Tool Turns SVGs into Multicolor 3D Prints
Want to turn a scaled vector graphic into a multicolor 3D print, like a sign? You’ll want to check out [erkannt]’s svg2solid, a web-based tool that reads an SVG and breaks the shapes up by color into individual STL files. Drag those into your slicer (treating them as a single object with multiple parts) and you’re off to the races.
This is especially handy for making 3D printed versions of things like signs, and shown here is an example of exactly that.
It’s true that most 3D printer software supports the .svg format natively nowadays, but that doesn’t mean a tool like this is obsolete. SVG is a 2D format with no depth information, so upon import the slicer assigns a arbitrary height to all imported elements and the user must make any desired adjustments manually. For example, a handy tip for making signs is to make the “background” as thick as desired but limit colored elements to just a few layers deep. Doing so minimizes filament switching while having no impact on final visual appearance.
Being able to drag SVGs directly into the slicer is very handy, but working with 3D models has a certain “what you see is what you get” element to it that can make experimentation or alternate applications a little easier. Since svg2solid turns an SVG into discrete 3D models (separated by color) and each with user-defined heights, if you find yourself needing that then this straightforward tool is worth having in your bookmarks. Or just go straight to the GitHub repository and grab your own copy.
On the other hand, if you prefer your 3D-printed signs to be lit up in a faux-neon style then here’s how to do that in no time at all. Maybe there’s a way to mix the two approaches? If you do, be sure to use our tips line to let us know!
A Love Letter to Embedded Systems by V. Hunter Adams
Today we’re going to make a little digression from things that we do to look at perhaps why we do the things that we do. This one is philosophical folks, so strap yourselves in. We’ve had an interesting item arrive on the tips line from [Bunchabits] who wanted to let us know about a video, Love Letter to Embedded Systems, from [V. Hunter Adams].
[V. Hunter Adams] is Lecturer of Electrical Engineering at Cornell University and is on the web over here: vanhunteradams.com
In this forty three minute video [Hunter] makes an attempt to explain why he loves engineering, generally, and why he loves embedded systems engineering, specifically. He tries to answer why you should love engineering projects, what makes such projects special, and how you can get started on projects of your own. He discusses his particular interest in other unrelated subjects such as birds and birdsong, and talks a little about the genius of polymath Leonardo da Vinci.
He goes on to explain that engineering can be the vehicle to learn about other fields of endeavor, that the constraints in embedded systems are like the constraints of poetry, that embedded systems are the right level of complexity where you can still hold the details of a complete system in your head, and that embedded systems let you integrate with the physical world through sensors and actuators leading to a greater appreciation of physics and nature.
In his submission to the tips line [Bunchabits] said that [Hunter] was a communicator in the league of Carl Sagan and that he could do for embedded systems what Sagan did for physics and astronomy. Having watched this presentation we are inclined to agree. He is a thoughtful person and a cogent communicator.
If today’s philosophical digression has left you feeling… philosophical, then you might enjoy a little nostalgia, too. Here’s some old philosophical material that we covered here on Hackaday back in 2013 which held some interest: Hacking And Philosophy: An Introduction; The Mentor’s Manifesto; Hacker Crackdown: Part 1, Part II, Part III, Part IV; Future Tech And Upgrading Your Brain; and Surveillance State. All still as relevant today as it was over a decade ago.
Thanks to [Bunchabits] for sending this one in.
youtube.com/embed/-TFsfcIx04Q?…
Invisible PC Doubles As Heated Seat
Some people really want a minimalist setup for their computing. In spite of his potentially worrisome housing situation, this was a priority for the man behind [Basically Homeless]: clean lines on the desk. Where does the PC go? You could get an all-in-one, sure, but those use laptop hardware and he wanted the good stuff. So he decided to hide the PC in the one place no one would ever think to look: inside his chair. (Youtube video, embedded below.)
This chair has very respectable specs: a Ryzen 7 9800XD, 64GB of ram and a RTX 4060 GPU, but you’d never know it. The secret is using 50 mm aluminum standoffs between the wooden base of the seat and the chair hardware to create room for low-profile everything. (The GPU is obviously lying sideways and connected with a PCIe riser cable, but even still, it needed a low-profile GPU.) This assemblage is further hidden 3D printed case that makes the fancy chair donated from [Basically Homeless]’s sponsor look basically stock, except for the cables coming out of it. It’s a very niche project, but if you happen to have the right chair, he does provide STLs on the free tier of his Patreon.
This is the first time we’ve seen a chair PC, but desk PCs are something we’ve covered more than once, so there’s obviously a demand to hide the electronics. It remains to be seen if hiding a PC in a chair will catch on, but if nothing else [Basically Homeless] will have a nice heated seat for winter. To bring this project to the next level of minimalism, we might suggest chording keyboards in the armrests, and perhaps a VR headset instead of a monitor.
youtube.com/embed/Acivh3w3QA8?…
From Burnt to Brilliant: A Toaster’s Makeover
Appliances fail, but that doesn’t mean it’s the end for them. This impressive hack from [solopilot] shows the results possible when not just fixing but also improving upon its original form. The toaster’s failed function selector switch presented an opportunity to add smart features to the function selection and refine control over its various settings.
Before upgrading the toaster, [solopilot] first had to access its components, which is no trivial task with many modern appliances. Photos document his process of diving into the toaster, exposing all the internals to enable the upgrade. Once everything was accessible, some reverse engineering was required to understand how the failed function selector controlled the half-dozen devices it was wired to.
The work wasn’t limited to the toaster itself. [solopilot] also seized the opportunity to create an Android app with speech recognition to control his now one-of-a-kind Cuisinart. It’s probably safe to say his TOA-60 is currently the smartest toaster in the world. If you check out his documentation, you’ll find all the pinouts, circuits, code, and logic explanations needed to add serious improvements to your own toaster. We’ve featured several other toaster oven projects over the years, most of which have focused on turning them into reflow ovens, so it’s exciting to see one aimed at improving upon its original design.
FLOSS Weekly Episode 834: It Was Cool in 2006
This week Jonathan chats with Ben Meadors and Rob Campbell about the boatload of software Microsoft just released as Open Source! What’s the motivation, why is the new Edit interesting, and what’s up with Copilot? Watch to find out!
youtube.com/embed/JG8If0l05n4?…
Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
hackaday.com/2025/05/28/floss-…
Supercon 2024: Using an Oscilloscope to Peek Below the Noise Floor
When you’re hunting for a signal with your oscilloscope, the stronger it is, the better. If it’s weak, you might struggle to tease it out from other interference, or even from the noise floor itself. You might wish that you were looking for something more obvious rather than the electromagnetic equivalent of a needle in a haystack.
Finding hidden signals below the noise floor may be a challenge, but it needn’t be an insurmountable one. James Rowley and Mark Omo came to the 2024 Hackaday Superconference to tell us how to achieve this with the magic of lock-in amplifiers.
Noise
youtube.com/embed/Y9FRTj3uZM0?…
As James explains, you can do lock-in amplification with just about any analog-to-digital converter and DSP that you might have on hand. For example, the oscilloscope you already have in your workshop. “The magic of this technique is taking a noisy signal, just rejecting all the noise, and getting just the part you want—just the signal you’re interested in,” James explains. “It is a very powerful technique for measuring how a signal flows through a system.”
“A lock-in amplifier is a great way… to lock in to those very small signals that can be swamped out by noise and interference, and actually measure signals that are well below the noise floor with a negative signal-to-noise ratio,” says James. “Essentially, what a lock-in amplifier is, is an ultra-narrow bandpass filter.”
In the talk, James uses a simple analogy to explain how this works. He asks the audience to imagine a speaker and a microphone. In this analogy, ideally, the microphone picks up whatever noise the speaker is putting out, but in the real world, there are lots of other noise sources from the environment that can swamp the signal from the speaker itself. However, a lock-in amplifier would be able to reject that other noise, locking in on just the sound from the speaker itself. Lock-in amplifiers apply to all sorts of applications, from picking up extremely sensitive signals from load-cells, to measuring very high or low electrical resistances, and even finding locations of heart catheters during delicate medical operations. Wherever there are tiny important signals that need to be picked up, lock-in amplifiers can probably help.
Mark then walks us through the DSP magic required to actually find signals beneath the noise floor. He explains that by heavily filtering out noise outside the area of interest, it’s possible to effectively increase the signal-to-noise ratio and pick up the desired signal even if it’s quite faint. Traditional filters aren’t quite good enough to reduce the noise by the required amount of 300 times or so, so alternative solutions are needed. To do lock-in amplification, the measured signal is first shifted down to zero hertz, and averaged out over time. It sounds a little funky, but Mark explains the trigonometry and associated math to make it all work for a signal of any given bandwidth. Importantly, though, this technique also needs a reference signal to work, so the amplifier can effectively lock-in on the signal you’re actually looking for.
The talk then covers the practical—how to build a lock-in amplifier with real hardware. Commercial off-the-shelf options exist, or you could go the discrete analog route—but both are expensive and fussy. Alternatively, you can just use an analog-to-digital converter. “Like the one in your oscilloscope!” notes Mark. He explains how this is set up and how it compares to traditional approaches; basically, it’s more accessible, if not quite as high-performance. You basically end up using one channel as a reference input, while the other channel is hooked up to the signal you’re actually trying to find.
The better the ADC in your oscilloscope, the better it will perform—better bit depth, buffer depth, and sampling rates are all advantageous in this regard. You’re limited by quantization noise and the fact the oscilloscope may not have a particularly low-noise front end, and how much you can average the signal with the oscilloscope’s memory depth, but it’s a workable way to get started with a lock-in amplification setup. As a guide, something like a Rigol DS1054Z has enough memory depth to achieve a 1700x reduction in noise, which helps a great deal when hunting for a signal beneath the typical noise floor. Code to achieve this is available on Github for the curious.
The talk wraps up with a neat demonstration. A microphone and speaker are set up at a set distance of 8.5 cm, at which point the signal should show a 90-degree change in phase based on the signal being fed through the system. Mark and James show how their system is able to accurately measure the phase shift in the desired signal even in a loud room with a full crowd applauding while the demo runs.
If you regularly find yourself struggling to measure dim signals that you know are there, somewhere, you might find these techniques highly useful. This talk serves as a great primer for this very useful DSP technique.
Bubble Displays Make a Neat Retro Clock
In 2025 we are spoiled for choice when it comes to displays, with affordable LCDs, OLEDs, TFTs, and e-ink panels of all sizes only a few clicks away. But in decades past, such exotica were not on the menu for casual construction. Instead there were a range of LED seven segment displays which have now largely passed out of use.
Among them were HP’s bubble displays, assemblies of miniature LEDs on a PCB, topped with plastic bubble lenses. If you had a calculator in the 1970s it probably had one, but in the present, [Joshua Coleman] has incorporated one into a pleasingly retro digital clock.
Inside the 3D printed case is an ESP32 with a pair of 74HC595 shift registers to drive the display, and an 18650 battery with all associated charging and protection circuitry. It’s a surprisingly simple circuit, and the code is provided on the page. He makes an apology to non-Americans for his use of US date formats, but we think few readers will be unable to change it to reflect the only date format which really matters.
If you find a bubble display, hang on to it. They’re certainly something we’ve seen before here a few times.
Matteo Salvini è stato hackerato? Un criminale mette in vendita le sue email per 250 dollari
Un post pubblicato un’ora fa su un noto forum underground ha attirato l’attenzione degli osservatori della sicurezza informatica: un utente con lo pseudonimo “elpatron85” ha messo in vendita un presunto archivio di email appartenenti al Vicepresidente del Consiglio e Ministro delle Infrastrutture italiano, Matteo Salvini.
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Il post, pubblicato circa un’ora fa nella sezione dedicata alla compravendita di dati sensibili, propone il pacchetto denominato “Salvini emails”, descritto come contenente “migliaia di email dal fascista Vicepremier italiano Matteo Salvini e dal partito Noi con Salvini”. Il presunto archivio, secondo quanto riportato dall’autore, avrebbe una dimensione complessiva di 5 GB e viene venduto al prezzo di 250 dollari.
L’utente fornisce anche un contatto Telegram invitando eventuali acquirenti a scrivergli per finalizzare la transazione. Il profilo di “elpatron85” risulta essere stato creato a maggio 2025, con 19 thread e 34 post all’attivo, e fa parte del gruppo “DarkForums Members”.
La legittimità del contenuto non è attualmente verificabile, ma il caso potrebbe rappresentare una potenziale violazione della sicurezza informatica e della privacy del vicepresidente, qualora si rivelasse autentico. Non è chiaro se le autorità italiane siano già a conoscenza della pubblicazione, né se siano state avviate indagini.
Contesto e rischi
La vendita di email rubate o compromesse su forum del dark webnon è un fenomeno nuovo. Tuttavia, quando ad essere coinvolti sono esponenti di primo piano della politica di uno Stato membro dell’Unione Europea, come nel caso di Matteo Salvini, le implicazioni si fanno rapidamente geopolitiche.
Tali informazioni, infatti, potrebbero contenere dati sensibili, strategie politiche, o addirittura elementi utilizzabili per ricatti o campagne di disinformazione.
Va inoltre considerato che non è possibile stabilire con certezza, al momento, se ci troviamo di fronte a un tentativo di truffa (SCAM), oppure se si tratti di una mossa orchestrata per fare propaganda contro Salvini, sfruttando la leva della cybersicurezza per alimentare tensioni o screditare l’avversario politico.
Questo episodio sottolinea ancora una volta l’importanza della sicurezza informatica nei confronti delle istituzioni pubbliche e dei rappresentanti politici. Sarà ora fondamentale capire se i dati in questione siano autentici, come siano stati ottenuti e quali siano le possibili ripercussioni, sia a livello nazionale che internazionale.
L'articolo Matteo Salvini è stato hackerato? Un criminale mette in vendita le sue email per 250 dollari proviene da il blog della sicurezza informatica.
Remotely Interesting: Stream Gages
Near my childhood home was a small river. It wasn’t much more than a creek at the best of times, and in dry summers it would sometimes almost dry up completely. But snowmelt revived it each Spring, and the remains of tropical storms in late Summer and early Fall often transformed it into a raging torrent if only briefly before the flood waters receded and the river returned to its lazy ways.
Other than to those of us who used it as a playground, the river seemed of little consequence. But it did matter enough that a mile or so downstream was some sort of instrumentation, obviously meant to monitor the river. It was — and still is — visible from the road, a tall corrugated pipe standing next to the river, topped with a box bearing the logo of the US Geological Survey. On occasion, someone would visit and open the box to do mysterious things, which suggested the river was interesting beyond our fishing and adventuring needs.
Although I learned quite early that this device was a streamgage, and that it was part of a large network of monitoring instruments the USGS used to monitor the nation’s waterways, it wasn’t until quite recently — OK, this week — that I learned how streamgages work, or how extensive the network is. A lot of effort goes into installing and maintaining this far-flung network, and it’s worth looking at how these instruments work and their impact on everyday life.
