Elliot and Dan teamed up this week for the podcast, and after double-checking, nay, triple-checking that we were recording, got to the business of reviewing the week’s hacks. We kicked things off with a look at the news, including a potentially exciting Right to Repair law in Washington state and the sad demise of NASA’s ISS sighting website.

Our choice of hacks included a fond look at embedded systems and the classic fashion sense of Cornell’s Bruce Land, risky open CRT surgery, a very strange but very cool way to make music, and the ultimate backyard astronomer’s observatory. We talked about Stamp collecting for SMD prototyping, crushing aluminum with a boatload of current, a PC that heats your seat, and bringing HDMI to the Commodore 64.

We also took a look at flight tracking IRL, a Flipper-based POV, the ultimate internet toaster, and printing SVGs for fun and profit. Finally, we wrapped things up with a look at the tech behind real-time river flow tracking and a peek inside the surprisingly energetic world of fuel cells.

html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Download this entirely innocent-looking MP3.

Episode 323 Show Notes:

News:

• Washington Consumers Gain Right To Repair For Cellphones And More
• NASA Is Shutting Down The International Space Station Sighting Website
• 2025 Pet Hacks Contest

What’s that Sound?

• Fill out this form for your chance to win!

Interesting Hacks of the Week:

• A Love Letter To Embedded Systems By V. Hunter Adams
  
  • ECE 4760 repo
  • Designing with Microcontrollers – Old projects from Bruce Land’s days at the helm of ECE 4760
  • A RISC-V Operating System Instruction Manual

  
  

• Reconditioning A Vintage CRT Tube
• A 100-Year-Old Electronic Musical Instrument Brought Back To Life
  
  • Drawn In By The Siren’s Song
  • Retrotechtacular: Building Hammond Organ Tones

  
  

• Making A Backyard Observatory Complete With Retractable Roof
• Stamp: Modular Breakout Boards For SMD Prototyping
• EMF Forming Was A Neat Aerospace Breakthrough
  
  • Electromagnetic Aluminum Can Crushing
  • How A Quarter Shrinker Works

  
  

Quick Hacks:

• Elliot’s Picks
  
  • Invisible PC Doubles As Heated Seat
  • Tool Turns SVGs Into Multicolor 3D Prints
  • From Burnt To Brilliant: A Toaster’s Makeover

  
  

• Dan’s Picks:
  
  • POV On The Flipper Zero
  • The Commodore 64 Gets An HDMI Upgrade
  • Look To The Sky With This Simple Plane Tracker

  
  

Can’t-Miss Articles:

• Remotely Interesting: Stream Gages
  
  • Know Snow: Monitoring Snowpack With The SNOTEL Network

  
  

• A Brief History Of Fuel Cells

hackaday.com/2025/05/30/hackad…

If you look at this solar generator from [Concept Crafted Creations], you might think it’s somehow familiar. That’s because the design was visually inspired by the James Webb Space Telescope, or JWST. Ultimately, though, it’s purpose is quite different—it’s designed to use mirrors to collect and harness solar energy. It’s not quite there yet, but it’s an interesting exploration of an eye-catching solar thermal generator.

To get that JWST look, the build has 18 mirrors assembled on a 3D printed frame to approximate the shape of a larger parabolic reflector. The mirrors focus all the sunlight such that it winds up heating water passing through an aluminum plate. Each mirror was custom made using laser cut acrylic and mirror film. Each mirror’s position and angle can be adjusted delicately with screws and a nifty sprung setup, which is a whole lot simpler than the mechanism used on the real thing. The whole assembly is on a mount that allows it to track the movement of the sun to gain the most sunlight possible. There’s a giant laser-cut wooden gear on the bottom that allows rotation on a big Lazy Susan bearing, as well as a servo-driven tilting mechanism, with an Arduino using light dependent resistors to optimally aim the device.

It’s a cool-looking set up, but how does it compare with photovoltaics? Not so well. The mirror array was able to deliver around 1 kilowatt of heat into the water passing through the system, heating it to a temperature of approximately 44 C after half an hour. The water was warmed, but not to the point of boiling, and there’s no turbines or anything else hooked up to actually take that heat and turn it into electricity yet. Even if there were, it’s unlikely the system would reach the efficiency of a similarly-sized solar panel array. In any case, so far, the job is half done. As explained in the build video, it could benefit from some better mirrors and some structural improvements to help it survive the elements before it’s ready to make any real juice.

