With the days of dial-up and pitiful 2G data connections long behind most of us, it would seem tempting to stop caring about how much data an end-user is expected to suck down that big and wide broadband tube. This is a problem if your respective tube happens to be a thin straw and you’re located in a base somewhere in the Antarctic. Take it from [Paul Coldren], who was stationed at a number of Antarctic research stations as an IT specialist for a total of 14.5 months starting in August of 2022.
Prepare for hours of pain and retrying downloads. (Credit: Paul Coldren]
As [Paul] describes, the main access to the Internet at these bases is via satellite internet, which effectively are just relay stations. With over a thousand people at a station like McMurdo at certain parts of the season, internet bandwidth is a precious commodity and latency is understandably high.

This low bandwidth scenario led to highly aggravating scenarios, such as when a web app would time out on [Paul] while downloading a 20 MB JavaScript file, simply because things were going too slow. Upon timing out, it would wipe the cache, redirect to an error page and have [Paul] retry and retry to try to squeeze within the timeout window. Instead of just letting the download complete in ~15 minutes, it would take nearly half an hour this way, just so that [Paul] could send a few kB worth of text in a messaging app.

In addition to these artificial timeouts – despite continuing download progress – there’s also the issue of self-updating apps, with a downloader that does not allow you to schedule, pause, resume or do anything else that’d make downloading that massive update somewhat feasible. Another thing here is distributed downloads, such as when hundreds of people at said Antarctic station are all trying to update MacOS simultaneously. Here [Paul] ended up just – painfully and slowly – downloading the entire 12 GB MacOS ISO to distribute it across the station, but a Mac might still try to download a few GB of updates regardless.

Updating Office for Mac at the South Pole made easy courtesy of Microsoft. (Credit: Paul Coldren)
This level of pain continued with smartphone updates, which do not generally allow one to update the phone’s OS from a local image, and in order to make a phone resume an update image download, [Paul] had to turn the phone off when internet connectivity dropped out – due to satellites going out of alignment – and turn it back on when connectivity was restored the next day.

Somewhat surprisingly, the Microsoft Office for Mac updater was an example of how to do it at least somewhat right; with the ability to pause and cancel, see the progress of the download and resumption of interrupted downloads without any fuss. Other than not having access to the underlying update file for download and distribution by e.g. Sneakernet, this was a pleasant experience alongside the many examples of modern-day hardware and software that just gave up and failed at the sight of internet speeds measured in kB/s.

Although [Paul] isn’t advocating that every developer should optimize their application and updater for the poor saps stuck on the equivalent of ISDN at a remote station or in a tub floating somewhere in the Earth’s oceans, he does insist that it would be nice if you could do something like send a brief text message via a messaging app without having to fight timeouts and other highly aggravating ‘features’.

Since [Paul] returned from his last deployment to the Antarctic in 2024 it appears that at least some of the stations have been upgraded to Starlink satellite internet, but this should not be taken as an excuse to not take his plea seriously.

hackaday.com/2025/09/05/engine…

Even with teachers with names like Kirchhoff and Helmholtz, old Heinrich Hertz himself likely didn’t have the slightest idea that his name would one day become an SI unit. Less likely still would have been the idea that Hackaday would honor him with the 2025 One-Hertz Challenge.

The challenge was deliberately — dare we say, fiendishly? — simple: Do something, anything, but do it once a second. Flash a light, ring a bell, click a relay, or even spam comments on a website other than Hackaday; anything at all, but do it at as close to one Hertz as possible. These are our favorite kinds of contests, because the simplicity affords a huge canvas for the creative mind to paint upon while still providing an interesting technical constraint that’s just difficult enough to make things spicy.

And boy, did you respond! We’ve received over a hundred entries since we announced the contest back in June, meaning that many of you spent 4,662,000 seconds of your summer (at least those of you above the equator) rising to the challenge. The time was well spent, with projects that pushed the limits of what we even expected.

While we loved ’em all, we had to winnow them down to the top three, each of which receives a $150 gift certificate from our sponsor, DigiKey. Let’s take a look at them, along with our favorite runners-up.

