Brain-to-speech interfaces have been promising to help paralyzed individuals communicate for years. Unfortunately, many systems have had significant latency that has left them lacking somewhat in the practicality stakes.

A team of researchers across UC Berkeley and UC San Francisco has been working on the problem and made significant strides forward in capability. A new system developed by the team offers near-real-time speech—capturing brain signals and synthesizing intelligible audio faster than ever before.

New Capability

The aim of the work was to create more naturalistic speech using a brain implant and voice synthesizer. While this technology has been pursued previously, it faced serious issues around latency, with delays of around eight seconds to decode signals and produce an audible sentence. New techniques had to be developed to try and speed up the process to slash the delay between a user trying to “speak” and the hardware outputting the synthesized voice.

The implant developed by researchers is used to sample data from the speech sensorimotor cortex of the brain—the area that controls the mechanical hardware that makes speech: the face, vocal chords, and all the other associated body parts that help us vocalize. The implant captures signals via an electrode array surgically implanted into the brain itself. The data captured by the implant is then passed to an AI model which figures out how to turn that signal into the right audio output to create speech. “We are essentially intercepting signals where the thought is translated into articulation and in the middle of that motor control,” said Cheol Jun Cho, a Ph.D student at UC Berkeley. “So what we’re decoding is after a thought has happened, after we’ve decided what to say, after we’ve decided what words to use, and how to move our vocal-tract muscles.”

youtube.com/embed/iTZ2N-HJbwA?…

The AI model had to be trained to perform this role. This was achieved by having a subject, Ann, look at prompts and attempting to “speak ” the phrases. Ann has suffered from paralysis after a stroke which left her unable to speak. However, when she attempts to speak, relevant regions in her brain still lit up with activity, and sampling this enabled the AI to correlate certain brain activity to intended speech. Unfortunately, since Ann could no longer vocalize herself, there was no target audio for the AI to correlate the brain data with. Instead, researchers used a text-to-speech system to generate simulated target audio for the AI to match with the brain data during training. “We also used Ann’s pre-injury voice, so when we decode the output, it sounds more like her,” explains Cho. A recording of Ann speaking at her wedding provided source material to help personalize the speech synthesis to sound more like her original speaking voice.

To measure performance of the new system, the team compared the time it took the system to generate speech to the first indications of speech intent in Ann’s brain signals. “We can see relative to that intent signal, within one second, we are getting the first sound out,” said Gopala Anumanchipalli, one of the researchers involved in the study. “And the device can continuously decode speech, so Ann can keep speaking without interruption.” Crucially, too, this speedier method didn’t compromise accuracy—in this regard, it decoded just as well as previous slower systems.
Pictured is Ann using the system to speak in near-real-time. The system also features a video avatar. Credit: UC Berkeley
The decoding system works in a continuous fashion—rather than waiting for a whole sentence, it processes in small 80-millisecond chunks and synthesizes on the fly. The algorithms used to decode the signals were not dissimilar from those used by smart assistants like Siri and Alexa, Anumanchipalli explains. “Using a similar type of algorithm, we found that we could decode neural data and, for the first time, enable near-synchronous voice streaming,” he says. “The result is more naturalistic, fluent speech synthesis.”

It was also key to determine whether the AI model

was genuinely communicating what Ann was trying to say. To investigate this, Ann was qsked to try and vocalize words outside the original training data set—things like the NATO phonetic alphabet, for example. “We wanted to see if we could generalize to the unseen words and really decode Ann’s patterns of speaking,” said Anumanchipalli. “We found that our model does this well, which shows that it is indeed learning the building blocks of sound or voice.”

For now, this is still groundbreaking research—it’s at the cutting edge of machine learning and brain-computer interfaces. Indeed, it’s the former that seems to be making a huge difference to the latter, with neural networks seemingly the perfect solution for decoding the minute details of what’s happening with our brainwaves. Still, it shows us just what could be possible down the line as the distance between us and our computers continues to get ever smaller.

Featured image: A researcher connects the brain implant to the supporting hardware of the voice synthesis system. Credit: UC Berkeley

hackaday.com/2025/05/01/resear…

Rear-view mirrors are important safety tools, but [Mike Kelly] observed that cyclists (himself included) faced hurdles to using them effectively. His solution? A helmet-mounted dual-mirror system he’s calling the Mantis Mirror that looks eminently DIY-able to any motivated hacker who enjoys cycling.
One mirror for upright body positions, the other for lower positions.
Carefully placed mirrors eliminate blind spots, but a cyclist’s position changes depending on how they are riding and this means mirrors aren’t a simple solution. Mirrors that are aligned just right when one is upright become useless once a cyclist bends down. On top of that, road vibrations have a habit of knocking even the most tightly-cinched mirror out of alignment.

[Mike]’s solution was to attach two small mirrors on a short extension, anchored to a cyclist’s helmet. The bottom mirror provides a solid rear view from an upright position, and the top mirror lets one see backward when in low positions.

