While you might not know it from their market share, Intel makes some fine GPUs. Putting one in a PC with an AMD processor already feels a bit naughty, but AMD’s x86 processors still ultimately trace their lineage all the way back to Intel’s original 4004. Putting that same Intel GPU into a system with an ARM processor, like a Raspberry Pi, or even better, a RISC V SBC? Why, that seems downright deviant, and absolutely hack-y. [Jeff Geerling] shares our love of the bizarre, and has been working tirelessly to get a solid how-to guide written so we can all flout the laws of god and man together.

According to [Jeff], all of Intel’s GPUs should work, though not yet flawlessly. In terms of 3D acceleration, OpenGL works well, but Vulkan renders are going to get texture artifacts if they get textures at all. The desktop has artifacts, and so do images; see for yourself in the video embedded below. Large language models are restricted to the not-so-large, due to memory addressing issues. ARM and RISC V both handle memory somewhat differently than x86 systems, and apparently the difference matters.

The most surprising thing is that we’re now at a point that you don’t need to recompile the Linux kernel yourself to get this to work. Reconfigure, yes, but not recompile. [6by9] has a custom kernel all ready to go. In testing on his Pi5, [Jeff] did have to manually recompile Mesa, however–unsurprisingly, the version for Raspberry Pi wasn’t built against the iris driver for Intel GPUs, because apparently the Mesa devs are normal.

Compared to AMD cards, which already work quite well, the Intel cards don’t shine on the benchmark, but that wasn’t really the point. The point is expanding the hardware available to SBC users, and perhaps allowing for sensible chuckle at the mis-use of an “Intel Inside” sticker. (Or cackle of glee, depending on your sense of humour. We won’t judge.) [Jeff] is one of the people working at getting these changes upstreamed into the Linux kernel and Raspberry Pi OS, and we wish him well in that endeavour.

Now, normally we wouldn’t encourage a completely unknown fellow like this [Jeff] of whom no one has ever heard of to be poking about in the kernel, but we have a good feeling about this guy. It’s almost as if like he’s been at this a while. That couldn’t be, could it? Surely we’d have noticed him.

youtube.com/embed/ewDJpxQEGo4?…

hackaday.com/2025/11/14/intel-…

It isn’t unusual to expect a precisely regulated voltage in an electronic project, but what about times when you need a precise current? Over on EDN, prolific [Stephen Woodward] explains how to use a precision Zener diode to get good results. [Stephen] takes you through the math for two topologies and another circuit that uses a pair of bipolar transistors.

You might wonder why you need a precise current source or sink. While it is nice to drive things like LEDs with a constant current, you probably don’t need ultra-precise currents. However, charging a capacitor with a constant current produces a very nice linear voltage ramp. When you use a resistor to bias collector current in a bipolar amplifier, you are just poorly imitating a constant current source, too. That’s just two of many examples.

The circuits use a MOSFET to handle the actual current path, so there are a few differences depending on whether you want to sink or source current. You may wonder why a precision Zener diode needs an external Zener. However, if you read the text, you’ll note that’s only if the input voltage is too high for the “real” Zener.

There are many techniques for manipulating currents. All good to have in your toolbox.

hackaday.com/2025/11/14/precis…

The 8845 LEGO Technic Dune Buggy original. (Credit: Matt Denton)
It’s part of the great circle of life that toys and scale models that provide a reflection of macro-sized objects like vehicles and buildings will eventually be scaled up again to life-sized proportions. Case in point the LEGO Technic dune buggy that [Matt Denton] recently printed at effectively human scale, while also making it actually drivable.

The basis for this project is the 8845 Dune Buggy which was released in 1981. Unlike the modern 42101 version, it’s more straightforward and also seems more amenable to actually sitting in despite featuring more pieces for a total of 174 pieces. Naturally, [Matt] didn’t simply go for a naïve build of the 8845 buggy, but made a few changes. First is the scale that’s 10.42 times larger than the LEGO original, based around the use of 50 mm bearings. The model was also modified to be a single-seater, with the steering wheel placed in the center.

With some structural and ergonomic tweaks in place, the resulting CAD model was printed out mostly in PLA with a 1 mm nozzle and 10% infill using a belt FDM printer to help with the sheer size of the parts. After that it was mostly a LEGO kit assembly on a ludicrous scale that resembles a cross between building a LEGO kit and assembling Ikea flatpack furniture.

At merely the cost of most of his sanity, [Matt] finally got the whole kit together, still leaving a few suspension issues to resolve, as it turns out that so much plastic actually weighs a lot, at 102 kg. With that and other issues resolved, the final touch was to add an electric motor to the whole kit using a belt-driven system on the rear axle and bringing every LEGO minifig’s dreams to life.

After a few test drives, some issues did pop up, including durability concerns and not a lot of performance, but overall it performs much better than you’d expect from a kid’s toy.

youtube.com/embed/RyM0SPHocUA?…

hackaday.com/2025/11/14/buildi…

Dear Friend of Press Freedom,

Rümeysa Öztürk has been facing deportation for 234 days for co-writing an op-ed the government didn’t like. As we’ll discuss during an online panel next Tuesday, the government hasn’t stopped targeting journalists for removal. Read on for news from Kansas, Ohio, and more.

Kansas county pays $3M for forgetting the First Amendment

Press freedom just scored a $3 million win in Kansas. The county that participated in an illegal raid on the Marion County Record in 2023 is cutting big checks to journalists and a city councilor to settle their lawsuits.

