The HP 115BR is not one of the most well-known products from Hewlett-Packard. And yet, it was remarkably important nonetheless. This hardware once synced time around the world. Now, for our 2025 One-Hertz Challenge, [curiousmarc] has taken on the job of restoring it.

The HP 115BR itself was not used alone, but in concert with the HP5060A atomic clock. The latter would output a 100 KHz reference output. It was the job of the HP 115BR to divide this frequency down to provide a superbly accurate 1-second tick.

The example on [curiousmarc]’s bench showed up in poor shape. It was “very broken,” and he reported that it had also previously been hacked to some degree. However, he has been able to restore it to proper functionality, including the special modification for continuous tick adjustment, as used in the 1964 flying atomic clock experiment. He was even able to sync it to NIST’s current atomic clock signal from Fort Collins using the WWW radio signal.

We’ve seen plenty of old HP metal restored over the years; it’s always pleasant to see how well things were built back in the day. Video after the break.

youtube.com/embed/LMU0xd4oSnI?…

hackaday.com/2025/07/29/2025-o…

Do you find an odd comfort in the uncanny, regular intonations of a Numbers Station? Then check out [edent]’s numbers station project, which leverages the browser’s speech synthesis engine to deliver a ceaseless flow of (mostly) numbers, calmly-intoned in various languages.

The project is an entry for the annual JavaScript Golfing Competition, in which participants aim to create a cool program in 1024 bytes or less. It cleverly relies on the Web Speech API to deliver the speaking parts, which helps keep the code size tiny. The only thing it’s missing is an occasional shadow of static drifting across the audio.

If you’re new to numbers stations, our own [Al Williams] is here to tell you all about them. But there’s no need to tune into an actual mysterious radio signal just to experience weird numbers; just fire up [edent]’s project, put on some headphones, and relax if you can.

hackaday.com/2025/07/29/number…

Those of us who like to monitor air traffic with ADS-B aggregators such as FlightAware and ADS-B Exchange tend to see some interesting flight paths. I’m not talking about the truly ambitious pictures drawn by pilots, or even the more ribald ones, but rather flights that follow paths that seem to make little sense from either a commercial or leisure standpoint.

Most of these mystery flights have long straight stretches interrupted by occasional tight loops, and often cover great distances across rural and urban landscapes alike. A glance at the ADS-B data indicates that these flights are usually pretty close to the ground, and are often completed by helicopters. Occasionally, the registration of the aircraft will even indicate ownership by some “three-letter” federal agency.

Although mystery helicopters flying odd patterns in the sky seems like a good excuse to don a tinfoil hat and head to one’s bunker, chances are pretty good that these aircraft are engaged in a far less nefarious and far more useful endeavour: aerial transmission line patrols. These flights are key to keeping the transmission lines that form the backbone of the grid in tip-top shape, especially at a time of unprecedented growth in load and a shift in the generation profile away from fossil fuels towards renewables.

Federal Alphabet Soup

Although the grid as we know it today in North America appears to be a monolithic machine, it’s actually a far-flung collection of interconnected sub-grids, operating more or less in concert to provide uninterrupted service to 400 million people. While part of that cooperation can be explained by market forces doing what they do best, a lot of the interoperability that makes the grid work and gives it the reliability we’ve come to expect can be traced to government regulations.
The North American grid stretches from the northern part of Mexico well into Canada, and is divided into four main interconnected sub-grids. Source: FERC.
In the United States, the regulations that bulk power system (BPS) operators must follow come from the Federal Energy Regulatory Commission (FERC), a federal agency of the Executive Branch that ultimately answers to the President through the Secretary of Energy. FERC is somewhat analogous to the Federal Communications Commission in that regard, but while the FCC creates standards and enforces them directly, FERC delegates its standards-setting and enforcement authority to a separate body, the National Electric Reliability Corporation, or NERC.

For as critical to modern life as the grid is, the existence of a body dedicated solely to ensuring its reliability is a shockingly recent development. In its current form, the NERC has only existed since 2005, created in response to the 2003 blackout in the Northeast United States. Before that, NERC was the National Electric Reliability Council, which itself only came into being in 1968 in response to a prior Northeast blackout in 1965. Both versions of NERC sound a little like closing the barn doors after the horses have gotten out, but engineering something as large and complex as the grid is largely a learn-by-doing exercise, and NERC’s regulations are what BPS operators use to ensure that their systems are in line with current best practices.

On Patrol

Patrolling transmission lines is one of the main ways that BPS operators make sure they’re up to snuff with NERC rules. These patrols give an up-close and personal look at the transmission lines and the structures that support them, along with the rights-of-way (ROWs) along which they’re built, and any defects noted during these inspections can be scheduled for repair before they cascade into widespread system failures.

