The geometric waveguide glass of the Meta Ray-Ban Display glasses. (Credit iFixit)
Recently the avid teardown folk over at iFixit got their paws on Meta’s Ray-Ban Display glasses, for a literal in-depth look at these smart glasses. Along the way they came across the fascinating geometric waveguide technology that makes the floating display feature work so well. There’s also an accompanying video of the entire teardown, for those who enjoy watching a metal box cutter get jammed into plastic.

Overall, these smart glasses can be considered to be somewhat repairable, as you can pry the arms open with a bit of heat. Inside you’ll find the 960 mWh battery and a handful of PCBs, but finding spare parts for anything beyond perhaps the battery will be a challenge. The front part of the glasses contain the antennae and the special lens on the right side that works with the liquid crystal on silicon (LCoS) projector to reflect the image back to your eye.

While LCoS has been used for many years already, including Google Glass, it’s the glass that provides the biggest technological advancement. Instead of the typical diffractive waveguide it uses a geometric reflective waveguide made by Schott, with the technology developed by Lumus for use in augmented reality (AR) applications. This is supposed to offer better optical efficiency, as well as less light leakage into or out of the waveguide.

Although definitely impressive technology, the overall repairability score of these smart glasses is pretty low, and you have to contest with both looking incredibly dorky and some people considering you to be a bit of a glasshole.

youtube.com/embed/G8ypYclM0bc?…

hackaday.com/2025/10/09/the-fa…

The worst thing about a volume knob is that, having connected it to a computer, it might be wrong: if you’ve manually altered the volume settings somewhere else, the knob’s reading won’t be correct. [I Got Distracted] has a quick tutorial on YouTube showing how to use a BLDC, a hall effect sensor, Pi Pico and the SimpleFOC library to make a knob with active haptic feedback and positioning.

We covered the SimpleFOC library a few years ago, but in case you missed it, it’s, well, a simple library for FOC on all of our favorite microcontrollers, from Arduino to ESP to Pico. FOC stands for field-oriented control, which is a particular way of providing smooth, precise control to BLDCs. (That’s a BrushLess DC motor, if the slightly-odd acronym is new to you.) [I Got Distracted] explains exactly how that works, and shows us just how simple the SimpleFOC project is to use in this video. Why, they even produce their own motor controllers, for a fully-integrated experience. (You aren’t restricted to that hardware, but it certainly does make things easy.)

The haptic feedback and self-dialing knob make for an easy introductory project, but seeing how quick it hacks together, you can doubtless think of other possibilities. The SimpleFOC controller used in this video is limited to relatively small motors, but if you want to drive hundreds of kilowatts through open source hardware, we’ve covered that, too.

Arguably, using a motor as a knob isn’t within the design spec, and so could almost qualify for our ongoing Component Abuse Challenge, had [I Got Distracted] thought to enter.

youtube.com/embed/gKdGmkCgGkg?…

hackaday.com/2025/10/09/motors…

The results are in from the national elections in the Czech Republic — and while the overall outcome is troubling, there are important victories to celebrate.

The Czech Pirate Party scored just about 9% in the elections, securing 18 seats in parliament, confirming their position as one of the strongest opposition forces in the country. In a challenging political climate, they succeeded in surpassing the extremist far right and saw the far left fail to enter parliament entirely.

“Although the overall result for the country is not good, there are also positive outcomes. We outran the extremist far right as wanted, and the far left did not make it at all.”
— Zdeněk Hřib, party leader of the Czech Pirates

However, the general election result also marks a concerning shift, with Andrej Babiš and his ANO movement returning to power — a development that underscores the vital role the Pirates will now play in defending democracy, transparency, and fundamental rights as a strong and principled opposition.

“Today’s result is a reminder that democracy can never be taken for granted. We congratulate our Czech colleagues for their resilience, their brilliant campaign, and their determination to stand as a democratic alternative against populism and extremism.”
— Florian Roussel, Chair of the European Pirate Party

The European Pirate Party stands firmly behind the Czech Pirates in their continued fight for a free, open, and democratic society.

european-pirateparty.eu/czech-…

The Component Abuse Challenge is dragging all sorts of old, half-forgotten hacks out of the woodwork, but this has got to be the most vintage: [KenS] started using a transformer as a variable choke on his speakers 55 years ago.

