We all carry touch screen computers around in our pockets these days, but before the smartphone revolution, there was the personal digital assistant (PDA). While it wasn’t a commercial success, one of the first devices in this category was the Apple Newton. Today they’re sought after by collectors, although most of the ones surviving to this day need a bit of rework to the battery pack. Luckily, as [Robert’s Retro] shows, it’s possible to rebuild the pack with modern cells.

By modern standards, the most surprising thing about these battery packs is both that they’re removable and that they’re a standard size, matching that of AA batteries. The Newton battery pack uses four cells, so replacing them with modern rechargeable AA batteries should be pretty straightforward, provided they can be accessed. This isn’t as easy, though. In true Apple fashion the case is glued shut, and prying it apart can damage it badly enough so it won’t fit back in the tablet after repair is complete. The current solution is to cut a hatch into the top instead and then slowly work on replacing the cells while being careful to preserve the electronics inside.

[Robert’s Retro] also demonstrates how to spot weld these new AA batteries together to prepare them for their new home in the Newton case. With the two rows fastened together with nickel strips they can be quickly attached to the existing electrical leads in the battery pack, and from there it’s just a matter of snapping the batteries into the case and sliding it back into the tablet. If you’re looking for something a bit more modern, though, we’d recommend this Apple tablet-laptop combo, but it’s not particularly easy on the wallet.

youtube.com/embed/wfXbp1AO4tk?…

hackaday.com/2024/12/13/apple-…

This week on the big 300th episode, Hackaday’s Elliot Williams and Kristina Panos teamed up to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week. So basically, business as usual.

First up in the news: it’s time for the Hackaday Europe 2025 call for proposals! Do you have a tale of hardware, firmware, or software that must be shared with the Hackaday crowd? Then this is your chance to regale us with a 20- or 40-minute talk. You know we love to hear new voices, so be sure to consider proposing a talk.

On What’s That Sound, it’s a results show week. Congratulations to [Kelvin] who was one of many that correctly identified it as the Wii startup sound. Kristina will just be over here with her Pikachu64 with the light-up cheeks.

Then it’s on to the hacks and such beginning with a rather nice reverse-engineering of the PS1, which surprisingly did it with a two-sided board. Then it’s on to a smartphone home server, magic eye images in a spreadsheet, and the math behind the music of 80s. Finally, we talk about disc cameras, the hovercraft revolution, and a whole mess of keyboards.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

html5-player.libsyn.com/embed/…

Download in DRM-free MP3 and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 300 Show Notes:

News:

• 2025 Hackaday Europe CFP: We Want You!

What’s that Sound?

• Congratulations to [Kelvin]! It was the Wii menu background music.

Interesting Hacks of the Week:

• PlayStation Motherboard Sanded And Scanned, But There’s More To Do
  
  • Deconstructing PCBs
  • Remoticon Video: How To Reverse Engineer A PCB

  
  

• The Audiophile Carrot
  
  • Reddit – Dive into anything

  
  

• Smartphone Runs Home Server
  
  • I “Solved” Samsungs Swelling Battery Problem! (Batteryless Phone) – YouTube
  • Want Octoprint But Lack A Raspberry Pi? Use An Old Android Phone

  
  

• Magic Eye Images In Your Spreadsheet
• Amateur Radio Operators Detect Signals From Voyager 1
  
  • Moon Bouncing And Radar Imaging With LoRa
  • Decoding JS1YMG: First Ham Radio Station On The Moon After SLIM Mission
  • Voyager-1 single dish detection at Allen Telescope Array – Daniel Estévez
  • Detecting Voyager 1 with the ATA

  
  

• Do 3D Printers Dream Of LEGO Sheep?
  
  • Watch The OpenScan DIY 3D Scanner In Action
  • Get Great 3D Scans With Open Photogrammetry
  • What To Expect From 3D Scanning, And How To Work With It

  
  

Quick Hacks:

• Elliot’s Picks:
  
  • The Math Behind The Music Of The 80s
  • Chaotic System Cooks Meat Evenly
  • Raspberry Pi 500 And The Case Of The Missing M.2 Slot

  
  

• Kristina’s Picks:
  
  • Updated Mouse Ring Does It With A Joystick
  • An Engineer’s Perspective On Baking Gingerbread Houses
  • Unexpectedly Interesting Payphone Gives Up Its Secrets

  
  

Can’t-Miss Articles:

• Disc Film,When Kodak Pushed Convenience Too Far
• The Hovercraft Revolution And Finding The Right Niche For A Technology
  
  • Lenses: From Fire Starters To Smart Phones And VR

  
  

• Keebin’ With Kristina: The One With The Funny Keyboard

hackaday.com/2024/12/13/hackad…

Two guys — Stern and Gerlach — did an experiment in 1922. They wanted to measure magnetism caused by electron orbits. At the time, they didn’t know about particles having angular momentum due to spin. So — as explained by [The Science Asylum] in the video below — they clearly showed quantum spin, they just didn’t know it and Physics didn’t catch on for many years.

The experiment was fairly simple. They heated a piece of silver foil to cause atoms to stream out through a tiny pinhole. The choice of silver was because it was a simple material that had a single electron in its outer shell. An external magnet then pulls silver atoms into a different position before it hits some film and that position depends on its magnetic field.

If electrons randomly flew around the nucleus like a cloud, you’d expect a cloudy line on the film. If the electrons had a fixed number of possible electron orbits, the film would show a series of points. In the end, the result was a big surprise — it was neither of the expected patterns. Instead, they got something shaped like the outline of some lips.

They realized that the horizontal deflection occurred even without the magnet, so what looked like two lines were really two points, and that implies that the electrons must be in one of two positions. However, the truth is more complicated.

In fact, Schrödinger’s equations appeared later and shed more light on how the electrons could orbit. It also seemed to imply that the earlier experiment should have been a single spot on the film. The answer turned out to be quantum spin.

According to the video, this was a lucky mistake. The experiment was perfect for measuring quantum spin, but it was unlikely that anyone would have thought to perform it for that purpose. By trying to prove one thing, they had actually proved another thing that no one understood yet. Science is strange and wonderful.

Spin is a big deal in many quantum computers. If you need a refresher on electron orbitals, it is a topic we cover periodically.

youtube.com/embed/vRI1fCOQ0GA?…

hackaday.com/2024/12/13/the-st…

Humans are well overdue for a technological revolution – not a profit-driven one like we’re having now, a human-centric one. Sci-fi is wonderful for having your brain run wild. Over the last century, we’ve had writers try and imagine what world would’ve had looked like if a new technology were to address different aspects of human condition, or, work to undercut us all in yet unseen ways, for a change.

