If you’ve spent any time on two wheels, you’ve certainly experienced the woes of poor bicycle shifting. You hit the button or twist the knob expecting a smooth transition into the next gear, only to be met with angry metallic clanking that you try to push though but ultimately can’t. Bicycle manufacturers collectively spent millions attempting to remedy this issue with the likes of gearboxes, electronic shifting, and even belt-driven bikes. But Praxis believes to have a better solution in their prototype HiT system.

Rather then moving a chain between gears, their novel solution works by folding gears into or away from a chain. These gears are made up of four separate segments that individually pivot around an axle near the cog’s center. These segments are carefully timed to ensure there is no interference with the chain making shifting look like a complex mechanical ballet.

While the shift initialization is handled electronically, the gear folding synchronization is mechanical. The combination of electronic and mechanical systems brings near-instant shifting under load at rotational rates of 100 RPM. Make sure to scroll through the product page and watch the videos showcasing the mechanism!

The HiT gearbox is a strange hybrid between a derailleur and a gearbox. It doesn’t contain a clutch based gear change system or even a CVT as seen in the famous Honda bike of old. It’s fully sealed with more robust chains and no moving chainline as in a derailleur system. The prototype is configurable between four or sixteen speeds, with the four speed consisting of two folding gear pairs connected with a chain and the sixteen speed featuring a separate pair of folding gears. The output is either concentric to the input, or above the input for certain types of mountain bikes.

Despite the high level of polish, this remains a prototype and we eagerly await what Praxis does next with the system. In the meantime, make sure to check out this chainless e-drive bicycle.

hackaday.com/2025/04/17/bicycl…

If you had to guess, what do you think it would take to build an ocean-going buoy that could not only survive on its own without human intervention for more than two years, but return useful data the whole time? You’d probably assume such a feat would require beefy hardware, riding inside an expensive and relatively large watertight vessel of some type — and for good reason, the ocean is an unforgiving environment, and has sent far more robust hardware to the briny depths.

But as Wayne Pavalko found back in 2016, a little planning can go a long way. That’s when he launched the first of what he now calls Maker Buoys: a series of solar-powered drifting buoys that combine a collection of off-the-shelf sensor boards with an Arduino microcontroller and an Iridium Short-Burst Data (SBD) modem in a relatively simple watertight box.

He guessed that first buoy might last a few weeks to a month, but when he finally lost contact with it after 771 days, he realized there was real potential for reducing the cost and complexity of ocean research.

Wayne recalled the origin of his project and updated the audience on where it’s gone from there during his 2024 Supercon talk, Adventures in Ocean Tech: The Maker Buoy Journey. Even if you’re not interested in charting ocean currents with homebrew hardware, his story is an inspirational reminder that sometimes a fresh approach can help solve problems that might at first glance seem insurmountable.

DIY All the Way

As Dan Maloney commented when he wrote-up that first buoy’s journey in 2017, the Bill of Materials for a Maker Buoy is tailored for the hobbyist. Despite being capable of journeys lasting for several thousand kilometers in the open ocean, there’s no marine-grade unobtainium parts onboard. Indeed, nearly all of the electronic components can be sourced from Adafruit, with the most expensive line item being the RockBLOCK 9603 Iridium satellite modem at $299.

Even the watertight container that holds all the electronics is relatively pedestrian. It’s the sort of plastic latching box you might put your phone or camera in on a boat trip to make sure it stays dry and floats if it falls overboard. Wayne points out that the box being clear is a huge advantage, as you can mount the solar panel internally. Later versions of the Maker Buoy even included a camera that could peer downward through the bottom of the box.

Wayne says that first buoy was arguably over-built, with each internal component housed in its own waterproof compartment. Current versions instead hold all of the hardware in place with a 3D printed internal frame. The bi-level framework puts the solar panel, GPS, and satellite modem up at the top so they’ve got a clear view of the sky, and mounts the primary PCB, battery, and desiccant container down on the bottom.

