Some people really want a minimalist setup for their computing. In spite of his potentially worrisome housing situation, this was a priority for the man behind [Basically Homeless]: clean lines on the desk. Where does the PC go? You could get an all-in-one, sure, but those use laptop hardware and he wanted the good stuff. So he decided to hide the PC in the one place no one would ever think to look: inside his chair. (Youtube video, embedded below.)

This chair has very respectable specs: a Ryzen 7 9800XD, 64GB of ram and a RTX 4060 GPU, but you’d never know it. The secret is using 50 mm aluminum standoffs between the wooden base of the seat and the chair hardware to create room for low-profile everything. (The GPU is obviously lying sideways and connected with a PCIe riser cable, but even still, it needed a low-profile GPU.) This assemblage is further hidden 3D printed case that makes the fancy chair donated from [Basically Homeless]’s sponsor look basically stock, except for the cables coming out of it. It’s a very niche project, but if you happen to have the right chair, he does provide STLs on the free tier of his Patreon.

This is the first time we’ve seen a chair PC, but desk PCs are something we’ve covered more than once, so there’s obviously a demand to hide the electronics. It remains to be seen if hiding a PC in a chair will catch on, but if nothing else [Basically Homeless] will have a nice heated seat for winter. To bring this project to the next level of minimalism, we might suggest chording keyboards in the armrests, and perhaps a VR headset instead of a monitor.

youtube.com/embed/Acivh3w3QA8?…

hackaday.com/2025/05/28/invisi…

A letter by Sen. Ron Wyden about surveillance of senators’ phone lines has an important lesson for journalists, too: Be careful in selecting your phone carrier.

On May 21, Wyden wrote his Senate colleagues revealing which wireless carriers inform customers about government surveillance requests (Cape, Google Fi, and US Mobile), and which don’t (AT&T, Boost Mobile, Charter/Spectrum, Comcast/Xfinity Mobile, T-Mobile, and Verizon).

A handy chart at the bottom of the senator’s press release provides a quick summary.

Wyden’s letter was inspired in part by a Department of Justice inspector general report that revealed that the DOJ had collected phone records of Senate staff as part of leak investigations under the first Trump administration.

But that report wasn’t just about surveillance of the Senate. It also discussed how the DOJ surveilled journalists at The New York Times, The Washington Post, and CNN in 2020-21 as part of leak investigations related to news reporting about the Trump campaign’s connections with Russia and Russia’s interference in the 2016 election.

Investigators demanded telephone records from phone companies for the work and personal phones of journalists at all three outlets. In all three cases, the telephone companies turned over the records, which would have shown the numbers dialed, the date and time of calls, and their duration — information that could reveal the identities of confidential sources.

The telephone companies apparently didn’t notify the Times, Post, or CNN that their records had been sought, even though they legally could have done so. The DOJ also didn’t give the news outlets notice, taking advantage of internal guidelines that allowed them to delay notice to news media companies about legal demands for communications records from third parties in certain circumstances. (The rules for delayed notice from the DOJ remain in effect in the recently revised DOJ news media guidelines.)

According to the inspector general report, DOJ cover letters to the telephone companies asked them not to disclose the demands because the DOJ claimed it might impede the investigation. But the DOJ never sought a court order prohibiting disclosure. One prosecutor told the IG that nondisclosure orders weren’t obtained for the telephone companies “because the providers typically do not notify subscribers when their records are sought.”

That’s a problem, and it’s exactly what Wyden called out in his recent letter. Journalists can’t oppose surveillance that they don’t know about. Notification is what enables journalists (or any other customer) to fight back against overbroad, unwarranted, or illegal demands for their data. That’s exactly what the Times did when Google notified the newspaper of demands for its journalists’ email records in connection with the same leak investigation in which investigators sought phone records from Times journalists.

The Times’ contract with Google required the company to notify the news outlet of government demands. But even contractual agreements might not be enough to compel phone companies to inform their customers when they’re being spied on. Wyden’s letter reveals that “three major phone carriers — AT&T, Verizon, and T-Mobile — failed to establish systems to notify (Senate) offices about surveillance requests, as required by their Senate contracts.”

In addition, even if large news outlets could negotiate contracts with their phone carriers that require notification of surveillance requests when legally allowed, that wouldn’t help their journalists who speak to sources using personal phones that aren’t covered by their employers’ contracts. Freelance journalists are also unlikely to have the power to negotiate notification into their phone contracts.

