Elliot and Dan teamed up this week for the podcast, and after double-checking, nay, triple-checking that we were recording, got to the business of reviewing the week’s hacks. We kicked things off with a look at the news, including a potentially exciting Right to Repair law in Washington state and the sad demise of NASA’s ISS sighting website.

Our choice of hacks included a fond look at embedded systems and the classic fashion sense of Cornell’s Bruce Land, risky open CRT surgery, a very strange but very cool way to make music, and the ultimate backyard astronomer’s observatory. We talked about Stamp collecting for SMD prototyping, crushing aluminum with a boatload of current, a PC that heats your seat, and bringing HDMI to the Commodore 64.

We also took a look at flight tracking IRL, a Flipper-based POV, the ultimate internet toaster, and printing SVGs for fun and profit. Finally, we wrapped things up with a look at the tech behind real-time river flow tracking and a peek inside the surprisingly energetic world of fuel cells.

html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Download this entirely innocent-looking MP3.

Episode 323 Show Notes:

News:

• Washington Consumers Gain Right To Repair For Cellphones And More
• NASA Is Shutting Down The International Space Station Sighting Website
• 2025 Pet Hacks Contest

What’s that Sound?

• Fill out this form for your chance to win!

Interesting Hacks of the Week:

• A Love Letter To Embedded Systems By V. Hunter Adams
  
  • ECE 4760 repo
  • Designing with Microcontrollers – Old projects from Bruce Land’s days at the helm of ECE 4760
  • A RISC-V Operating System Instruction Manual

  
  

• Reconditioning A Vintage CRT Tube
• A 100-Year-Old Electronic Musical Instrument Brought Back To Life
  
  • Drawn In By The Siren’s Song
  • Retrotechtacular: Building Hammond Organ Tones

  
  

• Making A Backyard Observatory Complete With Retractable Roof
• Stamp: Modular Breakout Boards For SMD Prototyping
• EMF Forming Was A Neat Aerospace Breakthrough
  
  • Electromagnetic Aluminum Can Crushing
  • How A Quarter Shrinker Works

  
  

Quick Hacks:

• Elliot’s Picks
  
  • Invisible PC Doubles As Heated Seat
  • Tool Turns SVGs Into Multicolor 3D Prints
  • From Burnt To Brilliant: A Toaster’s Makeover

  
  

• Dan’s Picks:
  
  • POV On The Flipper Zero
  • The Commodore 64 Gets An HDMI Upgrade
  • Look To The Sky With This Simple Plane Tracker

  
  

Can’t-Miss Articles:

• Remotely Interesting: Stream Gages
  
  • Know Snow: Monitoring Snowpack With The SNOTEL Network

  
  

• A Brief History Of Fuel Cells

hackaday.com/2025/05/30/hackad…

If you look at this solar generator from [Concept Crafted Creations], you might think it’s somehow familiar. That’s because the design was visually inspired by the James Webb Space Telescope, or JWST. Ultimately, though, it’s purpose is quite different—it’s designed to use mirrors to collect and harness solar energy. It’s not quite there yet, but it’s an interesting exploration of an eye-catching solar thermal generator.

To get that JWST look, the build has 18 mirrors assembled on a 3D printed frame to approximate the shape of a larger parabolic reflector. The mirrors focus all the sunlight such that it winds up heating water passing through an aluminum plate. Each mirror was custom made using laser cut acrylic and mirror film. Each mirror’s position and angle can be adjusted delicately with screws and a nifty sprung setup, which is a whole lot simpler than the mechanism used on the real thing. The whole assembly is on a mount that allows it to track the movement of the sun to gain the most sunlight possible. There’s a giant laser-cut wooden gear on the bottom that allows rotation on a big Lazy Susan bearing, as well as a servo-driven tilting mechanism, with an Arduino using light dependent resistors to optimally aim the device.