Inventing Hydrography
First, to address the elephant in the room, “gage” is a rarely used but accepted alternative spelling of “gauge.” In general, gage tends to be used in technical contexts, which certainly seems to be the case here, as opposed to a non-technical context such as “A gauge of public opinion.” Moreover, the USGS itself uses that spelling, for interesting historical reasons that they’ve apparently had to address often enough that they wrote an FAQ on the subject. So I’ll stick with the USGS terminology in this article, even if I really don’t like it that much.
With that out of the way, the USGS has a long history of monitoring the nation’s rivers. The first streamgaging station was established in 1889 along the Rio Grande River at a railroad station in Embudo, New Mexico. Measurements were entirely manual in those days, performed by crews trained on-site in the nascent field of hydrography. Many of the tools and methods that would be used through the rest of the 19th century to measure the flow of rivers throughout the West and later the rest of the nation were invented at Embudo.
Then as now, river monitoring boils down to one critical measurement: discharge rate, or the volume of water passing a certain point in a fixed amount of time. In the US, discharge rate is measured in cubic feet per second, or cfs. The range over which discharge rate is measured can be huge, from streams that trickle a few dozen cubic feet of water every second to the over one million cfs discharge routinely measured at the mouth of the mighty Mississippi each Spring.
Measurements over such a wide dynamic range would seem to be an engineering challenge, but hydrographers have simplified the problem by cheating a little. While volumetric flow in a closed container like a pipe is relatively easy — flowmeters using paddlewheels or turbines are commonly used for such a task — direct measurement of flow rates in natural watercourses is much harder, especially in navigable rivers where such measuring instruments would pose a hazard to navigation. Instead, the USGS calculates the discharge rate indirectly using stream height, often referred to as flood stage.
Beside Still Waters
The height of a river at any given point is much easier to measure, with the bonus that the tools used for this task lend themselves to continuous measurements. Stream height is the primary data point of each streamgage in the USGS network, which uses several different techniques based on the specific requirements of each site.
The most common is based on a stilling well. Stilling wells are vertical shafts dug into the bank adjacent to a river. The well is generally large enough for a technician to enter, and is typically lined with either concrete or steel conduit, such as the streamgage described earlier. The bottom of the shaft, which is also lined with an impervious material such as concrete, lies below the bottom of the river bed, while the height of the well is determined by the highest expected flood stage for the river. The lumen of the well is connected to the river via a pair of pipes, which terminate in the water above the surface of the riverbed. Water fills the well via these input pipes, with the level inside the well matching the level of the water in the river.
As the name implies, the stilling well performs the important job of damping any turbulence in the river, allowing for a stable column of water whose height can be easily measured. Most stilling wells measure the height of the water column with a float connected to a shaft encoder by a counterweighted stainless steel tape. Other stilling wells are measured using ultrasonic transducers, radar, or even lidar scanners located in the instrument shelter on the top of the well, which translate time-of-flight to the height of the water column.
While stilling well gages are cheap and effective, they are not without their problems. Chief among these is dealing with silt and debris. Even though intakes are placed above the bottom of the river, silt enters the stilling well and settles into the sump. This necessitates frequent maintenance, usually by flushing the sump and the intake lines using water from a flushing tank located within the stilling well. In rivers with a particularly high silt load, there may be a silt trap between the intakes and the stilling well. Essentially a concrete box with a series of vertical baffles, the silt trap allows silt to settle out of the river water before it enters the stilling well, and must be cleaned out periodically.
Bubbles, Bubbles
Making up for some of the deficiencies of the stilling well is the bubble gage, which measures river stage using gas pressure. A bubble gage typically consists of a small air pump or gas cylinders inside the instrument shelter, plumbed to a pipe that comes out below the surface of the river. As with stilling wells, the tube is fixed at a known point relative to a datum, which is the reference height for that station. The end of the pipe in the water has an orifice of known size, while the supply side has regulators and valves to control the flow of gas. River stage can be measured by sensing the gas pressure in the system, which will increase as the water column above the orifice gets higher.
Bubble gages have a distinct advantage over stilling wells in rivers with a high silt load, since the positive pressure through the orifice tends to keep silt out of the works. However, bubble gages tend to need a steady supply of electricity to power their air pump continuously, or for gages using bottled gas, frequent site visits for replenishment. Also, the pipe run to the orifice needs to be kept fairly short, meaning that bubble gage instrument shelters are often located on pilings within the river course or on bridge abutments, which can make maintenance tricky and pose a hazard to navigation.
While bubble gages and stilling wells are the two main types of gaging stations for fixed installations, the USGS also maintains a selection of temporary gaging instruments for tactical use, often for response to natural disasters. These Rapid Deployment Gages (RDGs) are compact units designed to affix to the rail of a bridge or some other structure across the river. Most RDGs use radar to sense the water level, but some use sonar.
Go With the Flow
No matter what method is used to determine the stage of a river, calculating the discharge rate is the next step. To do that, hydrographers have to head to the field and make flow measurements. By measuring the flow rates at intervals across the river, preferably as close as possible to the gaging station, the total flow through the channel at that point can be estimated, and a calibration curve relating flow rate to stage can be developed. The discharge rate can then be estimated from just the stage reading.
Flow readings are taken using a variety of tools, depending on the size of the river and the speed of the current. Current meters with bucket wheels can be lowered into a river on a pole; the flow rotates the bucket wheel and closes electrical contacts that can be counted on an electromagnetic totalizer. More recently, Acoustic Doppler Current Profilers (ADCPs) have come into use. These use ultrasound to measure the velocity of particulates in the water by their Doppler shift.
Crews can survey the entire width of a small stream by wading, from boats, or by making measurements from a convenient bridge. In some remote locations where the river is especially swift, the USGS may erect a cableway across the river, so that measurements can be taken at intervals from a cable car.
From Paper to Satellites
In the earliest days of streamgaging, recording data was strictly a pen-on-paper process. Station log books were updated by hydrographers for every observation, with results transmitted by mail or telegraph. Later, stations were equipped with paper chart recorders using a long-duration clockwork mechanism. The pen on the chart recorder was mechanically linked to the float in a stilling well, deflecting it as the river stage changed and leaving a record on the chart. Electrical chart recorders came next, with the position of the pen changing based on the voltage through a potentiometer linked to the float.
Chart recorders, while reliable, have the twin disadvantages of needing a site visit to retrieve the data and requiring a tedious manual transcription of the chart data to tabular form. To solve the latter problem, analog-digital recorders (ADRs) were introduced in the 1960s. These recorded stage data on paper tape as four binary-coded decimal (BCD) digits. The time of each stage reading was inferred from its position on the tape, given a known starting time and reading interval. Tapes still had to be retrieved from each station, but at least reading the data back at the office could be automated with a paper tape reader.
In the 1980s and 1990s, gaging stations were upgraded to electronic data loggers, with small solar panels and batteries where grid power wasn’t available. Data was stored locally in the logger between maintenance visits by a hydrographer, who would download the data. Alternately, gaging stations located close to public rights of way sometimes had leased telephone lines for transmitting data at intervals via modem. Later, gaging stations started sprouting cross-polarized Yagi antennas, aimed at one of the Geostationary Operational Environmental Satellites (GOES). Initially, gaging stations used one of the GOES low data rate telemetry channels with a 100 to 300 bps connection. This gave hydrologists near-real-time access to gaging data for the first time. Since 2013, all stations have been upgraded to a high data rate channel that allows up to 1,200 bps telemetry.
Currently, gage data is collected every 15 minutes normally, although the interval can be increased to every 5 minutes at times of peak flow. Data is buffered locally before a GOES uplink, which is about every hour or so, or as often as every 15 minutes in peak flow or emergencies. The uplink frequencies and intervals are very well documented on the USGS site, so you can easily pick them up with an SDR, and you can see if the creek is rising from the comfort of your own shack.
youtube.com/embed/9QEacN9hWoI?…
Washington Consumers Gain Right to Repair for Cellphones and More
Starting January 1st, 2026, Washington state’s new Right to Repair law will come into effect. It requires manufacturers to make tools, parts and documentation available for diagnostics and repair of ‘digital electronics’, including cellphones, computers and similar appliances. The relevant House Bill 1483 was signed into law last week after years of fighting to make it a reality.
A similar bill in Oregon faced strong resistance from companies like Apple, despite backing another Right to Repair bill in California. In the case of the Washington bill, there were positive noises from the side of Google and Microsoft, proclaiming themselves and their products to be in full compliance with such consumer laws.
Of course, the devil is always in the details, with Apple in particular being a good example how to technically comply with the letter of the law, while throwing up many (financial) roadblocks for anyone interested in obtaining said tools and components. Apple’s penchant part pairing is also a significant problem when it comes to repairing devices, even if these days it’s somewhat less annoying than it used to be — assuming you’re running iOS 18 or better.
That said, we always applaud these shifts in the right direction, where devices can actually be maintained and repaired without too much fuss, rather than e.g. cellphones being just disposable items that get tossed out after two years or less.
Thanks to [Robert Piston] for the tip.
Allarme infostealer: pubblicate email del Comune di Gorizia e aziende italiane
Nelle ultime ore, un noto canale Telegram pubblico collegato ai forum underground ha pubblicato una lista di email aziendali provenienti da Italia e Germania. Il messaggio, visibile in uno screenshot condiviso, mostra un estratto di dati riferiti a caselle di posta elettronica di imprese italiane e tedesche e persino indirizzi istituzionali riconducibili al Comune di Gorizia.
Il Threat Actors afferma che si tratta di una lista in “condizioni fresche”, quindi presumibilmente frutto di compromissioni recenti. Il pagamento è solo in criptovalute, una prassi comune nei mercati cybercriminali per garantire l’anonimato delle transazioni.
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Probabile infezione da infostealer
L’origine di questa fuga di dati non è ufficialmente nota, ma tutto lascia intendere che la compromissione sia avvenuta tramite l’utilizzo di infostealer, una categoria di malware sempre più diffusa nel panorama delle minacce cyber.
Cos’è un Infostealer?
Un infostealer (information stealer) è un malware progettato per rubare informazioni sensibili dal sistema infetto. Le informazioni più ricercate includono:
- Username e password
- Cookie di sessione
- Autenticazioni salvate nei browser
- Dati autofill (nome, cognome, indirizzi, numeri di telefono)
- Credenziali di accesso a VPN, FTP, CRM e webmail aziendali
Tra gli infostealer più noti troviamo RedLine, Raccoon, Vidar, Aurora e Lumma, che operano in modalità stealth e inviano i dati raccolti verso server C2 (Command and Control) o li salvano in log successivamente rivenduti nei marketplace underground.
Tecniche classiche di infezione
Gli infostealer vengono solitamente distribuiti attraverso:
- Email phishing con allegati malevoli (documenti Word, PDF, Excel)
- Crack di software su siti warez o torrent
- Falsi aggiornamenti di browser o plugin
- Campagne pubblicitarie malevole (malvertising)
- Canali Discord/Telegram che condividono contenuti “free” (skin, giochi, utility)
Una volta che l’utente esegue l’eseguibile infetto, il malware raccoglie in pochi secondi le credenziali salvate nei browser e nei software aziendali e le invia automaticamente al cybercriminale. Queste email potrebbero essere utilizzate per:
- Attacchi mirati di phishing (spear phishing)
- Tentativi di login su servizi aziendali (brute force)
- Furto di identità e impersonificazione
- Accessi non autorizzati a infrastrutture IT
Considerazioni finali
La pubblicazione di queste liste mostra ancora una volta quanto sia fondamentale la protezione delle credenziali aziendali. L’uso di password complesse, l’autenticazione a più fattori (MFA) e una formazione continua del personale sono i primi strumenti di difesa contro queste minacce.
Nel frattempo, invitiamo le aziende coinvolte — e in particolare gli enti pubblici — a verificare immediatamente l’integrità dei propri sistemi e ad attivare misure di contenimento nel caso vengano riscontrate anomalie nei log di accesso.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione dell’organizzazione qualora voglia darci degli aggiornamenti su questa vicenda e saremo lieti di pubblicarla con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono accedere utilizzare la mail crittografata del whistleblower.
L'articolo Allarme infostealer: pubblicate email del Comune di Gorizia e aziende italiane proviene da il blog della sicurezza informatica.
Zanubis in motion: Tracing the active evolution of the Android banking malware
Introduction
Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets.
The main infection vector of Zanubis is impersonating legitimate Peruvian Android applications and then misleading the user into enabling the accessibility permissions. Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge.
This Android malware is undergoing continuous development, and we have seen new samples extending their data exfiltration and remote-control functionality as well as new obfuscation methods and deceptive tactics. The threat actors behind Zanubis continue to refine its code – adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. These updates are often aligned with recurring campaigns, suggesting a deliberate effort to keep the malware relevant and effective.
To understand how the Trojan reached its current stage, we need to look back at its origins and the early signs of what was to come. Join us in this blogpost as we take a closer look at the malware’s evolution over time.
2022: From zero to threat
Zanubis was first observed in the wild around August 2022, initially targeting financial institutions and cryptocurrency exchange users in Peru. At the time of its discovery, the malware was distributed through apps disguised as a PDF reader, using the logo of a well-known application to appear legitimate and lure victims into installing it.
In its early stages, Zanubis used to employ a much simpler and more limited approach compared to the functionality we would explore later. The malware retrieved its configuration and the package names of all the targeted applications by reaching a hardcoded pastebin site and parsing its data in XML/HTML format.
Upon startup, the malware would collect key information from the infected device. This included the contact list, the list of installed applications, and various device identifiers, such as the manufacturer, model, and fingerprint. The Trojan also performed specific checks to identify whether the device was a Motorola, Samsung, or Huawei, suggesting tailored behavior or targeting based on brand.
Additionally, the malware attempted to collect and bypass battery optimization settings, likely to ensure it could continue running in the background without interruption. All of the gathered information was then formatted and transmitted to a remote server using the WebSocket protocol. For that, Zanubis used a hardcoded initial URL to establish communication and exfiltrate the collected data and also received a small set of commands from the C2 server.
The malware operated as an overlay-based banking Trojan that abused Android’s accessibility service. By leveraging accessibility permissions, the malware was able to run silently in the background, monitoring which applications were currently active on the device. When it detected that a targeted application was opened, it immediately displayed a pre-generated overlay designed to mimic the legitimate interface. This overlay captured the user’s credentials as they were entered, effectively stealing sensitive information without raising suspicion.
Zanubis targeted 40 banking and financial applications in Peru. The malware maintained a predefined list of package names corresponding to these institutions, and used this list to trigger overlay attacks. This targeting strategy reflected a focused campaign aimed at compromising users of financial services through credential theft.