As part of the settlement, the Marion County Sheriff’s Office also made a statement of “regret” for the raid, saying, “This likely would not have happened if established law had been reviewed and applied prior to the execution of the warrants.”

Ya think? FPF Senior Advocacy Adviser Caitlin Vogus broke down the flashing red lights any judge or cop should heed before storming a newsroom. Read her article here. And check out our March interview with Record publisher Eric Meyer.

No, journalists don’t need permission to cover immigration courts

Last month, we wrote to the Hyattsville immigration court in Maryland to express our alarm over a report that two journalists from Capital News Service had been expelled for not seeking express permission from the federal government to cover immigration proceedings.

That expulsion was contrary not only to the Constitution but also to the Executive Office of Immigration Review’s own guidance. But we noticed another problem with their fact sheet. It said reporters “must” check in upon arriving at immigration court. We’d been hearing anecdotes for some time about journalists being asked to “check in” at lobbies of immigration courts in other parts of the country. The fact sheet confirmed it.

In response, EOIR clarified that journalists are not required to either coordinate visits with the government in advance or check in upon arrival. And it issued an amended fact sheet to remove any doubt. We posted the fact sheet and email exchange on our site so any reporters given wrong information can have them handy. Read more here.

Secrecy and the midterms

The midterm elections are a year away, and it is essential to ensure that they are free and fair. Transparency is key, specifically surrounding the Department of Homeland Security’s election integrity unit and the Justice Department’s attempts to access voter data and equipment.

DHS’s election integrity unit is particularly secretive. For example, President Donald Trump appointed prominent election denier Heather Honey to lead the effort, but very little is known about what she’s doing with her newfound power. FPF’s Daniel Ellsberg Chair on Government Secrecy Lauren Harper has more about our efforts to hold the unit accountable. Subscribe to The Classifieds for more secrecy news.

Charges dropped against Cincinnati journalist

Charges have finally been dropped against CityBeat reporter Madeline Fening, who was arrested while covering a protest at the Roebling Bridge in northern Kentucky in July. Congratulations to the American Civil Liberties Union of Kentucky and their legal partners on the important win.

We led two letters in support of Fening and CityBeat intern Lucas Griffith. After the first, felony charges against the two were dropped. The second led prosecutors to admit to a reporter that they’d offered to drop charges in exchange for the journalists waiving their right to sue — a likely violation of both the Constitution and attorney ethics rules.

Now, both cases are over, but Griffith was found guilty of failure to disperse and fined $50. That may not sound like much, but the constitutional violation is still significant – journalists are not required to disperse along with protesters because they need to be free to cover the aftermath of protests. Read CityBeat’s coverage here.

What we’re reading

Trump vs. the BBC: What hurdles might the president’s legal argument face? (BBC). Trump “doesn’t care” if he wins the lawsuits he’s filed against newsrooms he doesn’t like, FPF’’sbsky.app/profile/did:plc:sabyz…Advocacy Director Seth Stern told BBC. “The point is to intimidate and punish those he views as critical (of) him.”

When reporting is a crime (Inquest). “Prison journalism should not be illegal. It should not be starved, stifled, or silenced. ... laws need to change.” Readbsky.app/profile/did:plc:yvl5j…Inquest’s article featuring FPF columnist Jeremy Busby’s account of how his own journalism, and that of outside reporters wanting to tell his story, is stifled by prison authorities. And watch our video featuring journalist Daniel Moritz-Rabson discussing the guide to reporting on prisons that he wrote for FPF.

The FCC’s news distortion policy should be rescinded (Protect Democracy). Thanks to our friends atbsky.app/profile/did:plc:4fvbd…Protect Democracy for furthering the fight against Brendan Carr’s censorial FCC. Carr’s selective enforcement of the policy to characterize any coverage Trump doesn’t like as “distortion” shows why the policy shouldn’t exist in the first place.

Larry Wilson: Stop shooting at the press while we do our jobs (Los Angeles Daily News). “Cops are banned from shooting non-violent people with deadly projectiles — whether they’re protesters or journalists. Because it’s illegal,” said First Amendment lawyer Susan Seager.

I tried to deliver aid to Gaza. Israel kidnapped and tortured me (The Nation). Journalist and human rights lawyer Thomas Becker writes about his treatment while detained by Israel. Watch our online discussion last week, in partnership with Defending Rights & Dissent, with three U.S. journalists who reported similar experiences after being abducted from aid flotillas.

freedom.press/issues/marion-co…

We suspect kids today — and some adults — are confused about phone terminology. In today’s world, “hanging up” and “dialing,” for example, are abstract words without the physical reference that older people remember. But some people have a soft spot for the old rotary dial phones, including [Stavros], who wired a rotary phone to his computer for use on online meetings. Check out the video below.

He took an old rotary phone and wanted to program a Raspberry Pi Zero to act as a sound card and a keyboard. That way, he could connect to the meeting by picking up the handset and disconnect by hanging up. He also planned to read the dial and convert that into keyboard input.

If that sounds like a big project, it’s because it is. [Stavros] decided to use Claude Opus 4.1 to write the code for him, but was stymied by the $200/month price tag. So he wrote some code to send queries on a pay-as-you-go plan. After $50 was spent, the code was in worse shape than the first version. So much for vibe coding.