It’s a cool-looking set up, but how does it compare with photovoltaics? Not so well. The mirror array was able to deliver around 1 kilowatt of heat into the water passing through the system, heating it to a temperature of approximately 44 C after half an hour. The water was warmed, but not to the point of boiling, and there’s no turbines or anything else hooked up to actually take that heat and turn it into electricity yet. Even if there were, it’s unlikely the system would reach the efficiency of a similarly-sized solar panel array. In any case, so far, the job is half done. As explained in the build video, it could benefit from some better mirrors and some structural improvements to help it survive the elements before it’s ready to make any real juice.

Ultimately, if you need solar power fast, your best bet is to buy a photovoltaic array. Still, solar thermal is a concept that has never quite died out.

youtube.com/embed/0XYwtub9bJE?…

youtube.com/embed/Alx_vwyksTw?…

hackaday.com/2025/05/30/diy-so…

The CIA ran a series of web sites in the 2000s. Most of them were about news, finance, and other relatively boring topics, and they spanned 29 languages. And they all had a bit of a hidden feature: Those normal-looking websites had a secret login and hosted CIA cover communications with assets in foreign countries. A password typed in to a search field on each site would trigger a Java Applet or Flash application, allowing the spy to report back. This isn’t exactly breaking news, but what’s captured the Internet’s imagination this week is the report by [Ciro Santilli] about how to find those sites, and the fact that a Star Wars fansite was part of the network.

This particular CIA tool was intended for short-term use, and was apparently so effective, it was dragged way beyond it’s intended lifespan, right up to the point it was discovered and started getting people killed. And in retrospect, the tradecraft is abysmal. The sites were hosted on a small handful of IP blocks, with the individual domains hosted on sequential IP addresses. Once one foreign intelligence agency discovered one of these sites, the rest were fairly easily identified.

youtube.com/embed/TFfuzZC5Qpc?…

This report is about going back in time using the Wayback Machine and other tools, and determining how many of these covert sites can be discovered today. And then documenting how it was done and what the results were. Surprisingly, some of the best sources for this effort were domain name data sets. Two simple checks to narrow down the possible targets were checking for IPs hosting only one domain, and for the word “news” as part of the domain name. From there, it’s the tedious task of looking at the Wayback Machine’s archives, trying to find concrete hits. Once a site was found on a new IP block, the whole block could be examined using historic DNS data, and hopefully more of the sites discovered.

So far, that list is 472 domains. Citizen Lab ran a report on this covert operation back in 2022, and found 885 domains, but opted not to publish the list or details of how they were found. The effort is still ongoing, and if you have any ideas how to find these sites, there’s a chance to help.

Profiling Internet Background Radiation

You may have noticed, that as soon as you put a host on a new IP address on the Internet, it immediately starts receiving traffic. The creative term that refers to all of this is Internet Background Radiation. It’s comprised of TCP probes, reflections from spoofed UDP attacks, and lots of other weird traffic. Researchers at Netscout decided to look at just one element of that radiation, TCP SYN packets. That’s the unsolicited first packet of a TCP handshake. What secrets would this data contain?

The first intriguing statistic is the number of spoofed TCP SYN packets coming from known bogus source IPs: zero. This isn’t actually terribly surprising for a couple reasons. One, packets originating from impossible addresses are rather easy to catch and drop, and many ISPs do this sort of scrubbing at their network borders. But the second reason is that TCP requires a three-way handshake to make a useful connection. And while it’s possible to spoof an IP address on a local network via ARP poisoning, doing so on the open Internet is much more difficult.

Packet TTL is interesting, but the values naturally vary, based on the number of hops between the sender and receiver. A few source IPs were observed to vary in reported TTLs, which could indicate devices behind NAT, or even just the variation between different OS network stacks. But looking for suspicious traffic, two metrics really stand out. The TCP Header is a minimum 20 bytes, with additional length being used with each additional option specified. Very few systems will naturally send TCP SYN packets with the header set to 20, suggesting that the observed traffic at that length was mostly TCP probes. The other interesting observation is the TCP window size, with 29,200 being a suspicious number that was observed in a significant percentage of packets, without a good legitimate explanation.

