A multitool that weighs less than a penny? Yes, it exists. This video by [ToolTechGeek] shows his titanium flat-cut design tipping the scales at only 1.9 grams—lighter than the 2.5-gram copper penny jingling in your pocket. His reasoning: where most everyday carry (EDC) tools are bulky, overpriced, or simply too much, this hack flips the equation: reduce it to the absolute minimum, yet keep it useful.

You might have seen this before. This second attempt is done by laser-cutting titanium instead of stainless steel. Thinner, tougher, and rust-proof, titanium slashes the weight dramatically, while still keeping edges functional without sharpening. Despite the size, this tool manages to pack in a Phillips and flathead screwdriver, a makeshift saw, a paint-lid opener, a wire bender (yes, tested on a paperclip), and even a 1/4″ wrench doubling as a bit driver. High-torque screwdriving by using the long edges is a clever exploit, and yes—it scrapes wood, snaps zip ties, and even forces a bottle cap open, albeit a bit roughly.

It’s not about replacing your Leatherman; it’s about carrying something instead of nothing. Ultra-minimalist, featherlight, pocket-slip friendly—bet you can’t find a reason not to just have it in your pocket.

youtube.com/embed/dniAyMoiKn4?…

hackaday.com/2025/08/21/this-p…

In a recent video our hacker [Electronic Wizard] introduces the 74HC595 shift register and explains how to use it to drive 7-segment displays.

[Electronic Wizard] explains that understanding how to apply the 74HC595 can increase the quality of your projects and also help keep the demands on the number of pins from your microcontroller to manageable levels. If you’re interested in the gory details you can find a PDF datasheet for the 74HC595 such as this one from Texas Instruments.

[Electronic Wizard] explains further that a shift register is like a small one byte memory where its data is directly available on its eight output pins, no input address required. When you pulse the clock pin (CLK) each bit in the eight bit memory shifts right one bit, making room for a new bit on the left. The bits that fall off the right hand side can daisy chain into another 74HC595 going out on pin 9 and coming in on pin 14.

[Electronic Wizard] goes on to extol the virtues of pin 13, the active-low Output Enable, which can be used to make sure junk doesn’t appear on your 7-segment displays during initialization. Also the 74HC595 can provide current itself which lessens the power demands on your micro.

[Electronic Wizard] covers how to use multiplexing to drive multiple 7-segment displays but notes the drawbacks of this method including large pin counts and high frequency flashing which, while invisible to the human eye, can become visible on some cameras and recording equipment making the 74HC595 a superior solution to multiplexing.

The bottom line is that using only three pins from the microcontroller you can drive one or more 7-segment displays. To learn more, including how to use the other pins and features of the 74HC595, be sure to click through to watch the video. If you’re interested in the 74HC595 you might like to read about how the Bus Pirate 5 used two of them to get an extra 16 pins on the board.

youtube.com/embed/bXzk33EeLWE?…

hackaday.com/2025/08/21/using-…

To connect the miniature world of integrated circuits like a CPU with the outside world, a number of physical connections have to be made. Although this may seem straightforward, these I/O pads form a major risk to the chip’s functioning and integrity, in the form of electrostatic discharge (ESD), a type of short-circuit called a latch-up and metastability through factors like noise. Shielding the delicate ASIC from the cruel outside world is the task of the I/O circuitry, with [Ken Shirriff] recently taking an in-depth look at this circuity in Intel’s 386 CPU.
The 386 die, zooming in on some of the bond pad circuits. (Credit: Ken Shirriff)
The 386 has a total of 141 of these I/O pads, each connected to a pin on the packaging with a delicate golden bond wire. ESD is on the top of the list of potential risks, as a surge of high voltage can literally blow a hole in the circuitry. The protective circuit for this can be seen in the above die shot, with its clamping diodes, current-limiting resistor and a third diode.

Latch-up is the second major issue, caused by the inadvertent creation of parasitic structures underneath the P- and NMOS transistors. These parasitic transistors are normally inactive, but if activated they can cause latch-up which best case causes a momentary failure, but worst case melts a part of the chip due to high currents.

To prevent I/O pads from triggering latch-up, the 386 implements ‘guard rings’ that should block unwanted current flow. Finally there is metastability, which as the name suggests isn’t necessarily harmful, but can seriously mess with the operation of the chip which expects clean binary signals. On the 386 two flip-flops per I/O pad are used to mostly resolve this.