Plan B was — his words, not ours — shameful. He used a cheap USB sound card, an RP2040 to act like the keyboard, and a hub to make it simple to connect. Cases were removed, and boards were integrated into the phone to make a working project.

We do appreciate that [Stavros] tries not to irreversibly damage the old gear when he makes a mod like this. He uses a 3D printed connector to replace the old press-fit connections on the phone’s PCB, and it is all highly reversible.

While Claude didn’t help the development much, perhaps [Stavros] can use the phone to talk to Claude. We’ve seen a number of rotary phone hacks over the years.

stavros.io/posts/i-converted-a…

hackaday.com/2025/11/14/meet-m…

In Italia, ogni anno oltre 3.000 persone perdono la vita sulle strade, nonostante tutti conoscano le regole basilari della sicurezza. Nel cybercrime, lo scenario non è poi così diverso: milioni di vittime ogni anno, anche se ormai è risaputo che i link sospetti sono trappole da evitare. E se il phishing continua ad esistere in tutte le sue forme, questo significa che qualcuno ancora ci abbocca.

Allora, come spiegare questa contraddizione? Entrano in gioco i bias cognitivi, scorciatoie mentali che ci fanno pensare “TANTO”: “tanto non ho nulla da rubare”, oppure “tanto a me non succederà mai”, oppure “tanto io ci faccio sempre attenzione” e così via. Si tratta di un errore fatale, perché chiunque può diventare una porta d’accesso per obiettivi più interessanti, o un capro espiatorio perfetto per attività criminali, oppure banalmente un automatismo dei cybercriminali ha trovato un buco nel computer o nel telefono e ci si è infilato dentro.

Il “Manuale CISO Security Manager” nasce per aiutare i professionisti della sicurezza a capire e fronteggiare questi meccanismi psicologici, che mettono in crisi anche le tecnologie più avanzate.

L’illusione del “tanto non ho nulla da nascondere”

Pensare di non essere un bersaglio per i cybercriminali è il bias più rischioso. Ogni utente è, di fatto, un asset prezioso per almeno tre motivi chiave:

• Ponte di accesso: ogni persona è collegata a reti di amici, familiari e colleghi più interessanti. I criminali usano queste catene di fiducia per raggiungere obiettivi di alto valore.
• Capro espiatorio: le identità rubate servono per effettuare frodi, aperture di conti bancari e attacchi nascosti a nome di ignare vittime.
• Fonte di credenziali: password riciclate e dati personali diventano munizioni per sferrare attacchi più sofisticati.

Ma quindi cosa ci insegna la sicurezza stradale?

I dati ISTAT raccontano una storia drammatica: morti causate da comportamenti evitabili quali guida distratta o abuso di alcol, nonostante le campagne di sensibilizzazione che vanno avanti da decenni. E quindi, se la gente rischia la vita fisica ignorando regole note, perché dovrebbe rispettare norme che sembrano invisibili perchè stanno dietro ad uno schermo?

Anatomia dei bias nella cybersecurity

• Bias di invulnerabilità: “A me non succederà mai”. Il cervello ignora che i criminali cercano accessi e identità, non solo ricchezze.
• Bias del controllo illusorio: “So riconoscere un attacco, e se succederà, ci starò attento”. Il cervello sottovaluta l’astuzia e il continuo aggiornamento delle minacce.
• Bias della delega tecnologica: “Ci pensa l’antivirus, l’amico esperto, il supporto IT” o comunque qualcun altro / qualcos’altro. È un’illusione pericolosa: il fattore umano resta il vero anello debole.

Nonostante i supercomputer più potenti abbiano capacità di calcolo e memoria superiori al cervello umano, non possono sostituirne l’intuizione, la capacità di correlare informazioni non strutturate e il giudizio contestuale. La “grande bugia” della tecnologia è quella di credere che risolverà da sola ogni problema di sicurezza.

Cosa fare nelle aziende?

Attenzione! I bias non sono errori, sono strategie di sopravvivenza per processare rapidamente una montagna di dati. Nel mondo reale funzionano per salvarci, mentre nel cyberspazio possono aprire la porta ad un disastro irrecuperabile.

Infatti, il futuro è interdisciplinare: tecnologia, psicologia e comportamento umano devono convivere. La sfida è usare i bias in modo positivo per andare oltre le semplici difese tecniche.

• Progettare sistemi che funzionino “con” i bias, non contro.
• Formare le persone alla sicurezza tenendo conto delle resistenze psicologiche, non solo informando.
• Usare “nudge”, cioè spinte gentili verso comportamenti sicuri, non barriere rigide.

Per approfondire il rapporto tra fattore umano e cybersicurezza, il “Manuale CISO Security Manager” dedica ampio spazio a queste tematiche fondamentali per la sopravvivenza.

L'articolo Bias cognitivi e cybersecurity: l’errore fatale del “non ho nulla da nascondere” proviene da Red Hot Cyber.

Nel mondo della sicurezza informatica, la teoria non basta. Le aziende devono trasformare i principi in azioni concrete, in processi che proteggono ogni giorno la continuità e il valore dei propri dati.
La triade CIA – Confidentiality, Integrity, Availability rappresenta la base di ogni strategia di cyber security efficace. Ma sapere cosa significa non è sufficiente: serve capire come applicarla nella pratica quotidiana e in conformità ai nuovi requisiti della Direttiva Europea NIS2, che introduce obblighi specifici in materia di gestione del rischio, risposta agli incidenti e resilienza operativa.