Rather than one-off contractual agreements then, it would be better for all phone companies to follow the lead of tech companies, like Google, that have a blanket policy of notifying customers of government demands for their data, assuming they’re not gagged. These policies are now widespread in the tech world, thanks to activism by groups like the Electronic Frontier Foundation, which has long monitored tech companies’ notification policies and encouraged them to do better.

Phone companies must do better, too. It’s a shame that some of the largest wireless carriers can’t be bothered to tell their customers when they’re being surveilled. Journalists — and all of us — who care about privacy have a choice to make when selecting their wireless provider: Do they want to know when they’re being spied on, or are they OK with being left in the dark?

freedom.press/issues/phone-com…

Appliances fail, but that doesn’t mean it’s the end for them. This impressive hack from [solopilot] shows the results possible when not just fixing but also improving upon its original form. The toaster’s failed function selector switch presented an opportunity to add smart features to the function selection and refine control over its various settings.

Before upgrading the toaster, [solopilot] first had to access its components, which is no trivial task with many modern appliances. Photos document his process of diving into the toaster, exposing all the internals to enable the upgrade. Once everything was accessible, some reverse engineering was required to understand how the failed function selector controlled the half-dozen devices it was wired to.

Next came the plan for the upgrades—a long list that included precise temperature control and the ability to send an SMS showing the state of your meal. A Raspberry Pi Zero, a solid-state relay, a relay control board, and a thermocouple were added to the toaster, unlocking far more capability and control than it had originally. Some tuning is required to fully enable these new features and to dial in the precision this once run-of-the-mill toaster is now capable of.

The work wasn’t limited to the toaster itself. [solopilot] also seized the opportunity to create an Android app with speech recognition to control his now one-of-a-kind Cuisinart. It’s probably safe to say his TOA-60 is currently the smartest toaster in the world. If you check out his documentation, you’ll find all the pinouts, circuits, code, and logic explanations needed to add serious improvements to your own toaster. We’ve featured several other toaster oven projects over the years, most of which have focused on turning them into reflow ovens, so it’s exciting to see one aimed at improving upon its original design.

hackaday.com/2025/05/28/from-b…

This week Jonathan chats with Ben Meadors and Rob Campbell about the boatload of software Microsoft just released as Open Source! What’s the motivation, why is the new Edit interesting, and what’s up with Copilot? Watch to find out!

• github.com/microsoft/edit
• github.com/microsoft/WSL/issue…
• KDE4 on Windows

youtube.com/embed/JG8If0l05n4?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/05/28/floss-…

When you’re hunting for a signal with your oscilloscope, the stronger it is, the better. If it’s weak, you might struggle to tease it out from other interference, or even from the noise floor itself. You might wish that you were looking for something more obvious rather than the electromagnetic equivalent of a needle in a haystack.

Finding hidden signals below the noise floor may be a challenge, but it needn’t be an insurmountable one. James Rowley and Mark Omo came to the 2024 Hackaday Superconference to tell us how to achieve this with the magic of lock-in amplifiers.

Noise

youtube.com/embed/Y9FRTj3uZM0?…

As James explains, you can do lock-in amplification with just about any analog-to-digital converter and DSP that you might have on hand. For example, the oscilloscope you already have in your workshop. “The magic of this technique is taking a noisy signal, just rejecting all the noise, and getting just the part you want—just the signal you’re interested in,” James explains. “It is a very powerful technique for measuring how a signal flows through a system.”

