.

From the outside, it’s suprizingly hard to tell. Of course the CRT had to go, replaced with a 15″ ELO panel that fits well after being de-bezeled. (If its resolution is only 1024 x 768, well, it’s also only 15″, and that pixel density matches the case.) An M-ATX motherboard squeezes right in, above a modular PSU. Cooling comes from a 140 mm case fan placed under the original handle. Of course you can’t have an old Mac without a startup chime, and [Rick] obliges by including an Adafruit FX board wired to the internal speakers, set to chime on power-up while the PC components are booting.

These sorts of mods have proven controversial in the past– certainly there’s good reason to want to preserve aging hardware–but perhaps with this generation of iMac it won’t raise the same ire as when someone guts a Mac Classic. We’ve seen the same treatment given to a G4 iMac, but somehow the lamp doesn’t quite have the same place in our hearts as the redoubtable jellybean.


hackaday.com/2025/05/07/jellyb…


Superconductivity News: What Makes Floquet Majorana Fermions Special for Quantum Computing?


Researchers from the USA and India have proposed that Floquet Majorana fermions may improve quantum computing by controlling superconducting currents, potentially reducing errors and increasing stability.

In a study published in Physical Review Letters that was co-authored by [Babak Seradjeh], a Professor of Physics at Indiana University Bloomington, and theoretical physicists [Rekha Kumari] and [Arijit Kundu], from the Indian Institute of Technology Kanpur, the scientists validate their theory using numerical simulations.

In the absence of room-temperature superconductors — the Holy Grail of superconductivity, everybody put your thinking caps on! — the low temperatures required lead to expense (for cooling) and errors (due to decoherence) which need to be managed. Using the techniques proposed by the study, quantum information may be modeled non-locally and be spread out spatially in a material, making it more stable and less error prone, immune to local noise and fluctuations.

Majorana fermions are named after Italian physicist [Ettore Majorana] who proposed them in 1937. Unlike most particles, Majorana fermions are their own antiparticles. In the year 2000 mathematical physicist [Alexei Kitaev] realized Majorana fermions can exist not only as elementary particles but also as quantum excitations in certain materials known as topological superconductors. Topological superconductors differ from regular superconductors in that they have unique, stable quantum states on their surface or edges that are protected by the material’s underlying topology.

Superconductivity is such an interesting phenomenon, where electrical resistance all but vanishes in certain materials when they are very cold. Usually to induce a current in a material you apply a voltage, or potential difference, in order to create the electrical pressure that results in the current. But in a superconductor currents can flow in the absence of an applied voltage. This is because of a peculiar quantum tunneling process known as the “Josephson effect”. It is hoped that by tuning the Josephson current using a superconductor’s “chemical potential” that we discover a new level of control over quantum materials.

Ettore Majorana picture: Mondadori Collection, Public domain.


hackaday.com/2025/05/07/superc…


Wireless USB Autopsy


It might seem strange to people like us, but normal people hate wires. Really hate wires. A lot. So it makes sense that with so many wireless technologies, there should be a way to do USB over wireless. There is, but it really hasn’t caught on outside of a few small pockets. [Cameron Kaiser] wants to share why he thinks the technology never went anywhere.

Wireless USB makes sense. We have high-speed wireless networking. Bluetooth doesn’t handle that kind of speed, but forms a workable wireless network. In the background, of course, would be competing standards.

Texas Instruments and Intel wanted to use multiband orthogonal frequency-division multiplexing (MB-OFDM) to carry data using a large number of subcarriers. Motorola (later Freescale), HP, and others were backing the competing direct sequence ultra-wideband or DS-UWB. Attempts to come up with a common system degenerated.

This led to two systems W-USB (later CF-USB) and CW-USB. CF-USB looked just like regular USB to the computer and software. It was essentially a hub that had wireless connections. CW-USB, on the other hand, had cool special features, but required changes at the driver and operating system level.

Check out the post to see a bewildering array of orphaned and incompatible products that just never caught on. As [Cameron] points out, WiFi and Bluetooth have improved to the point that these devices are now largely obsolete.

Of course, you can transport USB over WiFi, and maybe that’s the best answer, today. That is, if you really hate wires.


hackaday.com/2025/05/07/wirele…


Allarme AgID: truffe SPID con siti altamente attendibili mettono in pericolo i cittadini


È stata individuata una campagna di phishing mirata agli utenti SPID dal gruppo del CERT-AgID, che sfrutta indebitamente il nome e il logo della stessa AgID, insieme al dominio recentemente registrato agidgov[.]com, non riconducibile all’Agenzia.

Il messaggio fraudolento, con oggetto “Sospensione imminente SPID: azione obbligatoria“, invita l’utente ad aggiornare la propria documentazione, inducendolo a cliccare su un pulsante etichettato “Aggiorna la Documentazione“, che rimanda al sito malevolo.

L’obiettivo della campagna è sottrarre le credenziali SPID delle vittime, insieme a copie di documenti di identità e a video registrati secondo istruzioni specifiche per la procedura di riconoscimento, come: “Guarda verso la telecamera. Rimani serio, poi sorridi“.

Azioni di contrasto


È stata richiesta la disattivazione del dominio malevolo al fine di prevenire ulteriori compromissioni. Gli IoC relativi alla campagna sono stati diramati attraverso il Feed IoC del CERT-AGID verso le strutture accreditate.

Si raccomanda di prestare sempre la massima attenzione a questo tipo di comunicazioni, in particolare quando contengono collegamenti ritenuti sospetti. Nel dubbio, è sempre possibile inoltrare le email ritenute

Phishing sempre più sofisticato: l’AI al servizio della truffa


Il fenomeno del phishing si è evoluto drasticamente negli ultimi anni, grazie anche all’impiego dell’intelligenza artificiale per generare siti web contraffatti quasi indistinguibili dagli originali. Questi portali imitano in modo sorprendentemente accurato la grafica, il linguaggio e il comportamento dei siti ufficiali di enti pubblici o aziende private, rendendo estremamente difficile per l’utente medio accorgersi del raggiro.

Nel caso specifico segnalato dal CERT-AGID, il dominio fraudolento agidgov[.]com riproduceva fedelmente il layout e i contenuti del sito dell’Agenzia per l’Italia Digitale, inducendo l’utente a inserire le proprie credenziali SPID in un ambiente che appariva del tutto legittimo.

Fidarsi… ma verificare


Per difendersi, non basta più fare attenzione ai soli errori grammaticali o ai loghi sgranati. È fondamentale conoscere le normali modalità operative delle agenzie e delle aziende:

  • Le istituzioni pubbliche non richiedono mai via email o SMS l’inserimento diretto delle credenziali SPID.
  • Diffidare da messaggi che inducono urgenza o paura per costringere l’utente ad agire impulsivamente.
  • Se un messaggio o una pagina sembra sospetta, è sempre bene controllare l’indirizzo web (URL) e confrontarlo con quello ufficiale o, in caso di dubbio, contattare direttamente l’ente coinvolto tramite i canali ufficiali.

L'articolo Allarme AgID: truffe SPID con siti altamente attendibili mettono in pericolo i cittadini proviene da il blog della sicurezza informatica.


In Cina è Rivoluzione IA! 17 nuovi centri di ricerca accademici nati in un solo giorno


Il 6 maggio, l’Università Sun Yat-sen ha ospitato una conferenza dedicata allo sviluppo dell’intelligenza artificiale, durante la quale è stato ufficialmente inaugurato l’Istituto di Ricerca sull’Intelligenza Artificiale e annunciata la creazione di 17 nuovi centri di ricerca. Qian Depei, accademico dell’Accademia Cinese delle Scienze e primo preside della Facoltà di Informatica dell’università, presiederà il Comitato Accademico dell’Istituto.

Chen Hongbo, vicepresidente esecutivo dell’Istituto, ha spiegato che l’iniziativa integra le competenze scientifiche presenti nei vari dipartimenti dell’ateneo, articolandosi su tre livelli: “materia”, “fondamento” e “applicazione” dell’intelligenza artificiale.