At that point, the malware appeared to be under active development – code obfuscation had not yet been implemented, making the samples fully readable upon decompilation. Additionally, several debugging functions were still present in the versions captured in the wild.
2023: Multi-feature upgrade
In April 2023, we identified a new campaign featuring a revamped version of Zanubis. This time, the malicious package masqueraded as the official Android application of SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria), Peru’s national tax and customs authority. It copied both the name and icon of the legitimate app, making it appear authentic to unsuspecting users.
Shift to obfuscation
Unlike earlier versions, this variant introduced significant changes in terms of stealth. The code was fully obfuscated, making manual analysis and detection more difficult. After decompilation, it became clear that in order to sophisticate the malware analysis, the threat actors used Obfuscapk, a widely used obfuscation framework for Android APKs. Obfuscapk combines multiple techniques, including a range of obfuscators and so-called “confusers”. These techniques vary in complexity: from basic measures like renaming classes, adding junk code, and replacing method signatures, to more advanced strategies such as code RC4 encryption and control-flow obfuscation. The goal was to hinder reverse engineering and slow down both static and dynamic analysis, giving the operators more time to execute their campaigns undetected.
Junk code (on the left) and renaming (on the right) obfuscation methods applied to the malicious implant
Once installed and executed, the malware began setting up its internal components, including various classes, functions, and the SharedPreferences object, which are essential for the Trojan’s operation. The latter typically stores sensitive configuration data such as C2 server URLs, encryption keys, API endpoints, and communication ports.
Deceptive tricks
Throughout all versions of Zanubis, a key step in its execution flow has been to ensure it has accessibility service permissions, which are crucial for its overlay attacks and background monitoring. To obtain these, the malware checks if it is running for the first time and whether the necessary permissions have been granted. If not, it employs a deceptive tactic to manipulate the user into enabling them, a feature that varies between versions.
In the 2023 version, the malware displayed a fake instructional webpage using WebView, claiming that additional permissions were needed to view a document – a plausible excuse, given the app’s disguise as an official application. On this page, a prominent button labeled “Ir a Accesibilidad” (“Go to Accessibility”) was presented. Once tapped, the button triggered a redirection to the system’s Accessibility Settings screen or directly to the specific panel for enabling accessibility features for the malicious app, depending on the device model.
Instructions to trick the user into enabling Accessibility Permissions
Translation:
“Steps to view documents”, “1. Select the downloaded file”.
This trick relies heavily on social engineering, leveraging trust in the app’s appearance and the user’s lack of awareness about Android’s permission system. Once accessibility permissions are granted, the malware silently enables additional settings to bypass battery optimization, ensuring it can remain active in the background indefinitely, ready to execute its malicious functions without user intervention.
With background access secured, the malware loads a legitimate SUNAT website used by real users to check debts and tax information. By embedding this trusted page in a WebView, the app reinforces its disguise and avoids raising suspicion, appearing as a normal, functional part of SUNAT’s official services while continuing its malicious activity in the background.
Data harvesting
Just like earlier versions, the malware began by collecting device information and connecting to its C2 server to await further instructions. Communication with the C2 API was encrypted with RC4 using a hardcoded key and Base64-encoded. Once initialization was complete, the malware entered a Socket.IO polling loop, sleeping for 10 seconds between checks for incoming events emitted by the C2 server. This time, however, the list of available commands had grown significantly, expanding the malware’s capabilities far beyond previous versions.
When a targeted app was detected running on the device, this version of Zanubis took one of two actions to steal user data, depending on its current settings. The first method involved keylogging by tracking user interface events such as taps, focus changes, and text input, effectively capturing sensitive information like credentials or personal data. These logs were stored locally and later sent to the C2 server upon request. Alternatively, Zanubis could activate screen recording to capture everything the user did within the app, sending both visuals and interaction data directly to the server.
SMS hijacking
Another new feature introduced in this campaign is SMS hijacking, a critical technique for compromising bank accounts and services that rely on SMS for two-factor authentication. Once instructed by the C2 server, Zanubis set itself as the default SMS app on the device, allowing it to intercept all incoming messages via a custom receiver. This gave the malware access to verification codes sent by banks and other sensitive services, and even the ability to delete them before the user could see them, effectively hiding its activity.
These actions remained completely hidden from the user. Even if the user attempted to regain control and set their default SMS app back to normal, Zanubis would block that possibility.
Fake updates
One of the most invasive and deceptive behaviors exhibited by Zanubis was triggered through the bloqueoUpdate (“update lockout” in English) event, which simulated a legitimate Android system update. When activated, the malware locked the device and prevented any normal interaction, rendering it almost completely unusable. Attempts to lock or unlock the screen were detected and locked, making it nearly impossible for the user to interrupt the process.
Before displaying the fake update overlay, the malware could send a warning notification claiming that an urgent update was about to be installed, advising the user not to interact with the device. This increased the credibility of the ruse and reduced the chances of user interference.
Behind this fake update, Zanubis continued operating silently in the background, performing malicious tasks such as uninstalling apps, intercepting SMS messages, changing system settings, and modifying permissions, all without the victim’s awareness.
Fake update blocking the user from making use of the phone
Translation:
“Some screen components are being updated, please keep your device connected to the internet and wait approximately 30 minutes for the update to finish”. “Do not lock or interact with the device”.
2024: Continuous development
During 2024, we continued monitoring Zanubis on various resources, including third-party platforms. In early May, we detected the appearance of new variants in the wild, particularly observed on VirusTotal. Over 30 versions of the malware were uploaded from Peru, revealing the developer’s efforts to test and implement new functionalities and features into the malware.
Samples uploaded to VirusTotal
Reinforced encryption
In these newer iterations of Zanubis, the developers implemented mechanisms to protect hardcoded strings, aiming to complicate analysis and reduce detection rates. The threat actors used a key derived via PBKDF2 to encrypt and decrypt strings on-the-fly, relying on AES in ECB mode. This method allowed the implant to keep critical strings hidden during static analysis, only revealing them when needed during execution.
Source strings were not the only data encrypted in these new implants. The communication between the C2 and the malware was also protected using AES in ECB mode, which indicates a shift from the use of RC4 in previous samples. Unlike the hardcoded key used for string encryption, in this case, a new 32-byte key was randomly generated each time data was about to be sent.
Device credential stealing
Among the most critical actions performed by this version of Zanubis was the theft of device credentials. Once active in the background, the malware constantly monitored system events triggered by other applications. When it detected activity related to authentication that needed the input of a PIN, password, or pattern, it attempted to identify the type of authentication being used and captured the corresponding input.
The malware monitored specific signals that indicated the user was interacting with the lock screen or a secure input method. When these were identified, the malware actively collected the characters entered or gestures used. If it detected that the input was invalid, it reset the authentication tracking to avoid storing invalid data. Once the input process was completed and the user moved on, the malware sent the collected credentials to the C2 server.
Device credentials collected by Zanubis
Expanding scope
This version of the malware continued to target banking applications and financial institutions in Peru, expanding its reach to include virtual card providers, as well as digital and cryptocurrency wallets. This update added 14 new targeted applications, increasing the scope of its attacks and broadening the range of financial services it can exploit.
2025: Latest campaign
In mid-January of 2025, we identified new samples indicating an updated version of Zanubis. The updates range from changes in the malware distribution and deception strategy to code modifications, new C2 commands, and improved filtering of target applications for credential theft.
New distribution tactics
Zanubis previously impersonated Peru’s tax authority, SUNAT. However, in this new campaign, we have identified two new Peruvian entities being spoofed: a company in the energy sector and a bank that was not previously abused.
The Trojan initially disguises itself as two legitimate apps from the targeted companies, each crafted to exploit a specific user need. For the energy company, the malicious APK is distributed under names like “Boleta_XXXXXX” (“bill”) or “Factura_XXXXXX” (“invoice”), deceiving users into believing they are verifying a supposed bill or invoice.
Fake screen designed to verify invoices
Meanwhile, for the bank, victims are enticed to download the malware under the guise of instructions from a fake bank advisor. This setup acts as the initial dropper for the malware, using familiar, trusted contexts to ensure successful installation.
Follow your advisor’s instructions message from the fake bank app
Silent installation
Once the user downloads and launches the lure app, a screen appears with the company’s logo, stating that necessary checks are in progress. Meanwhile, in the background, the dropper attempts to silently install the final payload, Zanubis, which is embedded in the initial malware’s internal resources (res/raw/). To retrieve the APK, the dropper leverages the PackageInstaller class. This installation process occurs without any user involvement, as there are no prompts or warnings to alert the victim. By utilizing PackageInstaller, the malware writes the APK to the device in the background and completes the installation automatically, unnoticed. This technique is employed to evade detection. After installation, an intent is sent to signal that the package has been successfully installed.
Sharpening targets
In the latest iteration of the malware, the scope of targeted entities has been significantly narrowed, with a clear focus on banks and financial institutions. The once-broad range of targets, including cryptocurrency wallets, has been abandoned.
This strategic shift suggests an intention to streamline the attack efforts and concentrate on sectors that manage the most sensitive and valuable data, such as banking credentials and financial transactions. By honing in on these high-stakes targets, the malware becomes even more dangerous, as it now focuses on the most lucrative avenues for cybercriminals.
Who’s behind?
Based on our ongoing analysis of Zanubis, several indicators suggest that the threat actors behind the malware may be operating from Peru. These indicators include, for instance, the consistent use of Latin American Spanish in the code, knowledge of Peruvian banking and government agencies, and telemetry data from our systems and VirusTotal.
The focus on Peruvian entities as targets also strongly indicates that the threat actors behind Zanubis are likely based in Peru. These regional indicators, combined with the malware’s ongoing financial fraud campaigns, point to a well-organized operation focused on exploiting local institutions.
Conclusions
Zanubis has demonstrated a clear evolution, transitioning from a simple banking Trojan to a highly sophisticated and multi-faceted threat. The malware has been continuously refined and enhanced, incorporating new features and capabilities. Its focus remains on high-value targets, particularly banks and financial institutions in Peru, making it a formidable adversary in the region.
Furthermore, the attackers behind Zanubis show no signs of slowing down. They continue to innovate and adjust their tactics, shifting distribution methods to ensure the malware reaches new victims and executes silently. This constant refinement demonstrates that Zanubis is not a transient threat but an ongoing, persistent menace, capable of further mutations to fulfill the financial goals of its developers.
As Zanubis continues to evolve and adapt, it is crucial for users and organizations alike to stay vigilant. The threat landscape is constantly changing, and this malware’s ability to evolve and target new victims makes it an ever-present risk that cannot be ignored.
Indicators of compromise
Zanubis 2025 version
81f91f201d861e4da765bae8e708c0d0
fd43666006938b7c77b990b2b4531b9a
8949f492001bb0ca9212f85953a6dcda
45d07497ac7fe550b8b394978652caa9
03c1e2d713c480ec7dc39f9c4fad39ec
660d4eeb022ee1de93b157e2aa8fe1dc
8820ab362b7bae6610363d6657c9f788
323d97c876f173628442ff4d1aaa8c98
b3f0223e99b7b66a71c2e9b3a0574b12
7ae448b067d652f800b0e36b1edea69f
0a922d6347087f3317900628f191d069
0ac15547240ca763a884e15ad3759cf1
1b9c49e531f2ad7b54d40395252cbc20
216edf4fc0e7a40279e79ff4a5faf4f6
5c11e88d1b68a84675af001fd4360068
628b27234e68d44e01ea7a93a39f2ad3
687fdfa9417cfac88b314deb421cd436
6b0d14fb1ddd04ac26fb201651eb5070
79e96f11974f0cd6f5de0e7c7392b679
84bc219286283ca41b7d229f83fd6fdc
90221365f08640ddcab86a9cd38173ce
90279863b305ef951ab344af5246b766
93553897e9e898c0c1e30838325ecfbd
940f3a03661682097a4e7a7990490f61
97003f4dcf81273ae882b6cd1f2839ef
a28d13c6661ca852893b5f2e6a068b55
b33f1a3c8e245f4ffc269e22919d5f76
bcbfec6f1da388ca05ec3be2349f47c7
e9b0bae8a8724a78d57bec24796320c0
fa2b090426691e08b18917d3bbaf87ce
Stamp: Modular Breakout Boards for SMD Prototyping
[Kalesh Sasidharan] from Sciotronics wrote in to tell us about their project, Stamp: a modular set of template breakout boards designed to make prototyping with SMD components faster, easier, and more affordable. No breadboards, custom PCBs, or tangled jumper wires required. The project has blasted past its Kickstarter goal, and is on track to start shipping in September.
Stamp was created out of frustration with the traditional SMD prototyping workflow. Breadboards don’t support SMD parts directly, and using adapters quickly gets messy, especially when you need to iterate or modify a design. Ordering PCBs for every small revision just adds delay, and cost.
Most Stamps feature custom castellated holes, designed for side-by-side or right-angle edge connections, enabling a modular, reconfigurable approach to circuit building. The plan is to make the designs fully open source, so that others can build or adapt them. Although many PCB manufacturers might not have the facilities to make the special castellated edges which are available on some Stamps.
Dave Jones from the EEVblog covered the Stamp on one of his recent Mailbag videos, which you can check out below. This isn’t the first time we’ve seen somebody promise to reinvent the breadboard, but we do appreciate the simplicity of this approach.
youtube.com/embed/Xfs0dglIVOM?…
DK 9x30 - Scriviamo al Garante!
il Garante chiede l'opinione degli italiani riguardo al "paga o stacce". DataKnightmare risponde all'appello con risposte che chi vuole può copincollare e fare proprie. Partecipa numeroso!
spreaker.com/episode/dk-9x30-s…
RVTools e Zenmap usati per diffondere Bumblebee: anche Google e Bing nel mirino
È stato recentemente rivelato che il loader Bumblebee è stato distribuito tramite il sito web hackerato RVTools. A quanto pare, gli hacker stanno anche sfruttando la popolarità di Zenmap (un’interfaccia grafica utente per Nmap) e WinMTR (un’utilità per la diagnosi delle connessioni di rete).
Entrambi gli strumenti sono comunemente utilizzati dai professionisti IT per diagnosticare e analizzare il traffico di rete. Tuttavia, alcune funzioni richiedono privilegi di amministratore, rendendo tali utenti un bersaglio comodo per gli aggressori che vogliono infiltrarsi nelle reti aziendali e diffondere malware ad altri dispositivi.
Secondo Bleeping Computer, Bumblebee è stato distribuito tramite almeno due domini: zenmap[.]pro e winmtr[.]org. Se quest’ultimo è già disattivato, il primo funziona ancora e se segui il collegamento diretto, viene visualizzata una pagina di blog falsa su Zenmap, con articoli generati dall’intelligenza artificiale.
Se l’utente viene reindirizzato a zenmap[.]pro dai risultati di ricerca, vede un clone del sito legittimo dell’utilità nmap (Network Mapper).