Ultimately, if you need solar power fast, your best bet is to buy a photovoltaic array. Still, solar thermal is a concept that has never quite died out.

youtube.com/embed/0XYwtub9bJE?…

youtube.com/embed/Alx_vwyksTw?…

hackaday.com/2025/05/30/diy-so…

The CIA ran a series of web sites in the 2000s. Most of them were about news, finance, and other relatively boring topics, and they spanned 29 languages. And they all had a bit of a hidden feature: Those normal-looking websites had a secret login and hosted CIA cover communications with assets in foreign countries. A password typed in to a search field on each site would trigger a Java Applet or Flash application, allowing the spy to report back. This isn’t exactly breaking news, but what’s captured the Internet’s imagination this week is the report by [Ciro Santilli] about how to find those sites, and the fact that a Star Wars fansite was part of the network.

This particular CIA tool was intended for short-term use, and was apparently so effective, it was dragged way beyond it’s intended lifespan, right up to the point it was discovered and started getting people killed. And in retrospect, the tradecraft is abysmal. The sites were hosted on a small handful of IP blocks, with the individual domains hosted on sequential IP addresses. Once one foreign intelligence agency discovered one of these sites, the rest were fairly easily identified.

youtube.com/embed/TFfuzZC5Qpc?…

This report is about going back in time using the Wayback Machine and other tools, and determining how many of these covert sites can be discovered today. And then documenting how it was done and what the results were. Surprisingly, some of the best sources for this effort were domain name data sets. Two simple checks to narrow down the possible targets were checking for IPs hosting only one domain, and for the word “news” as part of the domain name. From there, it’s the tedious task of looking at the Wayback Machine’s archives, trying to find concrete hits. Once a site was found on a new IP block, the whole block could be examined using historic DNS data, and hopefully more of the sites discovered.

So far, that list is 472 domains. Citizen Lab ran a report on this covert operation back in 2022, and found 885 domains, but opted not to publish the list or details of how they were found. The effort is still ongoing, and if you have any ideas how to find these sites, there’s a chance to help.

Profiling Internet Background Radiation

You may have noticed, that as soon as you put a host on a new IP address on the Internet, it immediately starts receiving traffic. The creative term that refers to all of this is Internet Background Radiation. It’s comprised of TCP probes, reflections from spoofed UDP attacks, and lots of other weird traffic. Researchers at Netscout decided to look at just one element of that radiation, TCP SYN packets. That’s the unsolicited first packet of a TCP handshake. What secrets would this data contain?

The first intriguing statistic is the number of spoofed TCP SYN packets coming from known bogus source IPs: zero. This isn’t actually terribly surprising for a couple reasons. One, packets originating from impossible addresses are rather easy to catch and drop, and many ISPs do this sort of scrubbing at their network borders. But the second reason is that TCP requires a three-way handshake to make a useful connection. And while it’s possible to spoof an IP address on a local network via ARP poisoning, doing so on the open Internet is much more difficult.

Packet TTL is interesting, but the values naturally vary, based on the number of hops between the sender and receiver. A few source IPs were observed to vary in reported TTLs, which could indicate devices behind NAT, or even just the variation between different OS network stacks. But looking for suspicious traffic, two metrics really stand out. The TCP Header is a minimum 20 bytes, with additional length being used with each additional option specified. Very few systems will naturally send TCP SYN packets with the header set to 20, suggesting that the observed traffic at that length was mostly TCP probes. The other interesting observation is the TCP window size, with 29,200 being a suspicious number that was observed in a significant percentage of packets, without a good legitimate explanation.

Hacking the MCP

GitHub has developed the GitHub MCP Server, a Master Control Program Model Context Protocol server, designed to allow AI agents to interact with the GitHub API. Invariant Labs has put together an interesting demo in how letting an agentic AI work with arbitrary issues from the public could be a bad idea.

The short explanation is that a GitHub issue can include a prompt injection attack. In the example, it looks rather benign, asking for more information about the project author to be added to the project README. Just a few careful details in that issue, like specifying that the author isn’t concerned about privacy, and that the readme update should link to all the user’s other repos. If the repo owner lets an agentic AI loose on the repo via MCP, it’s very likely to leak details and private repo information that it really shouldn’t.

Invariant Labs suggests that MCP servers will need granular controls, limiting what an AI agent can access. I suspect we’ll eventually see a system for new issues like GitHub already has for Pull Requests, where a project maintainer has to approve the PR before any of the automated Github Actions are performed on it. Once AI is a normal part of dealing with issues, there will need to be tools to keep the AI from interacting with new issues until a maintainer has cleared them.

GitLab Too

GitLab has their own AI integration, GitLab Duo. Like many AI things, it has the potential to be helpful, and the potential to be a problem. Researchers at Legit Security included some nasty tricks in this work, like hiding prompt injection as Hex code, and coloring it white to be invisible on the white GitLab background. Prompt injections could then ask the AI to recommend malicious code, include raw HTML in the output, or even leak details from private repos.

Gitlab took the report seriously, and has added additional filtering that prevents Duo from injecting raw HTML in its output. The prompt injection has also been addressed, but the details of how are not fully available.