Quite a few leading HaD projects have clear sci-fi inspiration, too, and same goes for a large number of Hackaday Prize entries. Over here, we live for fantasy made reality through skill, wit, and insights.

Ever got a sci-fi-esque dream that you’ve tried to implement with modern-day tech, only to fail because something fundamental was missing about how your phone/laptop/smartwatch functions? You’re not alone here, for sure – this describes a large chunk of my tech journey. In real life, you work with audience-tailored devices, the few fun usecases pre-cooked into the hardware-firmware blob.

Still, how much can you build on top of a consumer device? Alternative OSes that liberate you from the trend of enshittification, for instance, that one’s brilliant and a lifeline for preserving one’s sanity. Alternative platforms that bring a reprieve from a modern combative and ad-filled social media environment, sure. Still, feels limited

How about diary keeping? Personal diaries are really rad, aren’t they? Surely, that one’s a low-hanging fruit?

Betteridge’s Law Breaking

The first “hack on self”-like app I’ve ever built, was a parser/UI for our local public transport company schedules – letting me know when to run for a bus stop. I wanted to reduce resistance, and eventually, even integrate it into a portable device of some sort. I did bring that to a phone of mine, with help of Python SDK for Symbian S60, a wonderful if a little limited framework.

The next app of mine was a diary, encrypted with Blowfish, because that’s what I found a pure Python implementation of. I always tried keeping a diary, in a number of different paper forms, and I always failed in the end. The app though, it was fun, just secure enough to avoid relying on obscurity, and it worked great – for two weeks! It was pretty easy for me to forget about its existence, and every time I wanted to log something, I’d need to log in. Sounds easy? Yeah. In retrospect, I would’ve added a diary entry function before the decryption prompt, because even that small of a delay has backfired.

There’s a somberly fun saying, that with ADHD, a TODO list or a project can last at most two weeks. The diary is where I’ve really felt that one. Here I was, just having touched base with the dream of keeping a diary, and now it’s gone? How does that even work? How is it that I’m out of juice for it, somehow, why is it that opening the diary to make notes was fun two weeks ago, but is a chore today?

No worries, though, the sadness didn’t last long, I avoided learning too much in the moment, and immediately found something else to hack on. Every time I heard about journaling, keeping a diary, an archive, it felt fun, but also a fair bit more unreachable than before. I still wanted it, and, I’ve had my share of sadness to process through.

Or Did I?

Of course, if you’ve failed at building something, one way of processing the resulting sadness is to get distracted by other projects until you’re interested in the goal again, try and remember your mistakes, wait for the perfect conditions, and then build a new system that avoids those mistakes as you remember them.

Now, memories are fuzzy and malleable, so the “lessons from years ago” could be outright false, attention is hard to predict so it could take years to resume a project, and you’d want to reach for some actual insights, but whoops, you’d want some sort of diary to look back at, the whole thing is a chicken-and-egg problem yet again.

We don’t let that get in the way – we just build new stuff, and on average, it magically turns out to be better, because we’re building it differently this time. Really, just how many times can you try the same thing and fail? This time, it will be different! Seriously, it’s been days/months/years, how could it be the same? Keep pulling the lever of one-armed bandit that is project enthusiasm, see if you win the lottery and transform an aspect of your life for the better.

By that point, I had a few points of change filed away. I wanted some sort of daily notifications that’d motivate me to stick with it longer than two weeks, for sure. I also wanted to reduce resistance towards making entries – no more passphrase entry before logging, no more need for decryption. At the time, I spent 24/7 with my laptop on me, so that’s a low-resistance platform’s sorted out. I make it an Alt-Tab away, add regular notifications, should be easy this time.

Tale Of Two Scripts

I recalled one thing – the diary logs were accessible as long as I could remember the password, sure, and at the same time, I was rarely interested in re-reading them. Things changed, because I got a new question, trying to piece together a narrative about myself. How’d my days actually go? Could I draw trends of happiness, productivity, energy, excitement?

This time, I wrote a couple commandline apps with very simple text interfaces. The very first one, poc_1.py for proof-of-concept 1, used a non-dismissable notification service to poke me once every 24 hours, every morning, asking a very simple question – “how do you feel?”. Wake up, alt-tab into the commandline window, write in how I’m feeling as a baseline, then get up and go about my day.

Really, I wanted my computer to care about me, because it felt like the only entity that possibly would and really could, even, had the energy to. It can be hard to untangle a brain’s inner workings, even though stars know we all try, and my country isn’t known for having quality therapists that are easy to find. So, my computer it is – non-judgmental by nature, giving me space to talk, space of the kind I lacked everywhere else.

The next two poc_N.py scripts were about logging achievements and problems respectively, into the same logfile used by the poc_1.py. 10 minutes after I wrote both of them, I realized that they were a carbon copy of each other, and united them into poc_4.py – a script tailored for me to quickly log any sort of event into a commandline window at a whim.

The aim was very simple – let a stream of thoughts flow as quickly as possible. Type up your thoughts or an event, enter, type another, enter. One letter in the beginning to indicate event type, for rudimentary categorization – the script will remind you if you forget to input it, too. Primarily, I wanted to use it to log my day-to-day achievements and problems alike, but also general thoughts and feelings I wanted to let out.

"day_reflection": "it's been productive. Currently, I feel indifferent, to be honest. [...]"}

What Happened?

Two scripts, one asks me every morning how I’m feeling, and another is a place I can put any sorts of thoughts at any point. I wanted to – how my day went, and how I feel about the previous day. It was also pretty easy to read through the logs, or parse them – my “linebreak-separated json” strategy remains undefeated.

Every morning, I would wake up, look at my laptop, see a notification, and alt-tab the console window to talk about how I feel first thing in the morning. While writing my feedback, I could look to the side and see the achievements/problems/thoughts of the previous day. It was nice – and it’s still nice to use, even though I’ve definitely had gaps in its use. It wasn’t the nicest part about it!

I realized that my feelings about the previous day had nothing to do with the previous day. Instead, it was defined by how I feel in the morning. My feelings were about how well I slept, what I ate, my dreams in the night, the first thought that came into my mind when I woke up, the last open window on my laptop. My feelings about yesterday were defined by anything except what I actually did yesterday.

It was sobering to be reminded how much my assessments and decisions are influenced by my feelings and state in the moment, rather than a recollection of facts and a weighted assessment of them. A year or two later, I saw this fact in a Twitter thread, described as a piece of common knowledge about life logging as a practice. I don’t think I’ve ever bookmarked it, and, I’m yet to track that thread down again.