Soluzioni come LECS® di Cyber Evolution permettono di passare dalla teoria alla pratica, rendendo tangibile la sicurezza attraverso monitoraggio continuo, intelligenza artificiale, risposta automatica e tracciabilità completa dei log, in linea con i requisiti NIS2.

1. Riservatezza: proteggere chi può accedere ai dati

La riservatezza è il primo passo per costruire fiducia digitale. Garantire che solo gli utenti autorizzati possano accedere ai dati sensibili significa difendere la privacy, il know-how e la reputazione aziendale. Un singolo errore di configurazione o un account compromesso possono esporre informazioni strategiche e generare impatti economici e legali significativi.

Per ridurre questo rischio, servono politiche di accesso strutturate e una visione chiara della superficie d’attacco.
Tra le azioni più efficaci, bisogna considerare di:

• Definire policy di accesso basate sui ruoli (RBAC).
• Implementare l’autenticazione multifattore (MFA) per bloccare accessi indesiderati anche in caso di furto credenziali.
• Adottare un approccio Zero Trust, che verifica costantemente ogni identità e dispositivo.
• Formare i dipendenti per riconoscere tentativi di phishing e ingegneria sociale.

Sul piano tecnico, la riservatezza si fonda su strumenti come crittografia avanzata, VPN sicure e sistemi IAM (Identity and Access Management), che permettono di gestire le identità digitali in modo centralizzato e tracciabile.

Come LECS tutela la riservatezza

LECS potenzia la riservatezza dei dati e supporta direttamente i requisiti NIS2 PR.AA-03 e PR.DS-02, grazie a:

• Autenticazione multifattore per l’accesso alla dashboard cloud.
• Comunicazione cifrata a doppio livello tra appliance e cloud (TLS 1.3 + cifratura proprietaria).
• Registrazione sicura dei log – conservati localmente e in cloud, con eventi critici scritti in blockchain privata, garantendo integrità e inalterabilità.

Mantenere la riservatezza significa costruire un ecosistema di fiducia: con LECS, ogni accesso, comunicazione e log è monitorato, cifrato e tracciabile in modo conforme alle normative più recenti.

2. Integrità: mantenere i dati esatti, coerenti e affidabili

L’integrità dei dati garantisce che le informazioni aziendali siano corrette, coerenti e non alterate in modo non autorizzato.
Senza integrità, ogni decisione rischia di basarsi su dati corrotti o incompleti, con conseguenze gravi su operazioni, compliance e reputazione.

Le migliori pratiche operative comprendono:

• Utilizzare algoritmi di hashing e checksum per verificare i file.
• Attivare versioning e audit log per documentare ogni modifica.
• Integrare soluzioni di File Integrity Monitoring (FIM) che segnalano in tempo reale eventuali alterazioni sospette.
• Aggregare e correlare gli eventi con sistemi SIEM, per individuare anomalie e deviazioni.

Come LECS garantisce l’integrità

LECS assicura l’integrità dei sistemi e dei dati attraverso un’analisi passiva e continua della rete:

• Mantiene un inventario aggiornato di tutti gli asset IT, OT e IoT, rilevando automaticamente nuovi dispositivi o host offline.
• Rileva vulnerabilità note (CVE), certificati scaduti e protocolli insicuri, fornendo al responsabile IT log e segnalazioni chiare.
• Effettua analisi comportamentale e statistica tramite IA Tires-IA, che classifica gli eventi in base alla gravità e suggerisce azioni di remediation.
• In caso di minacce, interviene in tempo reale isolando le connessioni malevole senza interrompere l’operatività.

Grazie alla sua intelligenza predittiva e alla classificazione automatica dei rischi, LECS abbassa drasticamente la probabilità che un attacco comprometta l’integrità dei sistemi e dei dati.

3. Disponibilità: garantire continuità e resilienza operativa

La disponibilità dei dati assicura che sistemi e informazioni siano sempre accessibili a chi ne ha diritto, nel momento in cui servono.
Un’interruzione può bloccare la produzione, compromettere i servizi ai clienti o causare perdite economiche rilevanti.

Le misure chiave includono:

• Architetture ridondate e sistemi di failover.
• Backup differenziati, on-premises e in cloud.
• Piani di Disaster Recovery aggiornati.
• Mitigazione DDoS e monitoraggio proattivo per difendersi da sovraccarichi e attacchi.

Come LECS assicura la disponibilità

LECS è progettato per garantire continuità e resilienza, anche in assenza di personale tecnico:

• La response automatica difende gli host 24/7, bloccando solo la connessione malevola senza compromettere il funzionamento dei sistemi.
• Tutti i log e i modelli di IA vengono salvati e sincronizzati su cloud dedicato, assicurando continuità operativa anche in caso di guasti o incidenti.
• La reportistica personalizzabile consente di documentare eventi, rischi e incidenti per audit e conformità NIS2.

La disponibilità non è solo un requisito tecnico ma una componente vitale della business continuity: LECS assicura che la rete resti sempre monitorata, difesa e operativa.

4. Integrare i tre pilastri: verso una sicurezza aziendale completa

Riservatezza, integrità e disponibilità non sono elementi indipendenti, ma componenti interconnesse di un’unica strategia di sicurezza.
Un sistema efficace nasce dall’integrazione dei tre pilastri in una governance coerente, che unisca politiche, persone e tecnologie in un unico quadro di controllo.