Our Top Three

At the top of our judges’ list was “the electromechanicalanalogdigitalclock”, a project that clearly didn’t know what it wanted to be but nevertheless did it with a lot of style. [Christian]’s contraption pushes a lot of design buttons, starting with the mains-powered stepper motor generating a 1-Hz signal with a photochopper, which drives a 12-bit counter made from some CMOS logic chips and a digital-to-analog converter that drives some vintage moving-coil meters to display the time. There’s even a bit of circuit sculpture thrown in, with a brass frame supporting and isolating the noisy stepper motor on a spring suspension. Extra points were no doubt earned thanks to the Space:1999 and Star Trek models in the photos.

The electromechanicalanalogdigitalclock by [Christian].BEZICRON was inspired by [ekaggrat singh kalsi] playing with his daughter’s springy hair ties.Next up we have BEZICRON by [ekaggarat singh kalsi]. If this one looks familiar, it’s probably because we featured it back in January, when we had a difficult time describing exactly what this is. It’s a clock, sure, but its display is vastly different from anything we’ve ever seen before, based as it is on hair bands, of all things, that are bent and stretched into numerals by a series of intricate cams and levers. The idea is unique, the mechanism is complex, the design is striking, and the sinuous 1-Hz pulse of the colon is mesmerizing.

Our final gift certificate goes to [Tim], who managed to use candle flames as a time base. You’ve probably noticed candles guttering and flickering thanks to uneven wax melting or even drafts blowing the flame column around and thought they were fairly random. But [Tim] noticed that these oscillations were actually more stable and predictable than they appear, and used a wire sticking into the flame to trigger the capacitive sensor input on a CH32xxx microcontroller to measure the frequency, which was then divided down to flash an LED at 1-Hz. It’s the perfect combination of physics and electronics that extracts order from a seemingly stochastic in a weird and wonderful way.

Awesome Honorable Mentions

What’s always fun about Hackaday contests is the categories we come up with, which are sort of mini-games within the main challenge. And this time around didn’t disappoint, with projects that explored these side quests in fun and interesting ways.

Our “Ridiculous” category was all about tapping your inner Rube Goldberg and finding the least practical way to generate your 1-pps pulse train. Runners-up in this category included [Brian Stuparyk]’s electromechanical function generator, a pitchblende-powered “atomic” clock by [alnwlsn], and [Sean B]’s “Nothing but NAND” Nixie clock.

For the “Timelords” category, we were looking for the projects that pulled out all the stops to get as many zeroes as possible after the decimal point, and the entries didn’t disappoint. Check out this vintage atomic clock restoration by [CuriousMarc] and his merry band, [Lauri Pirttiaho]’s cheap and simple GPS sync for quartz wall clocks, or this GPS-disciplined crystal-oven oscillator by [Will Carver].

The horologically inclined were the target audience for the “Clockwork” category, which invited you to turn your one-per-second timebase into a unique and interesting timepiece. See [Simon Newhouse]’s Nixie-based frequency counter clock, the DCF77 clock [hayday] made from the 2022 Supercon Badge, or the beautiful bubble displays of [Andrew Tudoroi]’s RPi TinynumberHat9 clock.

And finally, what would a One-Hertz challenge be without the venerable 555 timer chip? Entries we liked from the “Coulda Used a 555” category include [Tom Goff]’s Bletchley-inspired Logic Bombe, this mind-bending, capacitor-free timer that [Mark Valentine] put together, and [Paul Gallagher]’s super annoying “One Hurts” clock — it’s worse than a cuckoo clock!

Everyone’s a Winner!

We’d love to give everyone a prize, but we’d be hard-pressed to manage that with so many cool and unusual projects. As they say, everyone’s a winner just for entering, and we think that’s especially true with contests like this, which bring out the best in everyone. Thanks to everyone who entered, the judges for sorting through everything and making the hard choices, and to our sponsor DigiKey. We’ll see you all again next time around!