The hack is pretty bone-dead simple. A choke is an inductor in an audio (or any other) circuit designed to, well, choke off higher-than-desired frequencies. We featured a deep dive a few years back if you’re interested. An inductor is a coil of wire, usually (but not necessarily) wound around a core of iron or ferrite. A transformer? Well, that’s also a coil of wire around a core… plus an extra coil of wire. So when [KenS], back in his salad days, had a tweeter that a was a little too tweety, and no proper choke, he grabbed a transformer instead.

This is where inspiration hit: sure, if you leave the second winding open, the transformer acts like a standard choke. What happens if you short that second winding? Well, you dampen the response of the first winding, and it stops choking, to the point that it acts more like a straight wire. What happens if you don’t short the second winding, but don’t leave it wide open? [KenS] stuck a potentiometer on there, and found it made a handy-dandy variable choke with which to perfectly tune the tone response of his speakers. Changing the resistance changes the rate at which high frequencies are choked off, allowing [KenS] to get the perfect frequency response with which to rock out to Simon & Garfunkel, The Carpenters and The Guess Who. (According to the Billboard Top 100 for 1970, those are who you’d be listening to if you had conventional tastes.)

While we can’t say the transformer is really being tortured in this unusual mode, it’s certainly not how it was designed, so would qualify for the “Junk Box Substitutions” category of the Component Abuse Challenge. If you’ve made similar substitutions you’d like to share, don’t wait another 55 years to write them up– the contest closes November 11th.

Transformer image: Hannes Grobe, CC BY-SA 4.0.

hackaday.com/2025/10/09/2025-c…

When you think anemometer, you probably don’t think “load cell” — but (statistically speaking) you probably don’t live in Hurricane Country, which is hard on wind-speed-measuring-whirligigs. When [BLANCHARD Jordan] got tired of replacing professionally-made meteorological eggbeaters, he decided he needed something without moving parts. Whatever he came up with would probably qualify for the Component Abuse Challenge, but the choice of load cells of all things to measure wind speed? Yeah, that’s not what the manufacturer intended them for.

In retrospect, it’s actually a fairly obvious solution: take a plate of known area, and you’re going to get a specific force at a given air speed. The math isn’t hard, it’s just not how we normally see this particular measurement done. Of course, a single plate would have to be pivoted to face the wind for an accurate reading, which means moving parts– something specifically excluded from the design brief. [Jordan] instead uses a pair of load cells, mounted 90 degrees to one another, for his anemometer. One measures the force in a north-south axis, and the other east-west, allowing him to easily calculate both wind speed and direction. In theory, that is. Unfortunately, he vibe coded the math with ChatGPT, and it looks like it doesn’t track direction all that well. The vibe code runs on an ESP32 is responsible for polling data, tossing outliers, and zeroing out the load cells on the regular.

The red lines are from the load-cell equipped weather station; the blue is from a commercial model by Davis. Everything but direction tracks pretty well.
If you’re feeling forgiving towards abominable intelligence, the problem might not be code, but could potentially be related to the geometry of the wind-catchers. To catch the wind coming from any angle, instead of a flat plate, a series of angled circular vanes are used, as you can see from the image.

Given that arrangement is notably not symmetrical, that might be what throws off the direction reading. Still, the wind speed measurements are in very good agreement with known-good readings. The usual rotating bird perch doesn’t measure direction either, so this solid-state replacement should be just as good.

If you like the idea of hacking components to do something the designer never intended, the 2025 Component Abuse Challenge runs until November 11th — just don’t wait until the 11th hour, because entries close at 10 AM Pacific.

hackaday.com/2025/10/09/2025-c…

Dal 6 al 9 ottobre 2025, Varsavia è stata teatro della 11ª edizione della European Cybersecurity Challenge (ECSC). In un confronto serrato tra 39 team provenienti da Stati membri UE, Paesi EFTA, candidati e delegazioni ospiti, l’Italia ha conquistato il primo posto, seguita da Danimarca (secondo) e Germania (terza). Questo risultato segna un momento di orgoglio nazionale nell’ambito della formazione e competitività nel settore della cybersecurity europea.

