[danjovic] came up with a nifty entry for our 2025 One-Hertz Challenge that lands somewhere between the categories of Ridiculous and Clockwork. It’s a clock that few hackers, if any, could read on sight—just the way we like them around here!

The clock is called Hexa U.T.C, which might give you an idea why this one is a little tricky to parse. It displays the current Unix time in hexadecimal format. If you’re unfamiliar, Unix time is represented as the number of non-leap seconds that have ticked by since 1 January 1970 at 00:00:00 UTC. Even if you can turn the long hex number into decimal in your head, you’re still going to have to then convert the seconds into years, days, hours, minutes, and seconds before you can figure out the actual time.

The build relies on an ESP32-S2 module, paired with a 7-segment display module driven by the TM1638 I/O expander. The ESP32 syncs itself up with an NTP time server, and then spits out the relevant signals to display the current Unix time in hex on the 7-segment displays.

It’s a fun build that your programmer friends might actually figure out at a glance. As a bonus it makes an easy kicking-off point for explaining the Year 2038 problem. We’ve featured other similar Unix clocks before, too. Video after the break.

youtube.com/embed/git1te5nhhI?…

hackaday.com/2025/07/21/2025-o…

[Scott Baker] wrote in to let us know about his freezer monitor.

After a regrettable incident where the ice cream melted because the freezer failed [Scott] decided that what was called for was a monitoring and alerting system. We enjoyed reading about this hack, and we’ll give you the details in just a tick, but before we do, we wanted to mention [Scott]’s justifications for why he decided to roll his own solution for this, rather than just using the bundled proprietary service from the white goods manufacturer.

We’re always looking for good excuses for rolling our own systems, and [Scott]’s list is comprehensive: no closed-source, no-api cloud service required, can log with high fidelity, unlimited data retention, correlation with other data possible, control over alerting criteria, choice of alerting channels. Sounds fair enough to us!

The single-board computer of choice is the Raspberry Pi Zero 2 W. As [Scott] says, it’s nice to be able to SSH into your temperature monitoring system. The sensor itself is the DS18B20. [Scott] 3D printed a simple case to hold the electronics. The other materials required are a 4.7k resistor and a power cable. The instructions for enabling the 1-wire protocol in Raspbian are documented in INSTALL.md.

When it comes time for programming, [Scott’s] weapon of choice is GoLang. He uses Go to process the file system exported by the 1-wire drivers under /sys/bus/w1/devices. He sets the Pi Zero up as an HTTP endpoint for Prometheus to scrape. He uses a library from Sergey Yarmonov to daemonize his monitoring service.

Then he configures his ancient version of Prometheus with the requisite YAML. The Prometheus configuration includes specifications of the conditions that should result in alerts being sent. Once that’s done, [Scott] configures a dashboard in Grafana. He is able to show two charts using the same timescale to correlate garage energy usage with freezer temperatures. Mission accomplished!

Now that you know how to make a freezer monitor, maybe it’s time to make yourself a freezer.

hackaday.com/2025/07/21/freeze…

By and large, the human body is designed to breathe from birth, and keep breathing continuously until death. Indeed, if breathing stops, lifespan trends relatively rapidly towards zero. There’s a whole chunk of the brain and nervous system dedicated towards ensuring oxygen keeps flowing in and carbon dioxide keeps flowing out.

Unfortunately, the best laid plans of our body often go awry. Obstructive sleep apnea is a condition in which a person’s airways become blocked by the movement of soft tissues in the throat, preventing the individual from breathing. It’s a mechanical problem that also has a mechanical solution—the CPAP machine.

Under Pressure

Obstructive sleep apnea occurs when the airway is blocked when muscle tone relaxes during sleep. Credit: public domain
The underlying mechanism of obstructive sleep apnea (OSA) is quite straightforward. During sleep, as the throat, neck, and skeletal muscles all relax, the tongue and/or soft palette can come to block the airway. When this happens, fresh air cannot pass to the lungs, nor can the individual exhale. Breathing is effectively halted, sometimes for minutes at a time. As the individual’s oxygen saturation drops and carbon dioxide levels build up, the brain and nervous system typically trigger an arousal in which the person enters a lighter stage of sleep or wakes up to some degree. The arousal may simply involve a change of position to restore normal breathing, or the individual may wake more fully while gasping for air. Having cleared the airway and resumed normal respiration, the individual generally returns to deeper sleep. As they do, and the muscles relax again, a further obstructive apnea may occur with similar results.