L’obiettivo è affrontare le sfide strategiche nazionali, valorizzare i vantaggi industriali della Greater Bay Area e promuovere ambiti tecnologici chiave come i modelli multimodali di grandi dimensioni, i chip neuromorfici a basso consumo, i sistemi autonomi, l’economia a bassa quota e altri settori emergenti. Il fine ultimo è creare un ecosistema su larga scala che unisca industria, ricerca, accademia e applicazione.

La Cina sembra oramai oggi arrivata al pareggio con gli Stati Uniti, tanto che il NYT ha riportato questi traguardi raggiunti in appena 19 mesi da parte della Cina con un articolo che riporta “La posta in gioco di questa competizione è alta. Le principali aziende statunitensi hanno in gran parte sviluppato modelli di intelligenza artificiale proprietari e addebitato royalties per il loro utilizzo, in parte perché addestrare i loro modelli costa centinaia di milioni di dollari. Le aziende cinesi di intelligenza artificiale stanno espandendo la loro influenza rendendo disponibili gratuitamente i loro modelli al pubblico, che può utilizzarli, scaricarli e modificarli, rendendoli così più accessibili a ricercatori e sviluppatori di tutto il mondo.”

I 17 centri di ricerca copriranno una vasta gamma di settori interdisciplinari tra arti, scienze, medicina e ingegneria. Tra le aree di interesse figurano: calcolo scientifico ad alte prestazioni, fondamenti matematici dell’IA, chip e sistemi intelligenti, dispositivi di rilevamento ispirati al cervello umano, software intelligenti, modelli multi-agente e intelligenza incarnata, IA applicata ai big data medici e intelligenza collettiva.

Gao Song, presidente dell’Università e anch’egli accademico dell’Accademia Cinese delle Scienze, ha sottolineato il duplice approccio dell’ateneo: da un lato, rafforzare la ricerca teorica e lo sviluppo di tecnologie chiave come chip avanzati e software di base; dall’altro, utilizzare l’intelligenza artificiale per guidare un cambiamento di paradigma nella ricerca scientifica, promuovendo innovazioni tecnologiche rivoluzionarie in più settori.

Nel corso dell’evento è stato presentato anche il Piano di Lavoro per la Promozione dell’Intelligenza Artificiale, che include 15 iniziative suddivise in tre ambiti: formazione dei talenti, innovazione scientifica e tecnologica, e governance. L’università prevede di consolidare le risorse informatiche, migliorare i meccanismi di supporto e creare un ambiente favorevole per lo sviluppo dell’IA e la valorizzazione dei talenti.

Zhu Kongjun, segretario del comitato di partito dell’ateneo, ha dichiarato che, in quanto istituzione di riferimento della Greater Bay Area del Guangdong-Hong Kong-Macao, la Sun Yat-sen University si assume la responsabilità di guidare lo sviluppo strategico dell’IA, con un focus sull’autosufficienza tecnologica, sull’innovazione di base e sull’applicazione concreta al servizio degli obiettivi nazionali.

Fondato nel giugno 2020, l’Istituto di Ricerca sull’Intelligenza Artificiale ha ampliato ulteriormente le proprie attività nel dicembre 2024, entrando in piena operatività con una sede di oltre 40.000 metri quadrati e numerose piattaforme sperimentali di livello mondiale.

L'articolo In Cina è Rivoluzione IA! 17 nuovi centri di ricerca accademici nati in un solo giorno proviene da il blog della sicurezza informatica.


Big Chemistry: Cement and Concrete


Not too long ago, I was searching for ideas for the next installment of the “Big Chemistry” series when I found an article that discussed the world’s most-produced chemicals. It was an interesting article, right up my alley, and helpfully contained a top-ten list that I could use as a crib sheet for future articles, at least for the ones I hadn’t covered already, like the Haber-Bosch process for ammonia.

Number one on the list surprised me, though: sulfuric acid. The article stated that it was far and away the most produced chemical in the world, with 36 million tons produced every year in the United States alone, out of something like 265 million tons a year globally. It’s used in a vast number of industrial processes, and pretty much everywhere you need something cleaned or dissolved or oxidized, you’ll find sulfuric acid.

Staggering numbers, to be sure, but is it really the most produced chemical on Earth? I’d argue not by a long shot, when there’s a chemical that we make 4.4 billion tons of every year: Portland cement. It might not seem like a chemical in the traditional sense of the word, but once you get a look at what it takes to make the stuff, how finely tuned it can be for specific uses, and how when mixed with sand, gravel, and water it becomes the stuff that holds our world together, you might agree that cement and concrete fit the bill of “Big Chemistry.”

Rock Glue


To kick things off, it might be helpful to define some basic terms. Despite the tendency to use them as synonyms among laypeople, “cement” and “concrete” are entirely different things. Concrete is the finished building material of which cement is only one part, albeit a critical part. Cement is, for lack of a better term, the glue that binds gravel and sand together into a coherent mass, allowing it to be used as a building material.
What did the Romans ever do for us? The concrete dome of the Pantheon is still standing after 2,000 years. Source: Image by Sean O’Neill from Flickr via Monolithic Dome Institute (CC BY-ND 2.0)
It’s not entirely clear who first discovered that calcium oxide, or lime, mixed with certain silicate materials would form a binder strong enough to stick rocks together, but it certainly goes back into antiquity. The Romans get an outsized but well-deserved portion of the credit thanks to their use of pozzolana, a silicate-rich volcanic ash, to make the concrete that held the aqueducts together and built such amazing structures as the dome of the Pantheon. But the use of cement in one form or another can be traced back at least to ancient Egypt, and probably beyond.

Although there are many kinds of cement, we’ll limit our discussion to Portland cement, mainly because it’s what is almost exclusively manufactured today. (The “Portland” name was a bit of branding by its inventor, Joseph Aspdin, who thought the cured product resembled the famous limestone from the Isle of Portland off the coast of Dorset in the English Channel.)

Portland cement manufacturing begins with harvesting its primary raw material, limestone. Limestone is a sedimentary rock rich in carbonates, especially calcium carbonate (CaCO3), which tends to be found in areas once covered by warm, shallow inland seas. Along with the fact that limestone forms between 20% and 25% of all sedimentary rocks on Earth, that makes limestone deposits pretty easy to find and exploit.

Cement production begins with quarrying and crushing vast amounts of limestone. Cement plants are usually built alongside the quarries that produce the limestone or even right within them, to reduce transportation costs. Crushed limestone can be moved around the plant on conveyor belts or using powerful fans to blow the crushed rock through large pipes. Smaller plants might simply move raw materials around using haul trucks and front-end loaders. Along with the other primary ingredient, clay, limestone is stored in large silos located close to the star of the show: the rotary kiln.

Turning and Burning


A rotary kiln is an enormous tube, up to seven meters in diameter and perhaps 80 m long, set on a slight angle from the horizontal by a series of supports along its length. The supports have bearings built into them that allow the whole assembly to turn slowly, hence the name. The kiln is lined with refractory materials to resist the flames of a burner set in the lower end of the tube. Exhaust gases exit the kiln from the upper end through a riser pipe, which directs the hot gas through a series of preheaters that slowly raise the temperature of the entering raw materials, known as rawmix.
The rotary kiln is the centerpiece of Portland cement production. While hard to see in this photo, the body of the kiln tilts slightly down toward the structure on the left, where the burner enters and finished clinker exits. Source: by nordroden, via Adobe Stock (licensed).
Preheating the rawmix drives off any remaining water before it enters the kiln, and begins the decomposition of limestone into lime, or calcium oxide:

CaCO_{3} \rightarrow CaO + CO_{2}

The rotation of the kiln along with its slight slope results in a slow migration of rawmix down the length of the kiln and into increasingly hotter regions. Different reactions occur as the temperature increases. At the top of the kiln, the 500 °C heat decomposes the clay into silicate and aluminum oxide. Further down, as the heat reaches the 800 °C range, calcium oxide reacts with silicate to form the calcium silicate mineral known as belite:

