Our hacker [Moritz Klein] shows us how to make a minimalist analog drum machine. If you want the gory details check out the video embedded blow and there is a first class write-up available as a 78 page PDF manual too. Indeed it has been a while since we have seen a project which was this well documented.

A typical drum machine will have many buttons and LEDs and is usually implemented with a microcontroller. In this project [Moritz] eschews that complexity and comes up with an analog solution using a few integrated circuits, LEDs, and buttons.

The heart of the build are the integrated circuits which include two TL074 quad op amps, a TL072 dual op amp, a CD4520 binary counter, and eight CD4015 shift registers. Fifteen switches and buttons are used along with seven LEDs. And speaking of LEDs, our hacker [Moritz] seems to have an LED schematic symbol tattooed to his hand, and we don’t know about you, but this screams credibility to us! 😀

This capable drum machine includes a bunch of features, including: 4 independent channels with one-button step input/removal; up to 16 steps per channel; optional half-time mode per channel; two synchronizable analog low-frequency oscillators (LFOs) for dynamic accents; resistor-DAC output for pitch or decay modulation; and an internal clock with 16th, 8th, and quarter note outputs, which can be synchronized with external gear.

Of course at Hackaday we’ve seen plenty of drum machines before. If you’re interested in drum machines you might also like to check out Rope Core Drum Machine and Shapeshifter – An Open Source Drum Machine.

youtube.com/embed/s9HKXLPiX0w?…

hackaday.com/2025/10/01/the-ma…

Recently [Faith Ekstrand] announced on Mastodon that Mesa was updating its contributor guide. This follows a recent AI slop incident where someone submitted a massive patch to the Mesa project with the claim that this would improve performance ‘by a few percent’. The catch? The entire patch was generated by ChatGPT, with the submitter becoming somewhat irate when the very patient Mesa developers tried to explain that they’d happily look at the issue after the submitter had condensed the purported ‘improvement’ into a bite-sized patch.

The entire saga is summarized in a recent video by [Brodie Robertson] which highlights both how incredibly friendly the Mesa developers are, and how the use of ChatGPT and kin has made some people with zero programming skills apparently believe that they can now contribute code to OSS projects. Unsurprisingly, the Mesa developers were unable to disabuse this particular individual from that notion, but the diff to the Mesa contributor guide by [Timur Kristóf] should make abundantly clear that someone playing Telephone between a chatbot and OSS project developers is neither desirable nor helpful.

That said, [Brodie] also highlights a recent post by [Daniel Stenberg] of Curl fame, who thanked [Joshua Rogers] for contributing a massive list of potential issues that were found using ‘AI-assisted tools’, as detailed in this blog post by [Joshua]. An important point here is that these ‘AI tools’ are not LLM-based chatbots, but rather tweaked existing tools like static code analyzers with more smarts bolted on. They’re purpose-made tools that still require you to know what you’re doing, but they can be a real asset to a developer, and a heck of a lot more useful to a project like Curl than getting sent fake bug reports by a confabulating chatbot as has happened previously.

youtube.com/embed/4d8jLfa5Mx8?…

hackaday.com/2025/10/01/mesa-p…

The internet has already taught us that an electric surfboard is a great way to get around on the water while looking like an absolute badass. [RCLifeOn] is continuing to push the boat forward in this regard, however, adding thrust vectoring technology to his already-impressive build.

If you’re unfamiliar with the world of electric surfboards, the concept is relatively simple. Stick one or more electric ducted fan thrusters on the back, add some speed controllers, and power everything from a chunky bank of lithium-ion batteries. Throw in a wireless hand controller, and you’ve got one heck of a personal watercraft.

Traditionally, these craft are steered simply by leaning and twisting as a surfer would with a traditional board. However, more dynamic control is possible if you add a way to aim the thrust coming from the propulsion system. [RCLifeOn] achieved this by adding steerable nozzles behind the ducted fan thrusters, controlled with big hobby servos to handle the forces involved. The result is a more controllable electric surfboard that can seriously carve through the turns. Plus, it’s now effectively an RC boat all on its own, as it no longer needs a rider on board to steer.

We’ve covered various developments in this surfboard’s history before, too. Video after the break.

youtube.com/embed/51nLtHqw2Ys?…

hackaday.com/2025/10/01/electr…

Per Firenze, appuntamento il 3 ottobre alla Fortezza, ore 9:15.