Before, I used to put a lot of stock into the feeling of “how my last few days went”. Now, I keep it firmly in mind that I need strong references to make such conclusions. I still have big, months-long gaps in using the diary script, but I have not given up on it, or the idea – it’s not the only insight I’ve gotten from it.

Self: Hacked

So, that was a quick and fruitful finding – we take those. Collecting more data has proven to be helpful yet again, and so has building low-interaction-resistance context-aware systems. What else… a system that taps into feelings, might give you insights you couldn’t even hope for – it’s not like most of us get a solid toolkit to navigate or analyze our feelings day-by-day. Still a few problems left to solve and tricks to try out, and it’s all pretty exciting.

How can I make my diary keeping more consistent? Voice logging option for the days when text’s not as accessible? Building the diary system into multiple places at once, always having new aspects to switch to when one gets boring? Dynamic reminders that catch me exactly when I have some free time to write? More helpful event logging? Those are just a few of the directions I’m pursuing at once.

In the meantime, hacking continues. You’ll see more concepts, new findings, and even some lovely hardware – especially given that a couple other hackers have joined the fight.

hackaday.com/2024/12/13/hack-o…

Who wouldn’t want to have a scanning electron microscope (SEM)? If you’re the person behind the ProjectsInFlight channel on YouTube, you certainly do. In a recent video it’s explained how he got his mittens on a late 1980s, early 1990s era JEOL JSM-5200 SEM that was going to be scrapped. This absolute unit of a system comes with everything that’s needed to do the imaging, processing and displaying on the small CRT. The only problem with it was that it was defective, deemed irreparable and hence the reason why it was headed to the scrap. Could it still be revived against all odds?
The JEOL JSM-5200 SEM after being revived and happily scanning away. (Credit: ProjectsInFlight, YouTube)
The good news was that the unit came with the manual and schematics, and it turns out there’s an online SEM community of enthusiasts who are more than happy to help each other out. One of these even had his own JSM-5200 which helped with comparing the two units when something wasn’t working. Being an SEM, the sample has to be placed in a high vacuum, which takes a diffusion vacuum pump, which itself requires a second vacuum pump, all of which requires voltages and electronics before even getting to the amplification circuitry.

Since the first problem was that this salvaged unit wasn’t turning on, it started with the power supply and a blown fuse. This led to a shorted transformer, bad DC-DC converters, a broken vacuum pump, expired rubber hoses and seals, and so on, much of which can be attributed simply to the age of the machine. Finding direct replacements was often simply impossible to very expensive, necessitating creative solutions along with significant TLC.

Although there are still some small issues with for example the CRT due to possibly bad capacitors, overall the SEM seems to be in working condition now, which is amazing for a unit that was going to be trashed.

Thanks to [Hans] for the tip.

youtube.com/embed/Kqx9blbYDB0?…

hackaday.com/2024/12/13/saving…

Sono state scoperte vulnerabilità nei sistemi multimediali delle auto Skoda che consentono il controllo remoto delle funzioni dell’auto e il monitoraggio della loro posizione in tempo reale. PCAutomotive lo ha annunciato alla conferenza Black Hat Europe.

La ricerca ha identificato 12 nuovi bug che interessano la Skoda Superb III (3V3) – 2.0 TDI rilasciata nel 2022. Skoda è un marchio di proprietà del colosso automobilistico tedesco Volkswagen.

PCAutomotive ha spiegato che le vulnerabilità potrebbero essere utilizzate in combinazione per introdurre malware nel sistema di un veicolo. Per fare ciò, gli hacker criminali devono connettersi al sistema multimediale Skoda Superb III tramite Bluetooth. L’aggressore dovrà essere nelle vicinanze del veicolo, fino ad un massimo di 10 metri dall’auto.

Le vulnerabilità che colpiscono il sistema MIB3 potrebbero consentire l’esecuzione di codice arbitrario ogni volta che il dispositivo viene avviato. Ciò apre la possibilità di ottenere dati sulla posizione del veicolo tramite GPS, velocità di guida, registrare conversazioni tramite il microfono integrato, acquisire schermate dallo schermo del sistema multimediale e anche riprodurre eventuali suoni nell’abitacolo.

Anche i dati di contatto sincronizzati del proprietario dell’auto potrebbero essere rubati. A differenza dei database telefonici sicuri, le informazioni di contatto nel sistema di archiviazione MIB3 sono archiviate in testo non crittografato, rendendone più facile il furto. Tuttavia, nonostante la gravità della minaccia, i ricercatori non hanno trovato vulnerabilità che consentissero l’accesso ai sistemi critici di controllo del veicolo come sterzo, freni e acceleratore.

Secondo PCAutomotive, le unità MIB3 vulnerabili vengono utilizzate in vari modelli Volkswagen e Skoda e la società stima che potrebbero esserci più di 1,4 milioni di veicoli di questo tipo nel mondo. Allo stesso tempo, gli esperti osservano che il numero effettivo di auto a rischio potrebbe essere molto più elevato se si tiene conto del mercato secondario. Quindi, su piattaforme come eBay puoi trovare sistemi multimediali con contatti già sincronizzati, se il precedente proprietario non li ha cancellati.

PCAutomotive ha segnalato il risultato a Volkswagen e la società ha rilasciato aggiornamenti di sicurezza per risolvere i difetti. Un rappresentante Skoda ha osservato che durante l’intero periodo di utilizzo dei veicoli non sono stati registrati rischi per la sicurezza dei clienti o dei loro veicoli.

L'articolo Bug nel Sistema Multimediale di Skoda: Rischi per 1,4 Milioni di Veicoli! proviene da il blog della sicurezza informatica.

Microsoft’s Recall feature is back. You may remember our coverage of the new AI feature back in June, but for the uninitiated, it was a creepy security trainwreck. The idea is that Windows will take screenshots of whatever is on the screen every few seconds, and use AI to index the screenshots for easier searching. The only real security win at the time was that Microsoft managed to do all the processing on the local machine, instead of uploading them to the cloud. All the images and index data was available unencrypted on the hard drive, and there weren’t any protections for sensitive data.

Things are admittedly better now, but not perfect. The recall screenshots and database is no longer trivially opened by any user on the machine, and Windows prompts the user to set up and authenticate with Windows Hello before using Recall. [Avram] from Tom’s Hardware did some interesting testing on the sensitive information filter, and found that it worked… sometimes.

So, with the public preview of Recall, is it still creepy? Yes. Is it still a security trainwreck? It appears that the security issues are much improved. Time will tell if a researcher discovers a way to decrypt the Recall data outside of the Recall app.