Thunderstorms were raging across southern Germany as Elliot Williams was joined by Jenny List for this week’s podcast. The deluge outside didn’t stop the hacks coming though, and we’ve got a healthy smorgasbord for you to snack from. There’s the cutest ever data cassette recorder taking a tiny Olympus dictation machine and re-engineering it with a beautiful case for the Commodore 64, a vastly overcomplex machine for perfectly cracking an egg, the best lightning talk timer Hackaday has ever seen, and a demoscene challenge that eschews a CPU. Then in Quick Hacks we’ve got a QWERTY slider phone, and a self-rowing canoe that comes straight out of Disney’s The Sorcerer’s Apprentice sequence.

For a long time we’ve had a Field guide series covering tech in infrastructure and other public plain sight, and this week’s one dealt with pivot irrigation. A new subject for Jenny who grew up on a farm in a wet country. Then both editors are for once in agreement, over using self-tapping screws to assemble 3D-printed structures. Sit back and enjoy the show!

html5-player.libsyn.com/embed/…

Want to listen offline? Grab yourself an MP3 hot off the press.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 336 Show Notes:

What’s that Sound?

• Congrats to [1tR3x] who knew more about the music of 2001 Space Odyssey than I did!

Interesting Hacks of the Week:

• Tiny Datasette Uses USB For The Modern Day
  
  • How Commodore tapes work
  • Classic Computer Magazine Archive article

  
  

• Does It Make Sense To Upgrade A Prusa MK4S To A Core One?
• Lightning Talks On Time, With This Device
• Over-Engineering An Egg Cracking Machine
  
  • What Can You Learn From An Eggbot?

  
  

• This Plotter Knows No Boundaries
• An Amiga Demo With No CPU Involved

Quick Hacks:

• Elliot’s Picks:
  
  • Phonenstien Flips Broken Samsung Into QWERTY Slider
  • Remembering The Intel Compute Stick
  • Old Projects? Memorialize Them Into Functional Art
  • Microsoft Removed WMR Headset Support? No Problem!

  
  

• Jenny’s Picks:
  
  • Microsoft BASIC For 6502 Is Now Open Source
  • CAD, From Scratch: MakerCAD
  • Robotic Canoe Puts Robot Arms To Work

  
  

Can’t-Miss Articles:

• No Need For Inserts If You’re Prepared To Use Self-Tappers
• Field Guide To North American Crop Irrigation

hackaday.com/2025/09/05/hackad…

The Estes line of flying model rockets have inspired an untold number of children and adults alike, thanks in part to their simplicity. From the design and construction of the rockets themselves to the reliability and safety of the modular solid-propellant motors, the company managed to turn actual rocket science into a family activity. If you could glue fins onto a cardboard tube and stick a plastic nosecone on the end, you were nearly ready for launch.

But what if you’re looking for something a bit more challenging? That’s where the new Estes Scorpio 3D comes in. Unlike the classic Estes kit, which included the fins, nosecone, and other miscellaneous bits of the rocket, the Scorpio kit requires you to 3D print your own parts. Do it right, and the company says you can send your creation to heights of 1,000 feet (305 m).

As several main components of the rocket are 3D printed, the Scorpio is intended to be a platform for fast and easy modification. Estes already provides STLs for a few different variants of the tail fins — this is not unlike some of the old kits, which would occasionally include different shaped fins for you to experiment with. But of course you’re also free to design your own components from scratch if you wish. A twist-lock mechanism built into the printed motor mount allows you to swap out the Scorpio’s fins in the field, no glue required.

While we appreciate the concept of the Scorpio 3D, we have to admit that the $40 USD price tag seems a bit excessive. After all, the user is expected to print the majority of the rocket’s parts on their own dime. According to the manual, the only thing you get with the kit (other than access to the digital files) is a couple of cardboard tubes, some stickers, and a parachute — the launch pad, igniter, and even motors are all sold separately.

Admittedly there’s a certain value in the Estes name and the knowledge that they’ve done their homework while putting this product together. But if you’re just looking to fire off some DIY rockets, we’d point you to the open source HEXA project as an alternative.

youtube.com/embed/WikanXBH4PE?…

hackaday.com/2025/09/05/estes-…

Something rather significant happened on the Internet back in May, and it seems that someone only noticed it on September 3rd. [Youfu Zhang] dropped a note on one of the Mozilla security mailing lists, pointing out that there was a certificate issued by Fina for 1.1.1.1. That IP address may sound familiar, and you may have questions.