“A lock-in amplifier is a great way… to lock in to those very small signals that can be swamped out by noise and interference, and actually measure signals that are well below the noise floor with a negative signal-to-noise ratio,” says James. “Essentially, what a lock-in amplifier is, is an ultra-narrow bandpass filter.”
A lock-in amplifier is effectively a very strong filter that gets rid of a lot of noise so you can actually find your signal.
In the talk, James uses a simple analogy to explain how this works. He asks the audience to imagine a speaker and a microphone. In this analogy, ideally, the microphone picks up whatever noise the speaker is putting out, but in the real world, there are lots of other noise sources from the environment that can swamp the signal from the speaker itself. However, a lock-in amplifier would be able to reject that other noise, locking in on just the sound from the speaker itself. Lock-in amplifiers apply to all sorts of applications, from picking up extremely sensitive signals from load-cells, to measuring very high or low electrical resistances, and even finding locations of heart catheters during delicate medical operations. Wherever there are tiny important signals that need to be picked up, lock-in amplifiers can probably help.
As with all DSP topics, there is some math involved. Mark explains how the input signal is modulated with a reference signal to help dig out the desired information from the noise.
Mark then walks us through the DSP magic required to actually find signals beneath the noise floor. He explains that by heavily filtering out noise outside the area of interest, it’s possible to effectively increase the signal-to-noise ratio and pick up the desired signal even if it’s quite faint. Traditional filters aren’t quite good enough to reduce the noise by the required amount of 300 times or so, so alternative solutions are needed. To do lock-in amplification, the measured signal is first shifted down to zero hertz, and averaged out over time. It sounds a little funky, but Mark explains the trigonometry and associated math to make it all work for a signal of any given bandwidth. Importantly, though, this technique also needs a reference signal to work, so the amplifier can effectively lock-in on the signal you’re actually looking for.
The practical demonstration involved a microphone trying to pick up a signal from a speaker in a noisy room filled with applause.
The talk then covers the practical—how to build a lock-in amplifier with real hardware. Commercial off-the-shelf options exist, or you could go the discrete analog route—but both are expensive and fussy. Alternatively, you can just use an analog-to-digital converter. “Like the one in your oscilloscope!” notes Mark. He explains how this is set up and how it compares to traditional approaches; basically, it’s more accessible, if not quite as high-performance. You basically end up using one channel as a reference input, while the other channel is hooked up to the signal you’re actually trying to find.

The better the ADC in your oscilloscope, the better it will perform—better bit depth, buffer depth, and sampling rates are all advantageous in this regard. You’re limited by quantization noise and the fact the oscilloscope may not have a particularly low-noise front end, and how much you can average the signal with the oscilloscope’s memory depth, but it’s a workable way to get started with a lock-in amplification setup. As a guide, something like a Rigol DS1054Z has enough memory depth to achieve a 1700x reduction in noise, which helps a great deal when hunting for a signal beneath the typical noise floor. Code to achieve this is available on Github for the curious.

The talk wraps up with a neat demonstration. A microphone and speaker are set up at a set distance of 8.5 cm, at which point the signal should show a 90-degree change in phase based on the signal being fed through the system. Mark and James show how their system is able to accurately measure the phase shift in the desired signal even in a loud room with a full crowd applauding while the demo runs.

If you regularly find yourself struggling to measure dim signals that you know are there, somewhere, you might find these techniques highly useful. This talk serves as a great primer for this very useful DSP technique.

hackaday.com/2025/05/28/superc…

In 2025 we are spoiled for choice when it comes to displays, with affordable LCDs, OLEDs, TFTs, and e-ink panels of all sizes only a few clicks away. But in decades past, such exotica were not on the menu for casual construction. Instead there were a range of LED seven segment displays which have now largely passed out of use.

Among them were HP’s bubble displays, assemblies of miniature LEDs on a PCB, topped with plastic bubble lenses. If you had a calculator in the 1970s it probably had one, but in the present, [Joshua Coleman] has incorporated one into a pleasingly retro digital clock.

Inside the 3D printed case is an ESP32 with a pair of 74HC595 shift registers to drive the display, and an 18650 battery with all associated charging and protection circuitry. It’s a surprisingly simple circuit, and the code is provided on the page. He makes an apology to non-Americans for his use of US date formats, but we think few readers will be unable to change it to reflect the only date format which really matters.

If you find a bubble display, hang on to it. They’re certainly something we’ve seen before here a few times.

hackaday.com/2025/05/28/bubble…

Un post pubblicato un’ora fa su un noto forum underground ha attirato l’attenzione degli osservatori della sicurezza informatica: un utente con lo pseudonimo “elpatron85” ha messo in vendita un presunto archivio di email appartenenti al Vicepresidente del Consiglio e Ministro delle Infrastrutture italiano, Matteo Salvini.

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.