Hacking the MCP

GitHub has developed the GitHub MCP Server, a Master Control Program Model Context Protocol server, designed to allow AI agents to interact with the GitHub API. Invariant Labs has put together an interesting demo in how letting an agentic AI work with arbitrary issues from the public could be a bad idea.

The short explanation is that a GitHub issue can include a prompt injection attack. In the example, it looks rather benign, asking for more information about the project author to be added to the project README. Just a few careful details in that issue, like specifying that the author isn’t concerned about privacy, and that the readme update should link to all the user’s other repos. If the repo owner lets an agentic AI loose on the repo via MCP, it’s very likely to leak details and private repo information that it really shouldn’t.

Invariant Labs suggests that MCP servers will need granular controls, limiting what an AI agent can access. I suspect we’ll eventually see a system for new issues like GitHub already has for Pull Requests, where a project maintainer has to approve the PR before any of the automated Github Actions are performed on it. Once AI is a normal part of dealing with issues, there will need to be tools to keep the AI from interacting with new issues until a maintainer has cleared them.

GitLab Too

GitLab has their own AI integration, GitLab Duo. Like many AI things, it has the potential to be helpful, and the potential to be a problem. Researchers at Legit Security included some nasty tricks in this work, like hiding prompt injection as Hex code, and coloring it white to be invisible on the white GitLab background. Prompt injections could then ask the AI to recommend malicious code, include raw HTML in the output, or even leak details from private repos.

Gitlab took the report seriously, and has added additional filtering that prevents Duo from injecting raw HTML in its output. The prompt injection has also been addressed, but the details of how are not fully available.

Finally, Actually Hacking the Registry

We’ve been following Google’s Project Zero and [Mateusz Jurczyk] for quite a while, on a deep dive into the Windows Registry. We’re finally at the point where we’re talking about vulnerabilities. The Windows registry is self-healing, which could be an attack surface on its own, but it definitely provides a challenge to anyone looking for vulnerabilities with a fuzzer, as triggering a crash is very difficult.

But as the registry has evolved over time and Windows releases, the original security assumptions may not be valid any longer. For instance, in its original form, the registry was only writable by a system administrator. But on modern Windows machines, application hives allow unprivileged users and process to load their own registry data into the system registry. Registry virtualization and layered keys further complicate the registry structure and code, and with complexity often comes vulnerabilities.

An exploit primitive that turned out to be useful was the out-of-bound cell index, where one cell can refer to another. This includes a byte offset value, and when the cell being referred to is a “small dir”, this offset can point past the end of the allocated memory.

There were a whopping 17 memory corruption exploits discovered, but to produce a working exploit, the write-up uses CVE-2023-23420, a use after free that can be triggered by performing an in-place rename of a key, followed by deleting a subkey. This can result in a live reference to that non-existent subkey, and thus access to freed memory.

In that free memory, a fake key is constructed. As the entire data structure is now under the arbitrary control of the attacker, the memory can point to anywhere in the hive. This can be combined with the out-of-bounds cell index, to manipulate kernel memory. The story turns into a security researcher flex here, as [Mateusz] opted to use a couple registry keys rigged in this way to make a working kernel memory debugger, accessible from regedit. One key sets the memory address to inspect, and the other key contains said memory as a writable key. Becoming SYSTEM at this point is trivial.

Bits and Bytes

[Thomas Stacey] of Assured has done work on HTTP smuggling/tunneling attacks, where multiple HTTP requests exist in a single packet. This style of attack works against web infrastructure that has a front-end proxy and a back-end worker. When the front-end and back-end parse requests differently, very unintended behavior can result.

ONEKEY researchers have discovered a pair of issues in the Evertz core web administration interface, that together allow unauthenticated arbitrary command injection. Evertz manufactures very large video handling equipment, used widely in the broadcast industry, which is why it’s so odd that the ONEKEY private disclosure attempts were completely ignored. As the standard 90 day deadline has passed, ONEKEY has released the vulnerability details in full.

