A mosquito has a very finely tuned proboscis that is excellent at slipping through your skin to suck out the blood beneath. Researchers at McGill University recently figured that the same biological structure could also prove useful in another was—as a fine and precise nozzle for 3D printing (via Tom’s Hardware).
Small prints made with the mosquito proboscis nozzle. Credit: research paper
To achieve this feat, the research team harvested the proboscis from a female mosquito, as only the female of the species sucks blood in this timeline. The mosquito’s proboscis was chosen over other similar biological structures, like insect stingers and snake fangs. It was prized for its tiny size, with an inside diameter of just 20 micrometers—which outdoes just about any man-made nozzle out there. It’s also surprisingly strong, able to resist up to 60 kPa of pressure from the fluid squirted through it.

Of course, you can’t just grab a mosquito and stick it on your 3D printer. It takes very fine work to remove the proboscis and turn it into a functional nozzle; it also requires the use of 3D printed scaffolding to give the structure additional strength. The nozzle is apparently used with bio-inks, rather than molten plastic, and proved capable of printing some basic 3D structures in testing.

Amusingly, the process has been termed 3D necroprinting, we suspect both because it uses a dead organism and because it sounds cool on the Internet. We’ve created a necroprinting tag, just in case, but we’re not holding our breath for this to become the next big thing. At 20 um, more likely the next small thing.

Further details are available in the research paper. We’ve actually featured quite a few mosquito hacks over the years. Video after the break.

youtube.com/embed/abM85B1bWnY?…

[Thanks to Greg Gavutis for the tip!]

hackaday.com/2025/12/01/necrop…

[Aditya Sripada] and [Abhishek Warrier]’s TARS3D robot came from asking what it would take to make a robot with the capabilities of TARS, the robotic character from Interstellar. We couldn’t find a repository of CAD files or code but the research paper for TARS3D explains the principles, which should be enough to inspire a motivated hacker.

What makes TARS so intriguing is the simple-looking structure combined with distinct and effective gaits. TARS is not a biologically-inspired design, yet it can walk and perform a high-speed roll. Making real-world version required not only some inspired mechanical design, but also clever software with machine learning.

[Aditya] and [Abhishek] created TARS3D as a proof of concept not only of how such locomotion can be made to work, but also as a way to demonstrate that unconventional body and limb designs (many of which are sci-fi inspired) can permit gaits that are as effective as they are unusual.

TARS3D is made up of four side-by-side columns that can rotate around a shared central ‘hip’ joint as well as shift in length. In the movie, TARS is notably flat-footed but [Aditya] found that this was unsuitable for rolling, so TARS3D has curved foot plates.

The rolling gait is pretty sensitive to terrain variations, but the walking gait proved to be quite robust. All in all it’s a pretty interesting platform that does more than just show a TARS-like dual gait robot can be made to actually work. It also demonstrates the value of reinforcement learning for robot gaits.

A brief video is below in which you can see the bipedal walk in action. Not that long ago, walking robots were a real challenge but with the tools available nowadays, even a robot running a 5k isn’t crazy.

youtube.com/embed/_lxj-X5HDOQ?…

hackaday.com/2025/12/01/tars-l…

To those of us who live in the civilized lands where ~230 VAC mains is the norm and we can shove a cool 3.5 kW into an electric kettle without so much as a second thought, the mere idea of trying to boil water with 120 VAC and a tepid 1.5 kW brings back traumatic memories of trying to boil water with a 12 VDC kettle while out camping. Naturally, in a fit of nationalistic pride this leads certain North American people like that bloke over at the [Technology Connections] YouTube to insist that this is fine, as he tries to demonstrate how ridiculous 240 VAC kettles are by abusing a North American Level 2 car charger to power a UK-sourced kettle.

Ignoring for a moment that in Europe a ‘Level 1’ charger is already 230 VAC (±10%) and many of us charge EVs at home with three-phase ~440 VAC, this video is an interesting demonstration, both of how to abuse an EV car charger for other applications and how great having hot water for tea that much faster is.

Friendly tea-related transatlantic jabs aside, the socket adapter required to go from the car charger to the UK-style plug is a sight to behold. All which we starts as we learn that Leviton makes a UK-style outlet for US-style junction boxes, due to Gulf States using this combination. This is subsequently wired to the pins of the EV charger connector, after which the tests can commence.

Unsurprisingly, the two US kettles took nearly five minutes to boil the water, while the UK kettle coasted over the finish line at under two minutes, allowing any tea drinker to savor the delightful smells of the brewing process while their US companion still stares forlornly at their American Ingenuity in action.