2CaO + SiO_{2} \rightarrow 2CaO\cdot SiO_{2}

Finally, near the bottom of the kiln, belite and calcium oxide react to form another calcium silicate, alite:

2CaO\cdot SiO_{2} + CaO \rightarrow 3CaO\cdot SiO_{2}

It’s worth noting that cement chemists have a specialized nomenclature for alite, belite, and all the other intermediary phases of Portland cement production. It’s a shorthand that looks similar to standard chemical nomenclature, and while we’re sure it makes things easier for them, it’s somewhat infuriating to outsiders. We’ll stick to standard notation here to make things simpler. It’s also important to note that the aluminates that decomposed from the clay are still present in the rawmix. Even though they’re not shown in these reactions, they’re still critical to the proper curing of the cement.
Portland cement clinker. Each ball is just a couple of centimeters in diameter. Source: مرتضا, Public domain
The final section of the kiln is the hottest, at 1,500 °C. The extreme heat causes the material to sinter, a physical change that partially melts the particles and adheres them together into small, gray lumps called clinker. When the clinker pellets drop from the bottom of the kiln, they are still incandescently hot. Blasts of air that rapidly bring the clinker down to around 100 °C. The exhaust from the clinker cooler joins the kiln exhaust and helps preheat the incoming rawmix charge, while the cooled clinker is mixed with a small amount of gypsum and ground in a ball mill. The fine gray powder is either bagged or piped into bulk containers for shipment by road, rail, or bulk cargo ship.

The Cure


Most cement is shipped to concrete plants, which tend to be much more widely distributed than cement plants due to the perishable nature of the product they produce. True, both plants rely on nearby deposits of easily accessible rock, but where cement requires limestone, the gravel and sand that go into concrete can come from a wide variety of rock types.

Concrete plants quarry massive amounts of rock, crush it to specifications, and stockpile the material until needed. Orders for concrete are fulfilled by mixing gravel and sand in the proper proportions in a mixer housed in a batch house, which is elevated above the ground to allow space for mixer trucks to drive underneath. The batch house operators mix aggregate, sand, and any other admixtures the customer might require, such as plasticizers, retarders, accelerants, or reinforcers like chopped fiberglass, before adding the prescribed amount of cement from storage silos. Water may or may not be added to the mix at this point. If the distance from the concrete plant to the job site is far enough, it may make sense to load the dry mix into the mixer truck and add the water later. But once the water goes into the mix, the clock starts ticking, because the cement begins to cure.

youtube.com/embed/mJyUUnjih1k?…

Cement curing is a complex process involving the calcium silicates (alite and belite) in the cement, as well as the aluminate phases. Overall, the calcium silicates are hydrated by the water into a gel-like substance of calcium oxide and silicate. For alite, the reaction is:

Ca_{3}SiO_{5} + H_{2}O \rightarrow CaO\cdot SiO_{2} \cdot H_{2}O + Ca(OH)_{2}
Scanning electron micrograph of cured Portland cement, showing needle-like ettringite and plate-like calcium oxide. Source: US Department of Transportation, Public domain
At the same time, the aluminate phases in the cement are being hydrated and interacting with the gypsum, which prevents early setting by forming a mineral known as ettringite. Without the needle-like ettringite crystals, aluminate ions would adsorb onto alite and block it from hydrating, which would quickly reduce the plasticity of the mix. Ideally, the ettringite crystals interlock with the calcium silicate gel, which binds to the surface of the sand and gravel and locks it into a solid.

Depending on which adjuvants were added to the mix, most concretes begin to lose workability within a few hours of rehydration. Initial curing is generally complete within about 24 hours, but the curing process continues long after the material has solidified. Concrete in this state is referred to as “green,” and continues to gain strength over a period of weeks or even months.


hackaday.com/2025/05/07/big-ch…


Quando l’AI Diventa Troppo Social: Il Caso Grok e la Manipolazione delle Immagini Femminili


La piattaforma X si è ritrovata nuovamente al centro di uno scandalo etico, questa volta a causa del comportamento del chatbot Grok, creato dall’azienda di Elon Musk. Gli utenti dei social network hanno iniziato a usare in massa l’intelligenza artificiale per “spogliare” le donne in pubblico. Tutto quello che devi fare è lasciare un commento con un’immagine e la frase “toglietele i vestiti” sotto la foto di qualcuno, e Grok creerà un’immagine modificata della donna in biancheria intima o in costume da bagno. In alcuni casi, invece di un’immagine, il bot fornisce un collegamento a una chat separata in cui avviene la generazione.

Questa accessibilità della funzione e la possibilità di avviarla direttamente nei commenti sotto i post pubblici rendono la situazione particolarmente tossica. Non stiamo parlando di siti specializzati con accesso a pagamento ai deepfake, ma di un normale social network, dove l’immagine diventa immediatamente una risposta al post originale della vittima. Anche se Grok non crea immagini completamente nude come altri bot, le conseguenze di queste immagini “semi-nude” non sono meno traumatiche.

Dal Kenya giungono le prime denunce di una nuova ondata di abusi. A quanto pare, è stato proprio lì che la funzione “spogliarsi” tramite Grok ha riscosso particolare popolarità all’inizio di maggio. I media locali hanno riferito che un gran numero di utenti si è lamentato di tali azioni. Una ricerca su Platform X rivela decine di tentativi simili rivolti alle donne che hanno pubblicato le loro foto. La protezione non è un’opzione. È una necessità.

I ricercatori sui diritti umani hanno pubblicato uno screenshot di Grok in azione e hanno chiesto direttamente all’IA di X se avesse adottato misure di sicurezza sistemiche, come filtri, errori di decodifica o apprendimento per rinforzo, per evitare di generare contenuti non etici. Grok ha risposto pubblicamente riconoscendo l’errore e affermando che l’incidente era dovuto a una protezione insufficiente contro le richieste dannose. Nella risposta si sottolinea che il team sta rivedendo le proprie politiche di sicurezza per migliorare la trasparenza e la tutela della privacy.

Tuttavia, nonostante le scuse, il bot ha continuato a soddisfare tali richieste. I tentativi di chiedere a Grok di “rendere una persona completamente nuda” si scontrano effettivamente con un rifiuto, ma le fasi intermedie, ovvero l’immagine di una donna in lingerie, restano per ora disponibili. L’IA accompagna addirittura alcune richieste respinte con spiegazioni circa l’inammissibilità di creare immagini con una totale violazione della privacy, sebbene aggiunga subito che l’immagine in biancheria intima è già stata generata.

Questo squilibrio nelle risposte del sistema evidenzia l’imperfezione dei filtri esistenti e la mancanza di reali limitazioni a livello di interfaccia utente. Tuttavia, l’amministrazione X non ha ancora commentato la situazione.

Molti utenti stanno già esprimendo apertamente la loro indignazione. Secondo loro, usare l’intelligenza artificiale per manipolare immagini di donne senza consenso non è intrattenimento tecnologico, ma una forma di violenza digitale. Alcuni paragonano ciò che sta accadendo a una violazione di massa dei confini, mascherata dall’interfaccia di un chatbot di tendenza.

L'articolo Quando l’AI Diventa Troppo Social: Il Caso Grok e la Manipolazione delle Immagini Femminili proviene da il blog della sicurezza informatica.


Magic On Your Desk via MagLev Toy


Diagram showing the structure of the base.

Magnets aren’t magic, but sometimes you can do things with them to fool the uninitiated — like levitating. [Jonathan Lock] does that with his new maglev desk toy, that looks like at least a level 2 enchantment.

This levitator is USB-powered, and typically draws 1 W to 3 W to levitate masses between 10 g and 500 g. The base can provide 3 V to 5 V inductive power to the levitator to the tune of 10 mA to 50 mA, which is enough for some interesting possibilities, starting with the lights and motors [Jonathan] has tried.