On the other hand, Mozilla is setting records of its own, releasing a Firefox update on the same day as exploits were revealed at pwn2own 2025. Last year Mozilla received the “Fastest to Patch” award, and may be on track to repeat that honor.

What does video game cheat development have to do with security research? It’s full of reverse engineering, understand memory structures, hooking functions, and more. It’s all the things malware does to take over a system, and all the things a researcher does to find vulnerabilities and understand what binaries are doing. If you’re interested, there’s a great two-part series on the topic just waiting for you to dive into. Enjoy!

hackaday.com/2025/05/30/this-w…

The following was a letter submitted by an anonymous Pirate supporter using the pseudonym “Forward Thoughts”, sharing critiques of “Uncle Sam”. This article is apart of the project “Message in a Bottle”, allowing supporters of the US Pirate Party to submit editorial articles to the United States Pirate Party website.

Uncle Sam, the personification of the federal government, is supposed to be a beacon of democracy and good fortune towards the will of the people right here in the United States of America. However, he has gotten too big for his britches since the beginning. History highlighting this goes as far back as Uncle Sam exerting his power from the Whiskey Rebellion to recently using the Enemy Alien Act of 1787 to deport immigrant dissenters speaking out against the genocide happening in Palestine.

Every state relies on his charity to a certain extent, some more than others. How can we rely on our government to provide for its people when it directly meddles and persistently goes against the will of its people by starting wars and cutting funds to social programs, sometimes it creates on its own volition?

In a way, the American people receive assistance from the suits and ties of Capitol Hill in Washington D.C., that assistance comes in the form of government regulations more so than it comes from funding assistance. Guns, voting, criminal penalties, taxes, immigration, etc. are always the hot button issues every politician or candidate running for office has on their agenda.

“I want to be controlled harder by my government” said no one ever.

In order to curtail exerting pragmatic force against the will of the people, there’s supposed to be a system our founding fathers put in place called “checks and balances.” How this works is there’s the executive branch consisting of the presidency and cabinet members, Congress which consists of both the House of Representatives and the Senate, and the Supreme Court which consists of 9 justices.

However, what happens when all 3 branches reciprocate the same political ideology as one another? Who’s gonna stop these corrupt politicians from filling the coffers of themselves and of their allies (the oligarchy) they’re in cahoots with? Now we’re faced with a constitutional crisis where all 3 branches need to be severed like an infected limb.

Get this: Uncle Sam can exert his power over the economy on a whim. Right now President Trump is putting his hand up Uncle Sam as a puppet and he’s levying taxes on Chinese imports and other countries around the world. In retaliation, other countries he’s levied tariffs on are levying retaliatory tariffs against our imports into their countries. Consequently, prices on goods and services are rising. Stocks on the stock market are plummeting.

History is repeating itself. Remember back in US history class (well, hopefully you were taught this in US history class) about the Great Depression at the very end of the 1920s? Part of the reason why the economy went into a spiral was because of then Congress’s tariffs on foreign imports. Consumers no longer were able to afford products, therefore companies losing profits, especially those in the manufacturing industry, laid off workers.

Granted it wasn’t as if President Hoover bypassed Congress to make the tariffs happen, but my point still stands on how tariffs cause unintentional side effects to our everyday lives.

Lesson learned: tariffs backfire immensely on the economy.

Then President Nixon back in 1969 wanted to defund TV program PBS, Public Broadcasting Service. The nonprofit network was created to provide educational programming in a non-commercialized manner. It has brought us shows such as Sesame Street, Arthur, Mr. Rogers’ Neighborhood, just to name a few.

Speaking of Mr. Rogers, he testified before Congress and managed to avert budget cuts for the nationally renowned TV station. Fast forward to present day 2025 — Republicans in Congress and President Trump are trying to cut funds for PBS. History is repeating itself yet again. Will we have a savior of PBS like we did back in 1969?

Lesson to be learned: PBS really is made possible by viewers like you.

