Homebrew HVAC systems are one of those projects that take such a big investment of time, effort and money that youve got to be a really dedicated (ideally home-owning) hacker with a wide variety of multidisciplinary skills to pull off an implementation that can work in reality. One such HVAC hacker is [Vadim Tkachenko] with his multi-zone Home Climate Control (HCC) project that we covered first back in 2007. We now have rare opportunity to look at the improvements fifteen years of part-time development can produce, when a project is used all day, all year round in their own home. At the start, things were simple, just opening and closing ventilators with none of those modern MQTT-driven cloud computing stuff.

The current implementation, called DZ (GitHub project link) has been rewritten using modern reactive programming techniques (which apparently is a good thing for an HVAC control system) with the HCC-core application running on anything UNIX, but fits nicely on the Raspberry Pi. Measurement data (temperature, humidity, etc.) can be taken from 1-wire devices as well as XBee modules, enabling wired and wireless sensing around the installation. The system can control various air management appliances, such as heaters, heat pumps and fans depending on the need for heating, cooling or ventilation. Dont forget that often neglected third leg of HVAC, the V part is critical for a healthy house. The remote control and monitoring is courtesy of an Android application (HCC-Remote) which allows users to visualise the current status and what the HCC is currently doing to keep the programmed climate in check.

Data are transported using the common MQTT protocol, allowing simple connectivity to any sensors or controllers that already exist in an installation, with HCC providing integrations for ESPHome as well as Home Assistant, so there are plenty of options for building a system around existing hardware. The project is fairly big (as youd expect for this length of time) but [Vadim] would like to stress that they see a lot of re-inventing of the wheel on this subject, and a good look at HCC may save some people a lot of pain implementing a system without such a solid grounding.

If your needs are more basic, perhaps this simple ESP8266-based smart vent will suffice? And, if the control system is less of a problem, and youre more interested in the actual physical implementation, why not check out this DIY Energy Recovery Ventilator (ERV) project?

The rest is here:
Is This The Oldest Open Source HVAC Project In Existence? - Hackaday

Originally posted here.By: Az

Jump Crypto and the Solana Foundation have announced their plans to boost the throughput and reliability of the high-performance blockchain Solana. This will be done by developing a new open-source validator client for the network that will run alongside the existing one. Its name [] Firedancer. Firedancer is now Were excited about the opportunity []

Jump Crypto and the Solana Foundation have announced their plans to boost the throughput and reliability of the high-performance blockchain Solana. This will be done by developing a new open-source validator client for the network that will run alongside the existing one.

Its name [] Firedancer .

Firedancer is now

Were excited about the opportunity to help scale the Solana network by engaging our strong-arm in research and development. https://t.co/5wtlghONPG pic.twitter.com/WPRyJN7ior

jump_crypto (@jump_) August 16, 2022

Jump Crypto, which has always been a validator and RPC node operator within the Solana ecosystem, will not only create a second validator client, separate from the one originally built by Solana Labs but also propose important upgrades to Solanas existing open-source core software. Kevin Bowers, Jump Tradings Chief Science Officer, will oversee the process of building the new validator client.

But what is Firedancer, what does it do, and what will it achieve?

Lets take a look!

What is Firedancer?

Firedancer is a new validator client that has been built by Jump Crypto to help increase the efficiency of the Solana network.

It is a fully independent consensus node implementation for the Solana blockchain. A consensus node is the core piece of technology that validators use to agree on the chains state (blocks and transactions) ensuring its integrity and validity.

What does it do?

Currently, Solanas throughput is not limited by any hardware, but instead by software inefficiencies. This is what Firedancer looks to solve, in the process enhancing both the networks decentralisation and its performance drastically.

The truth is that there is one fatal flaw with some PoS consensus methods, and that issue is having the network overthrown by the majority of the stakers. But with just over a third of the stakers/staking power running on Firedancer, no single client will have a supermajority on the network. And the benefit of having a second validator eliminates the issue of having a single point of failure.

According to the Firedancer website, the team aims to make significant progress on the development of the new client over the next 12-24 months. Whats more, the development will be open source, allowing anyone to see what is taking place.

Firedancers core code will be written in the C/C++ programming languages. These languages were chosen due to their widespread use in writing code that needs low-level access to a computers hardware. Low-level access means faster operating times, hence higher throughput and transaction speed.

How does it help?

Firedancer will:

Improve network efficiency.

Help scale the network.

Make it cheaper to run a validator node.

Make the network more decentralised.

