Not a huge percentage of our readers probably get their heat from diesel fuel, but it’s not uncommon in remote areas where other fuels are hard to come-by. If you’re in one of those areas, this latest hack from [Hangin with the Hursts] could save you some change, or keep you ̶2̶0̶%̶ ̶c̶o̶o̶l̶e̶r̶ 25% warmer on the same fuel burn.

It’s bog simple: he takes his off-the-shelf hydronic diesel heater, which is already 71% efficient according to a previous test, and hooks its exhaust to a heat exchanger. Now, you don’t want to restrict the exhaust on one of these units, as that can mess with the air fuel mix, but [Hurst] gets around that with a 3″ intercooler meant for automotive intake. Sure, it’s not made for exhaust gas, but this is a clean-burning heater, and it wouldn’t be a hack if some of the parts weren’t out of spec.

Since it’s a hydronic heater, he’s able to use the exhaust gas to pre-heat the water going into the burner. The intercooler does a very good job of that, sucking enough heat out of the exhaust to turn this into a condensing furnace. That’s great for efficiency — he calculates 95%, a number so good he doesn’t trust it — but not so good for the longevity of the system, since this intercooler isn’t made to deal with the slightly-acidic condensation. The efficiency numbers are combustion efficiency, to be clear. He’s only accounting for the energy in the diesel fuel, not the energy that heats the water in his test, for the record; the electrical power going into the blower is considered free. That’s fair, since that’s how the numbers are calculated in the heating industry in general — the natural gas furnace keeping this author from freezing to death, for example, is a condensing unit that is also 95% efficient.

Another thing you can do to get the most from your diesel heating fuel is add some brains to the operation. Since this is a hydronic system, the cheapest option, long-term, might be to add some solar energy to the water. Sunlight is free, and diesel sure isn’t getting any cheaper.

youtube.com/embed/rjgOsJmnqYc?…

hackaday.com/2025/12/13/conden…

Cats can be wonderful companions, but they can also be aloof and boring to hang out with. If you want to get a little more out of the relationship, consider obsessively tracking your cat’s basic statistics with this display from [Matthew Sylvester].

The build is based around the Seeedstudio ReTerminal E1001/E1002 devices—basically an e-paper display with a programmable ESP32-S3 built right in. It’s upon this display that you will see all kinds of feline statistics being logged and graphed. The data itself comes from smart litterboxes, with [Matthew] figuring out how to grab data on weight and litterbox usage via APIs. In particular, he’s got the system working with PetKit gear as well as the Whisker Litter Robot 4. His dashboard can separately track data for four cats and merely needs the right account details to start pulling in data from the relevant cat cloud service.

For [Matthew], the build wasn’t just a bit of fun—it also proved very useful. When one of his cats had a medical issue recently, he was quickly able to pick up that something was wrong and seek the help required. That’s a pretty great result for any homebrew project. It’s unrelated, too, but Gnocci is a great name for a cat, so hats off for that one.

We’ve featured some other fun cat-tracking projects over the years, too. If you’re whipping up your own neat hardware to commune with, entertain, or otherwise interact with your cat, don’t hesitate to let us know on the tipsline.

hackaday.com/2025/12/13/get-st…

Il MITRE ha reso pubblica la classifica delle 25 più pericolose debolezze software previste per il 2025, secondo i dati raccolti attraverso le vulnerabilità del national Vulnerability Database. Tali vulnerabilità sono state individuate analizzando 39.080 record di Common Vulnerabilities and Exposures (CVE)riportati nell’anno in corso, al fine di segnalare le cause principali.

L’aumento delle minacce informatiche ha elevato l’importanza della classifica annuale, la quale elaborata in base a dati CVE reali, permette una più efficace identificazione e riduzione dei rischi all’interno delle organizzazioni.

Gli aggressori possono assumere il controllo del sistema, sottrarre dati sensibili o compromettere le applicazioni a causa di questi difetti pervasivi, che sono spesso facilmente individuabili e sfruttabili.