Even at the state level, funding can be granted and cut based on the current majority party’s and governor’s ideology of that time. Pennhurst State School & Hospital in Spring City, PA is one of many examples of state government apathetic to the welfare of its people, especially a vulnerable population.

Opened in 1908 and closed in 1987, Pennhurst State School & Hospital was a product of an era of eugenics where those deemed unfit to reproduce in the Caucasian gene pool were euthanized or removed from society. Marginalized groups such as the epileptic and the mentally disabled were housed here, but soon grew to orphans, physically disabled, etc. Within a few years Pennhurst became overcrowded and conditions became deplorable.

In 1968, Bill Baldini did a 5-part segment on the conditions at Pennhurst exposing its wretched standard of living and abuse residents faced. There was a public outcry after the segment aired. Conditions seldomly improved from there on out until its closure in 1987. Fortunately, these residents were moved to boarding homes.

Have you ever heard of a Kirkbride psychiatric hospital? They’re long-term psychiatric hospitals designed in a batwing fashion with emphasis on natural light and air circulation. However, lack of funding and mismanagement had led to conditions in a handful of these facilities to be anything but cheery. In fact, it is what can easily be described as wicked.

Trenton Psychiatric Hospital in Trenton, NJ, under the direction of Dr. Henry Cotton, extracted organs and teeth from patients. In spite of high mortality rates and disprovable claims of cure rates, this persisted at the behest of Dr. Cotton during his tenure.

Philly (Philadelphia) State Hospital at Byberry opened in 1907. Unlike Trenton Psychiatric Hospital and others similar to Trenton, it was not made using the Kirkbride blueprints. This didn’t make the hospital any less susceptible to daunting conditions such as overcrowding, barbaric experiments, abuse, and neglect.

Props are in order to a conscientious objector named Charlie Lord, who between 1945 and 1946 was so appalled by the conditions he took note of that he covertly took photos and leaked them to the press. In these photos, raw sewage and naked men lined the hallways of Byberry.

Lesson to be learned: these residents were at the mercy of state politicians apathetic to their basic needs. Moreover and lastly, psychiatric hospitals such as the Kirkbride hospitals and disabled residential facilities such as Pennhurst are archaic and stunt personal psychiatric growth in patients.

Most states’ systems are designed to where property taxes fund our public schools. Back in the late 1800s, public schools were a shining gem of what America could be. Nowadays in many communities, our schools are nothing more than shadows of their former selves, meeting the minimum standards set by the state for funding.

Gone are the days of home economics and industrial shop classes. It’s all about standardized testing mandated by the state capital and even Uncle Sam, which is basically modern day phrenology. There’s educators and politicians who’ll justify this inane waste of paper by saying it measures how schools are doing with educating their students.

Standardized testing can be summed up in four words, it’s this: elite stay in control.

Lesson to be learned: standardized testing is a disease on our education system designed to punish lower socioeconomic schools and to keep those at the higher end of the socioeconomic.

uspirates.org/message-in-a-bot…

nugole.it/nugoletta/ju/p/17485…

Ju

2025-05-30 05:21:56

Questo è bello.
Storie di Verona: il brigante Falasco.

La torre Falasco è ancora in piedi, costruita in una specie di rientranza - coalo - in una delle molte falesie. Si vede facendo un po' di attenzione quando si risale la Valpantena, è sul lato a sinistra della valle venedo su da Verona.
Nell'articolo dice che s'è perso arrivandoci ma da quel che mi ricordo c'è una stradella abbastanza confortevole che porta su.

larena.it/rubriche/vi-cammino-…

La leggenda del Brigante Falasco. Bello e spietato, era il terrore della valle

I Balladoro, i Leonardi, i Tedeschi, gli Oliboni, i Benella di Laudi, i Rotari, i Padoani, gli Allegri… Perché dal passato riaffiorano... Scopri di più

^{Alessandro Anderloni (L'Arena)}

The Trump administration’s hostility to First Amendment rights extends beyond the press to nonprofit organizations, museums, colleges, and anyone else who might question his infallibility.