Finally, Actually Hacking the Registry

We’ve been following Google’s Project Zero and [Mateusz Jurczyk] for quite a while, on a deep dive into the Windows Registry. We’re finally at the point where we’re talking about vulnerabilities. The Windows registry is self-healing, which could be an attack surface on its own, but it definitely provides a challenge to anyone looking for vulnerabilities with a fuzzer, as triggering a crash is very difficult.

But as the registry has evolved over time and Windows releases, the original security assumptions may not be valid any longer. For instance, in its original form, the registry was only writable by a system administrator. But on modern Windows machines, application hives allow unprivileged users and process to load their own registry data into the system registry. Registry virtualization and layered keys further complicate the registry structure and code, and with complexity often comes vulnerabilities.

An exploit primitive that turned out to be useful was the out-of-bound cell index, where one cell can refer to another. This includes a byte offset value, and when the cell being referred to is a “small dir”, this offset can point past the end of the allocated memory.

There were a whopping 17 memory corruption exploits discovered, but to produce a working exploit, the write-up uses CVE-2023-23420, a use after free that can be triggered by performing an in-place rename of a key, followed by deleting a subkey. This can result in a live reference to that non-existent subkey, and thus access to freed memory.

In that free memory, a fake key is constructed. As the entire data structure is now under the arbitrary control of the attacker, the memory can point to anywhere in the hive. This can be combined with the out-of-bounds cell index, to manipulate kernel memory. The story turns into a security researcher flex here, as [Mateusz] opted to use a couple registry keys rigged in this way to make a working kernel memory debugger, accessible from regedit. One key sets the memory address to inspect, and the other key contains said memory as a writable key. Becoming SYSTEM at this point is trivial.

Bits and Bytes

[Thomas Stacey] of Assured has done work on HTTP smuggling/tunneling attacks, where multiple HTTP requests exist in a single packet. This style of attack works against web infrastructure that has a front-end proxy and a back-end worker. When the front-end and back-end parse requests differently, very unintended behavior can result.

ONEKEY researchers have discovered a pair of issues in the Evertz core web administration interface, that together allow unauthenticated arbitrary command injection. Evertz manufactures very large video handling equipment, used widely in the broadcast industry, which is why it’s so odd that the ONEKEY private disclosure attempts were completely ignored. As the standard 90 day deadline has passed, ONEKEY has released the vulnerability details in full.

On the other hand, Mozilla is setting records of its own, releasing a Firefox update on the same day as exploits were revealed at pwn2own 2025. Last year Mozilla received the “Fastest to Patch” award, and may be on track to repeat that honor.

What does video game cheat development have to do with security research? It’s full of reverse engineering, understand memory structures, hooking functions, and more. It’s all the things malware does to take over a system, and all the things a researcher does to find vulnerabilities and understand what binaries are doing. If you’re interested, there’s a great two-part series on the topic just waiting for you to dive into. Enjoy!

hackaday.com/2025/05/30/this-w…

The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the focus away from vulnerabilities that received new CVE-2025-NNNNN identifiers. The nature of the CVE assignment process can result in a notable delay between problem investigation and patch release, which is mitigated by reserving a CVE ID early in the process. As for trends in vulnerability exploitation, we are seeing increasing rates of attacks targeting older operating system versions. This is mainly driven by two factors: users not installing updates promptly, and the ongoing rollout of new OS versions that include improved protections against the exploitation of vulnerabilities in certain subsystems.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. The data is taken from cve.org.

Total number of registered vulnerabilities and number of critical ones, Q1 2024 and Q1 2025 (download)

The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report examines the characteristics of vulnerabilities in the Linux operating system and Microsoft software, specifically the Windows OS. Given that the Linux kernel developers have obtained the status of a CVE Numbering Authority (CNA) and they can independently assign CVE identifiers to newly discovered security issues, all information about vulnerabilities can now be obtained firsthand.

Let us look at the Linux kernel vulnerabilities registered in the first quarter of 2025 and categorized according to their Common Weakness Enumeration (CWE) types.

Top 10 CWEs for Linux kernel vulnerabilities registered in Q1 2025 (download)

For Linux, the most common CWEs are those with the following identifiers:

• CWE-476: Null Pointer Dereference
• CWE-416: Use after Free
• CWE-667: Improper Locking
• CWE-125: Out-of-bounds Read
• CWE-908: Use of Uninitialized Resource, most often referring to regions of system memory

This set of vulnerability types is fairly common for system software. That said, exploiting vulnerabilities in these CWEs often demands complex read-and-write capabilities from attackers, due to Linux’s robust exploit mitigations such as kernel address space layout randomization (KASLR).

Let us examine similar statistics for Microsoft software. Given the developer’s extensive product lineup, a variety of security issues have been identified. As a result, we will limit our analysis to the most common CWEs for vulnerabilities disclosed during the first quarter of 2025.