[Mike] was delighted with his results, and got enough interest from others that he’s considering a crowdfunding campaign to turn it into a product. In the meantime, we’d love to hear about it if you decide to tinker up your own version.

You can learn all about the Mantis Mirror in the video below, and if you want to see the device itself a bit clearer, you can see that in some local news coverage.

youtube.com/embed/Tc39frZSbwk?…

hackaday.com/2025/05/01/a-dual…

Bill Hicks #billhicks

It's just a ride.

George Carlin #GeorgeCarlin

I like it when a flower or a little tuft of grass grows through a crack in the concrete. It's so fuckin' heroic.

Theodor Wiesengrund Adorno

Auschwitz comincia quando si vede un macello e si pensa: 'sono solo animali'

igi

Ecco fatto!

E. Cartman — with wicked eyesight

Bingo!

Siouxsie #siouxsie

Something is not better than nothing

Courtney Love #courtneylove

Barbie is not your friend

igi

La vita è un fatto troppo tragico per non riderne sguaiatamente

One might be tempted to think that re-creating a film robot from the 1950s would be easy given all the tools and technology available to the modern hobbyist, but as [Mike Ogrinz]’s quest to re-create Robby the Robot shows us, there is a lot moving around inside that domed head, and requires careful and clever work.
The “dome gyros” are just one of the complex assemblies, improved over the original design with the addition of things like bearings.
Just as one example, topping Robby’s head is a mechanical assembly known as the dome gyros. It looks simple, but as the video (embedded below) shows, re-creating it involves a load of moving parts and looks like a fantastic amount of work has gone into it. At least bearings are inexpensive and common nowadays, and not having to meet film deadlines also means one can afford to design things in a way that allows for easier disassembly and maintenance.

Robby the Robot first appeared in the 1956 film Forbidden Planet and went on to appear in other movies and television programs. Robby went up for auction in 2017 and luckily [Mike] was able to take tons of reference photos. Combined with other enthusiasts’ efforts, his replica is shaping up nicely.

We’ve seen [Mike]’s work before when he shared his radioactive Night Blossoms which will glow for decades to come. His work on Robby looks amazing, and we can’t wait to see how it progresses.

youtube.com/embed/Mn8EpX_qRFA?…

hackaday.com/2025/05/01/gaze-u…

La società di sicurezza informatica SentinelOne ha pubblicato un rapporto sui tentativi degli aggressori di accedere ai suoi sistemi. Una violazione di un’organizzazione del genere aprirebbe le porte agli hacker, che potrebbero accedere a migliaia di infrastrutture riservate di tutto il mondo.

“Non ci limitiamo a studiare gli attacchi: li affrontiamo faccia a faccia. I nostri esperti affrontano le stesse minacce che dicono agli altri di contrastare. È questa esperienza plasma il nostro pensiero e il nostro approccio al lavoro”, si legge nel documento.

Sebbene per i fornitori di sicurezza informatica sia tabù discutere degli attacchi informatici contro di loro, una pressione costante sui sistemi di sicurezza aiuta a migliorare i meccanismi di difesa. Negli ultimi mesi gli esperti dell’azienda hanno respinto un’ampia gamma di attacchi: dalle azioni di gruppi criminali finalizzate al guadagno economico a complesse operazioni pianificate dai servizi segreti di vari Paesi.

La campagna più vasta e sofisticata è stata organizzata da specialisti nordcoreani. I ricercatori hanno scoperto una rete di specialisti informatici nordcoreani che operano sotto copertura. Gli aggressori hanno creato circa 360 identità virtuali accuratamente realizzate, ciascuna dotata di una storia professionale, un portfolio e referenze convincenti. Sono state presentate oltre mille candidature per diverse posizioni tecniche in azienda da parte di specialisti inesistenti. In un caso, gli agenti hanno addirittura cercato di ottenere un impiego nel dipartimento di intelligence informatica, la stessa unità che all’epoca si occupava di identificare e analizzare le loro attività.

Un’altra grave minaccia proviene dagli hacker che agiscono per conto del governo cinese. Il gruppo ShadowPad ha attaccato la catena di fornitura compromettendo un partner logistico responsabile della gestione dell’hardware. Da luglio 2024 a marzo 2025, i criminali informatici che hanno utilizzato il malware ScatterBrain si sono infiltrati nei sistemi di oltre 70 organizzazioni in tutto il mondo. Tra le persone colpite figurano aziende industriali, agenzie governative, istituti finanziari, società di telecomunicazioni e centri di ricerca.

La terza grande minaccia è, come sempre, il ransomware. I membri della banda Nitrogen utilizzano un trucco interessante: trovano aziende rivenditori con una procedura di verifica dei clienti semplificata e, utilizzando metodi di ingegneria sociale, acquistano da loro licenze ufficiali. L’obiettivo finale è penetrare nelle piattaforme di sicurezza informatica, tra cui il sistema EDR di SentinelOne. Una volta ottenuto l’accesso, studiano sistematicamente i meccanismi di sicurezza, cercano modi per disattivarli e sviluppano metodi per aggirare i sistemi di rilevamento delle intrusioni.