Transmission line patrols can take many forms, but the simplest to perform in some regions is probably a ground patrol. Ground patrols are often as simple as a single engineer driving a truck along a transmission line right-of-way, visually inspecting each tower along the way. Ground patrols such as these are limited by what can be seen with the linesman’s Mark I eyeballs or perhaps a pair of binoculars, but they’re still a valuable part of the patrolling process. The “boots-on-the-ground” approach also has the advantage of potentially coming across broken equipment that has fallen from structures, like the nuts and bolts that hold together towers, or even fragments of failed insulators. Occasionally, ground patrols will come across the carcasses of unfortunate animals that have completed a circuit,

But given the huge geographic footprint of transmission lines, some of which span hundreds of miles and often pass over remote and rugged landscapes, ground patrols can be limiting. They tend to be very time-consuming; transmission lines often cross privately owned property, and while the rights-of-way usually allow BPS operators to legally access the property, in practice, coordinating with owners to unlock gates can complicate matters. Add to that factors such as the potential need to cross streams or wetlands, potential for property damage from truck tires, and the fact that inspection is limited to what’s visible from the ground, and ground patrols can be difficult.

The obvious solution to these problems is to get above it all and inspect transmission lines from the air. Airborne inspection offers significant advantages over ground patrols, but the chief benefit is speed. Airborne inspections can inspect long stretches of a transmission line far faster than a ground patrol, and without worrying about access issues. Airborne patrols can also make inspections over rough terrain a relative snap, although such inspections often call for more experienced pilots.

It would seem that aerial power line patrols are an ideal use case for UAVs, and indeed, many of the 300 to 400 aerial inspection companies operating in the United States today offer drone-based inspection services. But even with the vastly less expensive per-hour cost of operating a drone, helicopter inspections dominate the industry today. There are a couple of reasons for this, but the most important are speed and payload capacity. A typically equipped Bell 407 helicopter, for example, carries enough primary and reserve fuel to inspect 170 miles (273 km) of transmission line with a single takeoff and landing. A UAV patrol, on the other hand, usually has to operate within line-of-sight of the operator, and has to land frequently for battery changes. This leads to frequent relocations of the base of operations, resulting in some of the same access problems as ground patrols. It’s also significantly slower than helicopter patrols, taking up to five times longer to complete an equivalent length of line as a helicopter patrol.

Helicopters also have UAVs beat when it comes to payload capacity. Even large UAVs are limited in how many instruments they can carry, whereas a helicopter has effectively no limit. This makes helicopters a multispectral imaging platform, with HD visible-light video to capture images of potential structural problems, forward-looking infrared (FLIR) scanners that look for overheating due to corrosion in a splice or an internal defect in the conductors, and LiDAR scanners that can image the entire ROW and the structures within it. But perhaps most significantly, UAVs can’t carry aloft an experienced linesman, whose training can be key to quickly locating something that needs a closer look from the sensor platforms onboard.

youtube.com/embed/KPjjhqPPdMA?…

My Corona

The breakdown voltage of air is approximately 30 kV, and while this figure varies slightly with atmospheric conditions such as temperature and humidity, it is generally well below the voltage on most transmission lines in the BPS. That makes flashover a possibility anywhere in the system, and the potential damage caused by an intense high-current discharge to both transmission system components and the surrounding environment makes it critical to detect defects that could lead to it.

Luckily, physics provides an early warning system in the form of corona discharge. Corona discharge occurs when the air surrounding a conductor becomes ionized, turning into a conductive plasma. It can happen anywhere along the transmission system, but it’s particularly likely to happen at places where the electric field is concentrated, such as sharp points. These are generally avoided when designing the system, but faults can occur that lead to their formation, such as broken strands in conductors. Sometimes these defects are visible to the naked eye, but more often, they reveal themselves with characteristic emissions in the ultraviolet part of the EM spectrum.

Corona discharge starts when a strong electric field accelerates free electrons in the air surrounding a defect. If the field is sufficiently strong, the kinetic energy of these electrons causes other air molecules to be ionized, starting an electron avalanche. These excited electrons propagate outward to a distance where the electric field is no longer strong enough to accelerate them, at which point the excited electrons return to their ground state and emit a photon of light. Since air is 78% nitrogen, the photons are mostly in the UV range, with just 5% being in the just barely visible end of the spectrum. This gives corona discharge its characteristic purplish-blue glow.