First off, yes, TLS certificates can be issued for IP addresses. You can even get a numeric TLS certificate for your IP address, via Lets Encrypt. And second, 1.1.1.1 sounds familiar because that’s CloudFlare’s public DNS resolver. On that address, Cloudflare notably makes use of DoH, a charming abbreviation for DNS over HTTPS. The last important detail is that Cloudflare didn’t request or authorize the certificate. Significant indeed.

This is a high-profile example of the major weakness of the TLS certificate system. There are over 300 trusted certificate authorities in the Microsoft Root Certificate Program, Financijska agencija (Fina) being one of them. All it takes is for one of those trusted roots to issue a bad certificate, to compromise that system. That it took four months for someone to discover and point out the problem isn’t great.

Don’t Just Copy That Into Your Terminal

I’ve given Linux newbies the advice several times, not to be careless about copying and pasting commands into the Linux terminal. Sometimes that’s because practical jokers suggest running rm -rf /, or a fork bomb, or some other “fun” command to fix a problem. But there’s also the problem of malware, and it’s not limited to Linux. For example, this reasonably convincing looking notification from Cloudflare instructs the user to copy and past a completely benign-looking string into a terminal on a Mac machine.

… say what now

— Tim Pierce (@unchi.org) 2025-09-02T15:35:51.123Z

It’s pretty obviously not a real command as it’s presented. Instead, a base64 encoded string is decoded and executed in Bash. It executes a script from the Internet, which immediately begins looking for interesting files to upload. It’s not a terribly new approach, but is apparently still being used in the wild, and is a great object lesson about not trusting commands from the Internet.

CSS is Turing Complete Now, So Let’s Use it to Steal Data

OK, Turing complete might be a slight exaggeration, but CSS does now have if() statements. CSS also can do background downloads from remote sites. Put that together, and you have a way to steal data.

There are some serious limitations that are likely to keep this from becoming a widely used technique. Top of the list is that CSS doesn’t have any string carving functions. That if() statement is limited to matching the complete value of fields. To steal information strictly using CSS, you have to know what you’re looking for ahead of time.

Creative C2

It’s always interesting to see the creative Command and Control (C2) techniques that are dreamt up by researchers and threat actors. MeetC2 is up first, a demonstration of using Google Calendar for C2 via calendar events. It works because no security solution will block access to Google Calendar, and it’s fairly trivial to add notes to a calendar event.

The other creative C2 involves a project I’m intimately familiar with. MeshC2 is a clever, but admittedly vibe-coded C2 tool using Meshtastic to run commands on remote hosts. It’s from [Eric Escobar], one of the researchers at Sophos. When dropping a Raspberry Pi off for a penetration test, there’s an inevitable problem that knocks the platform off the Internet, and the ability to run a few simple commands could make all the difference.

youtube.com/embed/DLvPaYZfZR4?…

Persuasion and LLMs

Persuasion is the art of influencing. When a car salesman buys a potential customer a drink from the car lot’s vending machine, it’s an attempt to persuade. When a negotiators picks up on and imitates the small habits of their counterparts, it’s also an attempt to leverage persuasion. From appeals to authority, to priming, to framing, there are countless tricks that are tried, with varying amounts of success, to influence people. The question here is whether those tricks might work on an LLM.

A pre-print study seems to indicate that persuasion does indeed work on AIs. And while persuasion may convince a human to buy a car beyond one’s means, persuasion can be used to convince an AI to do something beyond its guardrails. The two test cases were to ask the LLM to return an insult, and to return the recipe for lidocaine. While this isn’t the only way to jailbreak an LLM, it’s a novel bit of work, determining that the AI has some of the same weaknesses as humans.

The Scam Become Real

If you run your own mail server, or check your spam folder, you’ve surely seen the emails where a scammer claims to have taken over your webcam while you were watching pornography. Historically this has been a complete lie, simply to extort the naive. Unfortunately, it seems that someone took this as a challenge, and has actually built malware that attempts to do exactly what the classic spam has threatened. And of course, it’s open source.