Si noti che il traffico verso questi siti deriva da un’indicizzazione SEO e che occupano posizioni elevate nei risultati di ricerca di Google e Bing per le query pertinenti.
I payload distribuiti da questi siti ( zenmap-7.97.msi e WinMTR.msi ) non vengono rilevati dalla maggior parte delle soluzioni antivirus su VirusTotal. Gli installer contengono effettivamente l’applicazione promessa, ma questa contiene una DLL dannosa (come nel caso di RVTools) che infetta il dispositivo dell’utente con il caricatore Bumblebee.
Una backdoor di questo tipo può essere utilizzata per raccogliere informazioni sulla vittima e iniettare ulteriori payload, tra cui infostealer, ransomware e altri tipi di malware. Inoltre, i è stato riferito di aver osservato una campagna simile rivolta non solo a chi cercava software open source, ma anche a chi cercava un software per gestire le telecamere di sicurezza WisenetViewer di Hanwha.
A sua volta, il ricercatore di sicurezza informatica Joe Wrieden di Cyjax ha scoperto una versione trojanizzata di Milestone XProtect, che fa parte della stessa campagna: gli installer dannosi sono ospitati su milestonesys[.]org. Vale la pena notare che i domini ufficiali RVTools precedentemente hackerati (Robware.net e RVTools.com) mostrano ancora un avviso che invita gli utenti a non scaricare software da fonti non ufficiali, ma non ci sono link per il download.
Allo stesso tempo, Dell Technologies nega tutte le accuse e afferma che i siti web dell’azienda non distribuivano la versione trojanizzata di RVTools. L’azienda ha segnalato che i siti web ufficiali di RVTools sono stati temporaneamente disattivati perché presi di mira da attacchi DDoS.
L'articolo RVTools e Zenmap usati per diffondere Bumblebee: anche Google e Bing nel mirino proviene da il blog della sicurezza informatica.
We Make Future 2025: da Bologna un ponte tra innovazione tech e futuro digitale inclusivo
Dal 4 giugno, Red Hot Cyber prenderà parte all’edizione 2025 di We Make Future a Bologna. Attraverso i suoi corrispondenti, la redazione seguirà da vicino l’evento per raccogliere analisi approfondite e contenuti esclusivi, che saranno poi pubblicati sulla nostra testata. Dalla cybersecurity – con strategie e sfide per proteggere dati e infrastrutture – alle evoluzioni dell’intelligenza artificiale, senza trascurare le tecnologie emergenti e le più recenti innovazioni, Red Hot Cyber offrirà ai lettori un quadro completo delle tematiche affrontate durante la manifestazione.
Un evento globale con radici nel territorio
Il We Make Future, giunto alla sua edizione 2025, si conferma come un punto di riferimento globale per l’innovazione tecnologica e digitale. Con oltre 70.000 partecipanti da 90 Paesi nell’edizione precedente, l’evento mantiene una forte vocazione internazionale senza perdere il legame con il territorio italiano. Bologna, con il suo mix di storia e progresso, diventa il luogo ideale dove passato e futuro si incontrano, creando un ecosistema vibrante in cui startup, aziende tech e investitori collaborano per delineare il futuro dell’industria digitale.
Tra i padiglioni di BolognaFiere, robotica avanzata, soluzioni di realtà aumentata e applicazioni basate su intelligenza artificiale trovano spazio accanto a conferenze e tavole rotonde che affrontano le sfide dell’era digitale. L’evento offre un’opportunità unica per comprendere l’evoluzione dei settori chiave e identificare le tecnologie che plasmeranno il nostro futuro.
Formazione e dibattiti: competenze tecniche e visioni etiche
Il cuore pulsante del WMF sono i suoi stage tematici, dove esperti internazionali affrontano le tematiche più attuali della digitalizzazione. Dalla cybersecurity– con nuove strategie per proteggere dati e infrastrutture – alle applicazioni dell’intelligenza artificiale nella sanità e nell’automazione, ogni intervento contribuisce a costruire una visione più chiara sulle opportunità e i rischi della rivoluzione digitale.
Tra gli appuntamenti principali troviamo l’AI Plenary, che esplora le implicazioni etiche dell’AI con la partecipazione di aziende leader come Microsoft, Google, Lenovo e Intel. Il Machine Learning Stage, invece, approfondisce le ultime frontiere del deep learning e delle applicazioni AI con esperti come Tejas Chopra di Netflix, offrendo una panoramica sulle nuove frontiere dell’automazione e dell’elaborazione dati.
Il Mainstage: idee, musica e innovazione
Oltre ai dibattiti, il WMF offre una dimensione esperienziale con il Mainstage, un’arena dedicata agli incontri con figure di spicco del mondo dell’innovazione e della cultura digitale. Federico Faggin, inventore del microprocessore, condivide la sua visione su etica e tecnologia, mentre giornalisti come Corrado Formigli ed Enrico Mentana analizzano il ruolo dei media nella gestione delle informazioni nell’era dell’AI generativa. Tocca poi a Carlo Lucarelli e Nicola Gratteri intrecciare legalità e narrazione per illuminare le sfide della cybersecurity. E poi, un tocco di riflessione etica con S. Em. Card. Matteo Maria Zuppi, a dimostrazione che il futuro si costruisce con un dialogo inclusivo.
Durante le serate, il WMF Music Fest trasforma il Mainstage in un luogo di spettacolo e sperimentazione. Il 4 giugno, Dardust e BigMama aprono con set elettro-pop travolgenti, seguiti il giorno successivo da La Rappresentante di Lista, che porta sonorità pop-rock sul palco. La chiusura il 6 giugno vede protagonisti Samuel Romano dei Subsonica e la nuova promessa Sarah Toscano. Novità assoluta del 2025 sono le performance di band robotiche e artisti generati da AI, un’esperienza immersiva che esplora l’incontro tra creatività umana e intelligenza artificiale.
Innovazione a 360°: etica, business e tecnologia
L’AI Global Summit del WMF rappresenta il centro del dibattito sulle applicazioni e la regolamentazione dell’intelligenza artificiale. Istituzioni, accademici e aziende leader discutono le implicazioni di questa tecnologia, analizzando sicurezza dei dati, sostenibilità e impatti economici.
Il Koders Fest si focalizza sulla formazione avanzata in cybersecurity e machine learning, con esperti del calibro di Tejas Chopra di Netflix. Sul fronte business, il VC & Open Innovation Fest riunisce investitori come SoftBank ed EIT Digital, facilitando partnership tra startup e corporate per finanziare progetti innovativi su AI applicata alla fintech e al retail.
Oltre i tre giorni: l’impatto duraturo del WMF
Il We Make Future non termina il 6 giugno, ma continua a influenzare il mondo digitale grazie alla piattaforma ibrida.io, che offre formazione continua su cybersecurity e AI. Secondo Cosmano Lombardo, CEO e ideatore del WMF, «Siamo un ecosistema che trasforma idee in futuro.» Questa filosofia si traduce in iniziative concrete per ridurre il divario digitale e sostenere l’imprenditoria giovanile, con un forte focus su innovazione e sostenibilità.
Perché esserci nel 2025
Networking con investitori, incontri con pionieri come Faggin e spettacoli all’avanguardia fanno del WMF un appuntamento unico per chi vuole vivere il futuro. Non si tratta solo di una fiera, ma di una piattaforma dove professionisti, aziende e appassionati, possono dare forma alla prossima rivoluzione digitale.
In Italia, il futuro ha già un indirizzo: We Make Future 2025.
L'articolo We Make Future 2025: da Bologna un ponte tra innovazione tech e futuro digitale inclusivo proviene da il blog della sicurezza informatica.
A 100-Year-Old Electronic Musical Instrument Brought Back to Life
In the early years of electrification, when electricity was beginning to shape the modern world, this new technology was being put to use in many more places than turning motors and providing lighting. Some things we can see as obvious missteps like electrified corsets marketed as health tonics or x-ray treatments for eye strain, but others ended up being fascinating bits of technology with interesting uses, many of which have been largely forgotten since. This 100-year-old musical instrument is squarely in the latter category, and this build brings the sound of it back to life.
The instrument was called the Luminaphone and was originally built by [Harry Grindell Matthews]. Of course, this was an age before transistors and many other things we take for grated, so it has some quirks that we might not otherwise expect from a musical instrument. The device generated sound by shining a series of lights through a perforated rotating disc at a selenium cell. The selenium cell was an early photoresistor, generating current corresponding to the amount of light falling on it. A keyboard activated different lights, shining on areas of the disc with different numbers of holes, causing differing sounds to be produced by the instrument.
The recreation was built by [Nick Bild] and uses a laser diode as a stand-in for the rotating disc, but since it can be modulated in a similar way the idea is that the photodiode used as a receiver would generate a similar sound. The recreation sounds a bit like a video game from the 8-bit era, but with no recordings or original Luminaphones surviving to the present day we may never know how accurate it is. There are some other electronic instruments still around today, though, and plenty of ways of DIY-ing their sound like this project which recreates the tonewheels of the classic Hammond organ.
youtube.com/embed/kRWPpAO6C3s?…
New Supermaterial: As Strong as Steel and as Light as Styrofoam
Today in material science news we have a report from [German Science Guy] about a new supermaterial which is as strong as steel and as light as Styrofoam!
A supermaterial is a type of material that possesses remarkable physical properties, often surpassing traditional materials in strength, conductivity, or other characteristics. Graphene, for example, is considered a supermaterial because it is extremely strong, lightweight, and has excellent electrical conductivity.
This new supermaterial has been developed by researchers from Canada and South Korea, and it has remarkably high strength and remarkably low weight. Indeed this new material achieved the compressive strength of carbon steels (180-360 MPa) with the density of Styrofoam (125-215 kg m-3).
One very important implication of the existence of such material is that it might lead to a reduction in transport costs if the material can be used to build vehicles such as airplanes and automobiles. For airplanes we could save up to 10 gallons per pound (80 liters per kilogram) per year, where a typical airplane weighs in at more than one million pounds.
To engineer the new material the researchers employed two methods: the Finite Element Method (FEM) and Bayesian optimization. Technically these optimized lattices are manufactured using two-photon polymerization (2PP) nanoscale additive manufacturing with pyrolysis to produce carbon nanolattices with an average strut diameter of 300 and 600 nm.
If you have an interest in material science, you might also like to read about categorizing steel or the science of coating steel.
Thanks to [Stephen Walters] for letting us know about this one on the tips line.
youtube.com/embed/qCf65Z2pe2Q?…
Look to the Sky With This Simple Plane Tracker
Do you ever get tired of stressing your neck looking for planes in the sky? Worry not! Here is a neat and cheap Arduino/Ras Pi project to keep your neck sore free! [BANK ANGLE] presents a wonderfully simple plane tracking system using an affordable camera and basic microcontrollers.
The bulk of the system relies on a cheap rotating security camera that gets dissected to reveal its internals. Here stepper control wires can be found and connected to the control boards required to allow an Arduino nano to tell the motors when and where to spin. Of course, the camera system doesn’t just look everywhere until it finds a plane, a Raspberry Pi takes in data from local ADS-B data to know where a nearby plane is.
After that, all that’s left is a nifty overlay to make the professional look. Combining all these creates a surprisingly capable system that gives information on the aircraft’s azimuth, elevation, and distance.
If you want to try your hand at making your own version of [BLANK ANGLE]’s tracker, check out his GitHub page. Of course, tracking planes gets boring after a while so why not try tracking something higher with this open-source star tracker?
youtube.com/embed/yWAEASqBwnk?…
Thank you Israel Brunini for the tip.
Hand Truck Turned Into Motorcycle
For those motorcyclists looking to get a classic American-style cruiser, often the go-to brand is Harley-Davidson. However, these bikes not only have reputations for being stuck in the past, both in terms of design and culture, but they also tend to be extremely expensive—not only upfront, but in maintenance as well. If you want the style without all of that baggage, you might want to try out something like this custom motorcycle which not only looks the part, it reduces those costs by being built around a hand truck.
By the end of the project, though, the hand truck does not retain much of its original form or function. [Garage Avenger] has cut and welded it essentially into a custom frame for the diminutive motorcycle, while retaining much of its original look and feel. Keeping up with the costs savings aspect of this project, the four-stroke engine was free, although it did take some wrenching to get it running and integrated into the frame. A custom axle, a front end from another bike, a gas tank from an online retailer (that needed re-welding), and some wiring finishes out the build.
With a fresh paint job to match the original color of the hand truck, it’s off to the track. Of course it doesn’t have quite the performance of most street legal motorcycles, including some quirks with the handling and braking, but for the trails around [Garage Avenger]’s home it’s certainly a fun transportation mode he can add to his repertoire. If this is your first time seeing one of his projects, be sure to check out his other work including this drifting shopping cart and this turbine-powered sled.
youtube.com/embed/9WuXRtuBmXQ?…
2025 Pet Hacks Contest: Fytó – Turn Your Plant Into a Pet
This entry into the 2025 Pet Hacks Contest is about bringing some fun feedback to normally silent plants. Fytó integrates sensors and displays into a 3D printed planter. The sensors read the various environmental and soil conditions that the plant is experiencing, and give you feedback about them via a series of playful expressive faces that are displayed on the screen embedded in the planter.
At the core of the Fytó is a Raspberry Pi Zero 2 W, which has plenty of power to display the animations while also being small enough to easily fit inside the planter without it growing in size much more than a normal planter would be. The sensors include a capacitive soil moisture sensor, a temperature sensor, and a light-dependent resistor. These sensors all provide analog outputs to relay their measurements and so there was an ADS1115 analog-to-digital converter board also included as the Raspberry Pi doesn’t have the required analog pins to communicate with them.
The fun animated faces are displayed with a 2-inch LCD display embedded in the planter. A small acrylic cover is placed in front of the LCD to help ease the transition from the printed planter to the internally mounted screen. The temperature and light sensors were also placed in openings around the planter to ensure they could get good environmental readings. There are six expressions the Fytó can express based on its sensor readings, ranging from happy when all the readings are in a good zone, to thirsty if it needs water or freezing when it’s too cold. Be sure to check out the other entries in the 2025 Pet Hacks Contest.
youtube.com/embed/zNNZdUzXV7M?…
Fixing a Fatal Genetic Defect in Babies With a Bit of Genetic Modification
Genetic defects are exceedingly common, which is not surprising considering just how many cells make up our bodies, including our reproductive cells. While most of these defects have no or only minor effects, some range from serious to fatal. One of these defects is in the CPS1 gene, with those affected facing a shortened lifespan along with intensive treatments and a liver transplant as the only real solution. This may now be changing, after the first successful genetic treatment of an infant with CPS1 deficiency.