Although the 386’s 1985-era circuitry was very chonky by today’s standards, it was still no match for these external influences, making it clear just how important these protective measures are for today’s ASICs with much smaller feature sizes.

hackaday.com/2025/08/21/how-in…

As much as I love Linux, there are always one or two apps that I simply have to run under Windows for whatever reason. Sure, you can use wine, Crossover Office, or run Windows in a virtual machine, but it’s clunky, and I’m always fiddling with it to get it working right. But I recently came across something that — when used improperly — makes life pretty easy. Instead of virtualizing Windows or emulating it, I threw hardware at it, and it works surprisingly well.

Once Upon a Time

First, a story. Someone gave me a Surface Laptop 2 that was apparently dead. It wouldn’t charge, and you can’t remove the keyboard without power. Actually, you can with a paper clip, and I suggested pulling it to see if the screen would charge by itself. They said they had already bought a new computer, so they didn’t care.

Unsurprisingly, once I popped the keyboard off, the computer charged and was fine. You just have to replace the keyboard or use another one. Or use it as a tablet, which it is set up for anyway. But I have plenty of laptops and computers of every description. What was I going to do with this nice but keyboardless computer?

Coincidence

About this same time, I’d been moving my VirtualBox Windows installs over to KVM. That’s a pain if you’ve ever done it, but it performs well and works well. Then I found WinApps. This is a simple script setup that runs Windows in your choice of virtual machine and can pull a single application into an RDP client on your desktop. The effect is that you can have, for example, Microsoft Word just sitting on your desktop like any other program. It also wires up the application so you can, say, open a PowerPoint directly using a real copy of PowerPoint running in the virtual machine.

It works great, except for one thing. When Windows is running, your disk thrashes like crazy. That’s probably not very surprising since the Windows VM image is in a file, so everything goes through the Windows file system and then the Linux file system. Between my SSD cache and my RAID array, there’s a lot going on there. The performance wasn’t bad, but the disk going wild was annoying, and it would freeze up here and there while the drive was overwhelmed.

Virtually Reality, for Real

But what about WinApps? It points to a virtual machine in KVM or Docker. Why not let it point to a real piece of hardware on the network? I could put the Surface out of the way and then run my choice of Windows software right on my desktop with hardware speeds only limited by the network.

Rather than keep you in suspense, it worked. The program allows you to set your virtualization type and one of them is “manual.” Presumably, you’d usually start a VM yourself, but in this case, just the IP address of the remote Windows box is all you need.

Is it that Easy?

Well, almost. There were two small issues. For one thing, you need to run an install script on the Windows box. You can do that before you set up, while you enable Remote Desktop. Here’s what the directions say:

Next, you will need to make some registry changes to enable RDP Applications to run on the system. Start by downloading the RDPApps.reg file, right-clicking on the Raw button, and clicking on Save target as. Repeat the same thing for the install.bat and the NetProfileCleanup.ps1. Do not download the Container.reg.

The other issue is that I have two monitors that are separated, with one at the bottom left and one at the top right of a large rectangle, and lots of blank wall between them. The xfreerdp program hates that. I had to fiddle with the settings quite a bit, and you may have different results.

One thing I did to be safe was to go get the latest version of xfreerdp and install it. You can point to it in the WinApps configuration file. Sometimes, the programs in your distro’s repositories can be pretty old. I wanted to make sure I had the latest RDP client.

For normal operations, these options worked:

RDP_FLAGS="/cert:tofu /sound /microphone +home-drive /span /multimon:force /mouse-relative /dynamic-resolution"
I also had to edit ~/.local/bin/winapps to change the options for the “windows” run (which starts a full-screen windows session) to:

# Open Windows RDP session.
dprint"WINDOWS"
$FREERDP_COMMAND \
/d:"$RDP_DOMAIN"\
/u:"$RDP_USER"\
/p:"$RDP_PASS"\
/scale:"$RDP_SCALE"\
+auto-reconnect\
/monitors:0\
/wm-class:"Microsoft Windows"\
/t:"Windows RDP Session [$RDP_IP]"\
/v:"$RDP_IP"&>/dev/null &

Bugs!