Parallelamente a Nitrogen, è diventato attivo il gruppo di hacker Black Basta, che ha scelto una tattica diversa. I suoi membri testano metodicamente l’efficacia dei loro strumenti dannosi rispetto alle principali soluzioni di sicurezza. Gli aggressori hanno preso di mira i sistemi di diversi importanti sviluppatori: CrowdStrike, Carbon Black, Palo Alto Networks e SentinelOne. Documentano attentamente i risultati di ogni attacco con prove, perfezionando le loro tecniche di penetrazione.

Sui forum degli hacker compaiono regolarmente annunci pubblicitari per la vendita di accessi temporanei o permanenti alle console di gestione dei sistemi di sicurezza.

Si potrebbe dire che la recente serie di attacchi ha costretto il team SentinelOne a riconsiderare la propria strategia di difesa. Gli ingegneri hanno implementato meccanismi di sicurezza aggiuntivi e creato meccanismi più sofisticati per monitorare l’intera infrastruttura. Particolare attenzione viene ora rivolta non solo al rafforzamento delle loro risorse, ma anche al controllo approfondito di tutte le organizzazioni partner che hanno accesso a dati critici.

L'articolo 1° Maggio: Onorare chi lavora, anche contro gli hacker criminali proviene da il blog della sicurezza informatica.

Vintage hi-fi gear has a look and feel all its own. [ThunderOwl] happened to be playing in this space, turning a heavily-modified Technics stereo stack into an awesome neo-retro PC case. Meet the “TechnicsPC!”
This is good. We like this.
You have to hunt across BlueSky for the goodies, but it’s well worth it. The main build concerned throwing a PC into an old Technics receiver, along with a pair of LCD displays and a bunch of buttons for control. If the big screens weren’t enough of a tell that you’re looking at an anachronism, the USB ports just below the power switch will tip you off. A later addition saw a former Technics tuner module stripped out and refitted with card readers and a DVD/CD drive. Perhaps the most era-appropriate addition, though, is the scrolling LED display on top. Stuffed inside another tuner module, it’s a super 90s touch that somehow just works.

These days, off-the-shelf computers are so fancy and glowy that DIY casemodding has fallen away from the public consciousness. And yet, every so often, we see a magnificent build like this one that reminds us just how creative modders can really be. Video after the break.

“Live test”. All more or less as planned, as “cons” – it does not interrupt ongoing scroll cycle with new stuff, it puts new content info with next cycle, so, kinda “info delays”:

[image or embed]

— ThunderOwl (@thunderowl.one) 10 March 2025 at 07:39

hackaday.com/2025/04/30/vintag…

Negli ultimi anni, la nostra quotidianità è stata invasa da piccoli quadrati pixelati capaci di portarci in un lampo su siti web, attivare applicazioni, aprire contenuti multimediali o avviare pagamenti digitali. I QR-code, acronimo di “Quick Response”, sono diventati il ponte tra il mondo fisico e quello digitale. Tuttavia, questo ponte – spesso considerato innocuo – può trasformarsi in un cavallo di Troia perfettamente mimetizzato, se sfruttato con competenza da un attaccante.

Un messaggio divulgato di recente nel canale Telegram “Social Engineering – Делаем уникальные знания доступными” (tradotto: “Social Engineering – Rendiamo le conoscenze uniche accessibili”) ci offre un’interessante retrospettiva su casi storici e reali in cui proprio il QR-code è stato impiegato come vettore di attacco. Analizziamoli con spirito critico e rigore tecnico.

L’attacco alle Google Glass (2013): l’occhio digitale diventa un bersaglio

Nel maggio 2013, i ricercatori di Lookout Mobile Security scoprirono una vulnerabilità sorprendente: le Google Glass (all’epoca un prodotto innovativo in fase sperimentale) erano progettate per “osservare” automaticamente le immagini potenzialmente utili all’utente. Questa funzione, sfruttata attraverso un QR-code appositamente craftato, consentiva di prendere controllo remoto del dispositivo.

La vulnerabilità fu corretta da Google in poche settimane, ma resta un campanello d’allarme: anche le interfacce “non convenzionali”, come gli smartglass, possono diventare preda di exploit visivi. Se la patch non fosse arrivata in tempo, un attacco in-the-wild avrebbe potuto compromettere dati sensibili, audio, video e localizzazioni dell’utente — tutto a sua insaputa.

ZXing Barcode Scanner (2014): quando un’espressione regolare non basta

Il secondo caso riguarda ZXing Barcode Scanner, un’app open source molto diffusa tra il 2013 e il 2015. Questa applicazione, pur tentando di filtrare contenuti sospetti tramite regex, non discriminava efficacemente i contenuti URI malformati o pericolosi, lasciando passare exploit veicolati via JavaScript.