Efficiency will be improved due to Firedancer using zero-copy networking to bypass most of the operating systems kernel network stack, coming with its own queues and other concurrency primitives.

Scalability will be down to the core developers and their understanding of the networks capabilities and limitations. Mechanical sympathy is when you use a tool or system with an understanding of how it operates best. This is where the teams behind Jump Crypto and Solana Labs aim to excel (both have significant backgrounds in low-level programming and engineering).

Running a node will be cheaper with a secondary client due to less hardware being needed per node. Less hardware naturally translates to a lower cost. However, it is worth mentioning that existing node operators will eventually have to make changes to their validators, as Firedancer will become an entirely separate node implementation at some point.

Lastly, higher decentralisation is managed by making validation more accessible. Firedancer will achieve this by lowering implementation risks that would impact large portions of the stake at once, and at the same time, by having a second self-dependent team of core engineers.

To learn more, visitfiredancer.io

Join our

Telegram / Discord / Twitter

Read more here:
What is Solana Firedancer and why is it important? - Geeks World Wide

The use of mobile devices within enterprise organizations is commonplace, so organizations must prepare for all sorts of mobile threat vectors -- including attacks via mobile applications -- to avoid a cybersecurity breach.

As the COVID-19 pandemic and the trend of working from anywhere have pushed many people to work remotely, mobile devices have become a primary channel for employees to stay in touch with their employers and enterprise networks. While this shift has offered convenience and flexibility to workers, reliance on mobile devices brings new security risks to the table. Ransomware, malware and other types of attacks can target mobile devices to great effect, and organizations must account for this to keep data secure throughout the enterprise.

It only takes one compromised mobile device for an attacker to access an organization's network. Corporate-owned and BYOD mobile devices are the ultimate target for land-and-expand attacks, where an attack on a mobile device sets the stage for another attack on a back-end system or cloud application. A typical corporate user's mobile device may have business email, a unified communications application such as Slack or Teams, and a Salesforce or other customer relationship management (CRM) client. When attackers compromise such a device, they have full access to the corporate network resources -- as if they're authorized users of the device.

Because many workers resorted to using personal and corporate-owned mobile devices to get their jobs done amid the pandemic, the mobile attack surface has grown in recent years. A 2022 report from mobile security vendor Zimperium found that a global average of 23% of mobile devices encountered malicious applications in 2021. The firm also found that 75% of phishing sites specifically targeted mobile devices that year.

Additionally, with each new application a user installs on a mobile device, the attack surface grows. Threats to applications, such as exposed APIs and misconfigured code, leave customer data open to attack. Outdated mobile apps only add to these security vulnerabilities. Organizations can look to enterprise mobility management (EMM) and other endpoint management tools for better control over applications. These tools enable IT to create and manage policies, such as automating mobile OS and app updates, for better mobile security.

Attackers may also target mobile devices for reconnaissance. Bad actors can use a mobile device's microphone and camera to spy on organizations and learn corporate secrets, such as research and development plans and financials. Compromised mobile devices can eavesdrop on sales calls or meetings about an organization's next big product.

There are many ways that hackers can compromise mobile devices through mobile apps. Prevent and mitigate the damaging consequences of attacks on mobile applications by keeping the following threat vectors in mind.

Malware is malicious software that can steal login credentials while bypassing two-factor authentication (2FA). Viruses, worms and spyware are examples of malware targeting mobile devices.

The fight against mobile malware starts with mobile antivirus software. IT must tightly control remote access to the enterprise network via mobile devices.

Malware attacks evolve with the support of state-sponsored and criminal hacking organizations. Some of these hacking groups have the technology and staff resources of a large software development shop. For example, a new and alarming trend in malware attacks against mobile banking apps is the dropper apps, which cybercriminals added to legitimate apps in the Google Play store. As hybrid work and BYOD policies blur the lines between personal and corporate devices, this is a significant threat to many organizations.

As DevOps and DevSecOps practices gain popularity, mobile app developers will increasingly have to move to mobile DevSecOps to build secure mobile apps. Many defense techniques will only grow in importance, such as code obfuscation to render app code or logic hard to understand and application shielding to guard against dynamic attacks, malicious debugging and tampering.

While IT teams can use obfuscation to protect data, hackers can also use this tactic to carry out ransomware attacks. A ransomware attack encrypts a compromised mobile device, locking the device user out. Ransomware attackers usually follow the same playbook with mobile devices as they do with PCs: Pay up if you want to regain access to your device and its data.