In construction it is much like the commercial units you’ve seen: four permanent magnets that repel another magnet in the levitator. Since such an arrangement is about as stable as balancing a basketball on a piece of spaghetti, the permanent magnets are wrapped in control coils that pull the levitator back to the center on a 1 kHz loop. This is accomplished by way of a hall sensor and an STM32 microcontroller running a PID loop. The custom PCB also has an onboard ESP32, but it’s used as a very overpowered USB/UART converter to talk to the STM32 for tuning in the current firmware.

If you think one of these would be nice to have on your desk, check it out on [Jonathan]’s GitLab. It’s all there, from a detailed build guide (with easy-to-follow animated GIF instructions) to CAD files and firmware. Kudos to [Jonathan] for the quality write-up; sometimes documenting is the hardest part of a project, and it’s worth acknowledging that as well as the technical aspects.

We’ve written about magnetic levitation before, but it doesn’t always go as well as this project. Other times, it very much does. There are also other ways to accomplish the same feat, some of which can lift quite a bit more.


hackaday.com/2025/05/07/magic-…


Can we fix the digital transatlantic relationship?


Can we fix the digital transatlantic relationship?
WELCOME BACK TO DIGITAL BRIDGE. I'm Mark Scott, and this weekend marked May 4th — also known as Star Wars Day, for those who follow such things. This video plays in my head every time I have to explain the Star Wars basics to a non-fan.

For anyone in Brussels on May 15, I'll be co-hosting a tech policy gathering in the EU Quarter. We're running a waiting list, so add your name here and we'll try to open up some more slots.

— The transatlantic relationship on tech is in the worst shape in decades. Here are some ways to improve it — even if wider political tension remain.

— A far-right candidate won the first round of Romania's presidential election. Europe has not responded well to the digital fall-out.

— Media freedom has been significantly curtailed over the last decade amid people's shift toward social media for their understanding of the world.

Let's get started:


LET'S BE CLEAR: THE TRANSATLANTIC RELATIONSHIP on tech is the worst I've seen in 20 years. The White House has already made clear it views European Union digital regulation as akin to protectionist tariffs, as well as an unfair check on free speech. The Berlaymont Building — home to the European Commission — has struggled to secure high-level meetings for its digital officials whenever they've made it to Washington. It also has doubled down on internal efforts to promote European economic interests over those from outside the bloc via public funds dedicated to the next generation of emerging technology.

In short, Brussels and Washington are talking past each other. Even when United States and EU officials disagreed — as they often did — in the past, there was always an informal line of communication between policymakers to ease tensions. That came from individuals, on both sides, who had invested a significant amount of personal capital in building ties with each other. People met at conferences. They swapped cellphone numbers. They built professional, and sometimes personal, relationships with their counterparts in each respective city.

I wouldn't say those networks are completely gone. But they are certainly on life support. It has left the world's two most important democratic powers at a crossroads. And on digital policymaking, I'm seeing more and more signs that the EU and other parts of the democratic world (with the significant exceptions of the United Kingdom and Japan) now willing to distance themselves from their one-time trusted ally.

But after I outlined that theory a couple of weeks ago in Digital Politics, many of you got in touch with a fair criticism. We get things are bad, went the emails. But where are the areas of common ground that can keep the (digital) embers alive — even if the transatlantic fire looks like it's going out?

Fair point. It's easy to criticize. It's harder to offer solutions. So here goes.

First, one chess piece worth taking off the board. In many European capitals, there's a growing interest in working directly with US state leaders, most notably governors who have taken on an increasing leadership position on tech just as Washington has given up that role. I wouldn't put my eggs in that basket — even if that could include working directly with California on areas like artificial intelligence standards and international data flow rules.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in April:
— Why digital services won't be on the front line of the unfolding global trade war; Donald Trump's extension of the TikTok sale/ban doesn't solve any of the underlying problems; How different generations consume online media. More here.
— The idea that any tech giant has a monopoly on social media misunderstands how we all use these platforms; What's behind Brussels' renewed attempt to "streamline" its digital rulebook; Annual corporate investment in AI has grown 13-fold over the last decade. More here.
— Non-US policymakers are seriously considering how to pull back from the US on tech; The transatlantic consensus that Google is a monopoly will have long-term consequences, but it will take time to play out; Digital-focused civil society groups worldwide have been hurt by cuts in US government support. More here.
— Canada's recent election shows the limits on how the online world can shape offline politics; How to understand the European Commission's collective $790 million antitrust fine against Meta and Apple; Brussels will spend $66 million this year to enforce its online safety regime. More here.

As much as many would like to bypass the current situation in Washington (and I mean the wider morass of nothingness on tech, excluding the recent Take it Down Act that will likely be signed by Donald Trump), few, if any, foreign governments are willing to publicly push ahead with such US state-based digital diplomacy out of fear of negating decades-old international norms that national governments speak to other national governments on such foreign policy issues. Basically, working directly with US states is a non-starter for most non-US government officials.

OK, so where can we find common ground? Weirdly, antitrust policy feels like the most secure US-EU digital issue where both sides are forging ahead with a new collective consensus. Yes, the White House may not like the EU's Digital Markets Act (though it has remained mostly quiet about the recent fines against Meta and Apple, respectively.) And yes, many EU competition officials look at the decades of Washington's stalled antitrust investigations into Big Tech as a sign the US is too slow and/or too unwilling to act.

But in the last five years, there's been a growing consensus across the Atlantic that 1) parts of Silicon Valley have abused their market dominance; 2) consumers and smaller rivals have been unfairly affected by those actions; and 3) aggressive antitrust enforcement — including the potential break-up of some of these tech companies — is the only way to re-level the market.

If that doesn't sound like a first step toward a rekindled transatlantic relationship on tech, then I don't know what does.

Next, to the thorniest of topics: platform governance. Trump's aversion to European-style online safety rules is well-known. It was mostly shared by his Republican and Democratic predecessors in the White House. Brussels, too, hates the fact its internal media landscape is dominated by the likes of Instagram and YouTube.

But where both sides equally agree is that more needsto be done to protect minors for online predatory behavior, scams and potentially abusive content algorithms that have led to a series of EU and US efforts aimed at boosting digital child safety. Yes, this is not a like-for-like comparison. Some in the US have given parents too much control over what their kids can see on social media. Some in the EU want to impose age verification standards — in the name of child safety — that would fundamentally undermine how the current internet works.

But the basic premise — that children must be better protected as they navigate the online world — is an issue that both sides of the current transatlantic divide can agree on. What better way to maintain some form of ongoing EU-US relationship on tech?

The third area goes out to all the uber-wonks among us. Washington and Brussels should double down on the geekiest of digital technocratic standards as a means of bridging the political divide. That includes technical discussions that have thrived, for decades, in international and multi-stakeholder organizations like the 3rd Generation Partnership Project, or 3GPP, which sets global standards for telecommunications networks. Yes, I told you this stuff was geeky.

That would allow European and US officials — and, by extension companies — to continue talking, even if their political masters ratchet up the transatlantic trade dispute. It would also provide a greater level of certainty for American and EU businesses to invest in the digital world which is, according to both Brussels and Washington, an ongoing political objective.

So there you have it: competition, child safety and tech standards. Three areas that could be a foundation for ongoing talks and cooperation amid an increasingly geopolitical period. Runners-up tech topics also include: cybersecurity, defense and data flows. If you're interested in me unpacking those, let me know here.

The $64 million question is whether Washington and Brussels are willing and/or able to see beyond their short-term political fight to allow apolitical officials to continue the digital work they've been doing for years.

In normal circumstances, I would certainly hope so. But as anyone who has spent time in either Brussels or Washington this year will attest to, we're not living in normal circumstances. And even the hope of finding non-partisan digital topics upon which the transatlantic relationship can be rekindled feels more like a hope, currently, than a legitimate policymaking objective.

For some bonus content, here are my latest pieces for Tech Policy Press on how the US is pulling back from its global leadership on digital policy and how the EU is embracing its inner Trump, on tech, to Make Europe Great Again.