The only external addition necessary is to attach a 16 inch (40 centimeter) long piece of PVC pipe to the bottom of the box, which acts as a passive stabilizer. Holes drilled in the pipe allow it to fill with water once submerged, lowering the buoy’s center of gravity and making it harder to flip over. At the same time, should the buoy find itself inverted due to wave action, the pipe will make it top-heavy and flip it back over.

It’s simple, cheap, and incredibly effective. Wayne mentions that data returned from onboard Inertial Measurement Units (IMUs) have shown that Maker Buoys do occasionally find themselves going end-over-end during storms, but they always right themselves.

youtube.com/embed/5WSOKEplw9g?…

Like Space…But Wetter

The V1 Maker Buoy was designed to be as reliable as possible.
Early on in his presentation, Wayne makes an interesting comparison when talking about the difficulties in developing the Maker Buoy. He likens it to operating a spacecraft in that your hardware is never coming back, nobody will be able to service it, and the only connection you’ll have to the craft during its lifetime is a relatively low-bandwidth link.

But one could argue that the nature of Iridium communications makes the mission of the Maker Buoy even more challenging than your average spacecraft. As the network is really only designed for short messages — at one point Wayne mentions that even sending low-resolution images of only a few KB in size was something of an engineering challenge — remotely updating the software on the buoy isn’t an option. So even though the nearly fifty year old Voyager 1 can still receive the occasional software patch from billions of miles away, once you drop a Maker Buoy into the ocean, there’s no way to fix any bugs in the code.

Because of this, Wayne decided to take the extra step of adding a hardware watchdog timer that can monitor the buoy’s systems and reboot the hardware if necessary. It’s a bit like unplugging your router when the Internet goes out…if your Internet was coming from a satellite low-Earth orbit and your living room happened to be in the middle of the ocean.

From One to Many

After publishing information about his first successful Maker Buoy online, Wayne says it wasn’t long before folks started contacting him about potential applications for the hardware. In 2018, a Dutch non-profit expressed interest in buying 50 buoys from him to study the movement of floating plastic waste in the Pacific. The hardware was more than up to the task, but there was just one problem: up to this point, Wayne had only built a grand total of four buoys.

Opportunities like this, plus the desire to offer the Maker Buoy in kit and ready to deploy variants for commercial and educational purposes, meant Wayne had to streamline his production. When it’s just a personal project, it doesn’t really matter how long it takes to assemble or if everything goes together correctly the first time. But that approach just won’t work if you need to deliver functional units in quantities that you can’t count on your fingers.

As Wayne puts it, making something and making something that’s easily producible are really two very different things. The production becomes a project in its own right. He explains that investing the time and effort to make repetitive tasks more efficient and reliable, such as developing jigs to hold pieces together while you’re working on them, more than pays off for itself in the end. Even though he’s still building them himself in his basement, he uses an assembly line approach that allows for the consistent results expected by paying customers.

A Tale Well Told

While the technical details of how Wayne designed and built the different versions of the Maker Buoy are certainly interesting, it’s hearing the story of the project from inception to the present day that really makes watching this talk worthwhile. What started as a simple “What If” experiment has spiraled into a side-business that has helped deploy buoys all over the planet.

Admittedly, not every project has that same potential for growth. But hearing Wayne tell the Maker Buoy story is the sort of thing that makes you want to go dust off that project that’s been kicking around in the back of your head and finally give it a shot. You might be surprised by the kind of adventure taking a chance on a wild idea can lead to.

youtube.com/embed/cCYdSGGZcv0?…

hackaday.com/2025/04/17/superc…

Il Global Threat Report 2025 di CrowdStrike ha tracciato l’evoluzione e anticipato le sfide per la sicurezza informatica, ponendo attenzione sulla necessità di un ripensamento radicale delle strategie difensive tradizionali. Su questo e molto altro si confronterà un panel di esperti e aziende al CrowdTour, il 5 giugno a Milano.