Il post, pubblicato circa un’ora fa nella sezione dedicata alla compravendita di dati sensibili, propone il pacchetto denominato “Salvini emails”, descritto come contenente “migliaia di email dal fascista Vicepremier italiano Matteo Salvini e dal partito Noi con Salvini”. Il presunto archivio, secondo quanto riportato dall’autore, avrebbe una dimensione complessiva di 5 GB e viene venduto al prezzo di 250 dollari.

L’utente fornisce anche un contatto Telegram invitando eventuali acquirenti a scrivergli per finalizzare la transazione. Il profilo di “elpatron85” risulta essere stato creato a maggio 2025, con 19 thread e 34 post all’attivo, e fa parte del gruppo “DarkForums Members”.

La legittimità del contenuto non è attualmente verificabile, ma il caso potrebbe rappresentare una potenziale violazione della sicurezza informatica e della privacy del vicepresidente, qualora si rivelasse autentico. Non è chiaro se le autorità italiane siano già a conoscenza della pubblicazione, né se siano state avviate indagini.

Contesto e rischi

La vendita di email rubate o compromesse su forum del dark webnon è un fenomeno nuovo. Tuttavia, quando ad essere coinvolti sono esponenti di primo piano della politica di uno Stato membro dell’Unione Europea, come nel caso di Matteo Salvini, le implicazioni si fanno rapidamente geopolitiche.

Tali informazioni, infatti, potrebbero contenere dati sensibili, strategie politiche, o addirittura elementi utilizzabili per ricatti o campagne di disinformazione.

Va inoltre considerato che non è possibile stabilire con certezza, al momento, se ci troviamo di fronte a un tentativo di truffa (SCAM), oppure se si tratti di una mossa orchestrata per fare propaganda contro Salvini, sfruttando la leva della cybersicurezza per alimentare tensioni o screditare l’avversario politico.

Questo episodio sottolinea ancora una volta l’importanza della sicurezza informatica nei confronti delle istituzioni pubbliche e dei rappresentanti politici. Sarà ora fondamentale capire se i dati in questione siano autentici, come siano stati ottenuti e quali siano le possibili ripercussioni, sia a livello nazionale che internazionale.

L'articolo Matteo Salvini è stato hackerato? Un criminale mette in vendita le sue email per 250 dollari proviene da il blog della sicurezza informatica.

Secondo Francisco Jeronimo, vicepresidente dei dispositivi EMEA presso IDC, intervenendo a una conferenza TED, acquistare gadget ricondizionati può rappresentare un passo importante verso un consumo più sostenibile e una riduzione dei danni causati dai rifiuti elettronici.

Secondo lui , nel 2022 sono state prodotte in tutto il mondo 62 milioni di tonnellate di rifiuti elettronici. In media, ogni persona ha scartato 11,2 chilogrammi di dispositivi elettronici. Tuttavia, la responsabilità della portata del problema non può essere attribuita esclusivamente ai produttori e ai governi. Come ha osservato l’analista, ogni utente ha il suo “super modo” per influenzare la situazione, ovvero prolungando la durata di vita delle apparecchiature e scegliendo dispositivi ricondizionati invece di quelli nuovi.

“Diamo sempre più la colpa alle aziende e ai marchi”, afferma Jeronimo, “ma in realtà abbiamo il potere di cambiare le regole del gioco. Ogni volta che rinunciamo a un nuovo acquisto a favore di apparecchiature ricondizionate, votiamo per un modello economico più sostenibile“.

Jeronimo ha ricordato che la cosiddetta economia circolare richiede di ripensare non solo la produzione, ma anche i consumi. Ad esempio, secondo i calcoli dell’Ufficio europeo dell’ambiente, se i cittadini dell’UE prolungassero di almeno un anno la durata di vita di lavatrici, computer portatili, aspirapolvere e smartphone, le emissioni di anidride carbonica si ridurrebbero di 4 milioni di tonnellate all’anno.

Ha anche paragonato il mercato dell’elettronica ricondizionata al fiorente mercato dell’abbigliamento di seconda mano, la cui popolarità sta crescendo grazie a piattaforme come Vinted ed eBay. Ma con la tecnologia, tutto è ancora diverso, nonostante ci siano 62 milioni di motivi per cambiarlo.

“Al primo segno di un problema corriamo ancora al negozio per comprare un nuovo telefono“, ha osservato Geronimo. “Sebbene abbiamo già delle opzioni: riparare il dispositivo o acquistare un gadget ricondizionato certificato e garantito.”