La competizione si è articolata in due giornate con modalità differenti: il primo giorno ha seguito il modello Jeopardy, con problemi in vari ambiti (crittografia, forense, exploit, reverse engineering ecc.), mentre il secondo giorno ha visto uno scenario Attack/Defense in cui i team dovevano simultaneamente difendere la propria infrastruttura e attaccare quelle avversarie.
Questa combinazione richiede non solo abilità tecniche, ma anche rapidità decisionale, creatività e cooperazione in tempo reale.

La manifestazione è stata aperta con un intervento del Vice Primo Ministro e Ministro del Digitale della Polonia, Krzysztof Gawkowski, insieme al Direttore di NASK, Radosław Nielek.
Gawkowski ha sottolineato come la cybersecurity sia ormai un pilastro della sicurezza nazionale, ricordando che viviamo in un’epoca in cui gli attacchi informatici possono avere impatti comparabili a conflitti convenzionali. Nielek, da parte sua, ha evidenziato l’intensità della competizione e l’importanza del confronto tra i migliori talenti europei.

Juhan Lepassaar, direttore esecutivo di ENISA, ha esaltato l’evento come “un’opportunità unica per i giovani talenti europei”, affermando che la sfida consente di mettere alla prova competenze tecniche, pensiero critico, lavoro di squadra sotto pressione e capacità comunicative.
Allo stesso modo, Luca Tagliaretti, direttore del Centro Europeo per la Competenza nella Cybersecurity, ha ricordato che l’ECSC è più di una gara: è una piattaforma per costruire relazioni, crescita e valori condivisi.

Insieme, queste dichiarazioni segnalano che l’Europa punta a far emergere e sostenere la prossima generazione di esperti in sicurezza informatica, essenziali in un contesto digitale sempre più complesso. Durante la competizione, i partecipanti si sono confrontati con task in molteplici aree: sicurezza hardware, sicurezza web e mobile, crittografia, reverse engineering, binary exploitation e attività forensi.

Non è bastato avere competenze avanzate: le squadre migliori hanno saputo gestire lo stress, coordinarsi, reagire rapidamente ai problemi imprevisti e bilanciare attacco e difesa. Ciò rende l’ECSC un banco di prova molto realistico per il mondo professionale della cybersecurity.

Subito dopo l’evento, il 10 e 11 ottobre, si è svolto al NASK di Varsavia un Female+ Bootcamp riservato alle partecipanti femminili delle varie nazionali. L’obiettivo è valorizzare la presenza delle donne nella cybersecurity, offrendo formazione tecnica, mentoring e networking. Da questa iniziativa nascerà un “Female Team Europe”, che rappresenterà l’Europa in una competizione femminile internazionale a Dublino nel 2026.

Il successo italiano all’ECSC 2025 ha molteplici valenze. In primo luogo, rafforza l’immagine dell’Italia come Paese capace di formare esperti all’altezza del panorama europeo e ci permette di dire “noi ci siamo”. In secondo luogo, stimola i percorsi formativi universitari, le scuole tecniche, le iniziative pubbliche e private nel settore della cybersecurity, puntando a colmare il gap di competenze che molti Stati affrontano. Infine, una vittoria del genere può attirare investimenti e collaborazioni internazionali, favorire la mobilità dei giovani talenti e consolidare l’integrazione europea in ambito digitale e di sicurezza.

L’ECSC 2025 dimostra che il livello tecnico e competitivo in Europa continua a salire, e che il modello “gara + formazione + networking” è efficace per stimolare il talento. La sfida per le future edizioni sarà mantenere equilibrio tra complessità, accessibilità, diversità e innovazione.
Inoltre, con l’istituzione del team femminile europeo e l’attenzione alle competenze trasversali, l’ECSC evolve in una piattaforma che non valuta solo “chi è più bravo sul codice”, ma mira a formare professionisti completi, resilienti e collaborativi. In definitiva, il trionfo dell’Italia non è soltanto un momento di gloria, ma un segnale che l’Europa punta in alto nel rendere la cybersecurity una priorità strategica condivisa.