Patch Tuesday

Since we’re talking about Microsoft, this week was Patch Tuesday, and we had seventy-one separate vulnerabilities fixed, with one of those being a zero-day that was used in real-world attacks. CVE-2024-49138 doesn’t seem to have a lot of information published yet. We know it’s a Heap-based Buffer Overflow in the Common Log File driver, and allows an escalation of privilege to SYSTEM on Windows machines.

BadRAM

One of the most interesting frontiers in computing right now is trying to give cloud computing actual security. AMD has approached this problem with SEV-SNP, Secure Encrypted Virtualization/Secure Nested Paging, among other approaches. But today we have a very clever hardware attack that can defeat SEV-SNP: BadRAM.

The key here is the DIMM memory specification’s SPD, Serial Presence Detect. That’s a simple protocol that uses SMBus, an I2C protocol, to pull information from a memory module. How does your desktop know that those are 4 GB modules? And how does it know the right timings to actually boot successfully? SPD provides that data. BadRAM asks the rather simple question, what happens if you overwrite a module’s SPD chip?

When you convince SPD to lie, and report a memory module that’s larger than it really is, you get a sort of shadow memory. Put simply, multiple memory addresses refer to the same physical bits. That should set your security alarm bells to sounding. This defeats most memory protection schemes, and allows overriding SEV-SNP, by just over-writing the security hashes after they’ve been calculated. AMD has released updated firmware that actively checks for aliasing addresses, defeating the attack.

When rnd is Hard

Getting good random bits is hard. There is the obvious problem, that computers are deterministic, and can’t actually generate randomness without dedicated hardware for the purpose. Beyond that, different languages and platforms have different quirks. Many of those languages have a pseudorandom function, that can produce a good approximation of random numbers. The catch is that those numbers are entirely deterministic, and to be anything close to usable as a safe source of randomness, the pseudorandom function must be seeded with a truly non-deterministic number.

Which is why it’s particularly bad to accidentally hard-code the seed into a platform. And yes, that’s exactly what the Web assembly platform for Dart did until surprisingly recently. This did result in an easy-to-guess websocket port/key/password combination that could result in the takeover of a Dart application from another visited website. And that’s not all, follow the link above to find two other similar stories in the Dart/Flutter world.

OpenWRT and sha256 collisions

The OpenWRT project had a bit of a security scare late last week. It turns out that the attended sysupgrade service actually triggers custom firmware builds on the OpenWRT servers. And it’s possible to run arbitrary code insode that build process. That’s not as bad as it sounds, as the project works very hard to isolate each of those builds inside podman containers. There was another problem, where build artifacts were tracked using a partial SHA256 hash. The full 64 characters of a SHA256 hash is enough to be secure, particularly in this case — but reducing that to twelve characters is not.

[RyotaK] actually did the work, using hashcat to find a hash collision, resulting in the server serving a tampered firmware image in place of the correct one. The find was reported, and the sysupgrade build server was temporarily taken offline, and a fix rolled out. The OpenWRT project put out a statement, acknowledging the issue, and pointing out that there are insufficient logs to determine whether this vulnerability chain has ever actually been used. And so out of an abundance of caution, users of the sysupgrade server should trigger an in place upgrade to completely rule out the possibility of running a compromised image.

Bits and Bytes

Facebook Messenger on iOS had an issue, where a member of group calls could crash the app for all members of the call, simply by sending an invalid emote to the group. Sure puts the angry face in context. It’s fixed now, appears to be strictly limited to the denial of service crash, and there’s a decent walkthrough of the problem at the link.

Maxwell Dulin, AKA [Striꓘeout], has now worked on both sides of the security coin. He’s both been the security researcher, and now is on the security team at a company. This puts him in a particularly good position to comment on why it takes so long to fix a given bug. And not to give it away, but some of the reasons are better than others.

And finally, how not to fall for a crypto scam. In this case, it was a Telegram group, that was hawking a fake new token. The scam was rather impressive, with faked reviews from Certik and TechRate, and legitimate looking smart contracts. But like most deals that seem to good to be true, this was a rugpull, where criminal con artists convinced a few investors to put money into the scheme, only to take the money and run. Stay frosty out there!

hackaday.com/2024/12/13/this-w…

Gli analisti di Lookout hanno scoperto uno spyware precedentemente sconosciuto per Android chiamato EagleMsgSpy. Si ritiene che venga utilizzato dalle forze dell’ordine cinesi e dalle agenzie governative per monitorare i dispositivi mobili.

I ricercatori ritengono che lo spyware sia stato sviluppato da una società cinese, Wuhan Chinasoft Token Information Technology Co., Ltd. (noto anche come uhan Zhongruan Tongzheng Information Technology Co., Ltd e Wuhan ZRTZ Information Technology Co, Ltd.) ed è in uso almeno dal 2017.

Inoltre, i primi artefatti associati a EagleMsgSpy sono stati caricati su VirusTotal solo il 25 settembre 2024.

EagleMsgSpy: Non solo la NSO Group

Come sempre abbiamo detto, la NSO Group, leader nella produzione di spyware di controllo remoto, non è l’unica a sviluppare malware avanzati di spionaggio.

Nel loro rapporto, gli investigatori forniscono numerose prove che collegano EagleMsgSpy ai suoi sviluppatori e operatori, inclusi indirizzi IP associati a server di controllo, domini, collegamenti diretti nella documentazione interna, nonché contratti pubblici e dati OSINT raccolti.

Ad esempio, il dominio utilizzato da Wuhan Chinasoft Token Information Technology per ospitare materiale pubblicitario (tzsafe[.]com) appare anche nel codice EagleMsgSpy e la documentazione del malware menziona direttamente il nome dell’azienda stessa.

Inoltre, gli screenshot esaminati dei dispositivi di prova dal pannello amministrativo di EagleMsgSpy corrispondono all’ubicazione dell’ufficio dell’azienda a Wuhan. È da notare che nella documentazione interna e nell’infrastruttura degli sviluppatori di spyware sono stati trovati indizi dell’esistenza di una versione iOS di EagleMsgSpy, ma i ricercatori non hanno ancora a disposizione un campione per i dispositivi Apple.

Gli stessi sviluppatori descrivono EagleMsgSpy come un “prodotto completo per il monitoraggio legale dei dispositivi mobili” in grado di raccogliere “informazioni dai telefoni cellulari dei sospettati in tempo reale, attraverso il monitoraggio della rete all’insaputa del sospettato, tracciando tutte le azioni del criminale con i telefoni cellulari e riassumendoli”.