TOP 10 CWEs for Microsoft product vulnerabilities registered in Q1 2025 (download)

In addition to the CWEs described above, the following types of vulnerabilities were also frequently reported in the first quarter:

• CWE-122: Heap-based Buffer Overflow
• CWE-787: Out-of-bounds Write

In general, the TOP 10 CWEs for Microsoft products and the Linux kernel tend to be similar or overlap, which means the vulnerabilities are rooted in comparable principles. As a result, we often see attack techniques being “ported” from Linux to Windows and vice versa, with attackers modifying existing exploits to target a different operating system. This method is likewise applied to multiple products of the same software type.

These CWEs have remained an issue for some time, in spite of ongoing efforts from the research and development community. Knowing the most frequently encountered vulnerabilities on a given platform provides insight into which tools attackers are likely to use to compromise it.

Exploitation statistics

This section presents statistics on vulnerability exploitation for the first quarter of 2025. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

The first quarter of 2025 saw a year-over-year increase in attacks using Windows exploits. As before, the vast majority of detected exploits targeted Microsoft Office products. Even though office suite applications are now widely available as cloud services, vulnerable local versions remain popular with users.

Historically, Kaspersky products have most often detected exploits targeting the Windows platform that leverage the following older vulnerabilities:

• CVE-2018-0802: a remote code execution vulnerability in the Equation Editor component
• CVE-2017-11882: another remote code execution vulnerability, also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad allowing an attacker to gain control over the system

These three vulnerabilities were the most prevalent throughout 2024, and we expect this trend to continue.

Following the top three vulnerabilities, other commonly exploited issues include vulnerabilities in WinRAR and in the Windows operating system itself, such as:

• CVE-2023-38831: a vulnerability in WinRAR involving improper handling of files within archive contents
• CVE-2024-35250: a vulnerability in the ks.sys driver that stems from dereferencing an untrusted pointer, which can allow an attacker to execute arbitrary code
• CVE-2022-3699: a vulnerability in the Lenovo Diagnostics Driver that allows improper issuance of IOCTL commands, enabling the attackers to read from or write to arbitrary kernel memory

All of the vulnerabilities listed above can be used for privilege escalation, and those affecting the kernel and drivers can result in full system compromise. For this reason, we strongly recommend regularly installing updates for the relevant software.

Dynamics of the number of Windows users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

For the Linux operating system, the most frequently exploited vulnerabilities in early 2025 targeted the following issues:

• CVE-2022-0847, also known as Dirty Pipe: a widespread vulnerability that allows privilege escalation and enables attackers to take control of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-3156: a heap overflow vulnerability in the sudo utility that allows attackers to escalate privileges to root

Dynamics of the number of Linux users encountering exploits, Q1 2024—Q1 2025. The number of users who encountered exploits in Q1 2024 is taken as 100% (download)

It is essential to keep your operating system and software up to date by promptly installing all available patches and updates. However, updates for the Linux kernel and applications included with most distributions are critical, as a single vulnerability can lead to full system compromise.

Most common published exploits

Distribution of published exploits by platform, Q4 2024 (download)

Distribution of published exploits by platform, Q1 2025 (download)

In the first quarter of 2025, operating systems – among the most complex types of software – continued to account for the highest number of published exploits. This is due to the large codebase and numerous OS components, as well as the operating system’s critical role in device functionality. Furthermore, we are seeing a steady rise in the number of browser exploits, a trend that continued throughout the past year. The proportion of exploits targeting vulnerabilities in Microsoft Office products has also increased.

Vulnerability exploitation in APT attacks

We analyzed data on attacks carried out by APT groups and identified which vulnerabilities they most frequently exploited during the first quarter of 2025. The following rankings are informed by our telemetry, research, and open-source data.

Top 10 vulnerabilities exploited in APT attacks, Q1 2025 (download)

Most attacker techniques are designed to gain access to the victim’s local network. As a result, the most commonly targeted vulnerabilities are typically found in perimeter devices and software that can function as server. Notably, the well-known critical Zerologon vulnerability, which allows attackers to take over a domain controller, has reappeared in the TOP 10 most exploited vulnerabilities.

The only exception to this trend is software used for accessing information, such as text editors and file-sharing applications.

Interesting vulnerabilities

This section covers the most noteworthy vulnerabilities published in the first quarter of 2025.