L'articolo Gli hacker etici italiani primi sul podio all’European Cybersecurity Challenge 2025 proviene da il blog della sicurezza informatica.

If you have a fear of heights and find yourself falling out of an airplane, you probably don’t want to look up to find your parachute full of holes. However, if the designer took inspiration from kirigami in the same way researchers have, you may be in better shape than you would think. This is because properly designed kirigami can function as a simple and effective parachute.

Kirigami, for those unfamiliar, is a cousin of origami where, instead of folding, you cut slits into paper. In this case, the paper effectively folds itself after being dropped, which allows the structure to create drag in ways similar to traditional parachute designs. Importantly, however, the stereotypical designs of parachutes have some more severe drawbacks than they appear. Some major issues include more obvious things, such as having to fold and unpack before and after dropping. What may be less obvious are the large eddies that traditional parachutes create or their ease at being disturbed by the surrounding wind.

The kirigami chutes fix these issues while being easier to manufacture and apply. While these are not likely to be quite as effective for human skydiving, more durable applications may benefit. Quoted applications, including drone delivery or disaster relief, worry more about accuracy and scalability rather than the fragile bones of its passenger.

Clever and simple designs are always fun to try to apply to your own projects, so if you want to have your own hand, make sure to check out the paper itself here. For those more interested in clever drone design to take inspiration from, look no further than this maple seed-inspired drone.

youtube.com/embed/6rrDW6YIbXI?…

hackaday.com/2025/10/09/holy-p…

Un nuovo annuncio pubblicato su un forum underground è stato rilevato poco fa dai ricercatori del laboratorio di intelligence sulle minacce di Dark Lab e mostra chiaramente quanto sia ancora attivo e pericoloso il mercato nero degli accessi a sistemi informatici sensibili.

L’utente “nixploiter”, con un profilo già consolidato nella community underground (livello “gigabyte“, con oltre 150 post), ha recentemente messo in vendita l’accesso a più di 1000 macchine POS (Point of Sale) situate tra USA e Regno Unito.

Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.

Nel post, l’attore malevolo afferma di avere accesso tramite pannelli di amministrazione RMM (Remote Monitoring and Management), che garantirebbero pieni privilegi amministrativi, controllo remoto e persino shell con accesso root. Le macchine compromesse opererebbero su sistemi Windows 7, 8, 10 e 11, utilizzando software molto conosciuto e diffuso nel settore retail.

L’offerta, impostata come un’asta, parte da 8.000 dollari, con incrementi di 5.000 e un prezzo “blitz” immediato di 55.000 dollari. Il venditore stabilisce inoltre una finestra di 48 ore dopo l’ultima offerta per concludere la transazione, richiedendo una piccola cauzione in Bitcoin per confermare l’affidabilità dell’acquirente.

Implicazioni e rischi

Un accesso di questo tipo rappresenta una seria minaccia diretta non solo per i negozi coinvolti, ma anche per i clienti e i circuiti finanziari collegati.

I sistemi POS gestiscono dati estremamente sensibili – transazioni, carte di pagamento, credenziali e log di rete – che possono essere sfruttati per:

• Rubare informazioni finanziarie e clonare carte di credito.
• Installare malware o ransomware all’interno dei terminali.
• Manipolare transazioni o alterare flussi di pagamento.
• Sfruttare i dispositivi come pivot per muoversi lateralmente nelle reti aziendali più ampie.

Il riferimento all’uso di un software RMM, è comune nelle infrastrutture aziendali legittime, suggerisce che gli attaccanti abbiano sfruttato strumenti di gestione remota non protetti o mal configurati – una tecnica in forte crescita nel panorama delle minacce.

Considerazioni finali

Questo episodio mette in luce ancora una volta l’importanza della sicurezza dei dispositivi POS, spesso trascurata rispetto ad altri sistemi IT.