While I was in there, I also fixed a bug. The script (and the installation script) can’t figure out that my user is in the right group to run virtual machines, so if you plan on using real virtualization, you might have to fix it or, do what I did, and comment that test out of the main program and the installer. However, if you are using manual mode, that shouldn’t be a problem. The installer also tells me that ~/.local/bin isn’t on my path, but it is. That’s safe to ignore.

There seem to be some other issues. For example, while the installer sets up the ~/local/bin directory, it didn’t add any links to my start menu. I think it was supposed to. Of course, it is trivial to just add your own menu items, which you’ll need to do for non-standard programs, anyway.

Proof in the Pudding

Word on Linux the hard way!
Does it work? Well, there’s Microsoft Word running on my KDE desktop. You might have to rearrange or resize a Window when you first launch it. If that bothers you, write a rule to fix the window position. Most of the time, it works well enough. You can also go full screen and back (Control+Alt+Enter). Anything you can normally do in a RDP session, you can do here.

Is it perfect? Nope. You can, in theory, redirect USB devices, but it will be kludgy and probably slow. I still use KVM for things that have to talk to a USB device. Of course, you can also hang the USB device off the Windows machine. The default setup maps your home directory to Windows, but you can fix it to map other places, too (and make sure the config file knows where your removable media mounts, too). The system autodetects many apps, but there is a manual mode that can, in theory, run anything. Or, you can pull up Windows Explorer and run any application you want.

This would be a perfect thing to use an old computer sitting around or a junk store small form factor PC that you can pick up for nearly nothing. You won’t be gaming on it or anything, but it is perfectly usable for that strange Word document or EPROM programmer software.

Honestly, it’s gotten to the point where having WSL on Windows means I barely notice which OS I’m on 99% of the time. Most of the apps I use will run on either system, but I still prefer the control I have on Linux and find it easier to fix issues there. At least dual booting is mostly a thing of the past.

hackaday.com/2025/08/21/linux-…

Diversi bug di sicurezza di alta gravità sono stati risolti da Mozilla con il rilascio di Firefox 142, impedendo a malintenzionati di eseguire in remoto codice a loro scelta sui sistemi coinvolti. L’avviso di sicurezza, pubblicato il 19 agosto 2025, rivela nove vulnerabilità distinte che vanno dalle escape sandbox ai bug di sicurezza della memoria, con diverse classificate come minacce ad alto impatto in grado di consentire l’esecuzione di codice remoto (RCE).

Questa falla consente la corruzione della memoria all’interno del processo GMP fortemente sandboxato responsabile della gestione dei contenuti multimediali crittografati, consentendo potenzialmente agli aggressori di aumentare i privilegi oltre le restrizioni standard del processo dei contenuto.

Un’ampia gamma di vulnerabilità è stata rilevata, tra cui il CVE-2025-9180, un aggiramento della politica di origine comune che interessa il componente Graphics Canvas2D.

Il team di sicurezza di Mozilla, composto dai ricercatori Andy Leiserson, Maurice Dauer, Sebastian Hengst e dal Mozilla Fuzzing Team, ha identificato questi bug di danneggiamento della memoria che dimostrano chiaramente la possibilità di sfruttarli per l’esecuzione di codice arbitrario .

Questa falla di sicurezza compromette il modello fondamentale di sicurezza web che impedisce l’accesso alle risorse multiorigine, consentendo potenzialmente a siti web dannosi di accedere a dati sensibili da altri domini.

Sono tre le vulnerabilità di sicurezza che presentano rischi significativi per l’RCE. La vulnerabilità CVE-2025-9187 riguarda Firefox 141 e Thunderbird 141, mentre la vulnerabilità CVE-2025-9184 riguarda Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 e Thunderbird 141.

Il problema più diffuso, il CVE-2025-9185, riguarda diverse versioni di Extended Support Release (ESR), tra cui Firefox ESR 115.26, 128.13 e 140.1, oltre alle loro controparti Thunderbird.

Tra le vulnerabilità aggiuntive figurano CVE-2025-9181, un problema di memoria non inizializzata nel componente JavaScript Engine segnalato da Irvan Kurniawan e diversi problemi di minore gravità che interessano lo spoofing della barra degli indirizzi e le condizioni di negazione del servizio nel componente grafico WebRender.