La classifica CWE Top 25 può aiutare a:

• Riduzione delle vulnerabilità : le informazioni sulle cause comuni alla radice forniscono un feedback prezioso per la pianificazione SDLC e architettonica dei fornitori, contribuendo a eliminare intere classi di difetti (ad esempio, sicurezza della memoria, iniezione)
• Risparmio sui costi : meno vulnerabilità nello sviluppo del prodotto significano meno problemi da gestire dopo la distribuzione, con conseguente risparmio di denaro e risorse
• Analisi delle tendenze : la comprensione delle tendenze dei dati consente alle organizzazioni di concentrare meglio gli sforzi di sicurezza
• Informazioni sullo sfruttabilità : alcune debolezze, come l’iniezione di comandi, attirano l’attenzione degli avversari, consentendo di stabilire le priorità del rischio.
• Fiducia del cliente : la trasparenza nel modo in cui le organizzazioni affrontano queste debolezze dimostra impegno per la sicurezza del prodotto

Le vulnerabilità legate alla sicurezza della memoria, come i buffer overflow, sono ricorrenti, il che sta portando all’adozione di linguaggi più sicuri come Rust. Nello stesso tempo, le applicazioni web devono far fronte a minacce e problemi di autenticazione. Inoltre, le vulnerabilità come Use After Free, rientranti nella categoria KEV, richiedono l’implementazione di un modello di controllo basato sullo zero-trust.

È fondamentale che le organizzazioni esaminino i propri codici in base a questo elenco, incorporino le verifiche CWE nelle loro pipeline di integrazione continua, insistano con i fornitori per garantire la trasparenza e sfruttino i contratti per imporre ai fornitori l’applicazione di standard rigorosi per la scrittura di codice sicuro..

L'articolo MITRE pubblica la lista delle TOP25 debolezze software più pericolose del 2025 proviene da Red Hot Cyber.

Al and I were talking on the podcast about the Home Assistant home automation hub software. In particular, about how devilishly well designed it is for extensibility. It’s designed to be added on to, and that makes all of the difference.
That doesn’t mean that it’s trivial to add your own wacky control or sensor elements to the system, but that it’s relatively straightforward, and that it accommodates you. If your use case isn’t already covered, there is probably good documentation available to help guide you in the right direction, and that’s all a hacker really needs. As evidence for why you might care, take the RTL-HAOS project that we covered this week, which adds nearly arbitrary software-defined radio functionality to your setup.

And contrast this with many commercial systems that are hard to hack on because they are instead focused on making sure that the least-common-denominator user is able to get stuff working without even reading a single page of documentation. They are so focused on making everything that’s in-scope easy that they spend no thought on expansion, or worse they actively prevent it.

Of course, it’s not trivial to make a system that’s both extremely flexible and relatively easy to use. We all know examples where the configuration of even the most basic cases is a nightmare simply because the designer wanted to accommodate everything. Somehow, Home Assistant has managed to walk the fine line in the middle, where it’s easy enough to use that you don’t have to be a wizard, but that you can make it do what you want if you are, and hence it got spontaneous hat-tips from both Al and myself. Food for thought if you’re working on a complex system that’s aimed at the DIY / hacker crowd.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

hackaday.com/2025/12/13/user-s…

Dear Friend of Press Freedom,

Rümeysa Öztürk has been facing deportation for 262 days for co-writing an op-ed the government didn’t like, and journalist Ya’akub Vijandre remains locked up by Immigration and Customs Enforcement over social media posts about issues he reported on. Read on for more on what we’re working on this week.

Stop the gatekeeping. The First Amendment’s for all of us

In the early days of the internet, online news confused analog-era judges, who pondered questions like, “If this is journalism then why are there no ink smudges on my fingers?” These days, First Amendment advocates tend to chuckle when thinking back on that era. But apparently it’s not quite over yet.

Freedom of the Press Foundation (FPF) Senior Adviser Caitlin Vogus wrote for the Sun-Sentinel about a judge in Florida’s unfortunate ruling that YouTube-based outlet Popcorned Planet can’t avail itself of the state’s reporter’s privilege to oppose a subpoena from actor Blake Lively. The court’s decision would “effectively exclude any independent journalist who publishes using online platforms from relying on the privilege to protect their sources.” If it stands, “vital information will stay buried,” she explained.

And FPF Executive Director Trevor Timm spoke to Columbia Journalism Review about another subpoena from Lively that’s testing whether celebrity blogger Perez Hilton can claim the privilege. “Hilton is gathering information, talking to sources, and publishing things in order to have the public consume them. That fits the definition of a journalist,” Timm explained. As CJR noted, FPF’s U.S. Press Freedom Tracker “was one of the few to highlight the Hilton case.”