Il Global Threat Report 2025 di CrowdStrike ha recentemente fotografato un panorama globale delle minacce informatiche in evoluzione. Nel 2024, la rapidità con cui gli attaccanti sono riusciti a sfruttare le vulnerabilità per insidiarsi nei sistemi è cresciuta, con un breakout timeminimo registrato di appena 51 secondi.

I cybercriminali, sempre più rapidi, sofisticati e organizzati, sfruttano le vulnerabilità degli ambienti cloud, le debolezze umane e tecnologie emergenti, prima tra tutte l’intelligenza artificiale generativa, per colpire le aziende ovunque e in ogni settore mettendo in luce l’esigenza non più trascurabile di mettere in pratica strategie di difesa più articolate.

L’intelligenza artificiale generativa: l’arma nelle mani degli attaccanti

Protagonista dell’indagine di CrowdStrike l’adozione su larga scala nel 2024 della GenAI da parte degli attaccanti informatici. L’AI ha notevolmente migliorato la qualità degli attacchi, in termini di automazione e scalabilità, generazione automatica di contenuti e di social engineering sempre più precisi. Gli strumenti di intelligenza artificiale generativa sono stati usati infatti per scrivere e-mail di phishing più credibili, creare profili falsi, realizzare contenuti manipolatori e automatizzare la creazione di malware.

Sono stati osservati in particolare gruppi nordcoreani, primo tra tutti FAMOUS CHOLLIMA, responsabile di aver utilizzato tecniche di social engineering per supportare la creazione di profili LinkedIn falsi, testi e risposte più credibili da utilizzare durante i colloqui di lavoro, utilizzando strumento di Gen AI. Con queste tecniche è stato possibile per questi criminali ingannare i recruiter, farsi assumere all’interno di grandi aziende come sviluppatori di software e tecnici IT e poi spedire i laptop aziendali in dotazione presso “Laptop farms” situate in paesi specifici per ottenere un IP pubblico di provenienza “trusted” (es. USA) e, una volta ottenuto l’accesso alle reti aziendali, installare strumenti di gestione remota (RMM) e estensioni del browser malevole per esfiltrare dati o eseguire altre attività malevole.

Le nuove frontiere dello spionaggio: la Cina e il cloud nel mirino

Il report ha posto anche l’attenzione su un aumento significativo dell’attività malevola associata alla Cina, cresciuta del 150% su scala globale e fino al 300% in settori come finanza, media, manifattura, industria e ingegneria.

Anche il cloud è diventato un bersaglio privilegiato, poiché responsabile della creazione di superfici di attacco sempre più estese, ma anche di configurazioni spesso errate e vulnerabilità non patchate.

Gli attaccanti hanno sfruttato identità compromesse e l’exploitation of trust relationship, ovvero abusi dei rapporti di fiducia, per muoversi lateralmente e mantenere l’accesso alle risorse cloud. Sono aumentate le intrusioni SaaS, in particolare su piattaforme come Microsoft 365, spesso finalizzate a esfiltrare dati ai fini di estorsione o di accesso a terze parti.

Quali strategie difensive adottare in azienda

CrowdStrike non si limita ad analizzare l’evoluzione delle minacce nel corso del 2024, ma propone una serie di riflessioni, raccomandazioni e best practices per le organizzazioni:

• Proteggere l’intero ecosistema delle identità adottando MFA resistenti al phishing, implementando politiche di accesso forti e utilizzando strumenti di rilevamento delle minacce alle identità integrati con piattaforme XDR
• Eliminare i gap di visibilità cross-domain: modernizzando le strategie di rilevamento e risposta con soluzioni XDR e SIEM di nuova generazione, svolgendo threat hunting proattivo e utilizzando intelligence sulle minacce
• Difendere il cloud come infrastruttura core: utilizzare CNAPP con capacità CDR, eseguire audit regolari per scoprire configurazioni errate e vulnerabilità non patchate
• Dare priorità al patching dei sistemi critici e utilizzare strumenti come Falcon Exposure Management per concentrarsi sulle vulnerabilità ad alto rischio
• Adottare un approccio basato sull’intelligence, integrare l’intelligence nelle operazioni di sicurezza, avviare programmi di consapevolezza degli utenti e svolgere esercitazioni di tabletop e red/blue teaming.