ZDI-CAN-25373: a vulnerability in Windows that affects how LNK files are displayed

The first vulnerability to make our list has been actively exploited against users for some time, yet it still lacks a CVE identifier. It affects LNK files in the Windows operating system. The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts. In the Target field, attackers add extra characters, such as spaces or line breaks, after a legitimate-looking path, followed by malicious commands that can compromise the system. At the same time, only the first part of the path is shown in the shortcut’s properties:

Example of shortcut properties with additional characters that are not fully displayed in File Explorer

Opening a shortcut like this executes commands that are hidden from the user. For example, the Target field might include arguments at the end of the line that trigger a request to download a payload using powershell.exe. It is important to consider the psychological aspect of this vulnerability: a file with hidden malicious activity like this can mislead users, since they cannot see the main actions that will be performed when the file is opened.

CVE-2025-21333: a heap buffer overflow vulnerability in the vkrnlintvsp.sys driver

This is a buffer overflow vulnerability in the kernel’s paged pool memory allocation that was actively exploited in zero-day attacks against end-user systems. The vulnerable vkrnlintvsp.sys driver, designed for Hyper-V, improperly handles pointers to kernel pool structures. This results in a paged pool overflow, allowing attackers to execute arbitrary code or escalate their privileges.

Notably, this vulnerability can be exploited during process creation within Windows Sandbox. The name of the vulnerable function, VkiRootAdjustSecurityDescriptorForVmwp, suggests that providing a security descriptor that exceeds the allowed size is sufficient to trigger the vulnerability. In this scenario, the memory counter responsible for calculating the security descriptor’s length will overflow, enabling arbitrary read/write operations of 0xffff bytes and ultimately allowing attackers to escape the sandbox environment.

CVE-2025-24071: a NetNTLM hash leakage vulnerability in the file system indexer

A built-in feature of File Explorer in all Windows operating systems has become a common tool for stealing NetNTLM hashes. Attackers distributed a malicious file with a .library-ms extension that contained a specially crafted directory path. The appearance of this file in the victim’s file system triggers the indexing mechanism. It opens a specified directory, and the operating system automatically performs NTLM authentication in the background without notifying the user, which results in the disclosure of NetNTLM hashes.

Conclusion and advice

The number of vulnerabilities registered in the first quarter of 2025 might appear misleading. One possible reason for the decrease is that security research findings or vulnerability descriptions are sometimes published well after the vulnerabilities are initially discovered. Therefore, it is critically important to update all software and devices as soon as updates become available.

To stay safe, it is essential to respond promptly to changes in the threat landscape. It is also recommended to ensure the following:

• Maintain continuous, around-the-clock monitoring of your infrastructure, with particular attention to perimeter defenses.
• Implement strong patch management process and apply security fixes without delay. Solutions like Kaspersky Vulnerability and Patch Management and Kaspersky Vulnerability Data Feed can be used to configure and automate vulnerability and patch management.
• Use robust solutions that can detect and block malware on corporate devices, and comprehensive tools that include incident response plans, employee training programs, and an up-to-date cyberthreat database.

securelist.com/vulnerabilities…

The following was a letter submitted by an anonymous Pirate supporter using the pseudonym “Forward Thoughts”, sharing critiques of “Uncle Sam”. This article is apart of the project “Message in a Bottle”, allowing supporters of the US Pirate Party to submit editorial articles to the United States Pirate Party website.

Uncle Sam, the personification of the federal government, is supposed to be a beacon of democracy and good fortune towards the will of the people right here in the United States of America. However, he has gotten too big for his britches since the beginning. History highlighting this goes as far back as Uncle Sam exerting his power from the Whiskey Rebellion to recently using the Enemy Alien Act of 1787 to deport immigrant dissenters speaking out against the genocide happening in Palestine.

Every state relies on his charity to a certain extent, some more than others. How can we rely on our government to provide for its people when it directly meddles and persistently goes against the will of its people by starting wars and cutting funds to social programs, sometimes it creates on its own volition?

In a way, the American people receive assistance from the suits and ties of Capitol Hill in Washington D.C., that assistance comes in the form of government regulations more so than it comes from funding assistance. Guns, voting, criminal penalties, taxes, immigration, etc. are always the hot button issues every politician or candidate running for office has on their agenda.

“I want to be controlled harder by my government” said no one ever.

In order to curtail exerting pragmatic force against the will of the people, there’s supposed to be a system our founding fathers put in place called “checks and balances.” How this works is there’s the executive branch consisting of the presidency and cabinet members, Congress which consists of both the House of Representatives and the Senate, and the Supreme Court which consists of 9 justices.

However, what happens when all 3 branches reciprocate the same political ideology as one another? Who’s gonna stop these corrupt politicians from filling the coffers of themselves and of their allies (the oligarchy) they’re in cahoots with? Now we’re faced with a constitutional crisis where all 3 branches need to be severed like an infected limb.

Get this: Uncle Sam can exert his power over the economy on a whim. Right now President Trump is putting his hand up Uncle Sam as a puppet and he’s levying taxes on Chinese imports and other countries around the world. In retaliation, other countries he’s levied tariffs on are levying retaliatory tariffs against our imports into their countries. Consequently, prices on goods and services are rising. Stocks on the stock market are plummeting.