Beginning to catch the gist of why more power now is better, the two US kettles were then upgraded to a NEMA 6-20 connector, rated for 250 VAC and 20 A, or basically your standard UK ring circuit outlet depending on what fuse you feel bold enough to stick into the appliance’s power plug. This should reduce boiling time to about one minute and potentially not catch on fire in the process.

Both of the kettles barely got a chance to overheat and boiled the water in 55 seconds. Unfortunately only the exposed element kettle survived multiple runs, and both found themselves on an autopsy table as it would seem that these kettles are not designed to heat up so quickly. Clearly a proper fast cup of tea will remain beyond reach of the average North American citizen beyond sketchy hacks or using an old-school kettle.

Meanwhile if you’d like further international power rivalry, don’t forget to look into the world as seen through its power connectors.

youtube.com/embed/INZybkX8tLI?…

hackaday.com/2025/12/01/using-…

Playing the drums requires a lot of practice, but that practice can be incredibly loud. A nice workaround is presented by [PocketBoy], in converting an acoustic kit to electronic operation so you can play with headphones instead.
A sensor installed inside a floor tom.
It might sound like a complicated project, but creating a basic set of electronic drums can actually be quite simple if you’ve already got an acoustic kit. You just need to damp all the drums and cymbals to make them quieter, and then fit all the individual elements with their own piezo sensors. These are basically small discs that can pick up vibrations and turn them into electricity—which can be used to trigger an electronic drum module.

[PocketBoy]’s build started with a PDP New Yorker kit, some mesh heads to dull the snares and toms, and some low-volume cymbals sourced off Amazon. Each drum got a small piezo element, which was soldered to a 6.5mm jack for easy hookup. They’re installed inside the drums on foam squares with a simple bracket system [PocketBoy] whipped up from hardware store parts. A DDrum DDti interface picks up the signals from the piezo elements and sends commands to an attached PC. It’s paired with Ableton 12 Lite, which plays the drum sounds as triggered by the drummer.

[PocketBoy] notes it’s a quick and dirty setup, good for quiet practice but not quite gig-ready. You’d want to probably just run it as a regular acoustic kit in that context, but there’s nothing about the conversion that prevents that. Ultimately, it’s a useful project if you find yourself needing to practice the drums quietly and you don’t have space for a second electric-only kit. There’s lots of other fun you can have with those piezos, too. Video after the break.

@the606queer
How I’m getting away with a drumset in an apartment building! Mesh heads + DIY triggers + Plain wash cloth + Stick Rods + DDTI DDrum Trigger i/o into Ableton. I need a better snare sample but this thing is whisper quiet! #drums #beginner #acoustics #fyp #drumtok

♬ original sound – the606queer

hackaday.com/2025/12/01/quiet-…

I ricercatori di sicurezza hanno scoperto una sofisticata campagna di exploitche sfrutta un servizio privato di test di sicurezza delle applicazioni out-of-band (OAST) ospitato sull’infrastruttura Google Cloud. La campagna prende di mira principalmente i sistemi in Brasile e sfrutta oltre 200 vulnerabilità comuni (CVE).

Metodo di attacco

Gli endpoint OAST in genere aiutano gli aggressori a verificare il successo degli exploit per l’esecuzione di comandi, la falsificazione delle richieste lato server (SSRF) e la deserializzazione. La maggior parte degli aggressori utilizza servizi OAST disponibili pubblicamente come toast.fun e interact.sh, ma gli autori di questa operazione di minaccia gestivano un dominio privato chiamato i-sh.detectors-testing.com.

Il sistema di threat intelligence Canary di VulnCheck ha rilevato circa 1400 tentativi di exploit relativi a questa infrastruttura tra il 12 ottobre e il 14 novembre 2025. Questa insolita configurazione OAST privata la distingue chiaramente dalla tipica attività di scansione.

Infrastruttura

Tutto il traffico di attacco osservato proveniva da indirizzi IP di Google Cloud situati negli Stati Uniti. Gli IP di scansione identificati includono: 34.172.194.72, 35.194.0.176, 34.133.225.171, 34.68.101.3, 34.42.21.27 e 34.16.7.161.

Un host OAST dedicato, 34.136.22.26, esegue il servizio Interactsh sulle porte 80, 443 e 389. L’utilizzo dell’hosting di Google Cloud offre un vantaggio tattico. I difensori raramente bloccano completamente il traffico proveniente da grandi provider di servizi cloud, facilitando l’infiltrazione del traffico di attacco nelle comunicazioni di rete legittime.