Appuntamento con il CrowdTour 2025 il prossimo 5 giugno a Milano

L’evento annuale di CrowdStrike farà tappa il prossimo 5 giugno presso PARCO Center Milano per un pomeriggio di full immersion nella cybersecurity.

L’azienda offrirà a professionisti, decision maker e aziende l’opportunità di confrontarsi direttamente con esperti internazionali, esplorare casi di successo e approfondire le più recenti innovazioni in ambito protezione degli endpoint, delle identità e delle infrastrutture cloud. L’evento rappresenterà anche un momento di networking per chi affronta quotidianamente le sfide della sicurezza, e di condivisione di esperienze reali, utile per lo sviluppo di strategie efficaci contro minacce tradizionali ed emergenti. Trovate tutte le informazioni sull’agenda e la possibilità di registrarsi a questo link.

L'articolo La sicurezza informatica nel 2025: un panorama di minacce in costante evoluzione e come difendersi proviene da il blog della sicurezza informatica.

Wir informieren Sie hiermit über unsere Hauptversammlung vom 5. April und die aktuelle Situation bezüglich des E-ID-Referendums:

Am 5. April haben die Mitglieder an der Hauptversammlung der Piratenpartei ihren Präsidenten Jorgo Ananiadis mit einer Dreiviertel-Mehrheit in seinem Amt bestätigt. Ferner wurden Pat Mächler, Melanie Hartmann, Michel Baetscher und Renato Sigg neu gewählt. Für einen Verbleib von Nicole Rüegger und Jonas Sulzer im Vorstand stimmten nur drei Mitglieder.

Unabhängig davon sind Frau Rüegger und Herr Sulzer weiterhin verantwortlich für das die Unterschriftensammlung gegen das E-ID-Gesetz. Sie haben den Auftrag im Oktober 2024 von der Piratenpartei mit einer entsprechenden Anschubfinanzierung erhalten.
Der Vorstand der PPS wurde seit Auftragsvergabe von der Referendumsleitung über die Pläne und Aktivitäten mangelhaft, verspätet, unvollständig oder gar nicht in Kenntnis gesetzt. Auch wurden Vermittlungsbemühungen ignoriert sowie Unterstützungsangebote für die Kampagne häufig abgelehnt. In der Folge trat Philippe Burger zu Beginn des Jahres aus dem Vorstand der Zürcher Sektion zurück, schliesslich vor einem Monat als Vize-Präsident der PPS inklusive Parteiaustritt. Im Rahmen von weiteren Vorkommnissen hat er sich entschlossen, seine Privatwohnung dem Referendumskomitee nicht länger zur Verfügung zu stellen.

Nachdem die Referendumsleitung sich an der Hauptversammlung selbst für das Präsidium der PPS zur Wahl gestellt sowie die Abwahl des aktuellen Präsidenten Jorgo Ananiadis gefordert hatte und mit diesen Anträgen scheiterte, wurde das Branding der Piratenpartei auf der Webseite des Referendums gegen die E-ID ohne Rücksprache entfernt. Wie wir aus einer Medienmitteilung erfahren haben, wurden heute 20.000 Unterschriften der Piratenpartei bei der Bundeskanzlei eingereicht, ohne dass der Vorstand davon in Kenntnis gesetzt wurde.

Für die E-ID Referendumskampagne wurden die Kommunikationskanäle, Unterschriftenbögen etc. im Namen der PPS geführt. Alle UnterzeichnerInnen und UnterstützerInnen gehen somit davon aus, dass das Referendum von der Piratenpartei geführt wird und auch die Piratenpartei Schweiz hält daran fest.
Der Verein „E-ID-Gesetz-Nein“ wurde nur zur administrativen Unterstützung des Referendums gegründet. Deshalb beinhalten alle Sammelbögen und Kampagnenelemente immer die Information „Ein Referendum der Piratenpartei“.