L'articolo Mozilla risolve una pericolosa RCE su Firefox 142 proviene da il blog della sicurezza informatica.

Back in the day, an FM bug was a handy way to make someone’s annoying radio go away, particularly if it could be induced to feedback. But these days you’re far more likely to hear somebody’s Bluetooth device blasting than you are an unruly FM radio.

To combat this aural menace, [Tixlegeek] is here with a jammer for the 2.4 GHz spectrum to make annoying Bluetooth devices go silent. While it’s not entirely effective, it’s still of interest for its unashamed jankiness. Besides, you really shouldn’t be using one of these anyway, so it doesn’t really matter how well it works.

Raiding the AliExpress 2.4 GHz parts bin, there’s a set of NRF24L01+ modules that jump around all over the band, a couple of extremely sketchy-looking power amplifiers, and a pair of Yagi antennas. It’s not even remotely legal, and we particularly like the sentence “After running the numbers, I realized it would be cheaper and far more effective to just throw a rock at [the Bluetooth speaker]“. If there’s a lesson here, perhaps it is that effective jamming comes in disrupting the information flow rather than drowning it out.

This project may be illegal, but unlike some others we think it (probably) won’t kill you.

hackaday.com/2025/08/21/bad-to…

Poland’s surprising compromise to ease the deadlock on the CSA Regulation – which has been stuck in the Council of EU Member States for the past three years – met with failure. This blog recaps the Polish compromise, the positions of the Member States on the proposal, and it could mean for the future of one of the most criticised EU laws of all time.

The post 16 countries burned Poland’s bridges on the CSA Regulation: What now? appeared first on European Digital Rights (EDRi).

Given all the incredible technology developed or improved during the Apollo program, it’s impossible to pick out just one piece of hardware that made humanity’s first crewed landing on another celestial body possible. But if you had to make a list of the top ten most important pieces of gear stacked on top of the Saturn V back in 1969, the fuel cell would have to place pretty high up there.
Apollo fuel cell. Credit: James Humphreys
Smaller and lighter than batteries of the era, each of the three alkaline fuel cells (AFCs) used in the Apollo Service Module could produce up to 2,300 watts of power when fed liquid hydrogen and liquid oxygen, the latter of which the spacecraft needed to bring along anyway for its life support system. The best part was, as a byproduct of the reaction, the fuel cells produced drinkable water.

The AFC was about as perfectly suited to human spaceflight as you could get, so when NASA was designing the Space Shuttle a few years later, it’s no surprise that they decided to make them the vehicle’s primary electrical power source. While each Orbiter did have backup batteries for emergency purposes, the fuel cells were responsible for powering the vehicle from a few minutes before launch all the way to landing. There was no Plan B. If an issue came up with the fuel cells, the mission would be cut short and the crew would head back home — an event that actually did happen a few times during the Shuttle’s 30 year career.

This might seem like an incredible amount of faith for NASA to put into such a new technology, but in reality, fuel cells weren’t really all that new even then. The space agency first tested their suitability for crewed spacecraft during the later Gemini missions in 1965, and Francis Thomas Bacon developed the core technology all the way back in 1932.

So one has to ask…if fuel cell technology is nearly 100 years old, and was reliable and capable enough to send astronauts to the Moon back in 1960s, why don’t we see them used more today?

Fuel Cell 101

Before continuing to bemoan their absence from our everyday lives, perhaps it would be helpful to take a moment and explain what a fuel cell is.

In the most basic configuration, the layout of a fuel cell is not entirely unlike a traditional battery. You’ve got an anode that serves as the negative terminal, a cathode for the positive, and an electrolyte in between them. There’s actually a number of different electrolytes that can be used, which in turn dictate both the pressure the cell operates at and the fuel it consumes. But we don’t really need to get into the specifics — it’s enough to understand that the electrolyte allows positively charged ions to move through it, while negatively charged electrons are blocked.

The electrons are eager to get to the party on the other side of the electrolyte, so once the fuel cell is connected to a circuit, they’ll rush through to get over to the cathode. Each cell usually doesn’t produce much electricity, but gang a bunch of them up in serial and you can get your total output into a useful range.