The other principal component of air, oxygen, comes into play as well. The free electrons in the corona discharge can split diatomic oxygen, leaving behind two negative oxygen ions. Each of these can then combine with a diatomic oxygen molecule to form ozone (O₃), a powerfully reactive oxidizer that can quickly corrode aluminum in conductors and steel in the support structure. The ozone can also combine with atmospheric nitrogen to form nitrogen oxides that, in the presence of water and oxygen, eventually create nitric acid. This strong acid can quickly strip the zinc coating from galvanized steel and attack passivated coatings on parts. Without these coatings, metal parts are unprotected from the elements and can quickly corrode and lose mechanical strength.

Corona discharge can be extremely costly to BPS operators. Specialized corona discharge cameras are used to detect corona faults. These cameras filter out the abundant UV-A and UV-B light in sunlight using a “solar blind” filter. This leaves only shortwave UV-C light below 280 nm in wavelength, which the ozone layer completely blocks out. Any light in this band has to come from nitrogen fluorescence, which makes it an effective way to detect corona discharge.

Corona cameras usually have a UV beam splitter to send light to a pair of detectors, one to capture the visible light coming from the scene and one that captures only the light remaining after passing through a solar-blind filter. The few photons of UV light that make it through the filter are amplified by a UV image intensifier, which uses a photocathode to release multiple electrons for each UV photon. These are accelerated in a strong electric field toward a phosphor screen, which converts them to visible light, which is picked up by a CCD camera and combined with the visible light scene. This shows the corona discharge as an overlay that allows operators to see where the discharge is originating from.
Corona cameras couple detection of “solar-blind” UV discharge with visible-light imagery to detect places where corona discharge might be happening. Here, a drone-carried corona camera shows a corona hot spot near a reinforcement in a phase conductor on a 1,000-kV transmission line. Source: Professionele Drones.

In the Weeds

One of the more stringent sets of NERC regulations is FAC-003-5, Transmission Vegetation Management. It might seem a little incongruous for an organization that sets standards for nuclear power plants and cybersecurity of critical infrastructure to worry about tree trimming, but studies show that vegetation contacts account for 16% to 23% of all outages in the US and Canada. Most of those outages occur in the distribution system, which is bad enough, but if vegetation were to contact lines in the transmission system, the failure cascade could be devastating. For an example of how bad vegetation contacts in the transmission system can be, look no further than the 2003 blackout in the northeast US, which started when overloaded 345 kV transmission lines in Ohio sagged into foliage. A software issue then compounded the problem, causing safety systems to trip and plunging customers from Ontario to the Mid-Atlantic states into darkness.

FAC-003-5 isn’t exactly light reading, going into great detail as it must to define terms and set actionable standards. The gist of the document, though, is contained in just a few tables that list the Minimum Vegetation Clearance Distances (MVCD) for both AC and DC systems. In general, the MVCDs increase with the nominal line voltage, which makes sense; the higher the voltage, the greater the potential flashover distance. More surprisingly, though, is that MVCDs increase dramatically with elevation. This has to do with the dielectric strength of air, which depends on its density. That means the thinner air at higher altitudes has a greater flashover distance, so more clearance is required.

For all the havoc vegetation contacts can wreak, the MVCDs are surprisingly narrow. For a nominal 800-kV line, the MVCD at sea level is a mere 11.6 feet (3.6 m), and only increases to 14.3 ft (4.4 m) over 14,000 ft (4268 m) elevation. These are minimum distances, of course, calculated using equations that take into account the breakdown voltage of air and the potential for flashover to vegetation. In practice, though, BPS operators keep ROWs well-groomed, aiming for to keep trees far beyond the MVCD requirements. Operators are especially watchful for trees at the edges of ROW that might be more than the MVCD away from the lines while standing, but could fall during a storm and make contact.

Assessing vegetation encroachments into the ROW is another job that can be tackled quickly by aerial patrols. The sensor platform in this case is often as simple as a spotter with a pair of binoculars or a camera, but in many cases, LiDAR sensors are used to scan the entire right of way. The LiDAR sensor is tied into the aircraft’s GPS system, resulting in a geotagged point cloud that can be analyzed after the flight. Three-dimensional visualizations of the transmission lines, their supporting structures, the ground below, and everything within and adjacent to the ROW can be viewed interactively, making it easy to spot trees with the potential to cause problems. These visualizations allow users to virtually “fly the line,” giving BPS operators a view that would be impossible to achieve even by flying a drone dangerously close to the lines.

youtube.com/embed/h0bkvF92lgA?…

hackaday.com/2025/07/29/power-…

Nei primi mesi della nuova presidenza di Donald Trump, il governo federale degli Stati Uniti ha apportato tagli drastici alla spesa per la sicurezza informatica, tagliando budget, personale e una serie di iniziative volte a proteggere le infrastrutture digitali. Queste misure hanno allarmato alcuni funzionari locali, tra cui il responsabile della sicurezza informatica dello Stato di New York, Colin Ahern, e la governatrice Kathy Hochul, che hanno pubblicamente espresso preoccupazione per l’impatto di tali misure.