Un esempio riportato nel messaggio mostra come un codice del tipo:

javascript;alert(“You have won 1000 dollars! Just Click The Open Browser Button”);

venisse bloccato dal filtro. Tuttavia, con lievi modifiche sintattiche, il payload riusciva comunque a superare il controllo, venendo riconosciuto come URI “valido” e aprendo il browser con esecuzione implicita del codice.

Questo scenario rientra pienamente nella categoria dei code injection visuali, in cui l’utente è indotto ad attivare personalmente un codice malevolo, con un click che sembra innocuo ma innesca un comportamento pericoloso.

L’attacco USSD ai Samsung (2012): QR e factory reset in un solo colpo

Nel 2012, il ricercatore Ravishankar Borgaonkar dimostrò come un semplice QR-code potesse contenere un comando USSD nascosto, capace di eseguire un factory reset su alcuni dispositivi Samsung.

Il codice tel:*2767*3855#, se interpretato come un link telefonico, causava un reset totale del dispositivo, cancellando dati, configurazioni e applicazioni. A oggi, questo rappresenta uno dei più eclatanti esempi di come un codice apparentemente inerte possa contenere una bomba logica, sfruttando meccanismi legittimi del sistema operativo.

L’utente curioso: l’anello debole della catena

Infine, il messaggio chiude con un’osservazione tanto banale quanto cruciale: la vera vulnerabilità è l’essere umano. L’utente medio, di fronte a un QR-code sconosciuto, tende a scansionarlo per pura curiosità, dimenticando ogni principio basilare di sicurezza informatica. Studi citati nel testo confermano che, in ambienti controllati, la maggior parte dei soggetti ignari esegue la scansione senza porsi domande.

Questa dinamica rientra nel classico campo del social engineering visivo, dove l’attaccante non forza il sistema, ma manipola il comportamento dell’utente per ottenere un’esecuzione volontaria del codice.

Conclusioni: educazione digitale e threat modeling anche per i QR-code

I casi riportati nel canale Telegram non sono frutto di fantascienza o ipotesi teoriche. Sono incidenti reali, documentati, verificati e – in alcuni casi – ancora oggi possibili, seppur mitigati da patch successive.

Ci ricordano che ogni tecnologia, anche la più banale, può essere arma a doppio taglio, soprattutto quando coinvolge l’interazione tra mondo fisico e digitale.

E allora cosa possiamo fare?

1. Formare gli utenti a non scansionare QR-code da fonti sconosciute o non verificate.
2. Utilizzare app di lettura QR con sandboxing, logging e avvisi su contenuti potenzialmente pericolosi.
3. Integrare l’analisi dei QR-code nei processi di threat intelligence aziendale, soprattutto nei contesti BYOD.
4. Valutare il QR-code come vettore di attacco nel proprio threat model, specialmente in ambiti pubblici (es. aeroporti, eventi, marketing).

Il QR-code, oggi, è diventato uno strumento trasversale e pervasivo. E proprio per questo, va trattato come ogni altro componente della superficie di attacco: con attenzione, consapevolezza e competenze tecniche.

L'articolo QR-code: il cavallo di Troia tascabile. Riflessioni su un vettore di attacco sottovalutato proviene da il blog della sicurezza informatica.

1° Maggio, un giorno per onorare chi lavora, chi lotta per farlo in modo dignitoso e chi, troppo spesso, perde la vita mentre svolge la propria mansione.

Nel 2025, l’Italia continua a piangere ogni anno centinaia di morti sul lavoro. Una ferita profonda che ci ricorda quanto la sicurezza debba essere al centro di ogni politica, di ogni impresa, di ogni processo produttivo.

Difendere il lavoro e i lavoratori nel 2025 significa proteggerli ovunque: sul campo e nel digitale. È per questo che Il 1° Maggio deve essere anche un’occasione per riflettere sulla sicurezza informatica. Oggi il lavoro non è più solo fisico, è anche e sempre più digitale.

Accanto alla sicurezza nei cantieri, nelle fabbriche, sui mezzi e negli ospedali, dobbiamo iniziare a parlare anche di sicurezza nei sistemi, nei dati, nei processi connessi.

Il lavoro è cambiato. Le minacce anche.

Smart working, cloud, strumenti di collaborazione online, home banking, piattaforme SaaS, la digitalizzazione ha migliorato la produttività, ma ha anche aperto nuove porte a minacce invisibili.

Un attacco informatico oggi può:

• bloccare un ospedale, rallentando cure salvavita
• paralizzare un comune, impedendo servizi ai cittadini
• sabotare un’azienda, lasciando fermi lavoratori e commesse
• rubare dati, identità, brevetti: il frutto del lavoro di interi team

e spesso, tutto questo, accade in silenzio, senza clamore. Ma con danni enormi.