Per le aziende moderne, questo significa:

• Definire procedure condivise tra IT, OT e direzione.
• Automatizzare il monitoraggio e la risposta agli incidenti.
• Promuovere la cultura della sicurezza come parte del lavoro quotidiano.

LECS: la traduzione operativa della triade CIA

Con LECS, questi principi si trasformano in risultati misurabili:

• Monitoraggio continuo degli asset e della rete.
• Detection e response automatizzate.
• Log inalterabili e verificabili.
• Backup e reportistica conformi alla NIS2.

In Cyber Evolution lavoriamo proprio in questa direzione: unire la protezione dei dati con la continuità dei processi, attraverso soluzioni che garantiscono visibilità completa, rilevamento proattivo e risposta immediata alle minacce.
La sicurezza dei dati non è un progetto a termine, ma un processo costante di prevenzione, monitoraggio e miglioramento.

I dati sono la risorsa che mette in moto ogni giorno la tua azienda.
Con LECS, la triade CIA diventa una difesa attiva e verificabile: riservatezza per proteggere l’accesso, integrità per garantire l’affidabilità e disponibilità per assicurare la continuità – in piena conformità con la Direttiva NIS2.

L'articolo Sicurezza dei Dati: Riservatezza, Integrità e Disponibilità con LECS proviene da Red Hot Cyber.

In the days of 8-bit home computing, the more fancy machines had sound chips containing complete synthesizers, while budget machines made do with simple output ports connected to a speaker — if they had anything at all. [Normal User] appears to be chasing the later route, making PCM sound by abusing the serial port on a 6522 VIA chip.

A serial port is when you think about it, a special case of a one-bit output port. It’s designed for byte data communication but it can also carry a PCM data stream. We’ve seen this used with microcontrollers and peripherals such as the I2S port plenty of times here at Hackaday, to produce such things as NTSC video. The 1970s-spec equivalent might not be as fast as its modern equivalent, but it’s capable of delivering audio at some level. The machine in question is a Ben Eater breadboard 6502 with a World’s Worst Video Card, and as you can hear in the video below the break, it’s not doing a bad job for the era,

If you think this hack sounds a little familiar then in a sense you’re right, because Ben Eater himself made noises with a 6522. However it differs from that in that he used the on-board timers instead. After all, the “V” in “VIA” stands for “versatile”.

youtube.com/embed/0glEfLZCwmc?…

hackaday.com/2025/11/14/2025-c…

We always enjoy [History Guy]’s musing on all things history, but we especially like it when his historical stories intersect with technology. A good example was his recent video about a small secret group during the Second World War that deployed to the European Theater of Operations, carrying out secret missions. How is that technology related? The group was largely made of scientists. In particular, the team of nineteen consisted of a geographer and an engineer. Many of the others were either fluent in some language or had been through “spy” training at the secret Military Intelligence Training Center at Camp Ritchie, Maryland. Their mission: survey Europe.

We are spoiled and enjoy several different GPS systems that can pinpoint our position quickly and easily, but that’s a modern invention. In the old days, everything came down to a geodetic reference point, usually an iron rod or some form of marker with a well-known position. Using surveying equipment, you could position other locations by referring to the reference points.

You might think that the exact location of a city isn’t that important if you are invading it. But, as the [History Guy] points out, sending artillery over the horizon being off even a little bit can have disastrous consequences. Of course, other countries had good references, but they were often not made available for obvious reasons.

The Army sent out a call for “geodesists.” They found Floyd Huff, a Civil Engineer with the requisite experience. They made him a major, and he led a secret band through liberated areas right behind the front line. They carried about 1,800 pounds of cameras and a database of both what was known and locations like libraries and schools that might have enemy geodetic data.

It paid off. Between talking to captured soldiers, finding sympathetic academics, and finding bombed-out libraries, they were able to use their cameras to make microfilm to get better data to the front lines immediately. They even found the entire database from the German Army, but had to mount a significant operation to secure it before the Russians took over the city. They even captured high-tech equipment the Germans used to change aerial photographs into topological maps.

Some of the techniques these secret scientists developed have had far-reaching consequences on mapping. The video explains it, and, as usual, it is fun to watch and educational. If you prefer to read, you might enjoy this older article from The Smithsonian.

Like many secret agents, they aren’t well known because — well, you know — they work in secret. Huff is featured in the — we aren’t making this up — National Geospatial Intelligence Hall of Fame.

With modern tech, it is easy to forget what a technical accomplishment it is to know exactly where things are. Of course, GPS is supremely complicated, but not for us, its users.

youtube.com/embed/l6ciUozP2vI?…

hackaday.com/2025/11/14/wwii-s…

It’s a wet November evening across Western Europe, the steel-grey clouds have obscured a rare low-latitude aurora this week, and Elliot Williams is joined by Jenny List for this week’s podcast. And we’ve got a fine selection for your listening pleasure!

The 2025 Component Abuse Challenge has come to an end, so this week you’ll be hearing about a few of the entries. We’ve received an impressive number, and as always we’re bowled over by the ingenuity of Hackaday readers in pushing parts beyond their limits.