Carbamoyl phosphate synthetase I (CPS1) is an enzyme that is crucial for breaking down the ammonia that is formed when proteins are broken down. If the body doesn’t produce enough of this enzyme in the liver, ammonia will accumulate in the blood, eventually reaching levels where it will affect primarily the nervous system. As an autosomal recessive metabolic disorder it requires both parents to be carriers, with the severity depending on the exact mutation.
In the case of the affected infant, KJ Muldoon, the CPS1 deficiency was severe with only a low-protein diet and ammonia-lowering (nitrogen scavenging) medication keeping the child alive while a search for a donor liver had begun. It is in this context that in a few months time a CRISPR-Cas9 therapy was developed that so far appears to fixing the faulty genes in the liver cells.
CPS1 Gene Deficiency
Despite its toxicity to living beings, ammonia (NH3) is an essential part of these same living beings, primarily in the form of amines (R-NH2), itself a rather indispensable part of amino acids, specifically the 22 proteinogenic amino acids from which proteins are formed. Just as ammonia is required for the amination process, so too is ammonia formed inside the body mostly as the result of transamination and deamination of these biogenic amines. This is a process that takes place primarily in the liver and involves the deamination of both the body’s own waste proteins as well as those from one’s diet.
Since only part of the ammonia can be reused for new amino acids, the rest has to be neutralized. Due to the toxicity of ammonia, blood levels have to be limited to <50 µmol/L or hyperammonemia will occur. This is where the urea cycle comes into play to maintain a healthy ammonia level.
The very first step of the urea cycle is the conversion of ammonia to carbamoyl phosphate:
NH3 + HCO−3 + 2ATP → 2ADP + Carbamoyl phosphate + Pi
Normally this is a very slow reaction, which is where the enzyme CSP1 comes into play as catalyst. In humans the gene for this enzyme is located on chromosome 2’s long arm, at locus 2q34. If there is a mutation in this gene that prevents it from working as a catalyst, ammonia levels in blood plasma will keep rising, eventually reaching levels where the nervous system is affected. In infants this is noticeable as lethargy, seizures and a lack of normal developmental milestones. Without treatment, developmental delay, intellectual disability or death affect 50% of babies.
Undoing A Mutation
When KJ was born on August 2024, it was noticed that he was lethargic, with stiff muscles and other worrisome symptoms. After a severe CPS1 deficiency was diagnosed via genome sequencing, KJ was hospitalized at only five months old. KJ’s only hope appeared to be a liver transplant and was put on the list for a donor organ, providing a slim hope at best. Meanwhile, a team of researchers started researching the cause of KJ’s CPS1 deficiency and the mutations behind it.
As described by Dr. Eric Topol in his summary of the (paywalled) paper by Gropman et al. in NEJM, both the father and mother were found to be carriers for CPS1 mutations, with the father carrying the truncating Q335X variant and the mother another (E714X). If either mutation could be corrected, the child would have one functional copy and theoretically be able to produce enough CPS1 to have a functional urea cycle without external assistance.
A complicating issue here is that despite the many reports of gene-editing with CRISPR the past years, there are various gradations, with what Dr. Topol refers to as CRISPR 1.0 through 3.0:
- CRISPR 1.0: A CRISPR-Cas9 tool causes sufficient double-strand damage to disable the gene (knock-out). Crude and not relevant here. Also performed ex vivo.
- CRISPR 2.0: Introduced single-strand cuts that allow for limited base editing, e.g. swapping A for a G.
- CRISPR 3.0. Expands base editing to include multiple base pairs, both ex vivo and in vivo.
These methods have previously already been used ex vivo to create modified T-cells for CAR T-cell immunotherapy in the context of cancer treatments. In terms of in vivo treatments, there is the 2023 knocking out of PCSK9 liver protein to reduce bad cholesterol levels and the more recent base editing of the PiZ mutation responsible for liver and lung damage. There’s also ARCUS, which is a viral vector-based method of base editing that has seen use in fixing another urea cycle-related disorder.
Although only CRISPR 2.0 was needed here, what was unique in the case of KJ was that this would be the first fully personalized base editing therapy, applied in vivo and developed within the span of a mere six months.
Crossing All The Ts
With how experimental this gene therapy for KJ’s CPS1 disorder was, the researchers had to go through the entire gamut of tests, including on animal models. With a base editor developed to target the father’s Q335X mutation and rewrite it to the correct base pairs, mice were bred that had the same CSP1 mutation, in addition to testing on non-human primates, all to validate the approach and gain FDA approval.
The base editor’s goal was to rewrite the the wrong bases at the Q335X location on locus 2q34. A concern with any application of CRISPR is so-called off-target edits, but the safety review seems to have passed here without serious issues.
Starting with a very low dose, blood plasma ammonia levels were carefully monitored with no noticeable changes. Three weeks later the second, higher dose was injected, with reportedly positive effects on the ammonia levels. A third dose was injected a while later, though the results of this aren’t know yet. In the absence of a liver biopsy it is hard to say in how far this is a true cure, as reported so far is a reduced need for medications.
Per reports, KJ is however doing better, hitting developmental targets and got over two viral infections, without an ammonia crisis. Further injections of the treatment will likely administered with an mRNA approach rather than the (presumed) virus vector used so far due to immunity concerns with a virus vector. Open questions remain regarding how many cells have been truly edited in KJ’s liver and what the overall effectiveness is.
This leads us to cautiously welcome this news as a step forward in personalized gene-therapy, while realizing that the road ahead for both KJ and the rest of us is still full of unknowns and challenges. That said, one can only hope for KJ’s best possible progress and ideally serving as a beacon of hope for others afflicted by genetic disorders like CPS1 deficiency.
Featured image: “CRISPR Cas9” by Ernesto del Aguila III, NHGRI, Courtesy: National Human Genome Research Institute
Reconditioning a Vintage CRT Tube
Plenty of readers will be familiar with CRT televisions, not least because many of us use them with retrocomputers and consoles. But perhaps fewer will have worked with CRTs themselves as components, and of those, fewer still will be familiar with the earlier generation of tubes. In the first few decades of color TV the tubes were so-called delta gun because their three electron guns were arranged in a triangular form. [Colorvac] has put up a video in which they demonstrate the reconditioning of one of these tubes from a late-1960s Nordmende TV.
The tube in question isn’t one of the earlier “roundies” you would find on an American color TV from the ’50s or early ’60s, instead it’s one of the first generation of rectangular (ish) screens. It’s got an under-performing blue gun, so they’re replacing the electron gun assembly. Cutting the neck of the tube, bonding a new neck extension, and sealing in a new gun assembly is not for the faint-hearted, and it’s clear they have both the specialist machinery and the experience required for the job. Finally we see the reconditioned tube put back into the chassis, and are treated to a demonstration of converging the three beams.
For those of us who cut our teeth on these devices, it’s fascinating.
youtube.com/embed/p3rfWWCsUaA?…
ViciousTrap: la botnet che ha infettato oltre 5.000 router in 84 Paesi
Gli analisti di Sekoia hanno scoperto che il gruppo di hacker ViciousTrap ha compromesso circa 5.300 dispositivi di rete edge in 84 paesi, trasformandoli in una botnet simile a un grande honeypot.
Gli aggressori hanno sfruttato una vecchia vulnerabilità critica, lil CVE-2023-20118, per hackerare i router Cisco Small Business RV016, RV042, RV042G, RV082, RV320 e RV325. Si nota che la maggior parte dei dispositivi compromessi (850) si trovano a Macao.
“La catena di infezione consiste nell’esecuzione di uno script shell chiamato NetGhost, che reindirizza il traffico in arrivo da porte specifiche su un router compromesso verso un’infrastruttura simile a un honeypot controllata dagli aggressori, consentendo loro di intercettare le connessioni di rete”, affermano gli esperti.
In precedenza, lo sfruttamento del problema CVE-2023-20118 era stato attribuito a un’altra botnet denominata PolarEdge e ora si ritiene che le due campagne malware possano essere correlate. Gli esperti ritengono che gli aggressori dietro ViciousTrap stiano probabilmente costruendo un’infrastruttura honeypot hackerando un’ampia gamma di dispositivi, tra cui router domestici, VPN SSL, DVR e controller BMC di oltre 50 marchi, tra cui Araknis Networks, Asus, D-Link, Linksys e Qnap.
“Questo schema consente agli aggressori di osservare i tentativi di sfruttamento in diversi ambienti, raccogliere exploit non pubblici e zero-day e riutilizzare l’accesso ottenuto da altri hacker”, spiega l’azienda. Secondo i ricercatori, tutti i tentativi di sfruttamento rilevati provenivano da un singolo indirizzo IP (101.99.91[.]151), con l’attività più antica risalente a marzo 2025. In particolare, un mese dopo, i partecipanti a ViciousTrap hanno utilizzato per le loro operazioni una web shell non documentata, precedentemente impiegata negli attacchi PolarEdge.
Anche all’inizio di questo mese sono stati osservati attacchi simili sui router Asus, ma da un indirizzo IP diverso (101.99.91[.]239), anche se in questo caso gli aggressori non hanno creato honeypot sui dispositivi infetti.
Tutti gli indirizzi IP associati a questa campagna si trovano in Malesia e fanno parte di AS45839, gestito dal provider di hosting Shinjiru. Si ritiene che il gruppo responsabile degli attacchi sia di origine cinese, poiché la sua infrastruttura si sovrappone leggermente a quella di GobRATe il traffico viene reindirizzato verso più siti a Taiwan e negli Stati Uniti. “Lo scopo ultimo di ViciousTrap resta poco chiaro, ma siamo fermamente convinti che si tratti di una rete di ricognizione honeypot”, concludono i ricercatori.
L'articolo ViciousTrap: la botnet che ha infettato oltre 5.000 router in 84 Paesi proviene da il blog della sicurezza informatica.
Hands-On: eufyMake E1 UV Printer
The modern hacker and maker has a truly incredible arsenal of tools at their disposal. High-tech tools like 3D printers, laser cutters, and CNC routers have all become commonplace, and combined with old standbys like the drill press and mini lathe, it sometimes seems like we’ve finally peaked in terms of what the individual is realistically capable of producing in their own home. But occasionally a new tool comes along, and it makes us realize that there are still avenues unexplored for the home gamer.
If you’re on the fence about backing the campaign, or just have doubts about whether or not the machine can do what eufyMake claims, I’ll put those concerns to rest right now — it’s the real deal. Even after using the machine for as long as I have, each time a print job ends, I find myself momentary taken aback by just how good the end result is. The technology inside this machine that not only makes these results possible, but makes them so easily obtainable, is truly revolutionary.
That being said, it’s not a perfect machine by any stretch of the imagination. While I never ran into an outright failure while using the eufyMake E1, there’s a fairly long list of issues which I’d like to see addressed. Some of them are simple tweaks which may well get sorted out before the product starts shipping this summer, while others are fundamental to the way the machine operates and could represent an opportunity for competitors.
Theory of Operation
Before we go any further, I think it’s important to explain how the eufyMake E1 works. Not only because UV printers aren’t the kind of thing that most of us have had first-hand experience with, but because I want readers to understand how much the product gets right.
At this point, the software (available for Windows, Mac, and mobile devices) will present the user with a “bird’s eye view” of the bed and any objects on it. From here you can either use the basic art tools in the software, or more likely, import some artwork created in a more comprehensive piece of software. In either event, the process is the same, in that you virtually apply your artwork directly on the overhead image. Once you’re happy with how it looks, you hit “Print”, pick a few options relating to the target’s surface material and the print quality, and off it goes.
Printing is admittedly slower than I had expected. Depending on the image complexity, even a palm-sized job could take 20 or 30 minutes. While I never pushed it so far personally, I’ve heard from other testers that larger projects can take hours to complete. In that way, it’s a lot like a 3D printer — you aren’t the one that has to do all that work, so who cares if the process takes an hour or two, just let it run and come back to it later. In my experience, the results have always been more than worth the wait.
Practical Examples
I’ve said as much previously, but we don’t take reviews and hands-on articles like this lightly here at Hackaday. Companies offer to send us hardware on an almost daily basis, but we turn down the vast majority of them as we just don’t think they’re a great fit for our audience. Is the average Hackaday reader really going to be interested in a review of yet another 3D printer or laser engraver? Probably not.
So before we agreed to take a look at the eufyMake E1, Elliot and I talked a bit about how such a machine would be used in our community specifically. We came up with a few things we thought hardware hackers would want to do with this kind of capability, and I made sure to focus on those applications over the more “crafty” demonstrations that you may have seen elsewhere.
Full-Color PCB Art
While we’re starting to see board fabs support color silkscreens, it’s not a capability that’s necessarily ready for prime time. Beyond the mixed results we’ve heard from those in the community in terms of the quality of the resulting boards, there’s some unfortunate software/vendor lock-in that we’d just as soon avoid. So what if you could skip all that and simply put your professionally made PCBs in the E1 and have it apply your artwork to them?
In this fairly simple example I’ve taken one of the spare boards from my Soma FM badge and applied a few high resolution images onto it. I never really had any doubt that the eufyMake E1 could do PCB art, but still, it was extremely satisfying to see it in person.
Control Panels
High quality control panels have always been tricky to produce at home. Sure there’s ways to pull it off, such as the recent trick we covered that used specially treated inkjet printouts, but they tend to be time consuming and the results are highly dependent on the material you’re working working. With the UV printer, front panels are a breeze and you’ll get consistent results whether you’re working with plastic or metal.
For this example I came up with a flight-sim style panel inspired by various fighter jets. The workflow was actually quite nice: I designed the panel itself in OpenSCAD, and then exported it as both a 3D STL and 2D DXF file. The 3D file got printed out, and the 2D file was imported into Inkscape. With a 1:1 outline of the panel in Inkscape, I could position the text and images knowing they would line up perfectly with the real-world object. I exported my Inkscape design as an SVG, loaded it into the E1’s software, and applied it to the printed panel.
Truly Custom Keycaps
We’ve seen incredible interest in bespoke keyboards over the last few years, and customized keycaps are a big part of that. But even the most decked out keyboards are generally still using off-the-shelf keycaps. But why settle for that when you can buy blank caps and apply whatever text or artwork you wish on them?
These are such a perfect application for the E1 that I imagine it’s going to ignite something of a custom keycap revolution once the printer gets into consumer’s hands. Whether you want each key to be the face of a different anime character, or want all the legends to be in Comic Sans, you have complete control. They also serve as a great example of the fine detail work that’s possible on the machine.
The Perfect PCB Machine?
I know what you’re thinking: “Stop teasing me, can the damn thing make PCBs or not!” The short answer is yes…but the long answer is worth a bit more examination.
The UV print seems to work very well as an etch resist, as it was completely unfazed by its encounter with ferric chloride. In fact, the first challenge was figuring out how to get the stuff off after etching. Alcohol, turpentine, and paint thinner did nothing to it. Eventually I found that soaking the board in acetone will break down the bond between the printed layer and the copper — you still need to peel it off, but once you get under an edge with a razor blade it parts without too much trouble.