La sicurezza è una sola e, fisica o digitale, va garantita ovunque. Sbaglieremmo a contrapporre i due mondi. La sicurezza deve essere una cultura trasversale, concreta, quotidiana.

Così come si lavora (ancora troppo poco) per diminuire le morti e gli incidenti nei luoghi fisici di lavoro bisogna impegnarsi per:

• formare lavoratori e dirigenti sui rischi informatici
• investire in sistemi sicuri, aggiornati, resilienti
• adottare comportamenti consapevoli, dal clic all’allegato alla password al Wi-Fi.

Ogni errore digitale può compromettere un’intera filiera produttiva. Ogni attacco può essere l’inizio di una crisi, economica e umana. Quando un attacco informatico colpisce, il lavoro si ferma

• Un ransomware può bloccare la produzione di un’azienda, costringendo interi reparti a fermarsi
• Una violazione dei dati può compromettere la fiducia dei clienti e mettere a rischio mesi di lavoro commerciale
• Un attacco ai sistemi comunali può sospendere servizi essenziali come l’anagrafe, i pagamenti elettronici o l’assistenza sociale

Oggi un attacco informatico può danneggiare il lavoro come e più di un sabotaggio fisico.

Celebrare il 1° Maggio significa mettere al centro il diritto a un lavoro sicuro e dignitoso. Davvero. Dignità significa non morire mentre si lavora ma significa anche non essere esposti a rischi evitabili, solo perché nessuno ha formato, insegnato, protetto e/o vigilato.

Il futuro del lavoro sarà sempre più digitale e non possiamo permettere che sia un futuro fragile. È tempo che imprese, istituzioni e lavoratori affrontino questi temi non come un obbligo ma come un’opportunità per garantire un futuro professionale più stabile, resiliente e consapevole.

L'articolo Sicurezza è Lavoro: dal cantiere al cloud, dobbiamo proteggere chi costruisce l’Italia! proviene da il blog della sicurezza informatica.

Radiation-induced volumetric expansion (RIVE) is a concern for any concrete structures that are exposed to neutron flux and other types of radiation that affect crystalline structures within the aggregate. For research facilities and (commercial) nuclear reactors, RIVE is generally considered to be one of the factors that sets a limit on the lifespan of these structures through the cracking that occurs as for example quartz within the concrete undergoes temporary amorphization with a corresponding volume increase. The significance of RIVE within the context of a nuclear power plant is however still poorly studied.

A recent study by [Ippei Maruyama] et al. as published in the Journal of Nuclear Materials placed material samples in the LVR-15 research reactor in the Czech Republic to expose them to an equivalent neutron flux. What their results show is that at the neutron flux levels that are expected at the biological shield of a nuclear power plant, the healing effect from recrystallization is highly likely to outweigh the damaging effects of amorphization, ergo preventing RIVE damage.

This study follows earlier research on the topic at the University of Tokyo by [Kenta Murakami] et al., as well as by Chinese researchers, as in e.g. [Weiping Zhang] et al. in Nuclear Engineering and Technology. [Murayama] et al. recommend that for validation of these findings concrete samples from decommissioned nuclear plants are to be examined for signs of RIVE.

Heading image: SEM-EDS images of the pristine (left) and the irradiated (right) MC sample. (Credit: I. Murayama et al, 2022)

hackaday.com/2025/04/30/neutro…

Typewriters aren’t really made anymore in any major quantity, since the computer kind of rained all over its inky parade. That’s not to say you can’t build one yourself though, as [Toast] did in a very creative fashion.

After being inspired by so many typewriters on YouTube, [Toast] decided they simply had to 3D print one of their own design. They decided to go in a unique direction, eschewing ink ribbons for carbon paper as the source of ink. To create a functional typewriter, they had to develop a typebar mechanism to imprint the paper, as well as a mechanism to move the paper along during typing. The weird thing is the letter selection—the typewriter doesn’t have a traditional keyboard at all. Instead, you select the letter of your choice from a rotary wheel, and then press the key vertically down into the paper. The reasoning isn’t obvious from the outset, but [Toast] explains why this came about after originally hitting a brick wall with a more traditional design.

If you’ve ever wanted to build a typewriter of your own, [Toast]’s example shows that you can have a lot of fun just by having a go and seeing where you end up. We’ve seen some other neat typewriter hacks over the years, too. Video after the break.

youtube.com/embed/dcsFx0hjDaU?…

[Thanks to David Plass for the tip!]

hackaday.com/2025/04/30/a-new-…

Most of us learned to design circuits with schematics. But if you get to a certain level of complexity, schematics are a pain. Modern designers — especially for digital circuits — prefer to use some kind of hardware description language.

There are a few options to do similar things with PCB layout, including tscircuit. There’s a walk-through for using it to create an LED matrix and you can even try it out online, if you like. If you’re more of a visual learner, there’s also an introductory video you can watch below.