#Gaza
#GlobalSumudFlotilla
#FIOM

È stato scoperto un nuovo toolkit di phishing, MatrixPDF, che consente agli aggressori di trasformare normali file PDF in esche interattive che aggirano la sicurezza della posta elettronica e reindirizzano le vittime a siti Web che rubano credenziali o scaricano malware.

I ricercatori di Varonis, che hanno scoperto lo strumento, sottolineano che MatrixPDF viene pubblicizzato come un simulatore di phishing e una soluzione per specialisti di black team. Tuttavia, sottolineano che è stato individuato per la prima volta su forum di hacker.

“MatrixPDF: è uno strumento avanzato per la creazione di PDF di phishing realistici, progettato per i team di black team e per la formazione sulla sicurezza informatica”, si legge nell’annuncio. “Con l’importazione di PDF tramite trascinamento della selezione, l’anteprima in tempo reale e le sovrapposizioni personalizzabili, MatrixPDF consente di creare scenari di phishing di livello professionale. Funzionalità di sicurezza integrate come la sfocatura dei contenuti, i reindirizzamenti sicuri, la crittografia dei metadati e il bypass di Gmail garantiscono affidabilità e distribuzione in ambienti di test.”

Il toolkit è disponibile con diversi piani tariffari, che vanno da $ 400 al mese a $ 1.500 all’anno.

I ricercatori spiegano che il builder MatrixPDF consente agli aggressori di caricare un file PDF legittimo e poi di aggiungervi funzionalità dannose, come l’offuscamento del contenuto, falsi prompt “Documento protetto” e sovrapposizioni cliccabili che puntano a un URL esterno con il payload.

Inoltre, MatrixPDF consente azioni JavaScript, che vengono attivate quando un utente apre un documento o clicca su un pulsante. In questo caso, il codice JavaScript tenta di aprire un sito web o di eseguire altre azioni dannose.

La funzione di sfocatura crea file PDF il cui contenuto appare protetto, sfocato e contiene un pulsante “Apri documento protetto“. Cliccando su questo pulsante si apre un sito web che può essere utilizzato per rubare credenziali o distribuire malware.

Un test condotto da specialisti ha dimostrato che i PDF dannosi creati utilizzando MatrixPDF possono essere inviati a una casella di posta Gmail e che l’email riesce a bypassare i filtri anti-phishing. Questo perché questi file non contengono file binari dannosi, ma solo link esterni.

Un altro test condotto dai ricercatori dimostra come la semplice apertura di un PDF dannoso provochi l’apertura di un sito web esterno. Questa funzionalità è più limitata, poiché i moderni visualizzatori di PDF avvisano l’utente che il file sta tentando di connettersi a un sito remoto.

Gli esperti di Varonis ci ricordano che i file PDF restano uno strumento popolare per gli attacchi di phishing perché sono ampiamente distribuiti e le piattaforme di posta elettronica possono visualizzarli senza preavviso.

L'articolo Arriva MatrixPDF: bastano pochi click e il phishing è servito! proviene da il blog della sicurezza informatica.

Theoretically USB-C is a pretty nifty connector, but the reality is that it mostly provides many exciting new ways to make your device not work as expected. With the gory details covered by [Alvaro], the latest to join the party is Segger, with its J-Link BASE Compact MCU debugger displaying the same behavior which we saw back when the Raspberry Pi 4 was released in 2019. Back then so-called e-marked USB-C cables failed to power the SBC, much like how this particular J-Link unit refuses to power up when connected using one of those special USB-C cables.

We covered the issue in great detail back then, discussing how the CC1 and CC1 connections need to be wired up correctly with appropriate resistors in order for the USB-C supply – like a host PC – to provide power to the device. As [Alvaro] discovered through some investigation, this unit made basically the same mistake as the RPi 4B SBC before the corrected design. This involves wiring CC1 and CC2 together and as a result seeing the same <1 kOhm resistance on the active CC line, meaning that to the host device you just hooked up a USB-C audio dongle, which obviously shouldn’t be supplied with power.

Although it’s not easy to tell when this particular J-Link device was produced, the PCB notes its revision as v12.1, so presumably it’s not the first rodeo for this general design, and the product page already shows a different label than for the device that [Alvaro] has. It’s possible that it originally was sloppily converted from a previous micro-USB-powered design where CC lines do not exist and things Just Work, but it’s still a pretty major oversight from what should be a reputable brand selling a device that costs €400 + VAT, rather than a reputable brand selling a <$100 SBC.