Early results look promising. The lines aren’t as clean as I’d like, so it will probably have problems with tight pitch parts, but the traces were intact down to 0.2 mm, and the pads for the SOIC8 footprint I picked as a test were properly isolated from each other. At this point, it’s a working PCB that’s at least as good as something made with the old school toner transfer method. But the E1 promises so much more.
Putting the board back in the machine, I was able to spray it with additional layers that act as both a soldermask and silkscreen. While I want to experiment a bit more and refine the techniques involved, even this first attempt produced a remarkably professional looking board with very little manual effort on the user’s part.
That said, while this proof of concept shows it’s clearly possible to produce impressive boards on the machine, the process is made frustrating by various limitations of the hardware and software.
One-Off Versus Production
Let’s be clear, as a product, the eufyMake E1 is designed to let crafty folks put pictures of their kids on slate coasters and emblazon mugs with the logo of their favorite sports team. The software and hardware is clearly designed to make it as easy as possible to toss an object into the printer, get your image virtually aligned on it, and then spray it on. At this, the product excels, and I have no doubt it will be a commercial success.
But while hardware hackers are certainly not immune to the charms of putting memes and logos on their possessions, we also have slightly higher demands. If we’re talking about using it for producing PCBs, or even just adding art to existing boards, we’re looking for high positional accuracy and repeatability.
To that end, I have to report that the E1 is not particularly well suited to such technical tasks. It can be pushed into service, but there’s several aspects of the product that would really need to be addressed before this could be a workhorse for the hackerspace.
Lack of Physical Indexing
As it stands, the bed on the eufyMake E1 is a completely flat surface, with no provisions for work holding or indexing. You’re expected to visually align your print each time — workable for one or two copies of an object, but excruciating beyond that.
Now you might be thinking that this is an easy enough problem to remedy…but you’re probably forgetting that 3D bed scan. Any fixture you come up with to hold your object in position runs the risk of screwing up the scan and causing the print to abort. Even trying to tape a PCB down with blue painter’s tape would occasionally trigger an error during the scan as the machine couldn’t find a clearly defined edge.
As you’ll see below, I’ve had some success with very thin 3D printed fixtures that avoid the ire of the scanner. Long term, I’d like to see an alternate bed that resembled a CNC fixture plate, so that multiple parts can be held in position with low-profile pegs.
The Parallax View
At the suggestion of Thomas Flummer, I printed out a few thin (1.2 mm) jigs that could be taped down to the bed and help position multiple objects for batch processing. This is much better than having to eyeball things each time, but it uncovered a new issue.
For objects in the center of the bed, the optical alignment system works pretty well. It should get you within a millimeter or so on the first attempt, but it’s way off on the edges of the bed. Take a look at the following example: the in the software, both blue rectangles were perfectly aligned within the footprint of the 1206 LED:
As you can see the alignment on the board in the center is pretty locked in, but on the other board, it’s halfway out of the footprint. This might be close enough if you’re making grandma some Christmas ornaments, but it won’t cut it for SMD work.
The good news is that you can go back into the software and move objects at the sub-millimeter level by typing in the desired coordinates. This will cause the visual representation to become misaligned, but so long as you know where the target is in the real-world, it doesn’t matter. So if you can afford a bit of trial-and-error, it’s possible to get the alignment dialed in even across multiple objects on the bed.
The Shape of Things to Come?
As I said at the start, the eufyMake E1 is not a perfect machine. Beyond the major issues I’ve outlined here, there’s all sorts of weird quirks and limitations I’ve run into during my time with it. For example, why don’t the lights inside the enclosure turn on when the door is open? Why doesn’t the printer itself have a small screen to display status information? We won’t even get into the fact that all your interactions with the printer have to go through the cloud — there isn’t even so much as a USB port on the printer to allow local control.
But at the end of the day, I’m still extremely excited about this machine. The fact is, there’s really nothing else quite like it on the market, at least, not at this price anyway. It reminds me a bit of the MakerBot Cupcake 3D printer, or even the K40 laser. It represents such a huge leap forward in capability for the individual that it’s easy to excuse the rough edges.
Like those machines, I believe the eufyMake E1 will set many of the standards for the products that come after it. You may never own this particular UV printer, but I’m willing to bet that after a few hardware generations, when the cost of the technology is driven even lower thanks to increased competition, the printer that you do buy will be able to trace its lineage back to this moment.
A Forth OS in 46 Bytes
It’s not often that we can include an operating system in a Hackaday article, but here’s the full 46-byte source of [Philippe Brochard]’s 10biForthOS in 8086 opcodes:
50b8 8e00 31d8 e8ff 0017 003c 0575 00ea5000 3c00 7401 eb02 e8ee 0005 0588 eb47b8e6 0200 d231 14cd e480 7580 c3f4
Admittedly, this is quite a minimal operating system. It’s written for the Intel 8086, and consists of a Forth implementation with only two instructions: compile (1) and execute (0). It can receive commands over a serial connection or from a keyboard. This allows a host computer to load more complex software onto it, one byte at a time. In particular, [Philippe] provides instructions for loading more advanced compilers, such as subleq-eForth for a more complete Forth implementation, or SectorC for C programming. He’s also written a 217-byte port of the OS to Linux Intel x64.
[Philippe] doesn’t take a strong stance on whether this should technically qualify as a Forth implementation, given that the base implementation lacks stacks, dictionaries, and the ability to define words. However, it does have an outer and inner interpreter, the ability to compile and execute code, and most importantly, “the simplicity and hacky feeling of Forth.”
[Philippe] writes that this masterpiece of minimalism continues the tradition of the minimal Forth implementations we’ve covered before. We’ve even seen Forth run on an Arduino.
Quanti occhi ci servono per controllare un ambiente Cloud? Il valore garantito da una piattaforma CNAPP
A cura di Francisco Menezes, Specialized Systems Engineer Cloud, Fortinet Italy
Negli ambienti Cloud, la sicurezza non è soltanto una questione di “strumenti” quanto di “visione”. La moltiplicazione dei segnali di rischio – tra configurazioni errate, accessi anomali e comportamenti sospetti – rende difficile distinguere ciò che è urgente da ciò che è solo rumore di fondo. Supponendo che tu abbia molteplici occhi per osservare il tuo ambiente, diventa a quel punto importante saper interpretare l’enorme mole di dati spesso frammentati. Una piattaforma CNAPP moderna non fornisce solo informazioni, ma aiuta a vedere chiaramente: aggrega, analizza e guida le azioni dove servono davvero. Perché, in fin dei conti, la vera protezione nasce dalla comprensione.
La crescente complessità degli ambienti Cloud e la velocità con cui stanno evolvendo impongono nuove sfide alla sicurezza. Più il Cloud cresce, più aumenta la superficie da controllare. Ogni nuova risorsa, servizio o istanza che si aggiunge a un ambiente Cloud porta con sé opportunità, ma anche nuovi punti da monitorare: configurazioni, permessi, traffico, aggiornamenti, interazioni.
In questo contesto, una piattaforma CNAPP (Cloud-Native Application Protection Platform) può garantire alle aziende un supporto di grande valore. In che modo? Scopriamolo insieme, analizzando prima di tutto lo scenario attuale che i team di sicurezza devono gestire in ambito Cloud.
La sfida della sicurezza Cloud: visibilità e prioritizzazione delle informazioni
Come sappiamo, esiste un limite di quante informazioni i team di sicurezza riescono a elaborare, prioritizzare e gestire in tempi utili. In un contesto in cui ogni minuto conta, il problema principale diventa più che solo “sapere”, soprattutto “capire dove agire”.
Per esempio, le proiezioni attuali parlano di quasi 50.000 nuove CVE (Common Vulnerabilities and Exposures) nel 2025[1], ovvero una ogni 10 minuti. Per capirci, significa che quando avrai finito di leggere questo articolo ci sarà probabilmente una nuova vulnerabilità da prendere in considerazione e da classificare rispetto a quanto possa essere, o non, rilevante per il tuo ambiente di produzione. E questa è soltanto una delle variabili da gestire.
In ambienti Cloud in continua evoluzione – dove nuove risorse vengono create e distrutte ogni giorno – mantenere la visibilità è già una sfida. Se poi sommiamo la complessità derivante da architetture ibride, container, microservizi e deployment automatici, diventa evidente che un approccio tradizionale alla sicurezza non basta più.
Il tutto, ricordandoci che l’iperproduzione di dati, le configurazioni errate, i permessi eccessivi, le librerie di terze parti, gli asset dimenticati, i comportamenti anomali – solo per citarne alcune – rischiano di condurci velocemente a una paralisi informativa.
Disporre di tanti strumenti, infine, non ci è di aiuto: dobbiamo tenere in conto che la competenza approfondita del mondo cloud è una sfida e che è in corso una tendenza di unificare gli strumenti di sicurezza[2].
Le variabili da prendere in considerazione
In questo scenario, la domanda sorge spontanea: siamo sicuri di avere una traccia completa di tutto quello che è presente nel Cloud? Ma soprattutto: ci servono veramente tanti occhi e come stabilire le priorità e rendere l’informazione fruibile, non solo dettagliata?
Per la singola risorsa, è necessario andare al di là della segnalazione o evento specifico e prendere in considerazione informazioni di contorno, che possono essere, per esempio:
- È esposta a Internet?
- È collegata a dati sensibili?
- È stata coinvolta in attività insolite?
- È stata creata da uno script automatizzato o da un utente manualmente?
Solo con il contesto possiamo rispondere davvero a queste domande. Senza, si rischia di correre dietro a ogni allarme, sprecando tempo e risorse mentre i rischi reali passano inosservati.
Il valore di una piattaforma CNAPP
Per andare oltre la semplice lista di potenziali problemi, una piattaforma CNAPP (Cloud-Native Application Protection Platform) come Lacework FortiCNAPP può fare la differenza.
FortiCNAPP entra in gioco non quando ci sono problemi, ma prima che diventino critici. Analizza i dati nel loro contesto, riconosce comportamenti anomali, evidenzia configurazioni rischiose, segnala priorità di intervento – il tutto integrandosi nella Fortinet Security Fabric, per offrire una protezione coerente e continua.
La soluzione aggrega informazioni da più livelli: configurazioni, posture, permessi, attività runtime, vulnerabilità, framework di compliance; e ne restituisce una visione filtrata, rilevante, orientata all’azione prioritaria. Invece di presentare migliaia di alert, permette di visualizzare le poche decine di problemi che contano davvero.
Risultato: meno tempo sprecato, meno errori, più controllo.
Questo è possibile grazie a diverse funzioni chiave, tra cui:
- Analisi dell’esposizione: identifica se una risorsa vulnerabile è accessibile da Internet o isolata.
- Analisi delle vulnerabilità: in grado di identificare la presenza di vulnerabilità note sia in fase di build-up che di runtime.
- Contesto di utilizzo: analizza se la libreria vulnerabile è effettivamente in uso, riducendo i falsi positivi.
- Compliance-aware: evidenzia le misconfiguration che impattano direttamente le conformità a standard come ISO27001 o PCI-DSS.
- Identificazione di anomalie: usa meccanismi di Machine Learning per identificare comportamenti anomali andando al di là delle signature conosciute, rendendo possibile la identificazione anche di attacchi zero-day.
In un mondo in cui “più dati” non significa “più sicurezza”, FortiCNAPP aiuta a semplificare senza sacrificare il controllo. Già integrato con altre soluzioni della Fortinet Security Fabric, consente una gestione coerente della sicurezza dal codice fino al runtime.
In conclusione, oggi non bastano più i “controlli”: serve comprensione e visione d’insieme per poter ridurre il rumore e intervenire dove serve davvero.
E per avere tutto questo, non servono più occhi. Serve soltanto lo strumento giusto.
[1] Fonte: FIRST.org
[2] Fonte: cybersecurity-insiders.com/por…
L'articolo Quanti occhi ci servono per controllare un ambiente Cloud? Il valore garantito da una piattaforma CNAPP proviene da il blog della sicurezza informatica.
Automated Blinds Opener On The Cheap
We love seeing hacks that involve salvaging parts from what you have on hand to make a new project work, and this project is a great example of that. [Simon], in a quick weekend build, created an automated blinds opener using parts he had available.
The project began with the desire to have his blinds open slowly and silently, gradually letting in more light. To accomplish this, a few key components were needed, including a motor with a gearbox to provide the torque required to actuate the blinds and a magnetic encoder to track their progress. To isolate vibrations and keep the system silent, the motor is mounted using a silicone motor mount that he salvaged from a broken water flosser.
To mount the motor to the wall near the window, he used some 3D printed parts. A clever combination of surgical silicone tubing and silicone tape attaches the motor to the window blind shaft while limiting vibration transfer, keeping things quiet. [Simon] advises against using magnetic encoders as he did, noting that while he had them on hand and made them work, the magnetic shaft’s misalignment with the encoders makes it a less-than-ideal approach. Nevertheless, he got it working.
Automating blinds is a fairly common project around these parts, made all the more accessible with clever 3D printed mechanisms. We’ve even seen variations that can be used in rentals, dorms, and other places were permanent modifications need to be avoided.
Sarcoma Ransomware: l’anatomia di una minaccia silenziosa ma spietata
Nel panorama sempre più affollato e inquietante del cybercrimine internazionale, una nuova figura ha cominciato ad attirare l’attenzione degli analisti di sicurezza di tutto il mondo: Sarcoma Ransomware. Un nome inquietante, mutuato dalla terminologia medica, che richiama alla mente tumori maligni ad alta aggressività. E in effetti, di aggressività questo gruppo criminale ne ha da vendere: nel giro di pochi mesi dalla sua prima individuazione, avvenuta nell’ottobre 2024, Sarcoma ha già dimostrato una pericolosità fuori dal comune.
Non siamo davanti all’ennesimo clone di ransomware con tecniche rudimentali e obiettivi casuali: Sarcoma rappresenta una nuova generazione di minacce informatiche, capace di coniugare sofisticazione tecnica, strategia operativa e una precisa selezione delle vittime, il tutto avvolto in un alone di elusività che ha già messo in difficoltà anche le strutture più mature.
Una diffusione rapida e globale
Dai primi indicatori di compromissione rilevati fino a oggi, Sarcoma ha mostrato un pattern operativo coerente con una campagna pianificata su scala globale, focalizzata però su obiettivi ad alto valore. Dall’analisi dei flussi e delle interazioni (visibili nell’immagine allegata), è evidente come l’attore minaccioso abbia colpito in maniera coordinata diversi Paesi tra cui Stati Uniti, Italia, Canada, Regno Unito, Spagna, Brasile e Australia.
L’Italia risulta essere tra i Paesi maggiormente colpiti, al pari degli Stati Uniti. Questo dato, oltre a suscitare legittima preoccupazione, sottolinea quanto anche le aziende italiane siano ormai entrate stabilmente nel radar dei gruppi ransomware più avanzati. Un dato che dovrebbe far riflettere sulla necessità di rafforzare non solo le difese tecniche, ma anche la postura complessiva di sicurezza, ancora troppo spesso reattiva e frammentata.