The example project imports a Pico microcontroller and some smart LEDs. They do appear graphically, but you don’t have to deal with them graphically. You write “code” to manage the connections. For example:
<trace from={".LED1 .GND"} to="net.GND" />

If that looks like HTML to you, you aren’t wrong. Once you have the schematic, you can do the same kind of thing to lay out the PCB using footprints. If you want to play with the actual design, you can load it in your browser and make changes. You’ll note that at the top right, there are buttons that let you view the schematic, the board, a 3D render of the board, a BOM, an assembly drawing, and several other types of output.

Will we use this? We don’t know. Years ago, designers resisted using HDLs for FPGAs, but the bigger FPGAs get, the fewer people want to deal with page after page of schematics. Maybe a better question is: Will you use this? Let us know in the comments.

This isn’t a new idea, of course. Time will tell which HDLs will survive and which will whither.

youtube.com/embed/HAd5_ZJgg50?…

hackaday.com/2025/04/30/layout…

This week, Jonathan Bennett and Dan Lynch chat with Peter van Dijk about PowerDNS! Is the problem always DNS? How did PowerDNS start? And just how big can PowerDNS scale? Watch to find out!

• github.com/PowerDNS/
• github.com/Habbie
• github.com/voorkant/
• 7bits.nl/journal/

youtube.com/embed/mof49aNISg8?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/04/30/floss-…

One of the first things that an amateur radio operator is likely to do once receiving their license is grab a dual-band handheld and try to make contacts with a local repeater. After the initial contacts, though, many hams move on to more technically challenging aspects of the hobby. One of those being activating space-based repeaters instead of their terrestrial counterparts. [saveitforparts] takes a look at some more esoteric uses of these radio systems in his latest video.

There are plenty of satellite repeaters flying around the world that are actually legal for hams to use, with most being in low-Earth orbit and making quick passes at predictable times. But there are others, generally operated by the world’s militaries, that are in higher geostationary orbits which allows them to serve a specific area continually. With a specialized three-dimensional Yagi-Uda antenna on loan, [saveitforparts] listens in on some of these signals. Some of it is presumably encrypted military activity, but there’s also some pirate radio and state propaganda stations.

There are a few other types of radio repeaters operating out in space as well, and not all of them are in geostationary orbit. Turning the antenna to the north, [saveitforparts] finds a few Russian satellites in an orbit specifically designed to provide polar regions with a similar radio service. These sometimes will overlap with terrestrial radio like TV or air traffic control and happily repeat them at brief intervals.

[saveitforparts] has plenty of videos looking at other satellite communications, including grabbing images from Russian weather satellites, using leftover junk to grab weather data from geostationary orbit, and accessing the Internet via satellite with 80s-era technology.

youtube.com/embed/PDwiKLkGMjo?…

hackaday.com/2025/04/30/radio-…

Smart glasses are a complicated technology to work with. The smart part is usually straightforward enough—microprocessors and software are perfectly well understood and easy to integrate into even very compact packages. It’s the glasses part that often proves challenging—figuring out the right optics to create a workable visual interface that sits mere millimeters from the eye.

Dev Kennedy is no stranger to this world. He came to the 2024 Hackaday Supercon to give a talk and educate us all on photonics, optical stacks, and the technology at play in the world of smart glasses.

Good Optics

youtube.com/embed/DssK3cYSPCw?…

Dev’s talk begins with an apology. He notes that it’s not possible to convey an entire photonics and optics syllabus in a short presentation, which is understandable enough. His warning, regardless, is that his talk is as dense as possible to maximise the insight into the technical information he has to offer.

Things get heavy fast, as Dev dives into a breakdown of all the different basic technologies out there that can be used for building smart glasses. On one slide, he lays them all out with pros and cons across the board. There are a wide range of different illumination and projection technologies, everything from micro-OLED displays to fancy liquid crystal on silicon (LCOS) devices that are used to create an image with the aid of laser illumination. When you’re building smart glasses, though, that’s only half the story.
Dev explains the various optical technologies involved in AR and their strengths and weaknesses.
Once you’ve got something to make an image, you then need something to put it on in front of the eye. Dev goes on to talk about different techniques for doing this, from reflective waveguides to the amusingly-named birdbath combiners. Ultimately, you’re hunting for something that provides a clear and visible image to the user in all conditions, while still providing a great view of the world around them, too. This can be particularly challenging in high-brightness conditions, like walking around outdoors in daylight.

The talk also focuses on a particular bugbear for Dev—the fact that AR and VR aren’t treated as differently as they should be. “VR is a stack of pancakes,” says Dev. “Why is it a stack of pancakes? It’s because all of the PCBs, the optics, the emissions source for the light—is in front of the user’s nose.” Because VR is just about beaming images into the eye, with no regard for the outside world, it’s a little more straightforward. “It’s basically a stack of technology outward from the eye relief point to the back of the device.” Dev explains.