Gli esperti affermano che se ogni prodotto durasse un anno in più, sarebbe come togliere dalle strade 2 milioni di auto ogni anno. Tuttavia, non tutti i produttori sono pronti a rendere le riparazioni semplici e convenienti. Secondo uno studio dell’organizzazione statunitense PIRG, nel 2024-2025 gli otto maggiori marchi di laptop mostreranno scarsi miglioramenti in termini di riparabilità. Apple e Dell hanno fatto qualche progresso in questa direzione, ma nel complesso la situazione resta difficile.

Tuttavia, il mercato dei dispositivi ricondizionati continua a crescere. Nel 2023, le spedizioni globali di smartphone ricondizionati sono aumentate del 9,5%, raggiungendo i 309 milioni di unità. A titolo di paragone, nello stesso periodo le vendite di nuovi dispositivi sono diminuite del 3,2%.

Nel marzo 2024, uno studio delle Nazioni Unite ha rilevato che i volumi di rifiuti elettronici stavano crescendo quasi cinque volte più velocemente del riciclaggio. Dei 62 milioni di tonnellate di rifiuti generati nel 2022, solo 13,8 milioni di tonnellate sono state ufficialmente raccolte e riciclate. Nel frattempo, oltre al danno ambientale, i rifiuti elettronici causano anche ingenti perdite economiche: fino a 78 miliardi di dollari in costi esterni, più 10 miliardi di dollari in costi di smaltimento. Ma i potenziali benefici di un corretto riciclaggio potrebbero raggiungere i 51 miliardi di dollari, includendo il recupero di materiali come oro, rame e ferro, nonché la riduzione delle emissioni di gas serra.

Il significato è semplice: più a lungo funziona il dispositivo, meno danni provoca. E scegliere il ricondizionato non è solo un consumo intelligente, ma ha anche un impatto reale sul settore.

L'articolo 62 milioni di tonnellate di rifiuti elettronici: la soluzione è nel tuo prossimo acquisto proviene da il blog della sicurezza informatica.

Near my childhood home was a small river. It wasn’t much more than a creek at the best of times, and in dry summers it would sometimes almost dry up completely. But snowmelt revived it each Spring, and the remains of tropical storms in late Summer and early Fall often transformed it into a raging torrent if only briefly before the flood waters receded and the river returned to its lazy ways.

Other than to those of us who used it as a playground, the river seemed of little consequence. But it did matter enough that a mile or so downstream was some sort of instrumentation, obviously meant to monitor the river. It was — and still is — visible from the road, a tall corrugated pipe standing next to the river, topped with a box bearing the logo of the US Geological Survey. On occasion, someone would visit and open the box to do mysterious things, which suggested the river was interesting beyond our fishing and adventuring needs.

Although I learned quite early that this device was a streamgage, and that it was part of a large network of monitoring instruments the USGS used to monitor the nation’s waterways, it wasn’t until quite recently — OK, this week — that I learned how streamgages work, or how extensive the network is. A lot of effort goes into installing and maintaining this far-flung network, and it’s worth looking at how these instruments work and their impact on everyday life.

Inventing Hydrography

First, to address the elephant in the room, “gage” is a rarely used but accepted alternative spelling of “gauge.” In general, gage tends to be used in technical contexts, which certainly seems to be the case here, as opposed to a non-technical context such as “A gauge of public opinion.” Moreover, the USGS itself uses that spelling, for interesting historical reasons that they’ve apparently had to address often enough that they wrote an FAQ on the subject. So I’ll stick with the USGS terminology in this article, even if I really don’t like it that much.

With that out of the way, the USGS has a long history of monitoring the nation’s rivers. The first streamgaging station was established in 1889 along the Rio Grande River at a railroad station in Embudo, New Mexico. Measurements were entirely manual in those days, performed by crews trained on-site in the nascent field of hydrography. Many of the tools and methods that would be used through the rest of the 19th century to measure the flow of rivers throughout the West and later the rest of the nation were invented at Embudo.

Then as now, river monitoring boils down to one critical measurement: discharge rate, or the volume of water passing a certain point in a fixed amount of time. In the US, discharge rate is measured in cubic feet per second, or cfs. The range over which discharge rate is measured can be huge, from streams that trickle a few dozen cubic feet of water every second to the over one million cfs discharge routinely measured at the mouth of the mighty Mississippi each Spring.