Chart of the Week


REPORTERS WITHOUT BORDERS, a nonprofit organization, compiles a yearly index that tracks five indicators — security, social, legislative, political and economic — on the health of countries' domestic media ecosystems.

The last decade has not been good. The chart on the left, from 2013, highlights that while the likes of China and Saudi Arabia scored poorly across the board, democratic states — including the majority of Europe and North America — were still viewed as "satisfactory" (the light orange color.)

Fast forward to 2025, and many of those democratic countries, including the US, have fallen (see chart on the right) into the "problematic" category (the dark orange color). That includes many parts of Central and Eastern Europe, too.

Can we fix the digital transatlantic relationship?
Can we fix the digital transatlantic relationship?

Source: World Press Freedom Index


What happened in Romania? Take Two


AS DIGITAL POLITICS WENT TO PRESS on May 4, George Simion, a far-right ultra-nationalist politician, had won the first round of Romania's presidential election. The leader of the anti-vaccine Alliance for the Union of Romanians secured 41 percent of the vote — less than the majority Simion would need to win outright. He will now face a run-off, on May 18, with Nicușor Dan, the mayor of Bucharest, garnered 21 percent of the first round vote.

For the latest on Romania's presidential election, see here, here and here.

The reason Romania is holding a do-over on its presidential election is because of claims, during the previous vote in November, that pro-Russian politician Calin Georgescu unfairly used TikTok to woo voters in his unlikely first-round victory. The ultra-nationalist politician came out of the blue to top the first-round poll, and national regulators accused the China-linked platform of failing to uphold the country's electoral rules.

In an unprecedented step, Romania's intelligence services then released redacted documents (overview here) accusing foreign actors (they didn't mention Russia, but that was the inference) of conducting 85,000 cyberattacks on the country's election infrastructure. They also suggested there was a cross-platform influence operation involving pro-Georgescu Telegram channels that coordinated messages which people could then post to TikTok and Facebook. The spooks said similar tactics had been used in Ukraine — but, again, Moscow was never specifically mentioned in the redacted documents.

Digital Politics now reaches thousands of tech-savvy readers worldwide. If you're interested in sponsoring the newsletter, get in touch here.

Not surprisingly, TikTok pushed back hard against accusations it had any role in Romania's last presidential election. It released a series of cherry-picked reports (see here and here) about how the platform had removed spam accounts, promoted authoritative information to voters and took down waves of false likes and follow requests.

In December, a senior Romanian court annulled Georgescu's presidential first-round win, in part because of the declassified intelligence documents. That same month, the European Commission opened an investigation into TikTok's role in the Romanian vote, focusing on how the tech giant may have failed to mitigate election-related risks. In February, Georgescu was placed under investigation for mostly potential campaign financing irregularities. And in March, he was barred from standing in this week's presidential re-run.

I get it. That's a lot to take in — especially for most of us who are not Romanian politics experts.

But what is central to the wider digital debate is that a presidential election of democratic European country was annulled based on unsubstantiated claims that one of the candidates had unfairly benefited from a social media campaign that, potentially, had ties to Russia. That then led to both domestic and EU investigations into campaign financing irregularities and the role of a foreign-owned social media platform in a European country's nationwide vote.

To date, no one has yet to be convicted of a crime. Brussels has yet to publish any evidence of TikTok's role in allowing a coordinated influence campaign to flourish on its platform ahead of the November election.

If true, both sets of accusations — related to Georgescu's alleged campaign financing issues and TikTok's role in the November presidential election — would be grounds for potentially annulling the first-round presidential election. And there is an argument that given the speed of events, local judges and the European Commission had no choice but to step in, even if no actual evidence had yet to be shown to a court to prove any of the accusations.

But my fear is that in annulling the first round election in November, and then barring Georgescu from standing in this weekend's vote, Romania's court has given ultranationalists and pro-Russian politicians an easy victory in the battle for hearts-and-minds.

Sign up for Digital Politics


Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.


No spam. Unsubscribe anytime.

Simion, another far-right ultra-nationalist politician, came first in the latest first-round presidential vote — and was closer to the 50 percent mark to secure an outright victory than many had expected. It's hard to argue there isn't a public groundswell of support for such opinions, now that similar pro-Russian presidential candidates have topped the polls in consecutive votes. And yes, TikTok was used again to communicate with voters. But its role in this weekend's election, based on what has been made public, was not significant compared to other means of reaching would-be supporters.

In jumping headlong into Romania's domestic politics, the European Commission also has over-stepped its role within the bloc's online safety regime, known as the Digital Services Act. Those rules do have a remit when it comes to election-related matters.

But by pulling the emergency cord in response to November's now-annulled election — via its ongoing investigation into TikTok's role in that vote — Brussels has made it easier for critics to claim the EU is willing to use its digital regulation to change voting decisions that officials in Brussels do not agree with.

I get it. That's not what is happening with the ongoing TikTok probe. But the perception for many on the outside is that the European Commission is weaponizing the Digital Services Act as part of efforts to nudge Romanians to vote against pro-Russian, far-right politicians.

That's just not a good look for the 27-country bloc as both domestic and non-EU influencers ramp up claims that Europe's online safety rules are an anti-democratic effort to censor online voices with whom it disagrees.


What I'm reading


— The Future of Privacy Forum breaks down all you need to know about South Korea's new AI regulatory framework. More here.

— Ireland's Data Protection Commission fined TikTok $600 million for failing to protect Europe's data via data transfer to China. TikTok's response here.

— International Association of Privacy Professionals explains why Colorado is reconsidering its approach to regulating artificial intelligence. More here.

— Researchers from the University of Zurich used AI-generated content in online discussions on Reddit to see if such content could change people's minds. The study received significant pushback for failing to gain consent of the people targeted by the AI-generated content. More here and here.

— The DSA40 Data Access Collaboratory published an in-depth FAQ on how Europe's online safety rules allow independent researchers to access platform data. More here.



digitalpolitics.co/newsletter0…


State of ransomware in 2025



Global ransomware trends and numbers


With the International Anti-Ransomware Day just around the corner on May 12, Kaspersky explores the ever-changing ransomware threat landscape and its implications for cybersecurity. According to Kaspersky Security Network data, the number of ransomware detections decreased by 18% from 2023 to 2024 – from 5,715,892 to 4,668,229. At the same time, the share of users affected by ransomware attacks increased by 0.02 p.p. to 0.44%. This smaller percentage compared to other cyberthreats is explained by the fact that attackers often don’t distribute this type of malware on a mass scale, but prioritize high-value targets, which reduces the overall number of incidents.

That said, if we look at incidents at organizations requiring immediate incident response services that were mitigated by Kaspersky’s Global Emergency Response Team (GERT), we’ll see that 41.6% of them were related to ransomware in 2024, compared to 33.3% in 2023. Targeted ransomware is likely to remain the primary threat to organizations around the world for the foreseeable future.

Below are some of the global trends that Kaspersky observed with ransomware in 2024.

Ransomware-as-a-Service (RaaS) dominance


The RaaS model remains the predominant framework for ransomware attacks, fueling their proliferation by lowering the technical barrier for cybercriminals. In 2024, RaaS platforms like RansomHub thrived by offering malware, technical support and affiliate programs that split the ransom (e.g., 90/10 for affiliates/core group). This model enables less-skilled actors to execute sophisticated attacks, contributing to the emergence of multiple new ransomware groups in 2024 alone. While traditional ransomware still exists, the scalability and profitability of RaaS make it the primary engine, with platforms evolving to include services such as initial access brokering and data exfiltration, ensuring its dominance into 2025.

Some groups continue to go cross-platform, while Windows remains the primary target


Many ransomware attacks still target Windows-based systems, reflecting the operating system’s widespread use in enterprise environments. The architecture of Windows, combined with vulnerabilities in software such as Remote Desktop Protocol (RDP) and unpatched systems, makes it a prime target for ransomware executables. In recent years, however, some attackers have diversified, with groups like RansomHub and Akira developing variants for Linux and VMware systems, particularly in cloud and virtualized environments. While Windows remains the epicenter, the growing focus on cross-platform ransomware signals a shift toward exploiting diverse infrastructures, especially as organizations adopt hybrid and cloud setups. This is not a new trend, and we expect it to persist in the coming years.