Lookout ritiene che le forze dell’ordine installino manualmente EagleMsgSpy sui dispositivi mirati quando hanno accesso fisico ai dispositivi sbloccati. È probabile che ciò accada durante la confisca dei dispositivi, ad esempio durante gli arresti.
Programma di installazione di EagleMsgSpy

Spionaggio a 360 gradi

Poiché non è stato possibile trovare l’installer APK nel Google Play Store o negli app store di terzi, si ritiene che lo spyware sia distribuito da un numero molto limitato di operatori.

Uno studio su diversi campioni di spyware ha mostrato che gli sviluppatori stanno attivamente migliorando l’offuscamento e la crittografia del codice (ad esempio, utilizzando l’apkToolPlus open source), ovvero EagleMsgSpy è chiaramente in fase di sviluppo attivo.

Una volta installato sul dispositivo di destinazione, EagleMsgSpy mostra la seguente attività:

• ruba messaggi dai servizi di messaggistica istantanea (inclusi QQ, Telegram, Viber, WhatsApp, WeChat e così via);
• registra ciò che accade sullo schermo utilizzando l’API Media Projection, acquisisce screenshot e registra l’audio;
• recupera i registri delle chiamate, l’elenco dei contatti e i messaggi SMS;
• riceve dati sulla posizione (GPS), attività di rete, applicazioni installate;
• ruba segnalibri dai browser e file da dispositivi di archiviazione esterni.

Tutti i dati raccolti vengono temporaneamente archiviati in una directory nascosta, crittografati, compressi e quindi trasferiti ai server di controllo.

Un Pannello di amministrazione completo

Il pannello di amministrazione del malware si chiama “Stability Maintenance Judgment System”. Consente agli operatori remoti di avviare azioni in tempo reale come la registrazione dell’audio, la visualizzazione della distribuzione geografica dei contatti di una vittima e il monitoraggio dei messaggi.

Per quanto riguarda gli operatori di spyware, Lookout afferma che i server di controllo di EagleMsgSpy sono associati ai domini dell’Ufficio di pubblica sicurezza, come le filiali di Yantai e Zhifu.

Il rapporto rileva inoltre che gli specialisti di Lookout sono stati in grado di identificare due indirizzi IP associati ai certificati SSL dei server di controllo EagleMsgSpy (202.107.80[.]34 e 119.36.193[.]210). Questi indirizzi sono stati precedentemente utilizzati da altri strumenti di spionaggio provenienti dalla Cina, tra cui PluginPhantom e CarbonSteal.

L'articolo Cina Leader Nei Malware! EagleMsgSpy: lo Spyware che compete con Pegasus proviene da il blog della sicurezza informatica.

Autori: Luca Stivali e Francesco De Marcus del gruppo DarkLab

Le nostre fonti di Threat Inteligence purtroppo sono confermate. Alle ore 7:10 di oggi, nei canali underground da noi monitorati, è apparso un messaggio che annunciava un’altra ondata di attacchi DDoS ai danni di target italiani.

Il gruppo di attivisti filorussi NoName057 sta conducendo, per il secondo giorno consecutivo, attacchi di Distributed Denial Of Of Service (DDoS) contro istituzioni pubbliche e private italiane.

Dopo gli attacchi di ieri che hanno colpito i siti dei principali porti italiani (Trieste e Taranto), il sito della Guardia di Finanza e molti altri; oggi nel mirino risultano fra gli altri: Aereonautica Militare, Marina Militare, Banca BPER, Corte costituzionale, Ministero del Lavoro, Consiglio Superiore della Magistratura, Ministero delle Infrastrutture e molti altri.

Ecco la lista dei target:

• concorsi.gdf.gov.it
• openpnrr.it
• www.acqualatina.it
• acamir.regione.campania.it
• www.agenziatplbergamo.it
• www.mimit.gov.it
• www.mediobanca.com
• www.uni.com
• www.aeronautica.difesa.it
• www.bper.it
• sso.csm.it
• www.cortecostituzionale.it
• www.lavoro.gov.it
• www.mit.gov.it
• www.csm.it
• www.popso.it
• www.fingenia.it
• www.marina.difesa.it
• www.ctmcagliari.it

Al momento della stesura dell’articolo (13 dicembre ore 9:39) i target risultano effettivamente non raggiungibili.

Attacchi DDoS e NIS2

Come già ampiamente discusso nei nostri precedenti articoli un attacco DDos (Distributed Denial of Service) è una tipologia di attacco mirato a sovraccaricare un sito web, un server o una rete con una quantità eccessiva di traffico che arriva da una rete di computer compromessi (noti anche come reti zombie) che rendono difficilmente individuabile il traffico malevolo da quello genuino.

Nell’ultimo rapporto CLUSIT del 2024 si evidenzia che i criminali prediligono due tipologie di attacchi, i Malware e i DDos i quali rappresentano rispettivamente il 32,6 e il 30,3 degli incidenti segnalati. Pertanto, come soleva dire Antonio Lubrano, “la domanda ci sorge spontanea”.

Vista la caratura delle realtà colpite in questi giorni, che peraltro avrebbero dovuto già implementare la NIS1, quanto manca ancora al sistema Italia per essere compliance con la nuova NIS2?

La domanda che ci poniamo vuole essere assolutamente provocatoria, stuzzicante e riflessiva. Le scadenze purtroppo hanno spesso valore per il mero adeguamento formale ma, in questo caso, sono strumentali e funzionali alla sicurezza paese e quindi di necessaria implementazione.

L'articolo Secondo giorno di attacchi DDoS da parte di NoName057 ai danni di istituzioni e banche proviene da il blog della sicurezza informatica.

In our high school chemistry classes we all learn about chirality, the property of organic molecules in which two chemically identical molecules can have different structures that are mirror images of each other. This can lead to their exhibiting different properties, and one aspect of chirality is causing significant concerns in the field of synthetic biology. The prospect of so-called mirror organisms is leading to calls from a group of prominent scientists for research in the field to be curtailed due to the risks they would present.

Chirality is baked into all life; our DNA is formed of right-handed molecules while our proteins are left handed. The “mirror” organisms would reverse either or both of these, and could in theory be used to improve biochemical production processes. The concern is that these organisms would evade both the immune systems of all natural life forms, and any human defences such as antibiotics, thus posing an existential risk to life. It’s estimated that the capacity to produce such a life form lies more than a decade away, and the scientists wish to forestall that by starting the conversation early. They are calling for a halt to research likely to result in these organisms, and a commitment from funding bodies not to support such research.