Measurements over such a wide dynamic range would seem to be an engineering challenge, but hydrographers have simplified the problem by cheating a little. While volumetric flow in a closed container like a pipe is relatively easy — flowmeters using paddlewheels or turbines are commonly used for such a task — direct measurement of flow rates in natural watercourses is much harder, especially in navigable rivers where such measuring instruments would pose a hazard to navigation. Instead, the USGS calculates the discharge rate indirectly using stream height, often referred to as flood stage.

Beside Still Waters

Schematic of a USGS stilling well. The water level in the well tracks the height of the stream, with a bit of lag. The height of the water column in the well is easier to read than the surface of the river. Source: USGS, public domain.
The height of a river at any given point is much easier to measure, with the bonus that the tools used for this task lend themselves to continuous measurements. Stream height is the primary data point of each streamgage in the USGS network, which uses several different techniques based on the specific requirements of each site.
A float-tape gage, with a counterweighted float attached to an encoder by a stainless steel tape. The encoder sends the height of the water column in the stilling well to the data logger. Source: USGS, public domain.
The most common is based on a stilling well. Stilling wells are vertical shafts dug into the bank adjacent to a river. The well is generally large enough for a technician to enter, and is typically lined with either concrete or steel conduit, such as the streamgage described earlier. The bottom of the shaft, which is also lined with an impervious material such as concrete, lies below the bottom of the river bed, while the height of the well is determined by the highest expected flood stage for the river. The lumen of the well is connected to the river via a pair of pipes, which terminate in the water above the surface of the riverbed. Water fills the well via these input pipes, with the level inside the well matching the level of the water in the river.

As the name implies, the stilling well performs the important job of damping any turbulence in the river, allowing for a stable column of water whose height can be easily measured. Most stilling wells measure the height of the water column with a float connected to a shaft encoder by a counterweighted stainless steel tape. Other stilling wells are measured using ultrasonic transducers, radar, or even lidar scanners located in the instrument shelter on the top of the well, which translate time-of-flight to the height of the water column.

While stilling well gages are cheap and effective, they are not without their problems. Chief among these is dealing with silt and debris. Even though intakes are placed above the bottom of the river, silt enters the stilling well and settles into the sump. This necessitates frequent maintenance, usually by flushing the sump and the intake lines using water from a flushing tank located within the stilling well. In rivers with a particularly high silt load, there may be a silt trap between the intakes and the stilling well. Essentially a concrete box with a series of vertical baffles, the silt trap allows silt to settle out of the river water before it enters the stilling well, and must be cleaned out periodically.

Bubbles, Bubbles

Bubble gages often live on pilings or other structures within the watercourse.
Making up for some of the deficiencies of the stilling well is the bubble gage, which measures river stage using gas pressure. A bubble gage typically consists of a small air pump or gas cylinders inside the instrument shelter, plumbed to a pipe that comes out below the surface of the river. As with stilling wells, the tube is fixed at a known point relative to a datum, which is the reference height for that station. The end of the pipe in the water has an orifice of known size, while the supply side has regulators and valves to control the flow of gas. River stage can be measured by sensing the gas pressure in the system, which will increase as the water column above the orifice gets higher.

Bubble gages have a distinct advantage over stilling wells in rivers with a high silt load, since the positive pressure through the orifice tends to keep silt out of the works. However, bubble gages tend to need a steady supply of electricity to power their air pump continuously, or for gages using bottled gas, frequent site visits for replenishment. Also, the pipe run to the orifice needs to be kept fairly short, meaning that bubble gage instrument shelters are often located on pilings within the river course or on bridge abutments, which can make maintenance tricky and pose a hazard to navigation.

While bubble gages and stilling wells are the two main types of gaging stations for fixed installations, the USGS also maintains a selection of temporary gaging instruments for tactical use, often for response to natural disasters. These Rapid Deployment Gages (RDGs) are compact units designed to affix to the rail of a bridge or some other structure across the river. Most RDGs use radar to sense the water level, but some use sonar.

Go With the Flow

No matter what method is used to determine the stage of a river, calculating the discharge rate is the next step. To do that, hydrographers have to head to the field and make flow measurements. By measuring the flow rates at intervals across the river, preferably as close as possible to the gaging station, the total flow through the channel at that point can be estimated, and a calibration curve relating flow rate to stage can be developed. The discharge rate can then be estimated from just the stage reading.