Ahern, parlando a nome dell’amministrazione di New York, ha osservato che le azioni della Casa Bianca compromettono la capacità del Paese di contrastare le minacce informatiche esterne. Particolare malcontento è stato causato dal cosiddetto “Big Ugly Bill” adottato a luglio, il principale provvedimento finanziario dell’amministrazione, che ha ridotto significativamente i finanziamenti per le principali strutture informatiche.

Il budget della Cybersecurity and Infrastructure Security Agency (CISA) è stato tagliato di 135 milioni di dollari, portando i tagli totali per tutte le agenzie federali a oltre 1,2 miliardi di dollari. Allo stesso tempo, il documento prevede un finanziamento di un miliardo di dollari per operazioni informatiche offensive all’estero nei prossimi quattro anni.

I tagli sono stati accompagnati da licenziamenti di massa, con oltre cento dipendenti della CISA che hanno perso il lavoro. Alcuni di loro sono stati successivamente reintegrati per ordine del tribunale. Anche la candidatura del nuovo direttore federale per la sicurezza informatica è stata criticata : Sean Plankey, il candidato nominato dall’amministrazione Trump, non aveva alcuna esperienza nel settore. Nel frattempo, il Dipartimento dell’Istruzione degli Stati Uniti ha sospeso un programma per aiutare le scuole nella sicurezza digitale.

Gli Stati, pur avendo poteri propri in materia di sicurezza informatica, fanno molto affidamento sul sostegno federale, soprattutto per proteggere risorse come i servizi idrici, gli hub energetici e le infrastrutture di trasporto. Per contribuire a compensare il deficit causato dalle misure federali, il governatore Hochul ha scritto al Segretario per la Sicurezza Interna Kristi Noem chiedendogli di stanziare urgentemente fondi attraverso l’Homeland Security Grant Program. Questi fondi sono necessari per sostenere la sicurezza locale e regionale, anche nell’ambito digitale.

New York, tuttavia, non rallenta. Ahern ha affermato che lo Stato sta continuando a intensificare gli sforzi per costruire difese resilienti, collaborando con altre regioni e livelli di governo. Questi sforzi includono l’espansione delle infrastrutture, il rafforzamento delle relazioni interagenzia e il lancio di nuove iniziative educative e tecnologiche.

Una di queste misure è una legge recentemente firmata dal governatore Hochul, che impone a tutti i dipendenti pubblici che lavorano con i computer di seguire una formazione sull’igiene digitale. Inoltre, i governi sono tenuti a segnalare gli incidenti entro 72 ore da un attacco informatico, o entro 24 ore se i dati vengono rubati a seguito di un attacco. È inoltre previsto l’istituzione di un programma di sovvenzioni per l’ammodernamento dei sistemi idrici e fognari, al fine di garantire che siano conformi ai nuovi requisiti normativi.

Inoltre, lo Stato sta aprendo un nuovo ufficio per la sicurezza informatica a New York City, che impiegherà professionisti, compresi quelli licenziati dalle agenzie federali a seguito della ristrutturazione. Il governo intende utilizzare una campagna pubblica con lo slogan “DOGE dice: Sei licenziato. New York dice: Sei assunto” come simbolo del nuovo corso e come sostegno ai professionisti che hanno perso il lavoro a causa delle decisioni politiche di Washington.

L'articolo Gli Stati Uniti tagliano ancora la spesa sulla Sicurezza Informatica ed è bufera proviene da il blog della sicurezza informatica.

Un attacco informatico ai danni di ACEA SpA, colosso italiano attivo nella produzione e distribuzione di elettricità, gas e servizi idrici, è stato rivendicato dai criminali informatici di World Leaks. Secondo quanto riportato, l’azienda compare nella sezione “Disclosed” – segnale che i presunti autori dell’attacco avrebbero già deciso di rendere pubblici o divulgare dati interni sottratti. Stando al portale, la pubblicazione completa del materiale sarebbe prevista tra circa 1 giorno, 2 ore e 52 minuti, a partire dal momento della cattura dello screenshot.

ACEA SpA, che conta oltre 9.200 dipendenti e registra un fatturato annuo di 4,3 miliardi di dollari, non ha ancora rilasciato alcun comunicato ufficiale in merito alla violazione né ha confermato l’accaduto.