But his targeting of the press is a key component of the administration’s effort to appoint itself the country’s sole arbiter of truth. Freedom of the Press Foundation (FPF) Advocacy Direction Seth Stern writes for the Daily Beast that in Trump’s view, “inconvenient truths and malicious lies are equally troublesome. They must be met with equal force.”

Stern urged journalists and others who value press freedom to treat these attacks not as passing storms but as existential threats.

Read Stern’s article here.

freedom.press/issues/when-alte…

Io sono un appassionato di linux e del software libero, potremmo dire un entusiasta. Continuerò a consigliarlo a tutti e ad aiutare gli amici ad installarlo quando vogliono provarlo o migliorare la loro vita digitale.

Ma, non per questo, vivo nel mondo delle fate.

Nel caso di questo articolo, mi trovo molto in disaccordo. A differenza di quanto è scritto nel titolo, ci sono pochi software di livello davvero professionale per l'elaborazione video su Linux: Da Vinci Resolve (ammesso di riuscire a farlo funzionare sulla propria distribuzione se NON è Centos o Rocky, dopo l'installazione) e Blender. Il secondo in realtà è più adatto a chi lavora con il 3D. Nel corpo dell'articolo si va un po' meglio, ma tra le righe si leggono dei limiti che purtroppo ha la soluzione proposta.

Poi ci sono tanti (ma tanti) software che vanno bene soltanto per uso casalingo, e ben venga che ci siano, e poi ci sono le vie di mezzo.

KDEnlive e Cinelerra secondo me sono 2 vie di mezzo, ma nell'articolo sembra che KDEnlive sia la soluzione di tutti i mali, e che il "comune sentire" (che sia difficile lavorare con i video su Linux), sia un errore.

(Inkscape non lo affronto neanche, è bello e completo ma le sue potenzialità sono quelle che aveva Adobe Illustrator 15 anni fa; ormai quel modo di lavorare è vecchio. In altre parole un professionista difficilmente lo userà).

Ecco il punto: nel 2025, per me, il punto non è "se" con una distribuzione linux si possa fare qualcosa, ma "in quanto tempo" e "con quale difficoltà".

Se gli sviluppatori non lavorano su questo, non credo che ci sarà mai una vera diffusione di Linux sul desktop.

Per citare un esempio, ormai anche il blocco note di Windows è pieno di IA, mentre Linux è rimasto indietro su questo fronte (e lo dico dopo l'installazione delle componenti di VOSK necessarie per trascrivere sottotitoli su KDEnlive).

Può piacere o no, ma io credo che l'IA sia qui per restare e per semplificarci la vita: ormai l'utente se la aspetta; non si può pretendere che gli utenti sacrifichino il loro tempo in nome di principi che, magari, neanche condividono.

Se ci fate caso, le soluzioni open che sono massicciamente sul mercato funzionano perché vanno meglio delle soluzioni chiuse per...uno scopo particolare, un esigenza. Sono abbastanza vecchio, ad esempio, per ricordare PERCHE' c'è stato un tempo in cui Firefox era IL browser: perché a differenza di Internet Explorer FUNZIONAVA.

Sarò cinico ma alla maggior parte delle perone non importano i principi, se c'è un modo per convincerle definitivamente è dar loro qualcosa di semplice e che funziona meglio dell'alternativa chiusa.

Mi spiace se urto la sensibilità di qualcuno, nel qual caso chiedo scusa. Questo però è il mio pensiero che non ha lo scopo di distruggere nulla, esprimo tutto ciò con malinconia per qualcosa che potrebbe essere ma non è.

Sta alla comunità cogliere il mio ragionamento con lo spirito che vuole avere: costruttivo.

In ogni caso, ecco l'articolo:

ilsoftware.it/focus/linux-non-…

#linux #opensource #foss #nonuccidetemi

Linux non permette di creare contenuti video professionali. Sbagliato! | IlSoftware.it

Come creare video professionali su Linux utilizzando software open source come Kdenlive, OBS Studio e Inkscape.

^{IlSoftware.it}