History is repeating itself. Remember back in US history class (well, hopefully you were taught this in US history class) about the Great Depression at the very end of the 1920s? Part of the reason why the economy went into a spiral was because of then Congress’s tariffs on foreign imports. Consumers no longer were able to afford products, therefore companies losing profits, especially those in the manufacturing industry, laid off workers.

Granted it wasn’t as if President Hoover bypassed Congress to make the tariffs happen, but my point still stands on how tariffs cause unintentional side effects to our everyday lives.

Lesson learned: tariffs backfire immensely on the economy.

Then President Nixon back in 1969 wanted to defund TV program PBS, Public Broadcasting Service. The nonprofit network was created to provide educational programming in a non-commercialized manner. It has brought us shows such as Sesame Street, Arthur, Mr. Rogers’ Neighborhood, just to name a few.

Speaking of Mr. Rogers, he testified before Congress and managed to avert budget cuts for the nationally renowned TV station. Fast forward to present day 2025 — Republicans in Congress and President Trump are trying to cut funds for PBS. History is repeating itself yet again. Will we have a savior of PBS like we did back in 1969?

Lesson to be learned: PBS really is made possible by viewers like you.

Even at the state level, funding can be granted and cut based on the current majority party’s and governor’s ideology of that time. Pennhurst State School & Hospital in Spring City, PA is one of many examples of state government apathetic to the welfare of its people, especially a vulnerable population.

Opened in 1908 and closed in 1987, Pennhurst State School & Hospital was a product of an era of eugenics where those deemed unfit to reproduce in the Caucasian gene pool were euthanized or removed from society. Marginalized groups such as the epileptic and the mentally disabled were housed here, but soon grew to orphans, physically disabled, etc. Within a few years Pennhurst became overcrowded and conditions became deplorable.

In 1968, Bill Baldini did a 5-part segment on the conditions at Pennhurst exposing its wretched standard of living and abuse residents faced. There was a public outcry after the segment aired. Conditions seldomly improved from there on out until its closure in 1987. Fortunately, these residents were moved to boarding homes.

Have you ever heard of a Kirkbride psychiatric hospital? They’re long-term psychiatric hospitals designed in a batwing fashion with emphasis on natural light and air circulation. However, lack of funding and mismanagement had led to conditions in a handful of these facilities to be anything but cheery. In fact, it is what can easily be described as wicked.

Trenton Psychiatric Hospital in Trenton, NJ, under the direction of Dr. Henry Cotton, extracted organs and teeth from patients. In spite of high mortality rates and disprovable claims of cure rates, this persisted at the behest of Dr. Cotton during his tenure.

Philly (Philadelphia) State Hospital at Byberry opened in 1907. Unlike Trenton Psychiatric Hospital and others similar to Trenton, it was not made using the Kirkbride blueprints. This didn’t make the hospital any less susceptible to daunting conditions such as overcrowding, barbaric experiments, abuse, and neglect.

Props are in order to a conscientious objector named Charlie Lord, who between 1945 and 1946 was so appalled by the conditions he took note of that he covertly took photos and leaked them to the press. In these photos, raw sewage and naked men lined the hallways of Byberry.

Lesson to be learned: these residents were at the mercy of state politicians apathetic to their basic needs. Moreover and lastly, psychiatric hospitals such as the Kirkbride hospitals and disabled residential facilities such as Pennhurst are archaic and stunt personal psychiatric growth in patients.

Most states’ systems are designed to where property taxes fund our public schools. Back in the late 1800s, public schools were a shining gem of what America could be. Nowadays in many communities, our schools are nothing more than shadows of their former selves, meeting the minimum standards set by the state for funding.

Gone are the days of home economics and industrial shop classes. It’s all about standardized testing mandated by the state capital and even Uncle Sam, which is basically modern day phrenology. There’s educators and politicians who’ll justify this inane waste of paper by saying it measures how schools are doing with educating their students.

Standardized testing can be summed up in four words, it’s this: elite stay in control.

Lesson to be learned: standardized testing is a disease on our education system designed to punish lower socioeconomic schools and to keep those at the higher end of the socioeconomic.

uspirates.org/message-in-a-bot…

What if you could design your 3D print to fall apart on purpose? That’s the curious promise of a new paper from CHI 2025, which brings a serious hacker vibe to the sustainability problem of multi-material 3D printing. Titled Enabling Recycling of Multi-Material 3D Printed Objects through Computational Design and Disassembly by Dissolution, it proposes a technique that lets complex prints disassemble themselves via water-soluble seams. Just a bit of H₂O is needed, no drills or pliers.