Overall ransomware payments down, average ransom payment up


According to Chainalysis, ransomware payments dropped significantly in 2024 to approximately $813.55 million, down 35% from a record $1.25 billion in 2023. On the other hand, Sophos reports that the average ransom payment surged from $1,542,333 in 2023 to $3,960,917 in 2024, reflecting a trend of targeting larger organizations with higher demands. This report also highlights that more organizations paid ransoms to get their data back, although other reports indicate that fewer organizations paid ransoms than in 2023. For example, according to Coveware, a company that specializes in fighting ransomware, the payment rate hit a record low of 25% in Q4 2024, down from 29% in Q4 2023, driven by law enforcement crackdowns, improved cybersecurity and regulatory pressures discouraging payments.

While encryption remains a core component of many ransomware attacks, the primary goal for some groups has shifted or expanded beyond locking data


In 2024, cybercriminals increasingly prioritized data exfiltration alongside, or sometimes instead of, encryption, focusing on stealing sensitive information to maximize leverage and profits or even extending threats to third parties such as customers, partners, suppliers, etc. Encryption is still widely used, but the rise of double and triple extortion tactics shows a strategic pivot. RansomHub and most modern ransomware groups often combine encryption with data theft, threatening to leak or sell stolen data if a ransom is not paid, making exfiltration a critical tactic.

Dismantled or disrupted ransomware actors in 2024


Several major ransomware groups faced significant disruptions in 2024, though the ecosystem’s resilience limited the long-term impact. LockBit, responsible for 27.78% of attacks in 2023, was hit hard by Operation Cronos in February 2024, with law enforcement seizing its infrastructure, arresting members and unmasking its leader, Dmitry Khoroshev. However, despite these efforts, LockBit relaunched its operations and remained active throughout 2024.

ALPHV/BlackCat, another prolific group, was dismantled after an FBI operation in December 2023, though affiliates migrated to other groups such as RansomHub. The Radar/Dispossessor operation was disrupted by the FBI in August 2024, and German authorities seized 47 cryptocurrency exchanges linked to ransomware laundering. Despite these takedowns, groups like RansomHub and Play quickly filled the void, underscoring the challenge of eradicating ransomware networks. However, according to the latest research, the RansomHub group presumably paused their operations as of April 1, 2025.

Some groups disappear, others pick up their work


When ransomware groups disband or disappear, their tools, tactics and infrastructure often remain accessible in the cybercriminal ecosystem, allowing other groups to adopt and enhance them. For example, groups like BlackMatter or REvil, after facing pressure from law enforcement, saw their code and methods reused by successors like BlackCat, which in turn was followed by Cicada3301. Disappearing groups may also sell their source code, exploit kits or affiliate models on dark web forums, enabling emerging or existing gangs to repurpose these resources. In addition, malicious tools are sometimes leaked to the internet, as was the case with LockBit 3.0. As a result, many smaller groups or individuals unrelated to the ransomware developers, including hacktivists and low-skilled cybercriminals, get hold of these tools and use them for their own purposes. This cycle of knowledge transfer accelerates the evolution of ransomware as new actors build on proven strategies, adapt to countermeasures, and exploit vulnerabilities faster than defenders can respond. In telemetry, these new groups using old toolkits can be identified as old groups (e.g., LockBit).

Ransomware groups increasingly developing their own custom toolkits


This is done to increase the effectiveness of their attacks and avoid detection. These toolkits often include exploitation tools, lateral movement tools, password attack tools, etc. that are tailored to specific targets or industries. By creating proprietary tools, these groups reduce their reliance on widely available, detectable exploits and maintain control over their operations. This in-house development also facilitates frequent updates to counter defenses and exploit new vulnerabilities, making their attacks more resilient and harder for cybersecurity measures to mitigate.

General vs. targeted ransomware share


Targeted ransomware attacks, aimed at specific organizations for maximum disruption and payout, focus on high-value targets such as hospitals, financial institutions and government agencies, leveraging reconnaissance and zero-day exploits for precision. General ransomware, which spreads indiscriminately via phishing or external devices, often affects smaller businesses or individuals with weaker defenses. The focus on targeted attacks reflects cybercriminals’ preference for larger ransoms, though general ransomware persists due to its low-effort, high-volume potential.

According to Kaspersky research, RansomHub was the most active group executing targeted attacks in 2024, followed by Play.

Each group’s share of victims according to its data leak site (DLS) as a percentage of all reported victims of all groups during the period under review (download)

AI tools used in ransomware development (FunkSec)


FunkSec emerged as a ransomware group in late 2024 and quickly gained notoriety, claiming multiple victims in December alone and outpacing established groups like Cl0p and RansomHub. Operating on a Ransomware-as-a-Service (RaaS) model, FunkSec employs a double extortion tactic that combines data encryption with exfiltration. The group targets sectors such as government, technology, finance and education in countries including India, Spain and Mongolia.

FunkSec is notable for its heavy reliance on AI-assisted tools, particularly in malware development. Its ransomware features AI-generated code with comments that are perfect from a language perspective, suggesting the use of large language models (LLMs) to streamline development and evade detection. Unlike typical ransomware groups that demand millions, FunkSec’s ransoms are unusually low, adopting a high-volume, low-cost approach.

Bring Your Own Vulnerable Driver attacks continue


Bring Your Own Vulnerable Driver (BYOVD) is an increasingly prevalent technique used in ransomware attacks to bypass security defenses and gain kernel-level access on Windows systems.

With BYOVD, attackers deploy a legitimate but vulnerable driver – often digitally signed by a trusted vendor or Microsoft – on a target system. These drivers, which operate at the kernel level (ring 0) with high privileges, contain exploitable flaws that allow attackers to disable security tools, escalate privileges or execute malicious code undetected. By leveraging signed drivers, attackers can evade Windows’ default security checks.

Although BYOVD is an advanced technique, there is a range of open-source tools like EDRSandblast and Backstab that lower the technical barriers and simplify such attacks. According to the Living Off The Land Drivers (LOLDrivers) project, hundreds of exploitable drivers are known, highlighting the scale of the problem. Attackers continue to find new vulnerable drivers, and tools like KDMapper allow mapping of unsigned drivers into memory via BYOVD, complicating defenses.

Regional ransomware trends and numbers

Share of users whose computers were attacked by crypto-ransomware, by region. Data from Kaspersky Security Network (download)

In the Middle East and Asia-Pacific regions, ransomware affected a higher share of users due to rapid digital transformation, expanding attack surfaces and varying levels of cybersecurity maturity. Enterprises in APAC were heavily targeted, driven by attacks on infrastructure and operational technology, especially in countries with growing economies and new data privacy laws.

Ransomware is less prevalent in Africa due to lower levels of digitization and economic constraints, which reduce the number of high-value targets. However, as countries like South Africa and Nigeria expand their digital economies, ransomware attacks are on the rise, particularly in the manufacturing, financial and government sectors. Limited cybersecurity awareness and resources leave many organizations vulnerable, though the smaller attack surface means the region remains behind global hotspots.

Latin America also experiences ransomware attacks, particularly in countries like Brazil, Argentina, Chile and Mexico. Manufacturing, agriculture, and retail, as well as critical sectors such as government and energy are targeted, but economic constraints and smaller ransoms deter some attackers. The region’s growing digital adoption is increasing exposure. For example, NightSpire ransomware compromised Chilean company EmoTrans, a logistics company serving key industries in Chile such as mining, agriculture and international trade. The group first appeared in March 2025, and attacked government institutions, manufacturers and other companies in various parts of the world. Like many other groups, NightSpire uses the double extortion strategy and has its own data leak site (DLS).

The Commonwealth of Independent States (CIS) sees a smaller share of users encountering ransomware attacks. However, hacktivist groups like Head Mare, Twelve and others active in the region often use ransomware such as LockBit 3.0 to inflict damage on target organizations. Manufacturing, government, and retail are the most targeted sectors, with varying levels of cybersecurity maturity across the region affecting security.