For any in the audience who have one of these USB-C-powered debuggers, does yours work with e-marked cables, and what is the revision and/or purchase date?

hackaday.com/2025/10/01/segger…

This week Jonathan talks with Brandon and TC about Veilid, the peer-to-peer networking framework that takes inspiration from Tor, and VeilidChat, the encrypted messenger built on top of it. What was the inspiration? How does it work, and what can you do with it? Listen to find out!

• Veilid.com
• gitlab.com/veilid/veilid
• veilid.gitlab.io/developer-boo…

youtube.com/embed/FQcBrBCd1V8?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/10/01/floss-…

These days, we take it for granted that you can connect a cheap piece of hardware to a microcontroller and have an amazing debugging experience. Stop the program. Examine memory and registers. You can see and usually change anything. There are only a handful of ways this is done on modern CPUs, and they all vary only by detail. But this wasn’t always the case. Getting that kind of view to an actual running system was an expensive proposition.

Today, you typically have some serial interface, often JTAG, and enough hardware in the IC to communicate with a host computer to reveal and change internal state, set breakpoints, and the rest. But that wasn’t always easy. In the bad old days, transistors were large and die were small. You couldn’t afford to add little debugging pins to each processor you produced.

This led to some very interesting workarounds. Of course, you could always run simulators on a larger computer. But that might not work in real time, and almost certainly didn’t have all the external things you wanted to connect to, unless you also simulated them.

The alternative? Create a special chip, often called a bond-out chip. These were usually expensive and had some way to communicate with the outside world. This might be a couple of pins, or there might be a bundle of wires coming out of the top of the chip. You replaced your microprocessor with the expensive bond-out chip and connected it to your very expensive in-circuit emulator.
If you have a better scan of the ICE-51 datasheet, we’d love to see it.
For example, the venerable 8051 had an 8051E chip that brought out the address and data bus lines for debugging. In fact, the history of the 8051 notes that they developed the bond-out chip first. The chip was bigger and sold in lower volumes, so it was more expensive. It needed not just connections but breakpoint hardware to stop the CPU at exactly the right time for debugging.

In some cases, the emulator probe was a board that sat between a stock CPU and the CPU socket. Of course, that meant you had to have room to accommodate the large board. Of course, it also assumes that at least your development board had a socket, although in those days it was rare to have an expensive CPU soldered right down to the board.
Another poor scan, this time of the Lauterbach emulator probe for the 68000.
For example, the Lauterbach ICE-68300 here could take a bond-out chip or a regular chip, although it would be missing features if you didn’t have the special chip.

Of course, you can still find them in circuit emulators, but the difference is that they almost certainly have supporting hardware on the standard chip and simply use a serial communication protocol to talk to the on-chip hardware.

Of course, if you want an emulator for an old CPU, you have enough horsepower now that you can probably emulate it like with a modern processor, like the IZE80 does in the video below. Then you can incorporate all kinds of magical debugging features. But be careful what you take on. To properly mimic the hardware means tight timing for things like DRAM refresh and a complete understanding of all the bus timings involved.

But it can be done. In any event, on chip debugging or real in-circuit emulation, it sure makes life easier.

youtube.com/embed/Gdode3PfTbs?…

hackaday.com/2025/10/01/lost-t…

[Mukesh Sankhla] has been tinkering in the world of Point of Sale systems of late. His latest creation is a simple, straightforward kiosk system, and he’s open sourced the design.

The Latte Panda MU single-board computer is at the heart of the build, handling primary duties and communicating with the outside world. It’s hooked up to a touchscreen display which shows the various items available for purchase. As an x86 system, the Latte Panda runs Windows 11, along with a simple kiosk software package written in Python. The software uses Google Firebase as a database backend. There’s also an Xiao ESP32 S3 microcontroller in the mix, serving as an interface between the Latte Panda and the thermal printer which is charged with printing receipts.

It’s worth noting that this is just a point-of-sale system; it executes orders, but doesn’t directly deliver or vend anything. With that said, since it’s all open-source, there’s nothing stopping you from upgrading this project further.