For those suffering from sleep apnea, these arousals can occur many hundreds of times a night. Each disrupts the normal cycles of sleep, generally leading to symptoms of serious sleep deprivation. These arousals often occur without the individual having any awareness they occurred. Sleep apnea can thus easily go undiagnosed, as individuals do not know the cause of their fatigue. In many cases, reports of heavy snoring from sleeping partners are what leads to a sleep apnea diagnosis, as breathing typically becomes louder as the airway slowly closes due to the muscles relaxing during sleep.

Ultimately, the solution to sleep apnea is to stop the airway becoming blocked in the first place, allowing normal breathing to continue all the way through sleep. The problem is that it’s difficult to access the tissues deep in the airway. One might imagine placing some kind of mechanical device into the throat to keep the airway open, but this would be highly invasive. It would also likely pose a choking risk if disrupted during sleep.
The ResMed AirSense 10 Elite, a modern CPAP machine. Note the humidifier attached on the side. This helps reduce instances of dry mouth or similar issues during use. Credit: VSchagow, CC BY-SA 4.0
Enter the CPAP machine—short for “continuous positive airway pressure.” Invented by Australian doctor Colin Sullivan in 1980, the idea behind it is simple—pressurize the individual’s airway in order to hold it open and prevent the tongue and soft tissues from causing a blockage. Air pressures used are relatively low. Machines typically deliver in the range of 4 to 20 cm H₂O, which has been found sufficient to keep an airway open during sleep. The CPAP machine doesn’t breathe for the user—it just provides air to the airway at greater than atmospheric pressure.
A Lowenstein Prisma SMART CPAP machine, with hose and mask attached. Credit: Mnalis, CC0
Key to the use of CPAP is how to get the pressurized air inside the airway. Early machines pressurized a large helmet, with an air seal around the neck. Today, modern CPAP machines deliver carefully-controlled pressurized air via a mask. Nasal masks are the least-invasive option, which pressurize the whole airway via the nostrils alone. These masks require that the mouth remain closed during sleep, else the pressurized air is free to leave the airway. Full-face masks, which are similar to those used for other medical procedures, can be used for individuals who need to breathe through their mouth while sleeping.

Overall, a CPAP machine is relatively simple to understand. It consists of a pump to provide pressurized air to the mask, and a user interface for configuring the pressure and other settings. CPAP machines often also feature humidification to stop the supplied air from drying out the user’s mouth and/or nose. This can be paired with heated tubing to warm the air, which avoids condensation from forming in the tube or mask during use. This is called “rainout” and can be unpleasant for the user. Modern machines can also carefully monitor pressure levels and airflow, logging breathing events and other data for later analysis.
A full face mask for use with a CPAP machine. Nasal-only masks are also popular. Credit: public domain
CPAP treatment is not without its issues, however. Users must grow accustomed to wearing a mask while sleeping, as well as adjust to the feeling of breathing in and exhaling out against the continuous incoming pressure from the machine. It’s also important for users to get a suitable mask fit, to avoid issues like skin redness or pressure leaking from the mask. In the latter case, a CPAP machine will be ineffective at keeping an airway open if pressure is lost via leaks. These problems lead to relatively low compliance with CPAP use among those with obstructive sleep apnea. Studies suggest 8% to 15% abandon CPAP use after a single night, while 50% stop using CPAP within their first year. Regardless, the benefits of CPAP machines are well-supported by the available scientific literature. Studies have shown that use of CPAP treatment can reduce sleepiness, blood pressure, and the prevalence of motor vehicle crashes in those with obstructive sleep apnea.

Nobody likes the idea of being semi-woken tens or hundreds of times a night, but for sleep apnea sufferers, that’s precisely what can happen. The CPAP machine is the mechanical solution that provides a good night’s rest, all thanks to a little pressurized air.