One other element to consider is the catalyst. Again, the specifics can change depending on the type of fuel cell and what it’s consuming, but in general, the catalyst is there to break the fuel down. For example, plating the anode with a thin layer of platinum will cause hydrogen molecules to split as they pass through.

Earthly Vehicle Applications

So we know they were used extensively by NASA up until the retirement of the Shuttle back in 2011, but spacecraft aren’t the only vehicles that have used fuel cells for power.
The fuel cell powered Toyota Mirai, on the market since 2015.
There’s been quite a number of cars that used fuel cells, ranging from prototypes to production models. In fact, Toyota, Honda, and Hyundai actually have fuel cell cars available for sale currently. They’re not terribly widespread however, with availability largely limited to Japan and California as those are nearly the only places you’ll find hydrogen filling stations.

Of course, not all vehicles need to be filled up at a public pump. There have been busses and trains powered by fuel cells, but again, none have ever enjoyed much widespread success. In the early 2000s there were some experimental fuel cell aircraft, but those efforts were hampered by the fact that electric aircraft in general are still in their infancy.

Interestingly, outside of their space applications, fuel cells seem to have enjoyed the most success on the water. While still a minority in the grand scheme of things, there have been a number of fuel cell passenger ferries over the years, with a few still in operation to this day. There’s also been a bit of interest by the world’s navies, with both the German and Italian government collaborating on the development of the Type 212A submarine. Each of the nine fuel cells on the sub can produce up to 50 kW, and together they allow the submarine to remain submerged for weeks — a trick that’s generally only possible with a nuclear-fueled vessels.

Personal Power Plants

While fuel cell vehicles have only seen limited success, there’s plenty of other applications for the technology, some of which are arguably more interesting than a hydrogen-breathing train anyway.

At least for a time, it seemed fuel cells would have a future powering our personal devices like phones and laptops. Modern designs don’t require the liquid oxygen of the Apollo-era hardware, and can instead suck in atmospheric air. You still need the hydrogen, but that can be provided in small replaceable cylinders like many other commercially-available gases.

The peak example of this concept has to be the Horizon MiniPak. This handheld fuel cell was designed to power all of your USB gadgets with its blistering 2 watt output, and used hydrogen cylinders which could either be tossed when they were empty or refilled with a home electrolysis system. Each cylinder reportedly contained enough hydrogen to generate 12 watt-hours, which would put each one about on par with a modern 18650 cell.

The device made its debut at that the 2010 Consumer Electronics Show (CES), but despite contemporary media coverage talking about an imminent commercial release, it’s not clear that it was ever actually sold in significant numbers.

Looking at what’s on the market currently, a company called EFOY offers a few small fuel cells that seem to be designed for RVs and boats. They certainly aren’t handheld, with the most diminutive model roughly the size of a small microwave, but at least it puts out 40 watts. Unfortunately, the real problem is the fuel — rather than breathing hydrogen and spitting out pure water, the EFOY units consume methanol and output as a byproduct the creeping existential nightmare of being burned alive by invisible fire.

DIY To the Rescue?

If the free market isn’t offering up affordable portable fuel cells, then perhaps the solution can be found in the hacker and maker communities. After all, this is Hackaday — we cover home-spun alternatives for consumer devices on a daily basis.

Except, not in this case. While there are indeed very promising projects like the Open Fuel Cell, we actually haven’t seen much activity in this space. A search through the back catalog while writing this article shows the term “fuel cell” has appeared fewer than 80 times on these pages, and of those occurrences, almost all of them were discussing some new commercial development. There were two different fuel cell projects entered into the 2015 Hackaday Prize, but unfortunately both of those appear to have been dead ends.

So Dear Reader, the question is simple: what’s the hold up with mainstream fuel cells? The tech is not terribly complex, and a search online shows plenty of companies selling the parts and even turn-key systems. There’s literally a site called Fuel Cell Store, so why don’t we see more of them in the wild? Got a fuel cell project in the back of your mind? Let us know in the comments.

hackaday.com/2025/08/21/ask-ha…

Computed Axial Lithography (CAL) is a lighting-fast form of volumetric 3D printing that holds incredible promise for the future, and [The Action Lab] filmed it in action at a Berkeley team’s booth at the “Open Sauce” convention.