Ransomware was a part of nearly 25% of all data breaches in 2021 -- an almost 13% increase from the previous year -- according to findings from Verizon's "2022 Data Breach Investigations Report", and mobile devices are far from immune to such attacks.

Preventing ransomware starts with blocking corporate devices from downloading apps from any source other than their enterprise app store, the Apple App Store or Google Play. Some other critical steps to prevent mobile ransomware include the following:

Leaky mobile apps set the stage for a mobile device breach. As the name suggests, a leaky app is an app that corporate data seeps out of, like water leaking out of a cracked pipe. Poor programming practices create flawed code, which can enable the public and attackers to see application data such as corporate information and passwords.

It only takes one compromised mobile device for an attacker to access an organization's network.

Security flaws were a significant issue with the release of the Beijing 2022 Olympics app. The app was mandatory for all attendees and had flaws that could allow attackers to steal personal information and even spy on some communications. Common advice to the athletes and other attendees was to use a burner phone at the Olympics because of the mobile security threats that were present.

A similar threat emerged in January 2021, when Slack identified a bug in its Android app that logged cleartext user credentials on devices. While Slack did warn its users to change their passwords and purge the application data logs, potential access was wide open to attackers seeking corporate information. Although the bug did not lead to any headline-grabbing breaches, it shows that popular enterprise mobile apps are a potential attack vector.

To protect against flawed code and leaky mobile apps, organizations must train their mobile developers in secure coding practices and implement mobile application security testing as part of a DevOps methodology.

A software supply chain works similarly to an assembly line in a factory. It's a production cycle that pulls together partners, contractors and third-party vendors to produce software. Open source software components also travel the same supply chain.

Through the software supply chain, however, a cybersecurity vulnerability in one organization can lead to further damage for various other organizations. The SolarWinds software supply chain breach infamously showed this danger, with hackers gaining access to the networks, systems and data of thousands of the company's government and enterprise customers.

An attacker who compromises the software supply chain of a mobile app vendor can insert code in the app, which prompts an end user to download an update from a malicious site. A software supply chain compromise happens before an app hits a public or corporate app store.

Business application and service providers will no doubt ramp up their supply chain security to prevent these attacks.

Jailbroken iOS devices and rooted Android devices compromise the security posture of the entire device because they allow hackers to carry out privilege escalation attacks. When attackers gain access to a mobile OS, they can attack mobile applications indiscriminately.

EMM tools such as Jamf Private Access enable IT to set security policies that prevent jailbroken or rooted mobile devices from accessing enterprise resources.

As corporate applications migrate to the cloud, the prospect of man-in-the-middle (MitM) attacks -- where an attacker can intercept, delete or alter data sent between two devices -- becomes a reality. While there are other causes of MitM attacks, mobile applications using unencrypted HTTP can traffic sensitive information, which attackers can utilize for their nefarious purposes.

To prevent MitM attacks, organizations should start by training their development teams in secure coding standards and architecture. The same standards must also apply to vendors in their software supply chain.

To ensure the safety of mobile users and sensitive corporate resources, IT must know how attacks on mobile applications can take place and proactively defend against them. As an organization's use of BYOD and corporate devices evolves, so must its mobile security strategies. The key to creating such effective security policies is making the most of working relationships to share best practices among desktop and mobile teams, as well as the end users the organization supports.

Read the rest here:
Preventing attacks on mobile applications in the enterprise - TechTarget

President Joe Biden walks along the Colonnade of the White House on May 4, 2022, to the Oval Office. Official White House photo by Adam Schultz.

Maryland Democrats are gearing up for their big rally Thursday evening with President Joe Biden at Richard Montgomery High School in Rockville.

Their opponents are gearing up as well.

The president is the headliner, but other scheduled speakers at what promises to be a lengthy rally include Democratic National Committee Chair Jaime Harrison; Democratic gubernatorial nomineeWes Moore and his running mate, former state Del.Aruna Miller; Del. Brooke Lierman (D-Baltimore City), the partys nominee for state comptroller; U.S.Ben Cardin; U.S. HouseMajority Leader Steny Hoyer; U.S. Rep. JamieRaskin; andMaryland Democratic Party Chair Yvette Lewis.

But Republicans and conservatives also plan to have a presence, virtually and in person, for counter-programming.

Del. Dan Cox (R-Frederick), the GOP nominee for governor, plans to hold a news conference Thursday afternoon outside the Montgomery County Circuit Court, just a few blocks from the rally site. Earlier in the afternoon, the Republican National Committee is hosting a press call with Del. Neil Parrott (R-Washington), who is in a rematch with U.S. Rep. David Trone (D-Md.).