Caratteristiche dell’attacco

Sebbene VulnCheck distribuisca Canary a livello globale, questa campagna di attacco ha preso di mira solo i sistemi distribuiti in Brasile. Sebbene i report di AbuseIPDB indichino che lo stesso gruppo di IP degli aggressori sia stato segnalato anche in Serbia e Turchia, i dati di VulnCheck confermano che il suo obiettivo era esclusivamente quello di colpire obiettivi brasiliani.

Gli aggressori hanno combinato template Nuclei con versioni precedenti non più mantenute nel repository ufficiale. Ad esempio, l’attacco ha utilizzato il template obsoleto grafana-file-read. Questo template YAML è stato rimosso dal repository nuclei-templates nell’ottobre 2025.

Ciò suggerisce che gli aggressori potrebbero aver utilizzato strumenti obsoleti o scanner di terze parti.

Payload personalizzato

L’attacco ha utilizzato anche un payload personalizzato. L’aggressore ha esposto una directory aperta sulla porta 9000 contenente un file TouchFile.class modificato, progettato per sfruttare una vulnerabilità in Fastjson 1.2.47.

A differenza della versione standard di Vulhub, questo payload personalizzato poteva eseguire comandi arbitrari e avviare richieste HTTP in base a parametri. Le prove suggeriscono che l’infrastruttura di attacco sia operativa almeno da novembre 2024, dimostrando un’insolita persistenza.

Mentre la maggior parte degli scanner sostituisce rapidamente la propria infrastruttura, questo aggressore ha mantenuto una presenza stabile a lungo termine.

Raccomandazioni di sicurezza

Questo attacco evidenzia come gli aggressori stiano utilizzando strumenti di scansione open source come Nuclei per diffondere payload di exploit su larga scala su Internet.

Sono indifferenti al lasciare tracce, purché riescano a individuare rapidamente obiettivi vulnerabili. Per prevenire minacce così persistenti, le organizzazioni dovrebbero monitorare il traffico di rete alla ricerca di callback OAST insoliti, bloccare gli indirizzi IP dannosi noti e assicurarsi che i sistemi esposti vengano tempestivamente aggiornati.

L'articolo Gli hacker trasformano Google Cloud in un bunker segreto. Scoperta un’operazione shock proviene da Red Hot Cyber.

Nel 2024 in Italia sono state registrate 2.379 nuove diagnosi di HIV e 450 nuovi casi di AIDS. Numeri che si accompagnano ad un fenomeno che continua a preoccuparci: molte di queste diagnosi arrivano tardi. Non per mancanza di attenzione da parte delle persone, ma perché il nostro Paese non garantisce ancora un’informazione chiara, capillare e accessibile sulla salute sessuale, né condizioni che rendano semplice e naturale il ricorso ai test o ai percorsi di prevenzione.

La realtà è che, mentre si parla costantemente di “emergenza educativa”, la politica continua a ignorare ciò che davvero serve a creare consapevolezza: percorsi seri e laici di educazione alle differenze, all’affettività e alla sessualità in tutte le scuole. Le nuove generazioni crescono senza strumenti, senza linguaggi adeguati, senza una cultura che normalizzi la salute sessuale come parte integrante del benessere di tutt*. E così l’HIV resta un fenomeno reale ma poco discusso, confinato ai margini di un dibattito pubblico che spesso preferisce evitarlo. In altre parole, resta tabù, e le persone sierocoinvolte continuano a pagare il prezzo dello stigma.

Nel frattempo, sono le associazioni nei territori a portare avanti il lavoro più importante: costruire informazione, offrire supporto, organizzare test, orientare le persone ai servizi, creare luoghi dove parlare di salute sessuale sia possibile e non eccezionale. La loro presenza sopperisce a un vuoto politico che non dovrebbe esistere.

Come Possibile e Possibile LGBTI+ continuiamo a chiedere che la salute sessuale debba tornare al centro delle politiche pubbliche. Significa introdurre percorsi formativi strutturati nelle scuole e diffondere la cultura della prevenzione come parte della vita quotidiana, non come un gesto coraggioso. Significa garantire l’accesso gratuito ai contraccettivi e ai preservativi per le persone under 30, e rendere davvero accessibile la PrEP, che in molti Paesi europei ha già dimostrato di ridurre drasticamente le nuove diagnosi. E significa investire in campagne di informazione continuative, non iniziative sporadiche legate a una data sul calendario.

Non abbiamo bisogno di retorica né di moralismi. Abbiamo bisogno di una politica che riconosca che la salute è libertà e dignità, che la prevenzione è un diritto e che l’accesso agli strumenti per esercitarlo deve essere semplice e garantito. Il 1° dicembre non è una parentesi: è il promemoria annuale di ciò che dovremmo fare tutto l’anno e che, invece, ancora non facciamo.