Warnings of the dangers from scientific advances are as old as science itself, and it’s safe to say that many such prophecies have come from dubious sources and proved not to have a basis in fact. But this one, given the body of opinion behind it, is perhaps one that should be heeded.

Header: Original: Unknown Vector: — πϵρήλιο, Public domain.

hackaday.com/2024/12/13/chiral…

The web browser started life as a relatively simple hypertext reading application, but over the 30+ years since the first one displayed a simple CERN web page it has been extended to become the universal platform. It’s now powerful enough to run demanding applications, for example a full software-defined radio. [Jtarrio] proves this, with an application to use an RTL-SDR, in HTML5.

It’s a fork of a previous Google-Chrome-only FM receiver, using the HTML5 WebUSB API, and converted to TypeScript. You can try it out for yourself if you have a handy RTL dongle lying around, it provides an interface similar to the RTL apps you may be used to.

The Realtek digital TV chipset has been used as an SDR for well over a decade now, so we’re guessing most of you with an interest in radio will have one somewhere. The cheap ones are noisy and full of spurious peaks, but even so, they’re a bucket of fun. Now all that’s needed is the transmit equivalent using a cheap VGA adapter, and the whole radio equation could move into the browser.

hackaday.com/2024/12/13/use-yo…

La scienza sta aprendo nuovi orizzonti nella lotta contro la morte, considerando le possibilità di preservare la mente e la personalità umana. L’elemento chiave di tale ricerca è diventato il connettoma, una mappa unica di connessioni neurali nel cervello che contiene la memoria, la personalità e i tratti caratteristici di una persona.

L’idea di studiare il connettoma ha guadagnato popolarità con il discorso TED di Sebastian Xiong del 2010 “Io sono il mio connettoma“. Da allora, gli scienziati hanno fatto progressi nella mappatura del connettoma di organismi semplici come le larve dei moscerini della frutta e ora stanno lavorando per trasferire questa tecnologia al cervello umano. Tuttavia, questo compito rimane incredibilmente difficile: il numero di connessioni neurali nel cervello umano è paragonabile al numero di stelle in 10.000 galassie.

Il dottor Ariel Zeleznikov-Johnston, neuroscienziato e autore di The Future Loves You: How and Why We Must Abolish Death, offre una visione radicale della possibilità di preservare l’intelligenza. Nel suo libro esamina le idee relative alle tecnologie per preservare il cervello e creare emulazioni digitali della personalità umana. Una di queste tecnologie è una procedura di conservazione del cervello in grado di registrarne lo stato a livello delle connessioni neurali per il successivo restauro o digitalizzazione.

Secondo la ricerca, il tasso di successo di tali metodi è stimato da alcuni scienziati attorno al 40-50%. Sebbene ciò sia ancora lontano dall’essere una garanzia, la tecnologia è in costante miglioramento. Ad esempio, se il processo di mappatura del cervello viene avviato entro 36 ore dalla morte, è teoricamente possibile preservarne gran parte della struttura.

Il libro di Zeleznikov-Johnston introduce anche il concetto di “morte basata sulla teoria dell’informazione”. La morte avviene quando il ripristino del connettoma diventa impossibile. Ciò modifica l’idea tradizionale della morte, avvicinandola al concetto tecnico di perdita di dati.

Il lavoro del medico ha attirato l’attenzione della comunità scientifica e della società sulle prospettive di preservare la personalità oltre i confini biologici. Nonostante lo scetticismo di alcuni ricercatori, molti riconoscono che tali tecnologie possono cambiare radicalmente la nostra comprensione della vita e della morte.

“Il futuro ti ama” non solo descrive i risultati scientifici, ma solleva anche questioni filosofiche ed etiche su come l’umanità è preparata ad affrontare le sfide di una nuova era. Questi studi creano le basi per discussioni sulla possibilità dell’immortalità in forma digitale e su quale sarà il posto dell’uomo in un mondo in cui la morte non è più un’inevitabilità.

L'articolo Coscienza Digitale: il Connettoma Supererà la Morte Biologica. Saremo pronti per questo? proviene da il blog della sicurezza informatica.

Meta, che possiede le piattaforme Facebook, Instagram e WhatsApp, è il secondo più grande motore di traffico Internet nel mondo. Gli utenti dei suoi servizi creano il 10% del traffico Internet fisso e il 22% di quello mobile. Gli investimenti dell’azienda nell’intelligenza artificiale probabilmente aumenteranno questi numeri. Per garantire un’infrastruttura stabile, Meta prevede di realizzare un cavo sottomarino lungo oltre 40mila chilometri, che sarà interamente di proprietà della società.

Fonti vicine all’azienda hanno confermato i piani di costruzione. Il costo totale del progetto potrebbe superare i 10 miliardi di dollari. Questo cavo sarà il primo progetto di comunicazione sottomarina completamente proprietario di Meta. Il budget iniziale è di 2 miliardi di dollari, ma si prevede che aumenterà in modo significativo nel corso del progetto, il cui completamento richiederà diversi anni.

La realizzazione fisica del progetto non è ancora iniziata. Meta prevede di pubblicare i dettagli sul percorso, sulla capacità e sugli obiettivi di costruzione del cavo all’inizio del 2025.

Il percorso previsto del cavo prevede il collegamento della costa orientale degli Stati Uniti all’India attraverso il Sud Africa, e poi della costa occidentale degli Stati Uniti all’India attraverso l’Australia. Questo creerà una forma a “W” per il cavo. Il progetto è in fase di sviluppo nella divisione dell’azienda in Sud Africa.

I progetti infrastrutturali di Meta sono guidati da Santosh Janardhan, responsabile globale delle infrastrutture dell’azienda e co-responsabile dell’ingegneria. Le divisioni di ingegneria delle infrastrutture di Meta sono dislocate in tutto il mondo.

I cavi sottomarini in fibra ottica fanno parte dell’infrastruttura delle comunicazioni da 40 anni. Tuttavia, in questo caso, il fatto importante è chi finanzia e possiede interamente il progetto. Meta intende investire e possedere il cavo stesso, riflettendo una tendenza globale: il ruolo dei consorzi di operatori di telecomunicazioni sta diminuendo e le grandi aziende tecnologiche stanno assumendo sempre più il controllo di tali reti.

Per Meta, il coinvolgimento in progetti di cavi sottomarini non è una novità. Secondo Telegeography l’azienda è già proprietaria di 16 reti, tra cui il cavo 2Africa, che copre l’intero continente africano. Al progetto 2Africa partecipano anche operatori di telecomunicazioni come Orange, Vodafone, China Mobile e Bayobab/MTN. Tuttavia, il progetto attuale sarà il primo ad essere interamente di proprietà di Meta. Ciò metterà l’azienda nella stessa categoria di Google.