We’ve featured other interesting point-of-sale systems before; particularly interesting was the San Francisco restaurant that was completely automated with no human interaction involved

youtube.com/embed/sL1OeTtPDf0?…

hackaday.com/2025/10/01/buildi…

In the middle of the 20th century, the atom was all the rage. Radiation was the shiny new solution to everything while being similarly poorly understood by the general public and a great deal of those working with it.

Against this backdrop, Firestone Tire and Rubber Company decided to sprinkle some radioactive magic into spark plugs. There was some science behind the silliness, but it turns out there are a number of good reasons we’re not using nuke plugs under the hood of cars to this day.

Hot Stuff

The Firestone Polonium spark plug represented a fascinating intersection of Cold War-era nuclear optimism and automotive engineering. These weren’t your garden-variety spark plugs – they contained small amounts of polonium-210. The theory behind radioactive spark plugs was quite simple from an engineering perspective. As the radioactive polonium decayed into lead, it would release alpha particles supposed to ionize the air-fuel mixture in the combustion chamber, making an easier path for the spark to ignite and reducing the likelihood of misfires. Thus, the polonium-210 spark plugs would theoretically create a better, stronger spark and improve combustion efficiency.
Firestone decided polonium, not radium, was the way to go when it filed a patent of its own. Credit: US Patent
These plugs hit the market sometime around 1940, though the idea dates back at least a full 11 years earlier. In 1924, Albert Hubbard applied for a patent (US 1,723,422), which was granted five years later. His patent concerned the use of radium to create an ionized path through the gas inside an engine’s cylinder to improve spark plug performance.

Firestone’s patent (US 2,254,169) came much later, granted in 1941. The company decided that polonium-210 was a more viable radioactive source. Radium was considered “too expensive and dangerous”, while uranium and thorium isotopes were found to be “ineffective.” Polonium, though, was the bee’s knees. From the patent filing:

Frequently, conditions will be so unfavorable that a spark will not occur at all, and it will be necessary to turn the engine over a number of times before a spark occurs. However, if the alpha rays of polonium are passing through the gap, a large number of extra ions are formed by each alpha ray (10,000 ions per-alpha ray) and the gap breaks down promptly after the voltage begins to rise and at a lower voltage value than that required by standard spark plugs. Thus, it might be said that polonium creates favorable conditions for gap breakdown under all circumstances. Many tests have been run which substantiate the above explanations. The most conclusive test of this type consisted in comparing the starting characteristics of many polonium-containing spark plugs with ordinary spark plugs, all plugs having had more than a year of hard service, in several engines at -15° F. It was found that thirty per cent fewer revolutions of an engine were required for starting when the polonium plugs were used.

Firestone was quite proud of its new Atomic Age product. Credit: Firestone
As per the patent, the radioactive material was incorporated into the electrodes by adding it to the nickel alloy used to produce them. This would put it in prime position to ionize the air charge in the spark gap where it mattered most.

The science seems to check out on paper, but polonium spark plugs were only on the market for a short period of time, with the last known advertisements being published sometime around 1953. If the radioactive spark plugs had serious performance benefits, one suspects they might have stuck around. However, physics tells us they may not have been that special in reality.

In particular, polonium-210 has a relatively short half-life of just 138 days. In a year, 84% of the initial polonium-210 would have already decayed. Thus, between manufacturing, shipping, purchase, and installation, it’s hard to say how much “heat” would have been left in the plugs by the time they even reached the consumer. These plugs would quickly lose their magic simply sitting on the shelf. Beyond that, there are some questions of their performance in a real working engine. Firestone’s patent claimed improved performance over time, but a more sceptical view would be that deposits left on the spark plug electrodes over time would easily block any alpha particles that would otherwise be emitted to help cause ionization.
Examples of the polonium-impregnated spark plugs can be readily found online, though the radioactive material decayed away long ago. Credit: eBay
Ultimately, while the plugs may have had some small benefit when new, any additional performance was minor enough that they never really found a market. Couple this with ugly problems around dispersal, storage, and disposal of radioactive material, and it’s perhaps quite a good thing that these plugs didn’t really catch on.

Despite the lack of market success, however, it’s still possible to find these spark plugs in the wild today. A simple search on online auction sites will turn up dozens of examples, though don’t expect them to show up glowing. The radioactive material within will long have decayed to the point where they’re not going to significantly exceed typical background radiation. Still, they’re an interesting call back to an era when radioactivity was the hottest new thing on the block.

hackaday.com/2025/10/01/the-ho…