It’s not a question of whether Popcorned Planet and Hilton are great journalists or if they pass some editorial purity test. It’s a question of whether the courts will allow litigants to chip away at First Amendment rights that protect all journalists, no matter what platform they use to report or what subjects they cover.

• READ THE OP-ED

Administration is trolling America with its FOIA responses

As The New York Times reported this week, Immigration and Customs Enforcement claimed it has no body-worn camera footage from Operation Midway Blitz in Chicago, Illinois, despite a federal judge’s explicit order that agents wear and activate those cameras.

And as The Daily Beast reported, the Department of Homeland Security told FFP’s Daniel Ellsberg Chair on Government Secrecy Lauren Harper that Kristi Noem had no Truth Social Direct messages, despite her millions of followers. Harper requested cabinet officials’ messages in a Freedom of Information Act request after President Donald Trump accidentally publicly posted correspondence with Attorney General Pam Bondi.

As Harper told the Times, “They are trolling citizens and judges … ICE continues to feel increasing impunity and that it has the right to behave as a secret police that’s exempt from accountability.” FPF is, of course, appealing.

• READ THE NYT STORY

Don’t weaken Puerto Rico’s public records law

When the U.S. Navy quietly reactivated Roosevelt Roads Naval Station in Puerto Rico earlier this year, some residents saw the promise of new jobs, while others saw it as a painful reminder of past harms from the American military presence on the island.

Puerto Ricans — and Americans everywhere — deserve basic answers about what the military is up to as tensions escalate with Venezuela and whether Puerto Rico’s government is coordinating with the Pentagon and whether their concerns are being taken into account. And of course, there are countless local issues Puerto Ricans are entitled to be informed about.

But at the moment when transparency is most essential, lawmakers are trying to slam the door shut.

• READ MORE

Don’t just take our word for it…

Throughout 2025 we’ve been hosting online events platforming journalists impacted by anti-press policies at the national and local levels, so you can hear directly from the people we hope will benefit from our work.

Read about three of our recent events. This week’s panel features journalists whose reporting is complicated by sources unwilling to come forward due to fear of retaliation. Last week we spoke with journalists about the difficulties of covering the immigration beat during Trump 2.0, and last month we talked about the immigration cases against journalists Sami Hamdi and Ya’akub Vijandre over their support for Palestinian rights (shoutout to our friends at The Dissenter for writing up that event). And there are even more past events on our YouTube channel.

• BROWSE OUR YOUTUBE CHANNEL

WHAT WE'RE READING

Chokehold: Donald Trump’s war on free speech and the need for systemic resistance

Free Press
In a comprehensive new report, Free Press’s Nora Benavidez analyzes how Trump and his political enablers have sought to undermine and chill the most basic freedoms protected by the First Amendment.

Press freedom advocates sound alarm over Ya’akub Vijandre, stuck for over two months in ICE custody in Georgia

WABE
We cannot just accept that “every so often the administration is going to abduct some lawful resident who said something it doesn’t like about Israel or Palestine,” FPF’s Seth Stern told WABE.

Watched, tracked, and targeted: Life in Gaza under Israel’s all-encompassing surveillance regime

New York Magazine
A powerful essay by Palestinian journalist Mohammed Mhawish about life in Gaza “under Israel’s all-encompassing surveillance regime.”

​​ICEBlock creator sues Trump administration officials saying they pressured Apple to remove it from the app store

CNN
Threatening to punish app stores if they don’t remove apps the government dislikes is unconstitutional. This time it’s ICEBlock, but tomorrow it could be a news app.

Longtime LA radio exec Will Lewis dies; Went to prison in Hearst case

My News LA
Many heroes work behind the scenes on press freedom. Will Lewis was one of them. A radio executive who championed public media, he spent 15 days in prison to protect sources. RIP.

‘Heroic excavators of government secrets’

National Security Archive
Congratulations to the indefatigable National Security Archive on 40 years of clawing back the self-serving veil of government secrecy.

freedom.press/issues/stop-the-…

12 dicembre, Piazza Fontana, strage di stato: non dimentichiamo
differx.noblogs.org/2025/12/12…

#piazzafontana #stragidistato #ordinenuovo #stragifasciste #stragedistato