Tecniche di attacco: l’efficienza prima di tutto
Quello che più colpisce, nell’analisi dell’operato di Sarcoma, è la lucidità ingegneristica con cui sono stati costruiti i singoli moduli del malware. A differenza di molte campagne ransomware “spray and pray”, Sarcoma non si limita a criptare i dati e lasciare un messaggio di riscatto. È un’operazione strutturata, preceduta da fasi di ricognizione approfondita, escalation dei privilegi, movimento laterale e disattivazione delle difese.
L’attore malevolo impiega una varietà di strumenti RMM (Remote Monitoring and Management) – comunemente utilizzati dagli amministratori di sistema – come AnyDesk, Atera e Splashtop, per ottenere accesso persistente alle reti delle vittime. Questo approccio permette a Sarcoma di passare inosservato, sfruttando software legittimo per compiere operazioni illegittime, confondendosi tra il normale traffico di rete.
Non mancano poi exploit sofisticati – alcuni dei quali riconducibili a vulnerabilità zero-day – utilizzati per iniziare la catena di compromissione. Gli attaccanti utilizzano anche strumenti come Advanced IP Scanner e Mimikatz per il rilevamento della rete e l’estrazione di credenziali, segno evidente di una familiarità avanzata con le tecniche di attacco laterale e privilege escalation.
Crittografia e contromisure: chirurgia digitale
La componente di crittografia dei dati mostra un livello tecnico decisamente elevato: Sarcoma utilizza un sistema ibrido, che combina l’algoritmo RSA (per la cifratura delle chiavi di sessione) con ChaCha20, un cifrario di flusso ad alte prestazioni e sicurezza, particolarmente adatto alle operazioni rapide su grandi volumi di dati.
Non solo: il ransomware dispone di versioni distinte per Windows e Linux, dimostrando una volontà precisa di colpire ambienti misti e infrastrutture aziendali complesse. I payload includono moduli per la propagazione in rete, disattivazione dei backup e interferenza con sistemi hypervisor – probabilmente per neutralizzare ambienti virtualizzati e infrastrutture di tipo ESXi, spesso utilizzati nei data center.
Un dettaglio che non è sfuggito agli analisti è il comportamento selettivo del malware: Sarcoma evita intenzionalmente di infettare sistemi con layout di tastiera uzbeko. Questo elemento, già visto in passato con altri gruppi (come REvil o Conti), potrebbe indicare un’origine geografica o alleanze criminali nell’area eurasiatica, o comunque un tentativo di evitare conflitti con determinati governi.
Infrastrutture e correlazioni: l’ecosistema Sarcoma
Nel grafo allegato si evidenzia chiaramente una rete articolata di relazioni tra TTPs (Tactics, Techniques and Procedures), infrastrutture command & control, ID hash riconducibili a vari file malevoli e Paesi target. I riferimenti alle tecniche MITRE ATT&CK (come T1059.001 – Command and Scripting Interpreter: PowerShell, o T1021.002 – Remote Services: SMB/Windows Admin Shares) offrono un ulteriore livello di dettaglio e confermano l’adozione sistemica di vettori ben documentati, ma orchestrati in modo estremamente efficace.
L’analisi mostra anche come il gruppo abbia creato una infrastruttura di doppia estorsione, pubblicando i dati esfiltrati su data leak sites nel dark web, aumentando così la pressione sulle vittime affinché paghino il riscatto.
Considerazioni finali: un problema sistemico
Sarcoma non è solo un altro ransomware. È il sintomo di un problema più ampio: la continua evoluzione della criminalità informatica verso forme più organizzate, professionali e pericolosamente simili ad aziende legittime. Il gruppo dietro Sarcoma mostra capacità, risorse e visione strategica. Ma soprattutto, dimostra che il tempo delle difese minime è finito.
Le organizzazioni devono urgentemente adottare un approccio olistico alla sicurezza, che vada oltre l’antivirus e il backup giornaliero. Serve un cambio di paradigma: cyber hygiene, threat intelligence, segmentazione della rete, zero trust, controllo degli accessi privilegiati e formazione continua.
Perché mentre Sarcoma agisce nell’ombra con chirurgica precisione, le aziende ancora oggi pagano il prezzo dell’impreparazione.
L'articolo Sarcoma Ransomware: l’anatomia di una minaccia silenziosa ma spietata proviene da il blog della sicurezza informatica.
Vintage Intel 8080 runs on a Modern FPGA
If you’re into retro CPUs and don’t shy away from wiring old-school voltages, [Mark]’s latest Intel 8080 build will surely spark your enthusiasm. [Mark] has built a full system board for the venerable 8080A-1, pushing it to run at a slick 3.125 MHz. Remarkable is that he’s done so using a modern Microchip FPGA, without vendor lock-in or proprietary flashing tools. Every step is open source.
Getting this vintage setup to work required more than logical tinkering. Mark’s board supplies the ±5 V and +12 V rails the 8080 demands, plus clock and memory interfacing via the FPGA. The design is lean: two-layer PCB, basic level-shifters, and a CM32 micro as USB-to-UART fallback. Not everything went smoothly: incorrect footprints, misrouted gate drivers, thermal runaway in the clock section; but he managed to tackle it.
What sets this project apart is the resurrection of a nearly 50-year-old CPU. It’s also, how thoroughly thought-out the modern bridge is—from bitstream loading via OpenOCD to clever debugging of crystal oscillator drift using a scope. [Mark]’s love of the architecture and attention to low-level detail makes this more than a show-off build.
Watch [Mark]’s video here or pull his files from his repo on GitHub. Let us know what purpose it could have for you!
youtube.com/embed/-_pdrvB2gD0?…
A RISC-V Operating System Instruction Manual
To some, an operating system is a burden or waste of resources, like those working on embedded systems and other low-power applications. To others it’s necessary, abstracting away hardware so that higher-level programming can be done. For most people it’s perhaps not thought of at all. But for a few, the operating system is the most interesting piece of software running on a computer and if you’d like to investigate what makes this often overlooked aspect of computer science interesting, take a look at this course on operating systems from Cornell University.
The operating system itself is called Earth and Grass Operating System because it splits the functionality of the operating system into three separate parts. The Earth layer involves dealing with hardware, the Grass layer involves hardware-independent aspects, and a third application layer implements other key operating system features. It’s built for a RISC-V processor, since that instruction set is completely open source and transparent about what it’s doing. It’s also incredibly small, coming in at around 2000 lines of code. The course covers nine areas, with the first six being core operating system functions and the remaining three covering more advanced operating system concepts.
For understanding the intricacies and sometimes mysterious ways that operating systems work, a course like this can go a long way into unraveling those mysteries and developing a deeper understanding of how it brings the hardware to work for higher-level software. We actually featured this operating system two years ago, before this course was created, which covers this project for those who like to take a more self-directed approach, or simply want a lightweight OS for a RISC-V system.
Wayback Proxy Lets Your Browser Party Like It’s 1999
This project is a few years old, but it might be appropriate to cover it late since [richardg867]’s Wayback Proxy is, quite literally, timeless.
It does, more-or-less, what it says as on the tin: it is an HTTP proxy that retrieves pages from the Internet Archive’s Wayback Machine, or the Oocities archive of old Geocities sites. (Remember Geocities?) It is meant to sit on a Raspberry Pi or similar SBC between you and the modern internet. A line in a config file lets you specify the exact date. We found this via YouTube in a video by [The Science Elf] (embedded below, for those of you who don’t despise YouTube) in which he attaches a small screen and dial to his Pi to create what he calls the “Internet Time Machine” using the Wayback Proxy. (Sadly [The Science Elf] did not see fit to share his work, but it would not be difficult to recreate the python script that edits config.json.)
What’s the point? Well, if you have a retro-computer from the late 90s or early 2000s, you’re missing out a key part of the vintage experience without access to the vintage internet. This was the era when desktops were being advertised as made to get you “Online”. Using Wayback Proxy lets you relive those halcyon days– or live them for the first time, for the younger set. At least relive those of which parts of the old internet which could be Archived, which sadly isn’t everything. Still, for a nostalgia trip, or a living history exhibit to show the kids? It sounds delightful.
Of course it is possible to hit up the modern web on a retro PC (or on a Mac Plus). As long as you’re not caught up in an internet outage, as this author recently was.
youtube.com/embed/0OB1g8CUdbA?…
2025 Pet Hacks Contest: A Barrel Of Fun For Your Dog
If you ask someone for a piece of received opinion about Bernese mountain dogs, the chances are that the tale of their carrying barrels of brandy round their necks for the revival of those lost in the snow. It’s a story of uncertain provenance and may indeed be a myth, but that hasn’t stopped [Saren Tasciyan] 3D printing one for their faithful hound. In its own way it too is a saviour, for as well as a small camera, it carries a supply of dog poop bags.
It’s a two part print, held together with strong magnets. Waterproofing is achieved using liberal quantities of hot glue. There’s a protrusion on one side designed to take an action camera for a dog’s-eye-view of the world. The files are downloadable, so your pooch can have one too if you like. We are wondering whether a couple of miniatures of brandy might just fit in there as well.
It’s is part of the 2025 Pet Hacks contest, so if this has whetted your appetite, expect more. If your dog carries around something you’ve made, how about making it an entry of your own?
Mouse Model Suggests Starch-Based Plastics Are Still Bad For You
To paraphrase The Simpsons: plastics are the solution to – and cause of – all of mankind’s problems. Nowhere is this more clear in the phenomenon of microplastics. Some have suggested that alternative bioplastics made out of starch, like PLA, could be the solution here, as the body might be able to digest and disassemble these plastic fragments better. Unfortunately, a team of Chinese researchers put this to the test using mice, with the results suggesting that starch-based plastics do not change the harm to tissues and organs.
We previously looked at this harm from micro- and nanoplastics (MNP), with humans and their brains at autopsy showing a strong correlation between disease and presence of MNPs. In this recent study mice were split up into three groups, for either no, low or high levels of these bioplastics in their food. At autopsy, the mice exposed to the bioplastics all showed damage to organs, including the same gene-regulation issues and inflammation markers as seen with other plastics.
Despite these results, researchers question how useful these results are, as they pertain to modified PLA starches with known biodegradability issues, while starch by itself is absolutely digestible when it’s in the form of potato chips, for instance. Perhaps the trick here is to make bioplastics that are still useful as plastics, and yet as harmless to ingest as said potato chips.
Not that we recommend eating bioplastics, mind you; potato chips are definitely tastier.
Intercepting and Decoding Bluetooth Low Energy Data for Victron Devices
[ChrisJ7903] has created two Ardiuno programs for reading Victron solar controller telemetry data advertised via BLE. If you’re interested in what it takes to use an ESP32 to sniff Bluetooth Low Energy (BLE) transmissions, this is a master class.
The code is split into two main programs. One program is for the Victron battery monitor and the other is for any Victron solar controller. The software will receive, dissect, decrypt, decode, and report the data periodically broadcast from the devices over BLE.
The BLE data is transmitted in Link-Layer Protocol Data Units (PDUs) which are colloquially called “packets”. In this particular case the BLE functionality for advertising, also known as broadcasting, is used which means the overhead of establishing connections can be avoided thereby saving power.
Decryption is handled with the the wolfSSL library and [ChrisJ7903] had nice things to say about the helpful people over at wolfSSL. The AES-CTR algorithm is used and seeded with the per-device encryption key, a nonce/salt in little-endian format, and the encrypted data.
[ChrisJ7903] relied heavily on technical documentation provided by Victron in order to decode the received data; some of that documentation is made available in the Git repo and ultimately everything is revealed in the code itself.
We’ve done heaps of BLE stuff here at Hackaday in the past. If you’re interested in BLE tech check out this rain gauge and this doorbell.
L’Operazione Endgame continua: arrestati 16 hacker russi, distrutti 300 server e smantellato DanaBot
Nel corso della lunga operazione internazionale Endgame, le forze dell’ordine hanno smantellato la botnet DanaBot e hanno emesso mandati di arresto nei confronti di 16 cittadini russi. L’eliminazione di DanaBot faceva parte dell’operazione Endgame, iniziata l’anno scorso. Ricordiamo che all’operazione Endgame presero parte in quel periodo rappresentanti della polizia di Germania, USA, Gran Bretagna, Francia, Danimarca e Paesi Bassi.
Inoltre, esperti di Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus e DIVD hanno fornito informazioni operative alle autorità, condividendo con le forze dell’ordine dati sull’infrastruttura botnet e sul funzionamento interno di vari malware. Nel 2024, le autorità hanno segnalato il sequestro di oltre 100 server utilizzati dai principali downloader di malware, tra cui IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader e SystemBC. Tali dropper vengono utilizzati per ottenere l’accesso iniziale ai dispositivi delle vittime e per distribuire payload aggiuntivi.
Come hanno spiegato i rappresentanti dell’Europol, l’operazione Endgame era ormai entrata nella sua fase finale e mirava a distruggere DanaBot e altre famiglie di malware che si erano attivate dopo i precedenti tentativi di eliminarle. Le forze dell’ordine e i loro partner del settore privato (Amazon, CrowdStrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team Cymru e Zscaler) hanno cercato di smantellare la catena del ransomware andando alle radici, smantellando un totale di circa 300 server e 650 domini ed emettendo mandati di arresto internazionali per 20 individui.
Gli agenti delle forze dell’ordine hanno anche sequestrato criptovalute per un valore complessivo di 24 milioni di dollari, di cui 4 milioni durante la fase finale dell’operazione. Come riportato dal Dipartimento di Giustizia degli Stati Uniti, la botnet DanaBot è stata smantellata dopo aver infettato più di 300.000 computer in tutto il mondo ed è stata utilizzata per frodi e attacchi ransomware che hanno causato danni per almeno 50 milioni di dollari.
Il Dipartimento di Giustizia degli Stati Uniti ha inoltre desecretato le accuse nei confronti di 16 persone presumibilmente coinvolte nello sviluppo e nell’utilizzo di DanaBot. Tutti gli imputati sono cittadini russi, tra cui: Alexander Stepanov (alias JimmBee), Artem Alexandrovich Kalinkin (alias Onix), Danil Khalitov, Alexey Efremov, Kamil Shtugulevsky, Ibragim Idova, Artem Shubin e Alexey Khudyakov, oltre ad altre otto persone menzionate sotto pseudonimo.
Come ha sottolineato il noto giornalista esperto in sicurezza informatica Brian Krebs, Kalinkin presumibilmente lavorava come ingegnere informatico presso Gazprom. Secondo i documenti del tribunale, molti dei sospettati sono stati identificati dopo aver infettato accidentalmente i propri computer con DanaBot. Ricordiamo che DanaBot è apparso nel 2018. Inizialmente, il malware aveva preso di mira Ucraina, Polonia, Austria, Italia, Germania e Australia, ma si è presto diffuso anche in Nord America.