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Print Screen dal data leak site di World Leaks (29/07/2025)
La vicenda al momento risulta ancora in evoluzione e si attendono aggiornamenti dall’azienda o da eventuali autorità competenti.

Nel frattempo, cresce la preoccupazione per i possibili compromissioni di dati sensibili, visto il ruolo strategico di ACEA nel settore energetico e ambientale italiano.

Il caso attuale ricorda da vicino quanto accaduto a marzo 2023, quando la cybergang BlackBasta colpì ACEA fu già vittima di un grave attacco informatico che portò alla pubblicazione online di oltre 800 GB di dati. Quell’episodio aveva suscitato grande allarme sia per la quantità di informazioni sottratte sia per il ruolo strategico dell’azienda nei servizi pubblici.
Print screen del Data Leak Site di BlackBasta di Marzo del 2023 (Fonte Red Hot Cyber)
Al momento ACEA SpA non ha ancora diffuso un comunicato stampa ufficiale che possa confermare la reale portata dell’accaduto.

Si attende quindi una presa di posizione da parte dell’azienda per chiarire se si tratta effettivamente di un attacco informatico, o se invece la rivendicazione sia una truffa orchestrata dal gruppo di threat actors per attirare attenzione o estorcere denaro senza disporre di dati reali.

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione dell’organizzazione qualora voglia darci degli aggiornamenti su questa vicenda e saremo lieti di pubblicarla con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono accedere utilizzare la mail crittografata del whistleblower.

Chi sono i criminali informatici di World Leaks

World Leaks nasce dalle ceneri del gruppo Hunters International, un rebrand avvenuto a gennaio 2025 dopo mesi di cambiamenti tattici e strategici. Hunters, a sua volta, era comparso alla fine del 2023 come evoluzione del noto gruppo ransomware Hive, operando come ransomware-as-a-service (RaaS) e colpendo più di 300 vittime, in gran parte in Nord America. In questa prima fase, il gruppo aveva adottato la tecnica della doppia estorsione: cifrare i dati e contemporaneamente minacciare di pubblicarli per convincere le aziende a pagare il riscatto.

Con l’inizio del 2024, Hunters ha però progressivamente cambiato approccio, spostando il focus dall’attività di cifratura verso il furto e la rivendita diretta dei dati, arrivando anche a contattare in modo mirato dirigenti e dipendenti delle aziende vittime per fare pressione. A maggio 2024 il gruppo ha annunciato ufficialmente la chiusura dell’operazione Hunters International, dichiarando di rilasciare le chiavi di decrittazione gratuite per le vittime ancora colpite. Secondo alcuni esperti, questa mossa potrebbe essere stata condizionata da pressioni delle forze dell’ordine e dall’intensificarsi delle indagini internazionali sui gruppi ransomware.

Da questo passaggio è nato il progetto World Leaks, che rinuncia completamente alla parte di cifratura tipica del ransomware e punta esclusivamente sulla sottrazione di dati sensibili, pubblicandoli su un data leak site (DLS) nel dark web per estorcere denaro.

In pochi mesi, World Leaks ha già rivendicato almeno 20 vittime, con dati sottratti resi pubblici per 17 di loro. Questo modello, che evita di bloccare le attività delle aziende ma punta solo al danno reputazionale e legale derivante dalla diffusione dei dati, sembra destinato a diventare sempre più diffuso, perché meno visibile agli occhi delle forze dell’ordine e potenzialmente più redditizio.

L'articolo World Leaks rivendica un Attacco informatico ad ACEA. Aggiornamenti tra 21 ore proviene da il blog della sicurezza informatica.

Non c'è mai stata una reale cessione di sovranità all'UE da parte degli stati membri in materia di politica estera o di politica economica. In questo caso particolare, inoltre, l'unica cosa su cui gli stati membri erano d'accordo era ridurre i dazi del 30% minacciati da Trump.

Trovo abbastanza ridicolo che i governi che non hanno mai voluto un'Europa forte e che hanno dato un mandato così minimalista a Von Der Layen adesso l'accusino di essersi genuflessa a Trump.

Forse sarebbe il caso di arricchire la Netiquette, in modo da estendere la sua ala protettrice anche sopra il Fediverso.

Serve, secondo me, un capitolo "Fediquette".

Per cominciare aggiungerei alla Fediquette questa regola:

- non si possono pubblicare link ad articoli, post o contenuti che per essere fruiti richiedono il pagamento di un abbonamento o l'obbligo ad accettare cookies che non siano tecnicamente necessari al funzionamento del sito.