Europe is confronted with ransomware, but benefits from robust cybersecurity frameworks and regulations that deter some attackers. Sectors such as manufacturing, agriculture, and education are targeted, but mature incident response and awareness limit the scale of attacks. The region’s diversified economies and strong defenses make it less of a focal point for ransomware groups than regions with rapid, less secure digital growth.

For example, RansomHub claimed responsibility for a 2024 attack on Kawasaki’s European offices, disrupting operations across multiple countries. The breach compromised customer and operational data, affecting supply chains for Kawasaki’s motorcycle and industrial products in Europe. The regional impact was significant in countries such as Germany and the Netherlands, where Kawasaki has a strong market presence, highlighting vulnerabilities in Europe’s manufacturing sector.

Change in the share of users whose computers were attacked by crypto-ransomware, by region, 2024 compared to 2023. Data from Kaspersky Security Network (download)

Emerging threats and future outlook


Looking ahead to 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities, as demonstrated by the Akira gang’s use of a webcam to bypass endpoint detection and response systems and infiltrate internal networks. Attackers are likely to increasingly target overlooked entry points like IoT devices, smart appliances or misconfigured hardware in the workplace, capitalizing on the expanding attack surface created by interconnected systems. As organizations strengthen traditional defenses, cybercriminals will refine their tactics, focusing on stealthy reconnaissance and lateral movement within networks to deploy ransomware with greater precision, making it harder for defenders to detect and respond in time.

Ransomware groups are also likely to escalate their extortion strategies, moving beyond double extortion to more aggressive approaches such as threatening to leak sensitive data to regulators, competitors or the public. The Ransomware-as-a-Service model will continue to thrive, allowing less-skilled actors to launch sophisticated attacks by purchasing access to pre-built tools and exploit kits. Geopolitical tensions may further drive hacktivism and state-sponsored ransomware campaigns targeting critical assets, such as energy grids or healthcare systems, as part of hybrid warfare. Smaller organizations with limited cybersecurity budgets will face heightened risks as attackers exploit their weaker defenses. To adapt, businesses must adopt zero-trust security models, secure IoT ecosystems and prioritize employee training to mitigate phishing and social engineering threats.

The proliferation of large language models (LLMs) tailored for cybercrime will further amplify ransomware’s reach and impact. LLMs marketed on the dark web lower the technical barrier to creating malicious code, phishing campaigns and social engineering attacks, allowing even less-skilled actors to craft highly convincing lures or automate ransomware deployment. As more innovative concepts such as RPA (Robotic Process Automation) and LowCode, which provide an intuitive, visual, AI-assisted drag-and-drop interface for rapid software development, are quickly adopted by software developers, we can expect ransomware developers to use them to automate their attacks as well as new code development, making the ransomware threat even more prevalent.

Recommendations


To effectively counter ransomware in 2025, organizations and individuals must adopt a multi-layered defense strategy that addresses the evolving tactics of groups like FunkSec, RansomHub and others that leverage AI, Bring Your Own Vulnerable Driver (BYOVD) and double extortion.

Prioritize proactive prevention through patching and vulnerability management. Many ransomware attacks exploit unpatched systems, so organizations should implement automated patch management tools to ensure timely updates for operating systems, software and drivers. For Windows environments, enabling Microsoft’s Vulnerable Driver Blocklist is critical to thwarting BYOVD attacks. Regularly scan for vulnerabilities and prioritize high-severity flaws, especially in widely used software like Microsoft Exchange or VMware ESXi, which were increasingly targeted by ransomware in 2024.

Strengthen endpoint and network security with advanced detection and segmentation. Deploy robust endpoint detection and response solutions such as Kaspersky NEXT EDR to monitor for suspicious activity like driver loading or process termination. Network segmentation is equally important – limit lateral movement by isolating critical systems and using firewalls to restrict traffic. Implement a zero-trust architecture that requires continuous authentication for access.

Invest in backups, training and incident response planning. Maintain offline or immutable backups that are tested regularly to ensure rapid recovery without paying a ransom. Backups should cover critical data and systems and be stored in air-gapped environments to resist encryption or deletion. User education is essential to combat phishing, which remains one of the top attack vectors. Conduct simulated phishing exercises and train employees to recognize AI-crafted emails used by FunkSec and others for stealth. Kaspersky GERT can help develop and test an incident response plan to minimize potential downtime and costs.

The recommendation to not pay a ransom remains robust, especially given the risk of unavailable keys due to dismantled infrastructure, affiliate chaos or malicious intent, as seen in the 2024 disruptions. By investing in backups, incident response and preventive measures like patching and training, organizations can avoid funding criminals and mitigate the impact. Kaspersky also offers free decryptors for certain ransomware families. If you get hit by ransomware, check to see if there is a decryptor available for the ransomware family used in your case. Note that even if one isn’t available right now, it may be added later.


securelist.com/state-of-ransom…


Nessuna riga di codice! Darcula inonda il mondo con il Phishing rubando 884.000 carte di credito


Nel mondo del cybercrime organizzato, Darcula rappresenta un salto di paradigma. Non stiamo parlando di un semplice kit di phishing o di una botnet mal gestita. Darcula è una piattaforma vera e propria, un servizio venduto “as-a-Service” che ha consentito a centinaia di operatori criminali di orchestrare attacchi su scala globale, con oltre 884.000 carte di credito trafugate, secondo una recente inchiesta coordinata da Mnemonic, società norvegese specializzata in threat intelligence.

Dicembre 2023. Un SMS apparentemente banale raggiunge un dipendente di Mnemonic: una notifica fraudolenta che imita il servizio postale norvegese. Il team di analisti decide di scavare, scoprendo che il link nel messaggio punta a una pagina realistica, geolocalizzata e ottimizzata per l’apertura da mobile. Nulla di nuovo, apparentemente. Dietro quel messaggio però una rete di oltre 20.000 domini, progettata per colpire utenti in più di 100 paesi. Un’infrastruttura solida, resiliente, e soprattutto scalabile.

Il cuore della piattaforma è un toolkit chiamato Magic Cat. Creato presumibilmente da un giovane sviluppatore cinese di 24 anni, originario dell’Henan. Magic Cat permette di generare in modo automatico pagine di phishing estremamente realistiche clonando il frontend di qualsiasi servizio bancario, logistico o istituzionale. Automaticamente le pagine vengono localizzate e adattate ai layout locali di oltre 130 paesi.

Chi usa Darcula non ha bisogno di scrivere codice: seleziona un brand, genera una campagna, lancia un dominio. Il phishing si fa “plug-and-play”.

L’analisi tecnica di Mnemonic ha messo in evidenza alcune contromisure avanzate usate da Darcula per sfuggire al rilevamento:

  • Accesso condizionato: i link malevoli rispondono solo se richiesti da dispositivi mobili su rete cellulare, rendendo inefficaci molti sandbox e crawler.
  • Crittografia lato client: i dati vengono cifrati direttamente nel browser della vittima, prima della trasmissione al server di comando, ostacolando le attività di intercept.
  • Branding dinamico: l’HTML delle pagine si aggiorna automaticamente per seguire modifiche reali nei siti clonati, evitando il rischio di layout “vecchi” che destano sospetti.

Questi elementi dimostrano una progettazione professionale, più vicina a quella di un SaaS legittimo che a un kit venduto nel dark web.

Un PhaaS con dashboard, licenze e supporto


Darcula è una piattaforma commerciale in tutto e per tutto. I suoi operatori acquistano licenze d’uso, ricevono aggiornamenti continui, accedono a dashboard centralizzate per tracciare le performance delle campagne e scaricare i dati esfiltrati. In alcuni casi, esiste persino un sistema di assistenza tecnica via Telegram.

Secondo Mnemonic, sarebbero oltre 600 gli attori criminali attualmente attivi sulla piattaforma. Alcuni si concentrano su singoli paesi; altri gestiscono centinaia di campagne su larga scala. Le vittime si contano a milioni, e includono cittadini italiani, tedeschi, australiani, francesi e americani.