Flow readings are taken using a variety of tools, depending on the size of the river and the speed of the current. Current meters with bucket wheels can be lowered into a river on a pole; the flow rotates the bucket wheel and closes electrical contacts that can be counted on an electromagnetic totalizer. More recently, Acoustic Doppler Current Profilers (ADCPs) have come into use. These use ultrasound to measure the velocity of particulates in the water by their Doppler shift.

Crews can survey the entire width of a small stream by wading, from boats, or by making measurements from a convenient bridge. In some remote locations where the river is especially swift, the USGS may erect a cableway across the river, so that measurements can be taken at intervals from a cable car.
Nice work if you can get it. USGS crew making flow measurements from a cableway over the American River in California using an Acoustic Doppler Current Profiler. Source: USGS, public domain.

From Paper to Satellites

In the earliest days of streamgaging, recording data was strictly a pen-on-paper process. Station log books were updated by hydrographers for every observation, with results transmitted by mail or telegraph. Later, stations were equipped with paper chart recorders using a long-duration clockwork mechanism. The pen on the chart recorder was mechanically linked to the float in a stilling well, deflecting it as the river stage changed and leaving a record on the chart. Electrical chart recorders came next, with the position of the pen changing based on the voltage through a potentiometer linked to the float.

Chart recorders, while reliable, have the twin disadvantages of needing a site visit to retrieve the data and requiring a tedious manual transcription of the chart data to tabular form. To solve the latter problem, analog-digital recorders (ADRs) were introduced in the 1960s. These recorded stage data on paper tape as four binary-coded decimal (BCD) digits. The time of each stage reading was inferred from its position on the tape, given a known starting time and reading interval. Tapes still had to be retrieved from each station, but at least reading the data back at the office could be automated with a paper tape reader.

In the 1980s and 1990s, gaging stations were upgraded to electronic data loggers, with small solar panels and batteries where grid power wasn’t available. Data was stored locally in the logger between maintenance visits by a hydrographer, who would download the data. Alternately, gaging stations located close to public rights of way sometimes had leased telephone lines for transmitting data at intervals via modem. Later, gaging stations started sprouting cross-polarized Yagi antennas, aimed at one of the Geostationary Operational Environmental Satellites (GOES). Initially, gaging stations used one of the GOES low data rate telemetry channels with a 100 to 300 bps connection. This gave hydrologists near-real-time access to gaging data for the first time. Since 2013, all stations have been upgraded to a high data rate channel that allows up to 1,200 bps telemetry.

Currently, gage data is collected every 15 minutes normally, although the interval can be increased to every 5 minutes at times of peak flow. Data is buffered locally before a GOES uplink, which is about every hour or so, or as often as every 15 minutes in peak flow or emergencies. The uplink frequencies and intervals are very well documented on the USGS site, so you can easily pick them up with an SDR, and you can see if the creek is rising from the comfort of your own shack.

youtube.com/embed/9QEacN9hWoI?…

hackaday.com/2025/05/28/remote…

Vieni a scoprire come vivevano la montagna i primi escursionisti.

Un viaggio nel passato all’interno del Parco Regionale dei Monti Simbruini tra faggete lussureggianti e panoramiche vedute.

Andremo alla conquista della vetta di Monte Autore (1885m), un autentico balcone naturale in grado di regalarci una visuale unica sulle vette al confine tra Lazio e Abruzzo.

Cammineremo lungo itinerari noti sin dall’epoca del Grand Tour per la natura selvaggia, il folklore e le tradizioni.

Ripercorreremo le orme dei nostri illustri predecessori, artisti ed escursionisti dei secoli passati, giunti fin qui alla ricerca del sublime e della bellezza

E' l'occasione ideale per vivere in buona compagnia una splendida Domenica in natura.

Non aspettare! Vieni con noi!

Iscrizioni aperte fino a Venerdì 13 Giugno 2025 ore 20:00

Clicca qui PER INFO COMPLETE ed ISCRIZIONE OBBLIGATORIA

Starting January 1st, 2026, Washington state’s new Right to Repair law will come into effect. It requires manufacturers to make tools, parts and documentation available for diagnostics and repair of ‘digital electronics’, including cellphones, computers and similar appliances. The relevant House Bill 1483 was signed into law last week after years of fighting to make it a reality.