When it comes to AR, though, the solutions must be more complicated. “What’s different is AR is actually an archer,” says Dev, referring to the way such devices must fling light around. “What an archer does is it shoots light around the side of the arm, and it might have to bend it one way or another, up on the crossbar and spread it out through a waveguide, and at the very exist point… at the coupling out portion… the light has to make one more right turn… towards your eye.” Ultimately, the optics and display hardware involved tend to diverge a long way from what can be used in VR displays. “These technologies are fundamentally different,” says Dev. “It strains me to great extent that people kind of batch them into the same category.”
Snapchat’s fifth-generation Spectacles have some interesting optics, but they’re perhaps not quite market ready in Dev’s opinion.
The talk also steps away from raw hardware chat, and covers some of the devices on the market, and those that left it years ago. Dev makes casual mention of Google Glass, spawned all the way back in 2013, before also noting developments Microsoft made with Hololens over the year. As for the current state of play, Dev namechecks Project Orion from Meta, as well as the fifth-generation of Snapchat Spectacles.

He gives particular credit to Meta for their work on refining input modalities that work with the smart glasses interrface paradigm. Meanwhile, he notes Snapchat needs work on “comfort, weight, and looks,” given how bulky their current product is. Overall, with these products, there are problems to be overcome before they can really become mainstream tools for every day use. “The important part is the relatability of these devices,” Dev goes on to explain. “We don’t see that just yet, as a $25,000 device from Meta and something that is too thick to be socially acceptable from Snapchat.

Fundamentally, as Dev’s talk highlights, AR remains a technology still at a nascent stage of development. It’s worth remembering—it took decades to develop computers that could fit in our pockets (smartphones) or on our wrists (smartwatches). Expect smart glasses to actually go mainstream as soon as the technical and optical issues are worked out, and the software and interface solutions actually help people in day to day life.

hackaday.com/2025/04/30/superc…

Il caso dei numeri di telefono online delle più alte cariche dello Stato

a cura del Prof. Marco Bacini, Direttore Master Intelligence per la Sicurezza Nazionale e Internazionale —

I recenti articoli che riportano la presunta “disponibilità online” di numeri di telefono e mail appartenenti a rappresentanti istituzionali, inclusi quelli del Presidente del Consiglio, del Presidente della Repubblica e di vari ministri, hanno suscitato reazioni pubbliche e interrogativi legittimi sull’integrità e la sicurezza del sistema-Paese. Reputo però necessario distinguere con precisione tra ciò che è tecnicamente una minaccia cyber e ciò che invece, si configura come la conseguenza di una dinamica commerciale ben nota: la raccolta e rivendita di informazioni già di dominio pubblico tramite piattaforme B2B.

Il caso dei numeri di telefono online delle più alte cariche dello Stato va ricondotto alla realtà e l’Agenzia non ha colpe

lamiafinanza.it/2025/04/il-cas…

dicorinto.it/articoli/il-caso-…

As the Common Business Oriented Language, COBOL has a long and storied history. To this day it’s quite literally the financial bedrock for banks, businesses and financial institutions, running largely unnoticed by the world on mainframes and similar high-reliability computer systems. That said, as a domain-specific language targeting boring business things it doesn’t quite get the attention or hype as general purpose programming or scripting languages. Its main characteristic in the public eye appears be that it’s ‘boring’.

Despite this, COBOL is a very effective language for writing data transactions, report generating and related tasks. Due to its narrow focus on business applications, it gets one started with very little fuss, is highly self-documenting, while providing native support for decimal calculations, and a range of I/O access and database types, even with mere files. Since version 2002 COBOL underwent a number of modernizations, such as free-form code, object-oriented programming and more.

Without further ado, let’s fetch an open-source COBOL toolchain and run it through its paces with a light COBOL tutorial.

Spoiled For Choice

It used to be that if you wanted to tinker with COBOL, you pretty much had to either have a mainframe system with OS/360 or similar kicking around, or, starting in 1999, hurl yourself at setting up a mainframe system using the Hercules mainframe emulator. Things got a lot more hobbyist & student friendly in 2002 with the release of GnuCOBOL, formerly OpenCOBOL, which translates COBOL into C code before compiling it into a binary.

While serviceable, GnuCOBOL is not a compiler, and does not claim any level of standard adherence despite scoring quite high against the NIST test suite. Fortunately, The GNU Compiler Collection (GCC) just got updated with a brand-new COBOL frontend (gcobol) in the 15.1 release. The only negative is that for now it is Linux-only, but if your distribution of choice already has it in the repository, you can fetch it there easily. Same for Windows folk who have WSL set up, or who can use GnuCOBOL with MSYS2.