DanaBot veniva distribuito utilizzando il modello MaaS (Malware-as-a-service) e inizialmente era un Trojan bancario che gli consentiva di rubare dati riservati dai sistemi infetti. Successivamente si è evoluto in una piattaforma di distribuzione e download per altre famiglie di malware, tra cui il ransomware. In seguito, gli amministratori di DanaBot svilupparono una seconda versione della loro botnet per scopi di spionaggio informatico, prendendo di mira organizzazioni militari, diplomatiche e governative in Nord America e in Europa.
Secondo gli analisti di Proofpoint, i malware è stato utilizzato da diversi grandi gruppi di hacker tra il 2018 e il 2020 e poi diffuso attivamente trama l’attività è ripresa a metà del 2024. Ora il malware non sfruttava solo le e-mail, ma si affidava anche a pubblicità dannose e a tecniche di infezione SEO.
Gli esperti di Lumen Technologies, che hanno anche collaborato con le forze dell’ordine, affermano che DanaBot ha in media 150 server C&C attivi al giorno, il che lo rende una delle più grandi minacce MaaS degli ultimi anni. Insieme al Team Cymru, gli esperti hanno condotto un’analisi dell’infrastruttura della botnet .
L'articolo L’Operazione Endgame continua: arrestati 16 hacker russi, distrutti 300 server e smantellato DanaBot proviene da il blog della sicurezza informatica.
The unstoppable ascent of AI
IT'S MONDAY, AND THIS IS DIGITAL POLITICS. I'm Mark Scott, and I'll be in Berlin this week at the Re:publica conference. Drop me a line if you're also in town. I'll be on stage on May 28 at 4:15pm CET / 10:15am ET to talk about boosting transparency and accountability for social media.
— The United States and Europe are making it easier for artificial intelligence companies to operate with fewer checks and less oversight.
— A recent court decision just made it safer to ship data between the EU and US. That does not change the superficial status quo of transatlantic data flows.
— Full-blown 'digital sovereign' may cost the global economy as much as a 4.5 percent reduction in individual countries' gross domestic product.
Let's get started:
NASA Is Shutting Down the International Space Station Sighting Website
Starting on June 12, 2025, the NASA Spot the Station website will no longer provide ISS sighting information, per a message recently sent out. This means no information on sighting opportunities provided on the website, nor will users subscribed via the website receive email or text notifications. Instead anyone interested in this kind of information will have to download the mobile app for iOS or Android.
Obviously this has people, like [Keith Cowing] over at Nasa Watch, rather disappointed, due to how the website has been this easy to use resource that anyone could access, even without access to a smart phone. Although the assumption is often made that everyone has their own personal iOS or Android powered glass slab with them, one can think of communal settings where an internet café is the sole form of internet access. There is also the consideration that for children a website like this would be much easier to access. They would now see this opportunity vanish.
With smart phone apps hardly a replacement for a website of this type, it’s easy to see how the app-ification of the WWW continues, at the cost of us users.
Pico-mac-nano Fits Working Macintosh on Barbie’s Desk
Have you ever looked in a doll house and said “I wish those dolls had a scale replica of a 1984 Macintosh 128K that could be operated by USB?” — well, us neither, but [Nick Gallard] gives us the option with his 63mm tall Pico-mac-nano project.
As you might imagine, this project got its start with the RP2040-based Pico Mac project by [Matt Evans], which we covered
before. [Nick] saw that, built it, and was delighted by it enough to think that if the Mac could run on such tiny hardware, how small could build a fully-usable replica Mac? The answer was 63 mm tall– at 5.5:1, that’s technically under the 6:1 scale that Barbie operates on, but if we had such a dollhouse we’d absolutely put one of these in it. (You just know Barbie’s an Apple kind of girl.)
The size was driven by the screen, which is a 2″ TFT panel with 480 x 640 pixel native resolution. Here [Nick] cheats a tiny bit– rather than trying to rewrite the PicoMac to output 640 x 480 and rotate the screen, he keeps the screen in portrait mode and drives it at 480 x 342 px. Sure, it’s not a pixel-perfect output, but no LCD is going to be a perfect stand in for a CRT, and who is going to notice 32 pixels on a 2″ screen? Regardless, that set the height of the computer, which is built around the portrait display. A highly detailed, and to our eyes, accurate replica of the original Macintosh case was printed to fit the LCD, coming in at the aforementioned 63mm tall.
Unfortunately this means the floppy drive could not be used for micro SD access– there is an SD card reader on this unit, but it’s on the back, along with a USB-C port, which is roughly where the mouse and keyboard ports are supposed to be, which is a lovely detail. Also delightful is the choice of a CR2 lithium battery for power, which is a form factor that will look just a bit familiar if you’ve been inside one of these old Macs.
[Nick] has posted the 3D designs and modified pico mac firmware to a GitHub repository, but if you’re looking for a charming desk ornament and don’t have the time to build your own, he will also be selling these (both kits and fully assembled units) via 1bitrainbow, which is the most delightfully retro web store we’ve seen of late.
If Classic MacOS isn’t good enough for you, how about linux? You won’t enjoy it as much, but it will run on the RP2040.
Zero Line e Delta, le armi segrete ucraine per la guerra digitale alla Russia
Nel cuore della guerra russo-ucraina, un conflitto che ha ridefinito i paradigmi della guerra moderna, un’organizzazione no-profit statunitense, Zero Line, è emersa come un attore tanto discreto quanto cruciale. Fondata nel marzo 2022 da Isaac Flanagan, un residente di Aspen con un passato di studi al Massachusetts Institute of Technology (MIT), Zero Line si è posizionata al crocevia tra intelligence, fusione di dati e guerra di rete, diventando un pilastro della modernizzazione digitale delle forze armate ucraine. La sua collaborazione con il sistema di situational awareness Delta, sviluppato dal Ministero della Difesa ucraino, rappresenta un esempio emblematico di come la tecnologia e il sostegno internazionale stiano plasmando il campo di battaglia. Questo articolo esplora il ruolo di Zero Line, le sue operazioni segrete e il suo impatto sulla guerra in Ucraina, penetrando un’organizzazione che opera nell’ombra ma con un’influenza tangibile.
Zero Line: una nascita sotto pressione
Zero Line nasce in un momento di estrema urgenza, poche settimane dopo l’invasione russa dell’Ucraina il 24 febbraio 2022. Isaac Flanagan, insieme ai colleghi MIT Ian Miller ed Evan Platt, fonda l’organizzazione con l’obiettivo di rispondere alle necessità immediate del fronte ucraino. La missione dichiarata, come riportato sul sito ufficiale di Zero Line, è chiara: fornire droni, computer e strumenti di comunicazione non letali per migliorare l’efficacia e la sopravvivenza dei soldati ucraini, proteggendo al contempo i civili e facilitando il ritorno dei rifugiati. Ma dietro questa facciata umanitaria si nasconde un’operazione sofisticata, che combina competenze tecnologiche d’avanguardia con un accesso privilegiato ai vertici militari ucraini.
In poco più di un anno, Zero Line ha raccolto circa mezzo milione di dollari e donato beni per un valore di 5,9 milioni, tra cui forniture mediche, veicoli, equipaggiamenti per traumi da combattimento e, soprattutto, tecnologie avanzate come droni e sistemi di comunicazione. La sua capacità di operare con rapidità ed efficienza le ha valso riconoscimenti ufficiali, come una medaglia conferita nel 2022 dal parlamentare ucraino Maryan Zablotskyy, un onore raro per un’organizzazione straniera. Mark Lindquist, ex analista dell’intelligence dell’US Air Force, ha elogiato Zero Line per aver portato “il meglio dell’intelligence americana” nella guerra in corso, sottolineando il suo status unico tra le organizzazioni umanitarie a Kiev.
Al crocevia della guerra di rete: il sistema Delta
Al centro delle operazioni di Zero Line c’è la collaborazione con Delta, un sistema di situational awareness e gestione del campo di battaglia sviluppato dal Ministero della Difesa ucraino. Lanciato nel 2021 dalla unità militare A2724 e successivamente trasferito al Centro per l’Innovazione e lo Sviluppo delle Tecnologie di Difesa, Delta è una piattaforma cloud-based che integra dati in tempo reale da droni, satelliti, sensori, intelligence umana (HUMINT) e fonti aperte. Visualizzata su mappe interattive accessibili da laptop, tablet o smartphone, Delta consente ai comandanti ucraini di monitorare i movimenti nemici, coordinare le forze e pianificare operazioni con una precisione senza precedenti.
Descritto come “Google Maps per i militari” dal ministro ucraino per la Trasformazione Digitale Mykhailo Fedorov, Delta rappresenta il cuore della dottrina di Network-Centric Warfare (NCW) ucraina, un approccio che traduce la superiorità informativa in potenza di combattimento. La piattaforma, testata per la prima volta nel 2017 nell’ambito di un’iniziativa NATO, si è dimostrata fondamentale durante la controffensiva ucraina contro il convoglio russo a Kiev nel 2022, identificando fino a 1.500 obiettivi russi confermati al giorno. La sua integrazione con sistemi NATO e alleati, come il sistema di controllo del fuoco d’artiglieria polacco TOPAZ, ha ulteriormente ampliato le sue capacità.
Zero Line ha contribuito a migliorare Delta fornendo hardware critico, come computer e droni, e collaborando con programmatori ucraini per ottimizzare il sistema di mappatura digitale che mostra le posizioni delle forze ucraine e russe. Questa partnership ha permesso di ridurre i rischi per i soldati in prima linea, grazie a droni che fungono da “telecamere volanti” per la raccolta di dati in tempo reale. L’organizzazione si distingue per il suo approccio “demand-driven”, rispondendo alle esigenze più urgenti del momento, come il passaggio dall’assistenza medica all’elettronica avanzata nell’estate del 2022.
Un’organizzazione al confine tra filantropia e intelligence
Nonostante la sua natura di ONG, Zero Line opera con un livello di sofisticazione che suggerisce legami con il mondo dell’intelligence. I suoi fondatori, tutti alumni del MIT, portano un bagaglio di competenze tecniche e accademiche che si riflettono nella loro capacità di navigare ambienti complessi. La collaborazione con il Ministero della Difesa ucraino e l’accesso a tecnologie sensibili come Delta indicano una rete di connessioni che va oltre il semplice aiuto umanitario. Fonti di intelligence riportano che Zero Line ha lavorato a stretto contatto con esperti di guerra elettronica e fusione di dati, contribuendo a rafforzare le difese informatiche ucraine contro attacchi russi, come il tentativo di phishing contro Delta nel dicembre 2022.
La segretezza che circonda Zero Line è un altro elemento che ne definisce il profilo. A differenza di altre organizzazioni umanitarie focalizzate su cibo, coperte o assistenza medica, Zero Line si concentra su tecnologie dual-use che hanno un impatto diretto sulle operazioni militari. La sua capacità di operare sotto il radar, evitando l’attenzione mediatica, le ha permesso di costruire rapporti di fiducia con le autorità ucraine, un’impresa non facile per un’organizzazione occidentale in un contesto di guerra. Lindquist ha sottolineato che “non ci sono altri americani che lavorano a questi livelli con l’esercito ucraino”, un’affermazione che sottolinea l’unicità della posizione di Zero Line.
Le sfide della guerra digitale
Il sostegno di Zero Line a Delta non è privo di rischi. La piattaforma è stata ripetutamente presa di mira da attacchi informatici russi, che vedono nei sistemi di gestione digitale ucraini una minaccia strategica. Nel 2022, Delta è stato oggetto di un tentativo di phishing, mentre attacchi di tipo wiper, come HermeticWiper e IsaacWiper, hanno colpito reti governative ucraine, cercando di distruggere dati critici. La Russia ha anche cercato di penetrare i sistemi di comando e controllo ucraini, come Delta e Kropyva, attraverso operazioni di credential harvesting e malware mascherati da applicazioni legittime.
Zero Line, pur non essendo un obiettivo diretto, opera in un contesto ad alto rischio, dove la protezione dei dati e delle comunicazioni è cruciale. La decisione del Governo ucraino, nel febbraio 2023, di ospitare componenti cloud di Delta al di fuori del Paese è stata motivata dalla necessità di proteggerlo da attacchi missilistici e informatici. Zero Line ha probabilmente contribuito a questa transizione, fornendo supporto logistico e tecnologico per garantire la continuità operativa della piattaforma.
Implicazioni geopolitiche e il futuro di Zero Line
Il ruolo di Zero Line solleva interrogativi sulle dinamiche del sostegno internazionale all’Ucraina. La sua capacità di operare come un attore ibrido – parte ONG, parte partner tecnologico-militare – riflette la complessità della guerra moderna, dove i confini tra civile e militare, pubblico e privato, si sfumano. La collaborazione con Delta e il Ministero della Difesa ucraino posiziona Zero Line come un canale per il trasferimento di know-how tecnologico dagli Stati Uniti all’Ucraina, in un contesto in cui il sostegno militare diretto è soggetto a scrutinio politico.
Tuttavia, l’organizzazione deve navigare un terreno minato. La sua vicinanza al Governo ucraino e la sua dipendenza da donazioni private la espongono a rischi di strumentalizzazione politica o di accuse di agire come un’estensione dell’intelligence americana. Inoltre, la crescente dipendenza ucraina da sistemi come Delta potrebbe creare vulnerabilità a lungo termine, specialmente se le infrastrutture tecnologiche non saranno adeguatamente protette o aggiornate.
Un attore nell’ombra della guerra moderna
Zero Line rappresenta un caso studio affascinante di come le ONG possano assumere ruoli strategici in conflitti moderni. La sua capacità di combinare filantropia, tecnologia e intelligence ha reso possibile un contributo significativo alla resistenza ucraina, rafforzando la capacità di Kiev di condurre una guerra di rete contro un avversario militarmente superiore. Tuttavia, il suo operato rimane avvolto in un alone di segretezza, che protegge le sue operazioni ma alimenta anche speculazioni sul suo vero mandato.
Mentre la guerra in Ucraina continua a evolversi, Zero Line e Delta saranno probabilmente al centro di ulteriori sviluppi nella guerra digitale. La loro collaborazione dimostra che, in un’era dominata da dati e algoritmi, la vittoria non dipende solo dalle armi convenzionali, ma dalla capacità di raccogliere, elaborare e agire sulle informazioni in tempo reale. Resta da vedere se Zero Line riuscirà a mantenere il suo delicato equilibrio tra trasparenza e discrezione, ma una cosa è certa: il suo impatto sul campo di battaglia ucraino è già indelebile.
L'articolo Zero Line e Delta, le armi segrete ucraine per la guerra digitale alla Russia proviene da InsideOver.