Tra le vittime ci sono utenti di servizi postali, bancari e governativi, inclusi:

  • Poste Italiane
  • Nexi
  • Royal Mail
  • La Poste
  • Australia Post

L’Italia figura tra i paesi colpiti con campagne localizzate in lingua italiana.

Darcula si distingue da altre piattaforme PhaaS per alcune caratteristiche tecniche chiave:

  • Generazione automatica di kit di phishing: grazie all’uso di strumenti headless browser e scraping, gli operatori possono generare pagine clone di qualsiasi sito legittimo, incluso il marchio, il layout e i testi aggiornati.
  • Infrastruttura dinamica: i kit sono ospitati su oltre 20.000 domini attivi in rotazione, molti dei quali sfruttano CDN e redirect multipli per evitare blacklist e scansioni automatizzate.
  • Supporto per comunicazioni “trusted”: l’uso di iMessage (Apple) e RCS (Android) consente di aggirare i filtri anti-spam tradizionali, facendo apparire i messaggi più legittimi e affidabili.

La suite Darcula non si ferma solo alla generazione delle campagne di phishing ma offre anche un modulo per il riutilizzo della carte di credito rubate alle vittime. Nella suite Darcula esiste la sezione “[em]Platform card generation[/em]” che genera un’immagine valida della carta di credito rubata pronta per essere utilizzata nei digital wallet.

Darcula dimostra quanto sia urgente un approccio strategico alla difesa contro il phishing moderno:

  • Intelligence basata su dominio e URL non è più sufficiente: serve analisi comportamentale e rilevamento su endpoint e mobile.
  • Simulazioni phishing devono essere realistiche, geolocalizzate, simulate da smartphone reali, non solo da desktop.
  • Threat sharing e cooperazione tra CERT, ISP e vendor devono evolvere per intercettare infrastrutture PhaaS nel momento della creazione, non solo a danno avvenuto.

Darcula non è un exploit. Non è un singolo attacco. È un framework commerciale per campagne criminali globali. È la dimostrazione di come il phishing sia passato dalla truffa artigianale all’industria del crimine digitale in franchising.

E mentre il malware viene sempre più spesso contrastato da EDR e XDR, la vera vulnerabilità rimane l’utente. Per questo, awareness e threat hunting devono camminare insieme. Sempre.

Fonti esterne utilizzate



L'articolo Nessuna riga di codice! Darcula inonda il mondo con il Phishing rubando 884.000 carte di credito proviene da il blog della sicurezza informatica.


Tracking the Sun? Nah!


If you want solar power, you usually have to make a choice. You can put a solar panel in a fixed location and accept that it will only put out the maximum when the sun is properly positioned. Or, you can make the panels move to track the sun.

While this isn’t difficult, it does add cost and complexity, plus mechanical systems usually need more maintenance. According to [Xavier Derdenback], now that solar panels are cheaper than ever, it is a waste of money to make a tracking array. Instead, you can build a system that looks to the east and the west. The math says it is more cost effective.

The idea is simple. If you have panels facing each direction, then one side will do better than the other side in the morning. The post points out that a tracking setup, of course, will produce more power. That’s not the argument. However, for a given power output, the east-west solution has lower installation costs and uses less land.

Letting the post speak for itself:

East-West arrays are simple. They consist of parallel strings of PV modules that are oriented in opposing directions, one facing East and the other West. The current of the whole array is the summation of these string currents, effectively letting East-West arrays capture sunlight from dawn till dusk, similar to a tracked array.


So what do you think? Are solar trackers old hat? If you want one, they don’t have to be very complex. But still easier to just double your panels.


hackaday.com/2025/05/07/tracki…


Microsoft WDS nel mirino: un bug consente di bloccare Windows con attacchi 0click


Un bug recentemente individuato nei Windows Deployment Services (WDS) di Microsoft consente a un attaccante di mandare in blocco i server da remoto, senza bisogno di autenticazione né interazione da parte dell’utente. La falla risiede nel servizio TFTP, che utilizza il protocollo UDP, ed è talmente semplice da sfruttare che anche un cybercriminale poco esperto potrebbe compromettere in pochi minuti l’intera infrastruttura di distribuzione dei sistemi operativi aziendali.

Windows Deployment Services è ampiamente utilizzato nelle reti aziendali, nei data center e negli istituti scolastici per semplificare le distribuzioni dei sistemi operativi, il che rende questa vulnerabilità particolarmente preoccupante per gli amministratori IT.

L’attacco si basa sull’invio di traffico di rete falsificato e non autenticato, rendendolo particolarmente insidioso e difficile da intercettare con le tradizionali soluzioni di sicurezza. La falla, che non richiede alcuna autenticazione o interazione da parte dell’utente (0 clic), consente agli aggressori di esaurire da remoto la memoria di sistema sfruttando una debolezza di progettazione nel modo in cui WDS gestisce le sessioni TFTP basate su UDP sulla porta 69.

“Il problema principale è che EndpointSessionMapEntry non impone alcun limite al numero di sessioni. Di conseguenza, un aggressore può falsificare indirizzi IP e numeri di porta dei client, creando ripetutamente nuove sessioni fino all’esaurimento delle risorse di sistema”, spiega il ricercatore di sicurezza Zhiniang Peng nella sua analisi. La vulnerabilità deriva dal servizio WDS TFTP, che crea un oggetto CTftpSession ogni volta che viene ricevuta una richiesta di connessione.

La funzione wdstftp!CClientContext::OnConnectionRequest gestisce questo processo, come mostrato in questo frammento di codice:

Poiché i server UDP non sono in grado di verificare le origini dei pacchetti, gli aggressori possono falsificare i pacchetti con indirizzi e porte di origine casuali, costringendo il server ad allocare oggetti di sessione eccessivi nella memoria senza limitazioni.

In un ambiente di test che eseguiva Windows Server Insider Preview con 8 GB di RAM, Peng ha dimostrato che inviando continuamente pacchetti UDP falsificati alla porta 69, il consumo di memoria aumentava rapidamente fino a 15 GB in soli 7 minuti, causando l’arresto anomalo dell’intero sistema.

La tecnica di attacco è sorprendentemente semplice da implementare: richiede solo uno scripting di base su una macchina Linux per generare i pacchetti falsificati.

Questa vulnerabilità rappresenta una minaccia significativa per le organizzazioni che si affidano a WDS per la distribuzione di sistemi operativi basati sulla rete, poiché consente agli aggressori di interrompere completamente i servizi di avvio PXE in un’azienda senza richiedere alcuna autenticazione o accesso privilegiato.

L'articolo Microsoft WDS nel mirino: un bug consente di bloccare Windows con attacchi 0click proviene da il blog della sicurezza informatica.


Adorable Robot Steals the Show


An ongoing refrain with modern movies is “Why is all of this CG?”– sometimes, it seems like practical effects are simultaneously a dying art, while at the same time modern technology lets them rise to new hights. [Davis Dewitt] proves that second statement with his RC movie star “robot” for an upcoming feature film.

The video takes us through the design process, including what it’s like to work with studio concept artists. As for the robot, it’s controlled by an Arduino Nano, lots of servos, and a COTS airplane R/C controller, all powered by li-po batteries. This is inside an artfully weathered and painted 3D printed body. Apparently weathering is important to make the character look like a well-loved ‘good guy’. (Shiny is evil, who knew?) Hats off to [Davis] for replicating that weathering for an identical ‘stunt double’.

Check out the video below for all the deets, or you can watch to see if “The Lightening Code” is coming to a theater near you. If you’re into films, this isn’t the first hack [Davis] has made for the silver screen. If you prefer “real” hacks to props, his Soviet-Era Nixie clock would look great on any desk. Thanks to [Davis] for letting us know about this project via the tips line.

youtube.com/embed/HUEqvCXZ5oE?…


hackaday.com/2025/05/06/adorab…