Google, secondo Telegeography, è coinvolta in 33 tratte di cavi sottomarini, comprese diverse reti regionali, di cui è l’unico proprietario. Anche Amazon e Microsoft investono in progetti simili, ma non possiedono ancora alcuna tratta interamente.

L’installazione di cavi in ​​fibra ottica sottomarini è un processo complesso limitato dal numero di specialisti e risorse disponibili. Aziende come SubCom sono già impegnate a soddisfare gli ordini di grandi clienti, incluso Google. La costruzione può essere effettuata in segmenti, il che allungherà i tempi di implementazione.

Il cavo fornirà a Meta un canale di trasmissione dati indipendente in tutto il mondo. La piena proprietà del cavo fornirà all’azienda l’accesso prioritario alla larghezza di banda per le sue piattaforme.

L'articolo Meta lancia un cavo sottomarino da 10 miliardi di Dollari: La rivoluzione nei dati globali proviene da il blog della sicurezza informatica.

Iniziare oggi a sviluppare software di sicurezza “Made in Italy” non è solo un’opportunità, ma una necessità per il nostro mercato interno e la sicurezza nazionale. Tutte le grandi innovazioni nascono spesso da piccoli progetti. Un’idea, una piccola proof of concept (PoC) che può sembrare modesta, con il tempo può trasformarsi in una soluzione di riferimento.

Ogni riga di codice che scrivete oggi potrebbe diventare il cuore di un prodotto riconosciuto domani. È fondamentale che l’Italia si affermi anche in questo settore, riducendo la dipendenza da tecnologie estere, spesso opache, e creando un ecosistema di software e firmware sicuri, trasparenti e sotto il nostro pieno controllo.

Giovani sviluppatori, imprenditori e ricercatori: il futuro della cybersecurity italiana inizia con voi, dalle vostre idee e la vostra passione. Noi di Red Hot Cyber chiediamo a chi fosse interessato a sviluppare soluzioni “made in italy” di contattare il nostro capo progetto andrycavallini87@gmail.com per unirvi al suo team di sviluppo di un EDR e IDS Tutto italiano.

Il concetto di IDS

Partendo dal progetto Anubi (presentato con questo articolo), torno ad affrontare il tema cybersecurity protection in chiave made in Italy. La base importante dell’EDR da me sviluppato mira ad aiutare migliaia di appassionati nella loro sicurezza quotidiana con sempre la volontà di ampliare la suite open-source. Cosa è che manca in tutto questo? Il concetto chiave è l’IDS.

Un IDS è quella cosa che permette agli analisti di capire che tipo di traffico sia in transito su una rete di computer. E’ configurato in modalità sniffing su una o più interfacce (tipicamente in mirroring o span in modo da avere l’esatta replica del traffico) e riesce a identificare le varie richieste che entrano ed escono dalla rete; che sia sviluppato tramite soluzione software o hardware, il risultato non cambia: è una sonda inserita in un punto strategico del networking in modo da poter verificare tutto il traffico entrante e uscente.

Qual è però considerata la migliore soluzione? Non esiste una risposta scontata perché questa dipende da molti fattori, quali i vincoli imposti, gli schemi di rete, ecc. Io propongo la mia, il Predator!

Predator è un tool nato dalla mia solita idea di mettere in open-source e a completo aiuto di tutti le tecnologie che al giorno di oggi possono aiutare a essere pronti e molto più reattivi agli attacchi informatici di ultima generazione. E’ disponibile nel mio repo github ed è installabile su piattaforma Linux, MacOS e Windows.

E’ completamente scritto in Python ed è configurabile con:

• i CIDR da tenere sotto controllo
• le interfacce da monitorare
• i moduli da attivare

Le regole utilizzate per gli IP sono generate dal mio repository usato dall’altro mio progetto Anubi in modo automatico e con cadenza quotidiana.

Le funzionalità di Predator

Come default, Predator ha abilitate le funzionalità di:

• IDS che ispeziona il traffico a livello 4 e 7 per la connessioni non criptate secondo le regole specificate nel path di configurazione
• API che permette tramite un’interfaccia minimale di operare a livello di management

Gli altri due moduli al momento sviluppati e configurabili sono:

• Proxy che interviene come vero e proprio MITM e identifica tutto il traffico criptato
• Dummy che replica il traffico decriptato dal proxy su un’interfaccia parallela in modo che un altro IDS possa, per esempio, verificare il traffico tramite le proprie regole.

Predator è un tool estremamente semplice, personalizzabile sia nel codice che nella regole ed è molto leggero.

La suite che vi propongo vuole costruire una solida base open-source in chiave made in Italy, cercando di proporre soluzioni non scontate, facile da usare e da personalizzare. Vi invito a provarlo e a suggerirmi qualsiasi idea abbiate in mente a riguardo (potete contattarmi alla mail andrycavallini87@gmail.com per qualsiasi cosa vogliate), non ve ne pentirete!

L'articolo Predator: Un Piccolo IDS Open Source per farvi entrare nella CyberSecurity Made in Italy proviene da il blog della sicurezza informatica.

L’intelligenza artificiale ha imparato a distinguere le superfici al tatto, grazie al lavoro degli scienziati dello Stevens Institute of Technology. Sì, le macchine possono già “vedere” grazie ai progressi della visione artificiale, nonché dialogare, analizzare e interpretare i dati. Il nuovo metodo consentirà loro anche di “sentire” a beneficio della medicina, dell’industria e di altri settori.

Una innovazione grazie agli scanner laser

Un team guidato dal professore di fisica Yong Meng Sua ha combinato la meccanica quantistica con l’intelligenza artificialeper creare un sistema che analizza le trame utilizzando impulsi laser.

Uno scanner laser invia impulsi luminosi su una superficie. I fotoni di ritorno trasportano il “rumore maculato”, un fenomeno che di solito viene percepito come un’interferenza. Tuttavia, gli algoritmi di intelligenza artificiale decifrano questo rumore, evidenziando le caratteristiche microscopiche del terreno.

Il metodo è stato testato su carta vetrata industriale con vari gradi di ruvidità, da 1 a 100 micron. Utilizzando impulsi laser ultraveloci, il team ha ottenuto un errore di misurazione di soli 8 micron, per poi migliorare il risultato portandolo a 4 micron. Secondo gli autori del lavoro, la tecnologia è particolarmente efficace per la lavorazione di materiali a grana fine, come le pellicole diamantate e l’ossido di alluminio.