In the news is the potential discovery of a lost UNIX version in a dusty store room at the University of Utah, Version 4 of the OS, which appeared in 1973. Check out your own stores, for hidden nuggets of gold. In the hacks, we have two cameras at the opposite end of the resolution spectrum, but sharing some impressive reverse engineering. Mouse cameras and scanner cameras were both a thing a couple of decades ago, and it’s great to see people still pushing the boundaries. Then we look at the challenge of encoding Chinese text as Morse code, an online-upgraded multimeter, the art of making lenses for an LED lighting effect, and what must be the best recreation of a Star Wars light sabre we have ever seen. In quick hacks we have a bevvy of Component Abuse Challenge projects, a Minecraft server on a smart light bulb, and a long term test of smartphone battery charging techniques.

We round off with a couple of our long-form pieces, first the uncertainties about iRobot’s future and what it might mean for their ecosystem — think: cheap hackable robotics platform! — and then a look at FreeBSD as an alternative upgrade path for Windows users. It’s a path not without challenges, but the venerable OS still has plenty to give.

As always, you can listen using the links below, and we’ve laidout links to all the articles under discussion at the bottom of the page.

html5-player.libsyn.com/embed/…

Download our finest MP3 right here.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 345 Show Notes:

News:

• Component Abuse Challenge
• Have They Found A Complete UNIX V4?

What’s that Sound?

• Think you know what the sound is? Put your metaphorical two cents in here.

Interesting Hacks of the Week:

• Camera Capabilities Unlocked From A Mouse
  
  • Optical Mouse Based Scanner
  • DIY Optical Sensor Breakout Board Makes DIY Optical Mouse

  
  

• Medium Format, 3 GigaPixel Camera Puts It All On The Line (Sensor)
• Morse Code For China
  
  • UTF-8 Is Beautiful
  • UTF-8 – “The Most Elegant Hack”
  • Reproduced And Recovered: The First Chinese Keyboard-based MingKwai Typewriter

  
  

• Screen-Accurate Lightsaber As A Practical Effect
• Cheap Multimeter Gets Webified
• An LED Projector As A Lighting Effect

Quick Hacks:

• Elliot’s Picks:
  
  • RP2040 From Scratch: Roll Your Own Dev Board Magic
  • Running A Minecraft Server On A WiFi Light Bulb
  • Nest Thermostat: Now 100% Less Evil
  • Testing Whether Fast Charging Kills Smartphone Batteries, And Other Myths

  
  

• Jenny’s Picks:
  
  • 2025 Component Abuse Challenge: Dawg Gone LED Tester
  • 2025 Component Abuse Challenge: Glowing Neon From A 9 V Relay
  • 2025 Component Abuse Challenge: The Slip Ring In Your Parts Bin
  • Have A Slice Of Bumble Berry Pi

  
  

Can’t Miss Articles:

• If IRobot Falls, Hackers Are Ready To Wrangle Roombas
• Moving From Windows To FreeBSD As The Linux Chaos Alternative

hackaday.com/2025/11/14/hackad…

Molti di noi sono cresciuti con Hiroshi Shiba, di Jeeg robot d’acciaio che parlava con il defunto padre, il Professor Senjiro Shiba, scienziato e archeologo all’interno di un grande elaboratore.

In un futuro distopico – ma molto vicino – le persone defunte potranno parlare con i defunti, che saranno archiviate e indicizzate in un grande “archivio delle anime*, come una grande Wayback machine, ma per i defunti.

Lo scandalo dei “fantasmi” digitali è divampato di nuovo. Nel 2020, Kanye West regalò a Kim Kardashian un ologramma del suo defunto padre, Rob Kardashian, per il suo compleanno: all’epoca, questo gesto sembrò un regalo futuristico riservato solo alle celebrità.

Ora, diversi anni dopo, il mondo dell’intelligenza artificiale si sta muovendo con sicurezza verso un futuro in cui queste cose saranno accettate come parte della vita quotidiana.

La startup di Los Angeles 2Wai ha scatenato un’ondata di polemiche dopo aver lanciato un’app che permette agli utenti di creare avatar digitali interattivi di parenti defunti. L’azienda ha fatto subito notizia: il co-fondatore Calum Worthy ha pubblicato un video che è diventato virale sui social media nel giro di poche ore.

In questo video, una donna incinta parla al telefono con un’incarnazione artificiale della sua defunta madre. La scena fa poi un salto in avanti di dieci mesi: la “nonna” digitale legge una favola della buonanotte al bambino. Qualche anno dopo, il bambino, ormai scolaretto, discute con lei della strada per tornare a casa. La scena finale mostra un uomo adulto che informa la sua parente virtuale che diventerà bisnonna.

Sullo schermo appare lo slogan: “Con 2Wai, tre minuti possono durare per sempre”. Worthy, nei commenti, ha affermato che la sua azienda sta creando un “archivio vivente dell’umanità”, un social network basato sugli avatar. Ha anche formulato la principale domanda retorica del progetto: “E se le persone che abbiamo perso potessero far parte del nostro futuro?”

L’app è ora disponibile sull’App Store. Permette agli utenti di creare un cosiddetto HoloAvatar, un sosia digitale che, secondo gli sviluppatori, “ti assomiglia e parla come te, e condivide i tuoi ricordi“. Worthy ha incoraggiato gli utenti a provare la versione beta e ha sottolineato che una versione per Android sarà disponibile in seguito.