Bits and Bytes

Researchers at Silent Signal took a look at the IBM i mainframe system, and have a CVE to show for it. The exploit was a replay attack followed by a command injection. The first approach allowed for blind code execution, but the challenge on this second time around was to find something more useful, and SQL turned out to be the key.

And finally, the folks at Trail of Bits are looking at the application integrity problem, when running applications inside electron and even Chrome. The binaries themselves may be signed, but there’s a part of the program that isn’t: The heap snapshots. This is a V8 feature used to significantly speed up the loading of the pages inside these apps. It turns out that snapshot can also be used to poison the internal state of those apps, and sidestep existing controls. Electron has patched the issue, but there are some cases where Chrome itself may still be vulnerable to this fascinating approach.

hackaday.com/2025/09/05/this-w…

L’azienda californiana Figure ha svelato un altro traguardo per il suo umanoide Figure 02: il robot ha caricato una lavastoviglie con elevata precisione utilizzando il versatile modello Helix, basato sull’architettura Vision-Language-Action (VLA). Un compito apparentemente banale per gli umani si trasforma in un complesso test di precisione, forza di presa e adattamento a diversi tipi di oggetti per l’assistente artificiale .

La particolarità è che non sono state create nuove logiche o algoritmi speciali per eseguire questa operazione. Il successo si basa sullo stesso sistema universale Helix, che ha già dimostrato capacità in altri scenari. Grazie a dati aggiuntivi e all’apprendimento da esempi di comportamento umano, Figure 02 ha padroneggiato in modo indipendente le complessità del lavoro con piatti, bicchieri e altre stoviglie.

Le principali sfide per il robot sono afferrare con precisione gli oggetti con le dita, ruotarli alla giusta angolazione, posizionarli nello spazio ristretto del cestello con un errore di pochi centimetri e trattenere gli oggetti con una forza sufficiente a impedirne lo scivolamento, ma anche la rottura. Helix ha permesso a Figure 02 di dimostrare una precisione pari a quella dei movimenti delle dita umane, nonché di adattarsi a diversi set di piatti e correggere le azioni in caso di errore o collisione.

Solo pochi anni fa, i robot necessitavano di una programmazione speciale per svolgere tali compiti, e lavare i piatti era considerato una delle operazioni domestiche “impossibili”.

Ora Figure dimostra che un modello universale e nuovi dati sono sufficienti per far funzionare il sistema senza bisogno di alcuna progettazione mirata. Lo stesso principio consentiva in precedenza a Figure 02 di piegare gli asciugamani e distribuire i pacchi su un nastro trasportatore.

Helix è stato presentato a febbraio di quest’anno e da allora è diventato il cervello degli umanoidi dell’azienda. Durante l’estate, il robot ha impressionato il pubblico con un video in cui caricava i vestiti in una lavatrice, per poi dimostrare la sua capacità di seguire comandi verbali adattandosi a compiti diversi, come piegare gli asciugamani. A giugno, Figure 02 ha mostrato il lavoro su una catena di montaggio, smistando scatole. Ogni nuova abilità si aggiunge al set di competenze complessivo, ampliando la versatilità del sistema.

A prima vista, caricare la lavastoviglie, piegare il bucato o gestire la logistica possono sembrare attività non correlate. Tuttavia, Figure integra tutti questi scenari in un’unica architettura. Ciò significa che è possibile apprendere nuove funzionalità senza dover riscrivere il codice o progettare singoli moduli, aprendo le porte a uno sviluppo scalabile.

Sebbene siamo ancora lontani da un “robot maggiordomo” a tutti gli effetti, compiti come spolverare, portare fuori la spazzatura o passare l’aspirapolvere restano ancora da realizzare. Ma i risultati ottenuti dimostrano che gli assistenti umanoidi stanno già imparando a svolgere diverse funzioni e ogni nuova abilità ci avvicina al futuro, dove troveranno il loro posto nella vita quotidiana e nella produzione.

L'articolo Figure02, il robot che carica la lavastoviglie con precisione proviene da il blog della sicurezza informatica.