Il Tatto Artificiale: Una rivoluzione in medicina ed industria

Uno dei principali ambiti di utilizzo potrebbe essere la medicina. Ad esempio, l’intelligenza artificiale sarà in grado di distinguere tra escrescenze cutanee benigne e maligne sulla base di differenze microscopiche nella struttura che non possono essere viste ad occhio nudo. Ciò sarà particolarmente utile per la diagnosi precoce dei melanomi.

Non meno promettente è l’uso di macchine “di rilevamento” nell’industria. Il sistema aiuterà a controllare la qualità del prodotto rilevando i difetti a livello di micron. In questo modo è possibile garantire che i componenti degli strumenti di misura ad alta precisione e di altre apparecchiature complesse soddisfino tutti gli standard.

Lo sviluppo potrebbe anche espandere la funzionalità di tecnologie come LiDAR, utilizzate nelle auto autonome e negli smartphone. Pertanto, l’approccio dello Stevens Institute of Technology combina fisica quantistica e intelligenza artificiale per risolvere problemi complessi con un elevato grado di dettaglio. L’invenzione non solo migliora le tecnologie esistenti, ma crea anche nuovi strumenti per la diagnostica, la produzione e il controllo dei processi.

L'articolo Tatto Artificiale: Ora finalmente l’IA ora può sentire! Una rivoluzione alle porte grazie al laser proviene da il blog della sicurezza informatica.

We haven’t seen [Les Wright] in a while, and with the release of his new video, we know why — he’s been busy growing crystals.

Now, that might seem confusing to anyone who has done the classic “Crystal Garden” trick with table salt and laundry bluing, or tried to get a bit of rock candy out of a supersaturated sugar solution. Sure, growing crystals takes time, but it’s not exactly hard work. But [Les] isn’t in the market for any old crystals. Rather, he needs super-sized, optically clear crystals of potassium dihydrogen phosphate, or KDP, which are useful as frequency doublers for lasers. [Les] has detailed his need for KDP crystals before and even grown some nice ones, but he wanted to step up his game and grow some real whoppers.

And boy, did he ever. Fair warning; the video below is long and has a lot of detail on crystal-growing theory, but it’s well worth it for anyone taking the plunge. [Les] ended up building an automated crystal lab, housing it in an old server enclosure for temperature and dust control. The crystals are grown on a custom-built armature that slowly rotates in a supersaturated solution of KDP which is carefully transitioned through a specific temperature profile under Arduino control. As a bonus, he programmed the rig to take photographs of the growing crystals at intervals; the resulting time-lapse sequences are as gorgeous as the crystals, one of which grew to 40 grams in only a week.

We’re keen to see how [Les] puts these crystals to work, and to learn exactly what a “Pockels Cell” is and why you’d want one. In the meantime, if you’re interested in how the crystals that make the whole world work are made, check out our deep dive into silicon.

youtube.com/embed/uSSoSIcXWa0?…

Thanks to [Joseph Hopfield] for the tip.

hackaday.com/2024/12/12/automa…

Google’s Chromecast was first released in 2013, with a more sophisticated follow-up in 2015, which saw itself joined by the Chromecast Audio dongle. The device went through an additional two hardware generations before the entire line of products was discontinued earlier this year in favor of Google TV.
Marvell’s Armada 88DE3006 dual-core Cortex-A7 powers the second-generation Chromecast. (Credit: Brian Dipert, EDN)
In addition to collecting each generation of Chromecast, [Brian Dipert] over at EDN looked back on this second-generation dongle from 2015 while also digging into the guts of a well-used example that got picked up used.

While not having any of the fascinating legacy features of the 2nd-generation Ultra in his collection that came with the Stadia gaming controller, it defines basically everything that Chromecast dongles were about: a simple dongle with a HDMI & USB connector that you plugged into a display that you wanted to show streaming content on. The teardown is mostly similar to the 2015-era teardown by iFixit, who incidentally decided not to assign any repairability score, for obvious reasons.

Most interesting about this second-generation Chromecast is that the hardware supported Bluetooth, but that this wasn’t enabled until a few years later, presumably to fix the wonky new device setup procedure that would be replaced with a new procedure via the Google Home app.

While Google’s attention has moved on to newer devices, the Chromecast isn’t dead — the dongles in the wild still work, and the protocol is supported by Google TV and many ‘smart’ appliances including TVs and multimedia receivers.

hackaday.com/2024/12/12/a-look…

As a British taxpayer it’s reassuring to know that over in Cheltenham there’s a big round building full of people dedicated to keeping us safe. GCHQ is the nation’s electronic spying centre, and just to show what a bunch of good eggs they are they release a puzzler every year to titillate the nation’s geeks. 2024’s edition is out if you fancy trying it, so break out your proverbial thinking caps.

The puzzle comes in several stages each of which reveals a British landmark, and we’re told there’s a further set of puzzles hidden in the design of the card itself. We know that Hackaday readers possess fine minds, so you’ll all be raring to have a go.

Sadly GCHQ would for perfectly understandable reasons never let Hackaday in for a tour, but we’ve encountered some of their past work. First the Colossus replica codebreaking computer at Bletchley Park was the progenitor of the organisation, and then a few years ago when they had an exhibition from their archive in the London Science Museum.

hackaday.com/2024/12/12/britis…

It’s perhaps not fair, but even if you have the best idea for a compelling video, few things will make people switch off than poor lighting. Good light and plenty of it is the order of the day when it comes to video production, and luckily there are many affordable options out there. Affordable, that is, right up to the point where you need batteries for remote shoots, in which case you’d better be ready to open the purse strings.

When [Dane Kouttron] ran into the battery problem with his video lighting setup, he fought back with these cheap and clever cordless tool battery pack adapters. His lights were designed to use Sony NP-F mount batteries, which are pretty common in the photography trade but unforgivably expensive, at least for Sony-branded packs. Having access to 20 volt DeWalt battery packs, he combined an off-the-shelf battery adapter with a 3D printed mount that slips right onto the light. Luckily, the lights have a built-in DC-DC converter that accepts up to 40 volts, so connecting the battery through a protection diode was a pretty simple exercise. The battery pack just slots right in and keeps the lights running for portable shoots.

Of course, if you don’t already have DeWalt batteries on hand, it might just be cheaper to buy the Sony batteries and be done with it. Then again, there are battery adapters for pretty much every cordless tool brand out there, so you should be able to adapt the design. We’ve also seen cross-brand battery adapters which might prove useful, too.

hackaday.com/2024/12/12/good-l…