At its core, this method builds dissolvable interfaces between materials like PLA and TPU using water-soluble PVA. Their algorithm auto-generates jointed seams (think shrink-wrap meets mushroom pegs) that don’t interfere with the part’s function. Once printed, the object behaves like any ordinary 3D creation. But at end-of-life, a water bath breaks it down into clean, separable materials, ready for recycling. That gives 90% material recovery, and over 50% reduction in carbon emissions.

This is the research – call it a very, very well documented hack – we need more of. It’s climate-conscious and machine-savvy. If you’re into computational fabrication or environmental tinkering, it’s worth your time. Hats off to [Wen, Bae, and Rivera] for turning what might otherwise be considered a failure into a feature.

youtube.com/embed/akN1_7oDHr8?…

hackaday.com/2025/05/30/sustai…

Just a quickie for anyone who is in the neighborhood, today the annual Open Source Hardware Summit conference starts in Edinburg, Scotland. If you’re able to make it, it’s a microcosm of the open-source hardware world, and full of great talks and great hackers.

If you’re not in Scotland, they have a livestream on YouTube that you should check out, as well as a Discord server for discussions during the event. It’s going on right now!

hackaday.com/2025/05/30/today-…

It’s fair to say that there can’t be many developers who have found the need for a rotary telephone dial as a peripheral for their Linux computer, but in case you are among them you might find [Stefan Wiehler]’s kernel driver for rotary dials to be of use.

It’s aimed at platforms such as systems-on-chip that have ready access to extra GPIOs, of which it will need a couple to service the BUSY and PULSE lines. There are full set-up instructions, and once it’s in place and configured it presents the dial as though it were a number pad.

We like this project, in fact we like it a lot. Interfacing with a dial is always something we’ve done with a microcontroller though, so it will be interesting to see whether it finds a use beyond merely curiosity. We can already see a generation of old-school dial IP phones using Linux-capable dev boards. He leaves us with a brief not as to whether Linus Torvalds would see it as worthy of mainline inclusion, and sadly however much we want things to be different, we agree that it might be wishful thinking.

If you’d like to use a dial phone, there can be simpler ways to do it.

Header: Billy Brown, CC BY 2.0 .

hackaday.com/2025/05/30/what-d…

Il 66% dei docenti italiani afferma di non essere formato per insegnare l’IA e la cybersecurity. Se consideriamo le sole scuole pubbliche, la percentuale aumenta drasticamente al 76%. La domanda che sorge è: stiamo davvero preparando gli studenti al futuro o stiamo arrancando rispetto all’evoluzione del mondo odierno?

Come possiamo parlare seriamente di autonomia tecnologica, digitalizzazione e futuro, se la classe dirigente di domani – che oggi siede sui banchi di scuola – cresce senza gli strumenti per comprenderli e governarli?

I dati dello studio

Un nuovo report condotto da GoStudent, basato su un sondaggio condotto su oltre 5.000 genitori e studenti e 300 insegnanti in tutta Europa, ha rivelato un crescente divario di conoscenze sull’IA tra l’istruzione di cui gli studenti necessitano e quello che le scuole attualmente offrono.

Tra esami tradizionali, programmi di studio rigidi e modelli didattici obsoleti, insegnanti, studenti e genitori condividono tutti un desiderio di cambiamento.

• Solo il 34% degli insegnanti italiani è preparato a insegnare l’intelligenza artificiale, un gap che si amplia nelle scuole pubbliche, dove la formazione scende al 24%.
• L’81% degli studenti italiani usa già l’intelligenza artificiale, ma solo il 28% impara queste competenze in classe.
• Gli studenti italiani chiedono competenze cruciali per il futuro, come cybersecurity (41%), sviluppo tecnologico (37%) e machine learning (35%).
• Il divario tra le regioni italiane è allarmante: mentre la Lombardia guida, con una preparazione del 24% dei docenti sull’IA, altre regioni sono indietro, con alcuni territori dove meno del 10% degli insegnanti si sente pronto a insegnare l’IA.

L’insegnamento della matematica e informatica va ripensata completamente

Secondo gli insegnanti, i programmi di informatica e matematica non sono allineati con il mondo sempre più digitale in cui viviamo. In tutti i paesi oggetto della ricerca, gli insegnanti concordano nell’affermare che matematica e informatica sono le due principali materie che non vengono più impartite in modo adeguato.

Gli insegnanti francesi si dimostrano particolarmente insoddisfatti di entrambe le materie: il 28% afferma che l’informatica non soddisfa più il suo obiettivo e il 30% sostiene lo stesso per la matematica. Entrambe le materie non riescono a stare al passo con un mondo digitale in rapida evoluzione. La matematica, in particolare, è oggetto di critiche
da parte degli insegnanti per il modo troppo approfondito con cui viene insegnata, con 

pesanti limiti di applicazione nel mondo reale.