Featured image: “wide variety of masks at cpap centra” by [Rachel Tayse]. (Gotta love that title!)

hackaday.com/2025/07/21/fixing…

Gli sviluppatori di CrushFTP segnalano una vulnerabilità zero-day (CVE-2025-54309) che gli hacker stanno già sfruttando. La vulnerabilità consente l’accesso amministrativo ai server vulnerabili tramite l’interfaccia web. Secondo gli sviluppatori, i primi attacchi sono stati scoperti il 18 luglio 2025, anche se è probabile che lo sfruttamento della vulnerabilità sia iniziato il giorno prima.

Secondo Ben Spink, CEO di CrushFTP, poco prima era stata aggiunta una patch al prodotto che aveva bloccato accidentalmente anche questa vulnerabilità 0-day. Sebbene la patch fosse originariamente mirata a un problema diverso e avesse disabilitato di default la funzionalità AS2 su HTTP(S), raramente utilizzata, l’azienda ritiene che gli hacker abbiano eseguito il reverse engineering del codice di CrushFTP, scoperto il nuovo bug e iniziato a sfruttarlo sui dispositivi su cui la “patch accidentale” non era ancora stata installata.

“Riteniamo che questo bug fosse presente nelle build fino al 1° luglio 2025 circa. Il problema è stato risolto nelle versioni attuali di CrushFTP”, ha dichiarato l’azienda. “Il vettore di attacco utilizzava HTTP(S). Stavamo risolvendo un altro problema relativo ad AS2 su HTTP(S) e non ci siamo resi conto che il bug potesse essere utilizzato in modo diverso. Sembra che gli hacker abbiano notato questa modifica nel codice e abbiano trovato un modo per sfruttare la vulnerabilità precedente.”

L’attacco sarebbe stato effettuato tramite l’interfaccia web del programma nelle versioni fino a CrushFTP 10.8.5 e CrushFTP 11.3.4_23. Non è chiaro quando siano state rilasciate esattamente queste versioni, ma gli sviluppatori scrivono che l’attacco si è verificato intorno al 1° luglio. Gli amministratori che ritengono che i loro sistemi siano stati compromessi sono ora invitati a ripristinare la configurazione utente predefinita da un backup creato prima del 16 luglio. I segnali di compromissione includono:

• modifiche sospette in MainUsers/default/user.XML, in particolare modifiche recenti e presenza del campo last_logins;
• nuovi nomi utente di livello amministratore che sembrano caratteri casuali (ad esempio 7a0d26089ac528941bf8cb998d97f408m).

Gli sviluppatori sottolineano che le modifiche che più spesso osservano riguardano l’utente predefinito e questo è il principale indicatore di compromissione. “In generale, abbiamo osservato che l’utente predefinito veniva modificato più spesso. E lo modificavano in modo tale che la configurazione diventasse formalmente non valida, ma allo stesso tempo continuasse a funzionare per l’aggressore e per nessun altro”.

Al momento non è noto se gli attacchi a CrushFTP siano stati utilizzati per rubare dati o distribuire malware. Tuttavia, le soluzioni di trasferimento file sicuro sono da tempo un obiettivo prioritario per gli aggressori e risultano particolarmente appetibili per gli operatori di ransomware. Ad esempio, il ransomware Clop è noto per la sua frequente diffusione attraverso vulnerabilità presenti in altri popolari prodotti aziendali, tra cui MOVEit Transfer , GoAnywhere MFT e Accellion FTA .

L'articolo CrushFTP vulnerabilità zero-day sfruttata attivamente e aziende a rischio proviene da il blog della sicurezza informatica.

“Il tetto di sei mesi per i licenziamenti è incostituzionale”. La Consulta dá ragione alla Cgil. Per la Corte “il criterio fisso non garantisce adeguatezza e congruità del risarcimento”. La sua cancellazione faceva parte dei quesiti al referendum

Nonostante il menefreghismo dei lavoratori Italiani il sindacato è riuscito lo stesso a far sparire una norma ingiusta.

Peccato che ne beneficieranno anche quelli a cui non importa nulla dei loro diritti. Gente che magari si convincerà anche che in fondo hanno fatto bene a starsene a casa tanto poi il risultato lo raggiunge qualcuno altro per loro.

cgiltoscana.it/2025/07/21/il-t…

When you first get your hands on an old piece of equipment, regardless of whether it’s an old PC or some lab equipment, there is often the temptation to stick a power lead into it and see what the happy electrons make it do. Although often this will work out fine, there are many reasons why this is a terrible idea. As many people have found out by now, you can be met by the wonderful smell of a Rifa capacitor blowing smoke in the power supply, or by fascinatingly dangly damaged power wires, as the [Retro Hack Shack] on YouTube found recently in an old Gateway PC.