È fondamentale che le aziende:

• Implementino autenticazioni forti e segmentazione di rete.
• Aggiornino regolarmente i software RMM e POS.
• Monitorino gli accessi remoti e i log di sistema per individuare comportamenti anomali.
• Limitino l’esposizione di pannelli di gestione su Internet.

La vendita di accessi a oltre mille terminali POS non è solo un’operazione criminale isolata: è un indicatore di vulnerabilità sistemica che riguarda direttamente la sicurezza del commercio digitale globale.

L'articolo 1000 POS di negozi USA e UK violati e messi all’asta: “accesso totale” a 55.000 dollari proviene da il blog della sicurezza informatica.

If I’m honest with myself, I don’t really need access to an off-grid, fault-tolerant, mesh network like Meshtastic. The weather here in New Jersey isn’t quite so dynamic that there’s any great chance the local infrastructure will be knocked offline, and while I do value my privacy as much as any other self-respecting hacker, there’s nothing in my chats that’s sensitive enough that it needs to be done off the Internet.

But damn it, do I want it. The idea that everyday citizens of all walks of life are organizing and building out their own communications network with DIY hardware and open source software is incredibly exciting to me. It’s like the best parts of a cyberpunk novel, without all the cybernetic implants, pollution, and over-reaching megacorps. Well, we’ve got those last two, but you know what I mean.
Meshtastic maps are never exhaustive, but this gives an idea of node density in Philly versus surrounding area.
Even though I found the Meshtastic concept appealing, my seemingly infinite backlog of projects kept me from getting involved until relatively recently. It wasn’t until I got my hands on the Hacker Pager that my passing interest turned into a full blown obsession. But it’s perhaps not for the reason you might think. Traveling around to different East Coast events with the device in my bag, it would happily chirp away when within range of Philadelphia or New York, but then fall silent again once I got home. While I’d get the occasional notification of a nearby node, my area had nothing like the robust and active mesh networks found in those cities.

Well, they say you should be the change you want to see in the world, so I decided to do something about it. Obviously I wouldn’t be able to build up an entire network by myself, but I figured that if I started standing up some nodes, others might notice and follow suit. It was around this time that Seeed Studio introduced the SenseCAP Solar node, which looked like a good way to get started. So I bought two of them with the idea of putting one on my house and the other on my parent’s place down the shore.

The results weren’t quite what I expected, but it’s certainly been an interesting experience so far, and today I’m even more eager to build up the mesh than I was in the beginning.

Starting on Easy Mode

I didn’t make a conscious decision to start my experiment at my parent’s house. Indeed, located some 60 miles (96 km) from where I live, any progress in building out a mesh network over there wouldn’t benefit me back home. But it was the beginning of summer, they have a pool, and my daughters love to swim. As such, we spent nearly every weekend there which gave me plenty of time to tinker.

For those unfamiliar with New Jersey’s Southern Shore area, the coastline itself is dotted with vacation spots such as Wildwood, Atlantic City, and Long Beach Island. This is where the tourists go to enjoy the beaches, boardwalks, cotton candy, and expensive rental homes. But move slightly inland, and you’ll find a marshland permeated with a vast network of bays, creeks, and tributaries. For each body of water large enough to get a boat through, you’ll find a small town or even an unincorporated community that in the early 1900s would have been bustling with oyster houses and hunting shacks, but today might only be notable for having their own Wawa.
To infinity, and beyond.
My parents are in one of those towns that doesn’t have a Wawa. Its very quiet, the skies are dark, and there’s not much more than marsh and water all around. So when I ran the SenseCAP Solar up their 20 foot (6 m) flagpole, which in a former life was actually the mast from a sailing catamaran, the results were extremely impressive.

I hadn’t had the radio up for more than a few hours before my phone pinged with a message. We chatted back and forth a bit, and I found that my new mesh friend was an amateur radio operator living on Long Beach Island, and that he too had just recently started experimenting with Meshtastic. He was also, incidentally, a fan of Hackaday. (Hi, Leon!) He mentioned that his setup was no more advanced than an ESP32 dev board sitting in his window, and yet we were reliably communicating at a range of approximately 6 miles (9 km).