Alcune materie mettono d’accordo sia genitori che studenti e studentesse: si tratta di danza e religione, il che è forse dovuto alla crescente laicità delle società europee.10 Sebbene il corpo docente ritenga che il modo in cui viene insegnata la matematica sia datato e non pertinente, i bravi insegnanti continuano ad avere un forte impatto.

La cybersecurity deve essere introdotta subito nelle scuole!

Fortunatamente, genitori e insegnanti dimostrano una crescente consapevolezza dello scenario digitale, quando si tratta di immaginare le competenze che ragazzi e ragazze dovranno possedere per affrontare il mondo di domani. Oggi, vivere connessi è la normalità: smartphone, social media, ambienti virtuali e intelligenza artificiale sono parte integrante della quotidianità degli studenti. E proprio tra le competenze da introdurre con urgenza nei programmi scolastici, spicca con forza la cybersecurity, seguita da vicino dall’IA.

Per insegnanti e personale educativo, l’introduzione della cybersicurezza va di pari passo con lo sviluppo di una coscienza etica e morale, strumenti fondamentali per affrontare le sfide sociali che la tecnologia può portare con sé. In Austria, ad esempio, il 66% dei docenti è favorevole all’inserimento dell’etica come materia scolastica. Dall’altro lato, i genitori si concentrano maggiormente su ciò che serve concretamente ai figli nel breve termine: cybersicurezza, educazione finanziaria e comunicazione. In Spagna, oltre la metà dei genitori vorrebbe che la cybersecurity diventasse parte integrante del curricolo scolastico.

Anche le nuove generazioni sono pienamente consapevoli del peso crescente della tecnologia: ragazze e ragazzi indicano l’intelligenza artificiale e la cybersicurezza come materie di primaria importanza. Questo dato rivela un bisogno profondo di comprendere non solo le opportunità del digitale, ma anche i rischi e le minacce a cui ci si espone online. Parlare di phishing, furto d’identità, ingegneria sociale e protezione dei dati personali fin dalle scuole primarie significa formare cittadini digitali più consapevoli, responsabili e resilienti.

È evidente che l’educazione digitale non può più essere un’aggiunta facoltativa. Senza integrare la cybersecurity nei percorsi scolastici, priviamo intere generazioni della capacità di proteggersi in rete, riconoscere i pericoli digitali e costruire un’etica digitale solida. Allo stesso modo, l’assenza dell’intelligenza artificiale nei programmi scolastici significa non fornire gli strumenti per affrontare un futuro basato sull’analisi dei dati e sul problem solving avanzato. Il tempo di agire è ora: la scuola deve diventare la prima linea di difesa nella società digitale.

Conclusioni della cruda realtà italiana

In Italia, è arrivato il momento di ripensare radicalmente il modello scolastico, adeguandolo al mondo digitale in cui viviamo. Se oggi trascorriamo in media il 30% della nostra vita connessi a dispositivi digitali, è impensabile continuare a ignorare l’urgenza di introdurre materie come la cybersicurezza, l’intelligenza artificiale e l’etica del digitale nei programmi scolastici. Platone, Socrate e Manzoni resteranno sempre fondamentali nella formazione del pensiero critico e della cultura umanistica, ma non possiamo lasciare che la scuola italiana resti ancorata solo al passato, mentre il presente corre a velocità digitale.

Serve una visione strategica. È necessario che il Ministero dell’Istruzione avvii con urgenza una riforma strutturale, che dia alle discipline digitali lo stesso peso delle materie tradizionali, fin dalla scuola primaria. Se vogliamo che le future generazioni siano in grado di affrontare con consapevolezza le sfide tecnologiche e sociali che ci attendono, dobbiamo prepararle oggi. Altrimenti, tra trent’anni, i ragazzi e le ragazze di oggi – che saranno la futura classe dirigente – non avranno gli strumenti per guidare il Paese in un mondo governato dal digitale e che non sta ad aspettarci.

La Cina, la Russia e gli Stati Uniti stanno già formando le nuove generazioni in questa direzione, con curricoli scolastici che includono la programmazione, la sicurezza informatica, l’intelligenza artificiale e la comprensione critica dei media digitali. L’Italia, invece, rischia di restare ancora una volta il fanalino di coda della tecnologia mondiale, non per mancanza di talento, ma per mancanza di visione e di strategia.

Non possiamo parlare di autonomia tecnologica nazionale se non partiamo dalle scuole. È lì che si costruisce il futuro del Paese. E ogni giorno perso senza un cambiamento reale è un giorno in più di ritardo rispetto al mondo che ci circonda.

L'articolo Scuole italiane: Non ci siamo! Occorre una riforma epocale sulle tecnologie digitali. Subito! proviene da il blog della sicurezza informatica.