Fortunately, this video is a public service announcement and a demonstration of why you should always follow the sage advice of “Don’t turn it on, take it apart”. Inside this Gateway 2000 PC from 1999 lurked a cut audio cable, which wasn’t terribly concerning. The problem was also a Molex connector that had at some point been violently ripped off, leaving exposed wiring inside the case. The connector and the rest of the wiring were still found in the HDD.

Other wires were also damaged, making it clear that the previous owner had tried and failed to remove some connectors, including the front panel I/O wiring. Thankfully, this PC was first torn apart so that the damage could be repaired, but it shows just how easily a ‘quick power-on check’ can turn into something very unpleasant and smelly.

youtube.com/embed/mHWUtvGMhH4?…

hackaday.com/2025/07/21/dont-t…

Entra ufficialmente nel calendario dei lavori del Consiglio regionale della Valle d’Aosta la proposta di legge regionale “Liberi Subito”, volta a garantire tempi e procedure certe per l’accesso al suicidio medicalmente assistito, nel rispetto dei principi indicati dalla sentenza 242/2019 della Corte costituzionale.

La discussione della proposta figura infatti nel calendario del Consiglio regionale per i lavori dal 22 al 24 luglio, come punto 12 dell’ordine del giorno e confidiamo che il Consiglio affronti il tema con serietà e responsabilità verso i propri cittadini come già fatto dalla Regione Toscana.

Il testo della proposta, depositato nel febbraio 2024 dalle consigliere regionali di opposizione Erika Guichardaz e Chiara Minelli, ha iniziato l’iter di discussione il 3 luglio dello scorso anno. L’approvazione del testo rappresenterebbe un primo passo per regolamentare, nel rispetto dei principi costituzionali e delle competenze regionali, l’accesso al suicidio medicalmente assistito per le persone che si trovano nelle condizioni definite dalla sentenza 242/2019: persone maggiorenni, capaci di autodeterminarsi, affetti da patologie irreversibili e fonte di sofferenze fisiche o psicologiche intollerabili, tenuti in vita da trattamenti di sostegno vitale.

“A quasi sei anni dalla sentenza 242 – dichiara Marco Cappato – non possiamo accettare che i cittadini debbano ancora affrontare ostacoli, attese e arbitri, pur avendo diritto ad accedere legalmente al suicidio assistito. La proposta “Liberi Subito” si muove nel solco tracciato dalla Corte costituzionale nel rispetto delle competenze regionali. Non introduce quindi un nuovo diritto, ma si limita a regolamentare le procedure sanitarie di accertamento delle condizioni di salute della persona che fa richiesta di accesso alla pratica. Auspichiamo che il Consiglio regionale della Valle d’Aosta, al di là delle appartenenze politiche, dia prova di responsabilità e rispetto per la volontà delle persone malate”.

— Approfondimento: le Regioni coinvolte dalle Proposte di legge sul Fine vita —

La sentenza 242/2019 della Corte costituzionale sul caso Cappato/Antoniani, garantisce l’accesso all’aiuto alla morte volontaria, il cosiddetto “suicidio assistito” nel nostro Paese, individuando determinate condizioni per la persona malata che ne faccia richiesta che devono essere verificate dal Servizio Sanitario Nazionale.

Il Servizio Sanitario però non garantisce tempi certi per effettuare le verifiche e rispondere alle persone malate che hanno diritto di porre fine alla propria vita. Per questo motivo, nel rispetto delle competenze regionali, l’Associazione Luca Coscioni ha promosso a livello nazionale la campagna “Liberi Subito” con raccolta firme per proposte di legge regionali che garantiscano il percorso di richiesta di suicidio medicalmente assistito e i controlli necessari in tempi certi, adeguati e definiti.

Per conoscere lo stato dell’arte delle singole iniziative CLICCA QUI

L'articolo In Valle d’Aosta comincia domani la discussione su “Liberi Subito” proviene da Associazione Luca Coscioni.