The basic principle works like this: an extra-viscous photopolymer resin sits inside a rotating, transparent cylinder. As the cylinder rotates, UV light is projected into the resin in patterns carefully calculated to reproduce the object being printed. There are no layers, no FEP, and no stop-and-start; it’s just one long exposure from what is effectively an object-generating video, and it does not take long at all. You can probably guess that the photo above shows a Benchy being created, though unfortunately, we’re not told how long it took to produce.

Don’t expect to grab a bottle of SLA resin to get started: not only do you need higher viscosity, but also higher UV transmission than you get from an SLA resin to make this trick work. Like regular resin prints, the resolution can be astounding, and this technique even allows you to embed objects into the print.
This handle was printed directly onto the shaft of the screwdriver.
It’s not a new idea. Not only have we covered CAL before, we even covered it being tested in zero-G. Floating in viscous resin means the part couldn’t care less about the local gravity field. What’s interesting here is that this hardware is at tabletop scale, and looks very much like something an enterprising hacker might put together.

Indeed, the team at Berkeley have announced their intention to open-source this machine, and are seeking to collaborate with the community on their Discord server. Hopefully we’ll see something more formally “open” in the future, as it’s something we’d love to dig deeper into — and maybe even build for ourselves.

Thanks to [Beowulf Shaeffer] for the tip. If you are doing something interesting with photopolymer ooze (or anything else) don’t hesitate to let us know!

youtube.com/embed/L7QnADt04ZU?…

hackaday.com/2025/08/21/cal-3d…

In data odierna – avverte il Cert-AGiD – sono pervenute segnalazioni da parte di Pubbliche Amministrazioni riguardo a una campagna malevola mirata diffusa in queste ore.

Email malevola

L’e-mail fraudolenta, sfruttando un presunto aggiornamento urgente di un software di firma digitale, induce gli utenti a cliccare sul link presente nel corpo del messaggio con lo scopo di scaricare un file ZIP contenente un VBS malevolo.

File VBS malevolo

Il file VBS non adotta tecniche di offuscamento e il codice risulta commentato in italiano, suggerendo l’uso di strumenti AI da parte di un threat actor italiano o, in alternativa, il tentativo di sviare l’attribuzione.

L’obiettivo è l’installazione di Action1, uno strumento legittimo normalmente utilizzato per la gestione remota di patch e la risoluzione delle vulnerabilità presenti sui sistemi da parte degli amministratori IT, ma che in questo contesto viene sfruttato da attori malevoli per ottenere accesso non autorizzato ai dispositivi compromessi.

Analisi del file MSI

Per il CERT-AGID si tratta della prima evidenza in Italia dell’abuso di questo strumento da parte di attori malevoli, sebbene a livello internazionale sia già noto per essere stato sfruttato in campagne di distribuzione di malware, incluso dal gruppo ransomware Conti.

Analogamente a quanto accaduto con altri prodotti leciti di remote management, come ScreenConnect, i criminali informatici sfruttano software firmati e legittimi per ridurre la probabilità di rilevazione da parte delle soluzioni di sicurezza.

Al momento non è stato identificato il malware o il payload finale che potrebbe essere distribuito; è verosimile che gli attori malevoli stiano attendendo il momento più opportuno per rilasciarlo.

Azioni intraprese e suggerimenti

Il CERT-AGID ha avviato le opportune attività di contrasto alla campagna, diffondendo gli IoC relativi e contattando il Gestore di Firma interessato. Invita inoltre le Pubbliche Amministrazioni e, più in generale, tutti gli utenti che abbiano ricevuto questa email a:

• non cliccare sul link contenuto nel messaggio;
• utilizzare gli Indicatori di Compromissione (IoC) messi a disposizione dal CERT-AGID per effettuare le opportune verifiche;
• usare il tool hashr per la ricerca di file malevoli all’interno dei propri sistemi;
• in caso di compromissione, isolare immediatamente il dispositivo e segnalare l’incidente al CSIRT Italia.

Indicatori di Compromissione

Gli IoC relativi a questa campagna sono stati già condivisi con le organizzazioniaccreditate al flusso IoCdel CERT-AGID.

Link:Download IoC

L'articolo Una falsa patch per la firma digitale, diffonde malware! Attenzione alla truffa proviene da il blog della sicurezza informatica.