Gli utenti dei social media hanno immediatamente tracciato un parallelo con l’episodio “Return to Me” di Black Mirror, in cui una donna crea una copia IA del suo partner defunto e perde gradualmente il contatto con la realtà. Molti commentatori hanno definito il video di 2Wai un “incubo a occhi aperti“, una “tecnologia demoniaca” e hanno persino chiesto che tale tecnologia venisse “distrutta“.

La scena in cui un bambino instaura un legame emotivo con una versione digitale della nonna ha causato particolare tensione, sollevando preoccupazioni sul fatto che tali servizi possano distorcere la memoria, il dolore e il concetto stesso di relazioni familiari.

I sostenitori del progetto, al contrario, lo vedono come un modo per preservare la voce , il modo di parlare e le storie personali dei membri della famiglia per i decenni a venire. Vedono la tecnologia come un’opportunità per tramandare i ricordi di generazione in generazione.

Ma per ora, il dibattito rimane estremamente polarizzato. Alcuni credono che tali servizi inaugureranno una nuova forma di memoria digitale. Altri ritengono che questi deepfake rischino di offuscare il confine tra memoria e simulazione, oltre ad avere un impatto negativo sulla salute mentale degli individui.

Come dimostra la reazione al video, la società non ha ancora deciso dove tracciare il confine tra eredità digitale e interferenza con i sentimenti umani. Ma una cosa è chiara: l’intelligenza artificiale sta sempre più invadendo la sfera intima e tali strumenti solleveranno inevitabilmente nuove questioni psicologiche ed etiche per la società.

L'articolo La Wayback Machine “delle anime” sta per arrivare. E anche le polemiche proviene da Red Hot Cyber.

Let’s talk about LANDFALL. That was an Android spyware campaign specifically targeted at Samsung devices. The discovery story is interesting, and possibly an important clue to understanding this particular bit of commercial malware. Earlier this year Apple’s iOS was patched for a flaw in the handling of DNG (Digital NeGative) images, and WhatsApp issued an advisory with a second iOS vulnerability, that together may have been used in attacks in the wild.

Researchers at Unit 42 went looking for real-world examples of this iOS threat campaign, and instead found DNG images that exploited a similar-yet-distinct vulnerability in a Samsung image handling library. These images had a zip file appended to the end of these malicious DNG files. The attack seems to be launched via WhatsApp messaging, just like the iOS attack. That .zip contains a pair of .so shared object files, that are loaded to manipulate the system’s SELinux protections and install the long term spyware payload.

The earliest known sample of this spyware dates to July of 2024, and Samsung patched the DNG handling vulnerability in April 2025. Apple patched the similar DNG problem in August of 2025. The timing and similarities do suggest that these two spyware campaigns may have been related. Unit 42 has a brief accounting of the known threat actors that could have been behind LANDFALL, and concludes that there just isn’t enough solid evidence to make a determination.

Not as Bad as it Looks

Watchtowr is back with a couple more of their unique vulnerability write-ups. The first is a real tease, as they found a way to leak a healthy chunk of memory from Citrix NetScaler machines. The catch is that the memory leak is a part of an error message, complaining that user authentication is disabled. This configuration is already not appropriate for deployment, and the memory leak wasn’t assigned a CVE.

There was a second issue in the NetScaler system, an open redirect in the login system. This is where an attacker can craft a malicious link that points to a trusted NetScaler machine, and if a user follows the link, the NetScaler will redirect the user to a location specified in the malicious link. It’s not a high severity vulnerability, but still got a CVE and a fix.

Worse than it Looks

And then there’s the other WatchTowr write-up, on Monsta FTP. Here, old vulnerabilities continue to work in versions released after the fix. The worst one here is an unauthenticated RCE (Remote Code Execution) that can be pulled off by asking the server nicely to connect to a remote SFTP server and download a file. In this case, the specified path for saving that file isn’t validated, and can be written anywhere to the Monsta FTP filesystem. Instant webshell. This time it did get fixed, within a couple weeks of WatchTowr sending in the vulnerability disclosure.

Imunify AV

Antivirus software Imunify just fixed an issue that threatened a few million servers. Imunify is an antivirus product that scans for malicious code. It sounds great. The problem is that it worked to deobfuscate PHP code, by calling an executeWrapper helper function. The short explanation is that this approach wasn’t as safe as had been hoped, and this deobfuscation step can be manipulated into running malicious code itself. Whoops.

Patchstack reported on this issue, and indicated that it had been publicly known since November 4th. Patches have since been issued, and a simple message has been published that a critical security vulnerability has been fixed. There is a PoC (Proof of Concept) for this vulnerability, that would be trivial to develop into a full webshell. The only challenge is actually getting the file on a server to be scanned. Either way, if your servers run Imunify, be sure to update!

IndonesianFoods

There’s another NPM worm on the loose, and this one has quietly been around for a couple years. This one is a bit different, and the “malicious” packages aren’t doing anything malicious, at least not by default.

[Paul McCarty] first spotted this campaign, and gave it the name “IndonesianFoods”, inspired by the unique names the fake packages were using. It appears that a handful of malicious accounts have spent time running a script that generates these fake packages with unique names, and uploads them to NPM. Downloading one of these packages doesn’t run the script on the victim machine, and in fact doesn’t seem to do anything malicious. So what’s the point?