Encouraged, I decided to leave the radio online all night. In the morning, I was shocked to find it had picked up more than a dozen new nodes. Incredibly, it was even able to sniff out a few nodes that I recognized from Philadelphia, 50 miles (80 km) to the west. I started to wonder if it was possible that I might actually be able to reach my own home, potentially establishing a link clear across the state.

Later that day, somebody on an airplane fired off a few messages on the way out of Philadelphia International Airport. Seeing the messages was exciting enough, but through the magic of mesh networking, it allowed my node to temporarily see networks at an even greater distance. I picked up one node that was more than 100 miles (160 km) away in Aberdeen, Maryland.

I was exhilarated by these results, and eager to get back home and install the second SenseCAP Solar node installed. If these were the kind of results I was getting in the middle of nowhere, surely I’d make even more contacts in a dense urban area.

Reality Comes Crashing Home

You see, at this point I had convinced myself that the reason I wasn’t getting any results back at home was the relatively meager antenna built into the Hacker Pager. Now that I had a proper node with an antenna bigger than my pinkie finger, I was sure I’d get better results. Especially since I’d be placing the radio even higher this time — with a military surplus fiberglass mast clamped into the old TV antenna mount on my three story house, the node would be around 40 feet (12 m) above the ground.
The mast gets my node above the neighbor’s roofs, but just barely.
But when I opened the Meshtastic app the day after getting my home node installed, I was greeted with….nothing. Not a single node was detected in a 24 hour period. This seemed very odd given my experience down the shore, but I brushed it off. After all, Meshtastic nodes only occasionally announce their presence when they aren’t actively transmitting.

Undaunted, I made plans with a nearby friend to install a node at his place. His home is just 1.2 miles (1.9 km) from mine, and given the 6 mile (9 km) contact I had made down the shore, it seemed like this would be an easy first leg of our fledgling network.

Yet when we stood up a temporary node in his front yard, messages between it and my house were only occasionally making it through. Worse, the signal strength displayed in the application was abysmal. It was clear that, even at such a short range, an intermediary node would be necessary to get our homes reliably connected.

At this point, I was feeling pretty dejected. The incredible results I got when using Meshtastic in the sticks had clearly given me a false sense of what the technology was capable of in an urban environment. To make matters even worse, some further investigation found that my house was about the worst possible place to try and mount a node.

For one thing, until I bothered to look it up, I never realized my house was located in a small valley. According to online line-of-sight tools, I’m essentially at the bottom of a bowl. As if that wasn’t bad enough, I noted that the Meshtastic application was showing an inordinate number of bad packets. After consulting with those more experienced with the project, I now know this to be an indicator of a noisy RF environment. Which may also explain the exceptionally poor reception I get when trying to fly my FPV drone around the neighborhood, but that’s a story for another day.

A More Pragmatic Approach

While I was disappointed that I couldn’t replicate my seaside Meshtastic successes at home, I’m not discouraged. I’ve learned a great deal about the technology, especially its limitations. Besides, the solution is simple enough — we need more nodes, and so the campaign to get nearby friends and family interested in the project has begun. We’ve already found another person in a geographically strategic position who’s willing to host a node on their roof, and as I write this a third Seeed SenseCAP Solar sits ready for installation.

At the same time, the performance of Meshtastic in a more rural setting has inspired me to push further in that region. I’m in the process of designing a custom node specifically tailored for the harsh marine environment, and have identified several potential locations where I can deploy them in the Spring. With just a handful of well-placed nodes, I believe it should be possible to cover literally hundreds of square miles.

I’m now fighting a battle on two fronts, but thankfully, I’m not alone. In the months since I’ve started this project, I’ve noticed a steady uptick in the number of detected nodes. Even here at home, I’ve finally started to pick up some chatter from nearby nodes. There’s no denying it, the mesh is growing everyday.

My advice to anyone looking to get into Meshtastic is simple. Whether you’re in the boonies, or stuck in the middle of a metropolis, pick up some compatible hardware, mount it as high as you can manage, and wait. It might not happen overnight, but eventually your device is going to ping with that first message — and that’s when the real obsession starts.

hackaday.com/2025/10/09/meshta…