Wir danken allen Beteiligten für ihren Einsatz.

piratenpartei.ch/2025/04/17/ei…

Ed ecco a voi Sinistra per Israele (come già noto prezzolata da Netanyahu)

Cronaca. Ieri in un dibattito in Senato si è riunita la cosiddetta “Sinistra per Israele” con Ivan Scalfarotto (Iv), Lucio Malan e Piero Fassino, Sensi e Delrio, Alfredo Bazoli e Walter Verini, Lia Quartapelle e Marianna Madia, Enza Rando e Antonio Nicita, Simona Malpezzi e Sandra Zampa; Marco Carrai, da sempre vicino a Matteo Renzi, e console onorario di Israele e Raffaella Paita, Luciano Nobili, Silvia Fregolent di IV.
L’iniziativa voleva contrastare la mozione contro Israele di Conte del giorno prima che ha visto anche la partecipazione della Shlein.
Fassino, oltre a ricordare ai presenti con orgoglio che viene definito “il sionista di sinistra”, ha ricordato anche “che va bene dire due popoli due Stati, ma che la soluzione ad ora non è praticabile”, dicendo inoltre che molte delle strutture operative di Hamas sono costruite vicino a luoghi come gli ospedali, e dunque risultano “fatali” le vittime civili. Fatali, ha usato questo termine per giustificare le conseguenze genocidiarie delle bombe israeliane. Per la cronaca - leggo da un articolo di oggi sul FQ- “una donna dal pubblico è pure intervenuta per rivendicare il fatto che l’esercito israeliano “avverte sempre dei suoi obiettivi”. Fassino l’ha rassicurata sulle sue posizioni, la sala ha applaudito”.
Cosa dire? Niente di più, se non che nella sala non aleggiava profumo di Chanel, ma di carne umana bruciata.

(Cosimo Minervini)

We’re suckers here for projects that let you see the unseeable, and [Ayden Wardell Aerospace] provides that on a budget with their $30 Schlieren Imaging Setup. The unseeable in question is differences in air density– or, more precisely, differences in the refractive index of the fluid the imaging set up makes use of, in this case air. Think of how you can see waves of “heat” on a warm day– that’s lower-density hot air refracting light as it rises. Schlieren photography weaponizes this, allowing to analyze fluid flows– for example, the mach cones in a DIY rocket nozzle, which is what got [Ayden Wardell Aerospace] interested in the technique.

Examining exhaust makes this a useful tool for [Aerospace].This is a ‘classic’ mirror-and-lamp Schlieren set up. You put the system you wish to film near the focal plane of a spherical mirror, and camera and light source out at twice the focal distance. Rays deflected by changes in refractive index miss the camera– usually one places a razor blade precisely to block them, but [Ayden] found that when using a smart phone that was unnecessary, which shocked this author.

While it is possible that [Ayden Wardell Aerospace] has technically constructed a shadowgraph, they claim that carefully positioning the smartphone allows the sharp edge of the case to replace the razor blade. A shadowgraph, which shows the second derivative of density, is a perfectly valid technique for flow visualization, and is superior to Schlieren photography in some circumstances– when looking at shock waves, for example.

Regardless, the great thing about this project is that [Ayden Wardell Aerospace] provides us with STLs for the mirror and smartphone mounting, as well as providing a BOM and a clear instructional video. Rather than arguing in the comments if this is “truly” Schlieren imaging, grab a mirror, extrude some filament, and test it for yourself!

There are many ways to do Schlieren images. We’ve highighted background-oriented techniques, and seen how to do it with a moiré pattern, or even a selfie stick. Still, this is the first time 3D printing has gotten involved and the build video below is quick and worth watching for those sweet, sweet Schlieren images.

youtube.com/embed/piGYryly5Bw?…

hackaday.com/2025/04/17/budget…