Endor Labs picked up this thread and continued to pull. The point seems to be TEA theft. That’s the Blockchain tech that’s intended to reward Open Source project and contributions. It’s yet another abuse of NPM, which has had a rough year.

Rusty Sudo

Canonical made a bold decision with Ubuntu 25.04, shipping the uutils Rust rewrite of coreutils and sudo-rs. That decision was controversial, and has proven to be a cause of a few issues. Most recently, the sudo-rs utility has made news due to security vulnerabilities. We know the details on a few of the issues fixed in this update of those, CVE-2025-64170. It’s a quirk when a user types a password into the prompt, but never presses return. The prompt times out, and the typed characters are echoed back to the terminal.

Another issue doesn’t have a CVE assigned yet, but is available as a GitHub Security Advisory, and the patch is published. This one has the potential to be an authentication bypass. Sudo has the feature that tracks how long it has been since the user has last authenticated. The flaw was that this state was leaking between different users, allowing a login by one user to count as a login for other users, allowing that password skip.

Bits and Bytes

And finally, there’s a bit of good news, even if it is temporary. Google has taken action against one of the larger SMS scam providers. The group operates under the name Lighthouse, and seems to use normal cloud infrastructure to run the scams, simply flying under the radar for now. Google has combined legal action with technical, and with any luck, law enforcement can join in on the fun.

hackaday.com/2025/11/14/this-w…

Europe stands at perhaps the most difficult crossroads of recent times, a tough call to make between social welfare and stabilizing fiscal balance. On 4 November 2025, the IMF issued a warning, citing the deep fiscal troubles the EU is facing and how the situation is likely to worsen if immediate and more decisive steps are not taken. The rising debt levels, which could double to 140% by 2040, as suggested by the IMF, pose an imminent threat to disturbing the existing fragile balance between revenue and expenditure. Funding various social schemes, including pensions, unemployment benefits, healthcare, and education, has long been a mainstay of government policies across the EU. Now, the IMF calls for a re-evaluation of those spending policies. The message is clear: harsh measures are crucial now to have a better future. Across Europe, governments have already joined the austerity drive. For the last 18 months, the EU has been experimenting with various ideas as part of a strict fiscal policy aimed at restoring the budgetary balance. Below is a list of measures adopted across the EU countries:

• Raising the statutory retirement age.
• Freezing or delaying pension indexation.
• Limiting the duration of unemployment benefits.
• Reducing public-sector wage growth or hiring.
• Cutting healthcare and education budgets.
• Phasing out early-retirement schemes.
• Increasing consumption or environmental taxes.
• Reducing energy or transport subsidies.
• Capping family and housing support payments.
• Restricting public investment spending.

These measures have either been implemented/approved, or are currently under parliamentary debate. As policymakers adjust the policy machinery to cope with an impending economic peril, implementations are faced with a formidable opposition from the affected groups. In fact, over the last two months, a wave of rising resentment has been evident. Belgium, France, Germany, Italy, and more have all witnessed nationwide strikes, and many more are likely to follow.

Although cutting public spending might seem like a straightforward solution to rectify the current fiscal imbalance from the government’s perspective, the situation is not entirely linear. Cutting public funding, such as pensions, social benefits, or unemployment funds, reduces the disposable income of the impacted groups. Low disposable income means lower consumer demand. With demand spiraling downward, supply needs to be downsized as well, following a fundamental economic principle that matches market demand. As a result, businesses respond with layoffs, further reducing tax revenues and pushing up unemployment levels. In short, economies can face a self-perpetuating cycle that widens inequality and, even worse, triggers an economic recession (something the world witnessed in the 1930s – The Great Depression).

Furthermore, a reduction in expenditure on human infrastructure, whether in health or education, has a long-term negative impact on the economy. The immediate effect could be a robust balance sheet and good fiscal ratios. In the longer run, it weakens the foundation for sustainable growth, something which the EU stands for and identifies with. Decline in human capital, lack of innovation and global competitiveness, brain drain, social inequality, and other issues are a few notable consequences. Excessively rigid austerity measures, in a way, can undermine growth and social cohesion.

The IMF’s warning, therefore, should not be examined in a single dimension. Instead of treating it as a call to cut, it can be perceived as an invitation to rethink how Europe balances its books while safeguarding its people.

The solution lies in achieving a balance:

According to Friedrich Ebert Stiftung’s “Alternative to Austerity”, if fiscal strategies are growth-oriented, rather than simply focusing on cutting expenditure, a balance can be reinstated without impacting the welfare. Budgetary discipline will have to be achieved through the use of a balanced mix of responsible budgeting and investing public funds wisely. Pumping investments into areas such as infrastructure, education, and green technology can help countries build strong and sustainable economies, as well as secure their futures. These investments can help create more jobs, improve skills, and support long-term growth. It also calls for a fairer tax system where the wealthy and large companies contribute more, reducing the pressure on working families.

The problem the EU is facing at this moment goes beyond the budget. The challenge is about protecting fairness and dignity. Financial discipline should always go hand-in-hand with social justice.

The goal should not be to weaken the social support systems people depend on, but to strengthen and make them more sustainable, so that growth and fairness work together, rather than against each other.

Reference Links:

politico.eu/article/police-cla… | archive.ph/pYghC

euronews.com/2025/09/24/french… | archive.ph/JetNb

berlintoday.com/public-sector-… | archive.ph/8ZdCM

european-pirateparty.eu/are-eu…