And the conservative group Help Save Maryland has put out an electronic flier inviting people to a counter-protest outside the high school, urging them to Rally Against Open Borders Joe Biden and His Sanctuary Cronies.

Rockville should be a fun place Thursday afternoon and evening but the traffic could be murder.

Wes week

Not surprisingly, the Moore campaign has kept the pedal to the metal on the fundraising front this week. We know of at least two major fundraisers that he held this week in Maryland.

On Tuesday evening, the Moore campaign had an event at the Woodmore Country Club near Mitchellville with several local and regional business leaders. The list included Everett Browning, a government contractor; John Clyburn, a business consultant and brother of South Carolina Rep. Jim Clyburn, the third-ranking Democrat in the House of Representatives; Gwen McCall, a business and leadership consultant; Emerick Peace, who runs a real estate firm; Terry Spiegner, who runs an IT company; and Freddie Winston, a construction company owner.

Del. Darryl Barnes (D-Prince Georges), the chair of the Legislative Black Caucus in Annapolis who supported Comptroller Peter Franchot, not Moore, in the Democratic gubernatorial primary was also listed as a sponsor of the event.

On Thursday evening, Moore traveled to Annapolis for a fundraiser at the Red Red Wine Bar sponsored by uber-lobbyist Gerard Evans and his multiple clients.

Other individuals and organizations that endorsed Moores Democratic primary foes are quickly falling in line. This week, the Maryland chapter of the Sierra Club, which had endorsed former U.S. Education Secretary John King in the Democratic primary, announced its support for Moore.

Wes Moore and Aruna Miller are a dynamic duo with diverse experience and lots of enthusiasm for bringing people together to solve problems. It doesnt get bigger than an existential climate crisis and threats on democracy from extremists, said Rosa Hance, chair of the Sierra Club Maryland Chapter. We are excited to endorse Wes Moore and work with him and Aruna to meet the challenges head-on.

On Friday, four locals of the Service Employees International Union, which had backed former U.S. Labor Secretary Tom Perez for governor, will endorse Moore in Baltimore. The unions represent health care, education workers, janitors, security guards and workers at BWI Marshall Airport.

Raskin eyes top committee slot

Tuesdays New York primary results were barely 12 hours and already ambitious House Democrats were jockeying to become the top Democrat on the House Committee on Oversight and Reform following the primary defeat of veteran Rep. Carolyn Maloney (D-N.Y.), who has held the committee gavel since the death of the late Maryland Congressman Elijah Cummings (D).

One of those jockeying: Maryland Rep. Jamie Raskin (D).

Raskin, according to Punchbowl News, Politico and other Capitol Hill-focused publications, is one of four Democrats eyeing the vacancy. But he has less seniority in Congress and on the committee than two of the other aspirants, Rep. Steven Lynch (D-Massachusetts) and Rep. Gerry Connolly (D-Virginia). Rep. Ro Khanna (D-California) is also seen as a possibility, but according to Politico, he is urging Raskins selection.

Raskin told Politico that he is actively exploring it and will have something to say this week.

The oversight panel is the venue for great political battles and when its run by the party opposite the White House it is often the center for partisan-tinged investigations. Even though the political environment has changed some over the past few months, the Republicans are still favored to seize control of the House in January, meaning Raskin and his colleagues are likely competing to become ranking member of the committee rather than committee chair.

Depending on how the congressional game of musical chairs turns out following the election, Raskin could also be in line to be the top Democrat on the House Committee on Administration.

Event-hopping in Howard Co.

Two Republicans running in the 9th legislative district, which Democrats have targeted for takeover, are holding back-to-back fundraisers on Sunday evening.

First, Del. Reid Novotny (R-Howard), who is hoping to oust Sen. Katie Fry Hester (D) in November, has an event scheduled at Circle D Farm in Woodbine, from 4-6 p.m. Then, from 6-8 p.m., Del. Trent Kittleman (R-Howard), who is seeking a third term representing the subdistrict District 9A, at a farm in West Friendship, a seven-mile drive away.

Kittleman and the other Republican in the two-seat district, Jianning Jenny Zeng, are running against Democrats Chao Wu and Natalie Ziegler. During the latest round of redistricting, Democrats made the district more favorable to their candidates by substituting a portion of Carroll County for a portion of Montgomery County.

Read more from the original source:
Political Notes: The Biden rally and counter-programming, Moore's new fans, Raskin's ambition, and more - Josh Kurtz