Parlare di HIV significa parlare di conoscenza, autodeterminazione, dignità. E soprattutto significa ribadire che nessuna persona deve sentirsi sola o abbandonata.

Gianmarco Capogna

L'articolo Giornata mondiale contro l’AIDS, un invito ad assumerci una responsabilità collettiva proviene da Possibile.

The US Patent Office has put forth regulations to end the our ability to challenge improperly granted patents in the Patent Office. These new rules will be a gift to patent trolls by keeping bad patents alive to stifle innovation. As the EFF notes: People targeted with troll lawsuits will be left with almost no realistic or affordable way to defend themselves.

We have until the end of Tuesday, December 2nd to file comments opposing these rules. The Biden administration tried to get these rules passed in 2023, but thousands of people stopped them. We need to stop the Trump administration from getting these rules passed!

The Inter partes review (IPR) process what voted on by Congress in 2013. Congress defined how it should work and who it applies to. The Patent Office must not add additional regulations that limit our access to it. The EFF points out why these rule changes are harmful:

Inter partes review, (IPR), isn’t perfect. It hasn’t eliminated patent trolling, and it’s not available in every case. But it is one of the few practical ways for ordinary developers, small companies, nonprofits, and creators to challenge a bad patent without spending millions of dollars in federal court. That’s why patent trolls hate it—and why the USPTO’s new rules are so dangerous.

IPR isn’t easy or cheap, but compared to years of litigation, it’s a lifeline. When the system works, it removes bogus patents from the table for everyone, not just the target of a single lawsuit.

IPR petitions are decided by the Patent Trial and Appeal Board (PTAB), a panel of specialized administrative judges inside the USPTO. Congress designed IPR to provide a fresh, expert look at whether a patent should have been granted in the first place—especially when strong prior art surfaces. Unlike full federal trials, PTAB review is faster, more technical, and actually accessible to small companies, developers, and public-interest groups.

As an example why we need the IPR process: Personal Audio tried to squeeze royalties from podcasters. Without IPR, EFF would not have been able to challenge their patent and Personal Audio would have continued to shake down podcasters.

Please take a couple of minutes to submit your comments about why we cannot let bad patents slip through unchallenged. You can write your own or use the following draft comment we borrowed from the EFF and modified:

I oppose the USPTO’s proposed rule changes for inter partes review (IPR), Docket No. PTO-P-2025-0025. The IPR process must remain open and fair. The Patent Office does not have the ability to legislate and must not limit who can take advantage of the IPR process beyond what Congress has authorized. Patent challenges should be decided on their merits, not shut out because of legal activity elsewhere. These rules would make it nearly impossible for the public to challenge bad patents, and that will harm innovation and everyday technology users.

or you can use their comment as they wrote it:

I oppose the USPTO’s proposed rule changes for inter partes review (IPR), Docket No. PTO-P-2025-0025. The IPR process must remain open and fair. Patent challenges should be decided on their merits, not shut out because of legal activity elsewhere. These rules would make it nearly impossible for the public to challenge bad patents, and that will harm innovation and everyday technology users.

masspirates.org/blog/2025/12/0…

The 2026 Pirate National Conference has been subject to an elimination style bracket tournament to determine where we will host what will mark the 20th birthday of the United States Pirate Party.

As of today, we are down to four potential cities:

• Boston, Massachusetts
• Chicago, Illinois
• Seattle, Washington
• Vicksburg, Mississippi

Results from Round 2 are posted on our Discord server.

Eight other cities were previously in consideration and will no longer be considered for the 2026 conference. The eight eliminated cities, as well as the three cities that shall be eliminated by the conclusion of this tournament, shall be in permanent consideration for future Pirate National Conference locations until they have hosted. Albuquerque, Las Vegas, Louisville, Mobile, New Orleans, Plattsburgh, Portland (OR) and Providence shall all be in consideration in 2027 and beyond.

We now find ourselves in the Final Four, with two matchups this week that our members and supporters can vote on. Boston (1) will take on Seattle (9) while Vicksburg (4) takes on Chicago (6).
The Final Four
The tournament shall conclude on December 15th.

This tournament ending up in four totally different regions of the country is emblematic of the growth of this party. We might have states with a stronger presence of their Pirate Party, but our growth is nationwide and undeniable. After 20 years, the second oldest Pirate Party in the world will celebrate our conference on a boat and prepare for the next 20 years. We are looking forward to June 6th and hope you all are too.

Regardless of location, the conference will be A.) held on a boat and B.) hybrid, meaning those unable to attend in-person may still attend online.

Those who wish to vote can join our Discord server to find a link to the tournament. The Final Four closes out next week and the championship vote will begin from there.

uspirates.org/2026-pirate-nati…