With either compiler installed, you are now ready to start writing COBOL. The best part of this is that we can completely skip talking about the Job Control Language (JCL), which is an eldritch horror that one would normally be exposed to on IBM OS/360 systems and kin. Instead we can just use GCC (or GnuCOBOL) any way we like, including calling it directly on the CLI, via a Makefile or integrated in an IDE if that’s your thing.

Hello COBOL

As is typical, we start with the ‘Hello World’ example as a first look at a COBOL application:
IDENTIFICATION DIVISION.
PROGRAM-ID. hello-world.
PROCEDURE DIVISION.
DISPLAY "Hello, world!".
STOP RUN.
Assuming we put this in a file called hello_world.cob, this can then be compiled with e.g. GnuCOBOL: cobc -x -free hello_world.cob.

The -x indicates that an executable binary is to be generated, and -free that the provided source uses free format code, meaning that we aren’t bound to specific column use or sequence numbers. We’re also free to use lowercase for all the verbs, but having it as uppercase can be easier to read.

From this small example we can see the most important elements, starting with the identification division with the program ID and optionally elements like the author name, etc. The program code is found in the procedure division, which here contains a single display verb that outputs the example string. Of note is the use of the period (.) as a statement terminator.

At the end of the application we indicate this with stop run., which terminates the application, even if called from a sub program.

Hello Data

As fun as a ‘hello world’ example is, it doesn’t give a lot of details about COBOL, other than that it’s quite succinct and uses plain English words rather than symbols. Things get more interesting when we start looking at the aspects which define this domain specific language, and which make it so relevant today.

Few languages support decimal (fixed point) calculations, for example. In this COBOL Basics project I captured a number of examples of this and related features. The main change is the addition of the data division following the identification division:
DATA DIVISION.
WORKING-STORAGE SECTION.
01 A PIC 99V99 VALUE 10.11.
01 B PIC 99V99 VALUE 20.22.
01 C PIC 99V99 VALUE 00.00.
01 D PIC $ZZZZV99 VALUE 00.00.
01 ST PIC $*(5).99 VALUE 00.00.
01 CMP PIC S9(5)V99 USAGE COMP VALUE 04199.04.
01 NOW PIC 99/99/9(4) VALUE 04102034.
The data division is unsurprisingly where you define the data used by the program. All variables used are defined within this division, contained within the working-storage section. While seemingly overwhelming, it’s fairly easily explained, starting with the two digits in front of each variable name. This is the data level and is how COBOL structures data, with 01 being the highest (root) level, with up to 49 levels available to create hierarchical data.

This is followed by the variable name, up to 30 characters, and then the PICTURE(or PIC) clause. This specifies the type and size of an elementary data item. If we wish to define a decimal value, we can do so as two numeric characters (represented by 9) followed by an implied decimal point V, with two decimal numbers (99). As shorthand we can use e.g. S9(5) to indicate a signed value with 5 numeric characters. There a few more special characters, such as an asterisk which replaces leading zeroes and Z for zero suppressing.

The value clause does what it says on the tin: it assigns the value defined following it to the variable. There is however a gotcha here, as can be seen with the NOW variable that gets a value assigned, but due to the PIC format is turned into a formatted date (04/10/2034).

Within the procedure division these variables are subjected to addition (ADD A TO B GIVING C.), subtraction with rounding (SUBTRACT A FROM B GIVING C ROUNDED.), multiplication (MULTIPLY A BY CMP.) and division (DIVIDE CMP BY 20 GIVING ST.).

Finally, there are a few different internal formats, as defined by USAGE: these are computational (COMP) and display (the default). Here COMP stores the data as binary, with a variable number of bytes occupied, somewhat similar to char, short and int types in C. These internal formats are mostly useful to save space and to speed up calculations.

Hello Business

In a previous article I went over the reasons why a domain specific language like COBOL cannot be realistically replaced by a general language. In that same article I discussed the Hello Business project that I had written in COBOL as a way to gain some familiarity with the language. That particular project should be somewhat easy to follow with the information provided so far. New are mostly file I/O, loops, the use of perform and of course the Report Writer, which is probably best understood by reading the IBM Report Writer Programmer’s Manual (PDF).

Going over the entire code line by line would take a whole article by itself, so I will leave it as an exercise for the reader unless there is somehow a strong demand by our esteemed readers for additional COBOL tutorial articles.

Suffice it to say that there is a lot more functionality in COBOL beyond these basics. The IBM ILE COBOL reference (PDF), the IBM Mainframer COBOL tutorial, the Wikipedia entry and others give a pretty good overview of many of these features, which includes object-oriented COBOL, database access, heap allocation, interaction with other languages and so on.

Despite being only a novice COBOL programmer at this point, I have found this DSL to be very easy to pick up once I understood some of the oddities about the syntax, such as the use of data levels and the PIC formats. It is my hope that with this article I was able to share some of the knowledge and experiences I gained over the past weeks during my COBOL crash course, and maybe inspire others to also give it a shot. Let us know if you do!

hackaday.com/2025/04/30/a-gent…