A similar bill in Oregon faced strong resistance from companies like Apple, despite backing another Right to Repair bill in California. In the case of the Washington bill, there were positive noises from the side of Google and Microsoft, proclaiming themselves and their products to be in full compliance with such consumer laws.

Of course, the devil is always in the details, with Apple in particular being a good example how to technically comply with the letter of the law, while throwing up many (financial) roadblocks for anyone interested in obtaining said tools and components. Apple’s penchant part pairing is also a significant problem when it comes to repairing devices, even if these days it’s somewhat less annoying than it used to be — assuming you’re running iOS 18 or better.

That said, we always applaud these shifts in the right direction, where devices can actually be maintained and repaired without too much fuss, rather than e.g. cellphones being just disposable items that get tossed out after two years or less.

Thanks to [Robert Piston] for the tip.

hackaday.com/2025/05/28/washin…

Nelle ultime ore, un noto canale Telegram pubblico collegato ai forum underground ha pubblicato una lista di email aziendali provenienti da Italia e Germania. Il messaggio, visibile in uno screenshot condiviso, mostra un estratto di dati riferiti a caselle di posta elettronica di imprese italiane e tedesche e persino indirizzi istituzionali riconducibili al Comune di Gorizia.

Il Threat Actors afferma che si tratta di una lista in “condizioni fresche”, quindi presumibilmente frutto di compromissioni recenti. Il pagamento è solo in criptovalute, una prassi comune nei mercati cybercriminali per garantire l’anonimato delle transazioni.

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.

Probabile infezione da infostealer

L’origine di questa fuga di dati non è ufficialmente nota, ma tutto lascia intendere che la compromissione sia avvenuta tramite l’utilizzo di infostealer, una categoria di malware sempre più diffusa nel panorama delle minacce cyber.

Cos’è un Infostealer?

Un infostealer (information stealer) è un malware progettato per rubare informazioni sensibili dal sistema infetto. Le informazioni più ricercate includono:

• Username e password
• Cookie di sessione
• Autenticazioni salvate nei browser
• Dati autofill (nome, cognome, indirizzi, numeri di telefono)
• Credenziali di accesso a VPN, FTP, CRM e webmail aziendali

Tra gli infostealer più noti troviamo RedLine, Raccoon, Vidar, Aurora e Lumma, che operano in modalità stealth e inviano i dati raccolti verso server C2 (Command and Control) o li salvano in log successivamente rivenduti nei marketplace underground.

Tecniche classiche di infezione

Gli infostealer vengono solitamente distribuiti attraverso:

• Email phishing con allegati malevoli (documenti Word, PDF, Excel)
• Crack di software su siti warez o torrent
• Falsi aggiornamenti di browser o plugin
• Campagne pubblicitarie malevole (malvertising)
• Canali Discord/Telegram che condividono contenuti “free” (skin, giochi, utility)

Una volta che l’utente esegue l’eseguibile infetto, il malware raccoglie in pochi secondi le credenziali salvate nei browser e nei software aziendali e le invia automaticamente al cybercriminale. Queste email potrebbero essere utilizzate per:

• Attacchi mirati di phishing (spear phishing)
• Tentativi di login su servizi aziendali (brute force)
• Furto di identità e impersonificazione
• Accessi non autorizzati a infrastrutture IT

Considerazioni finali

La pubblicazione di queste liste mostra ancora una volta quanto sia fondamentale la protezione delle credenziali aziendali. L’uso di password complesse, l’autenticazione a più fattori (MFA) e una formazione continua del personale sono i primi strumenti di difesa contro queste minacce.

Nel frattempo, invitiamo le aziende coinvolte — e in particolare gli enti pubblici — a verificare immediatamente l’integrità dei propri sistemi e ad attivare misure di contenimento nel caso vengano riscontrate anomalie nei log di accesso.

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione dell’organizzazione qualora voglia darci degli aggiornamenti su questa vicenda e saremo lieti di pubblicarla con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono accedere utilizzare la mail crittografata del whistleblower.

L'articolo Allarme infostealer: pubblicate email del Comune di Gorizia e aziende italiane proviene da il blog della sicurezza informatica.