The OrcaSlicer staggered perimeters in an FDM print, after slicing through the model. (Credit: CNC Kitchen)
The idea of staggered (or brick) layers in FDM prints has become very popular the past few years, with now nightly builds of OrcaSlicer featuring the ‘Stagger Perimeters’ option to automate the process, as demonstrated by [Stefan] in a recent CNC Kitchen video. See the relevant OrcaSlicer GitHub thread for the exact details, and to obtain a build with this feature. After installing, slice the model as normal, after enabling this new parameter in the ‘Strength’ tab.

In the video, [Stefan] first tries out a regular and staggered perimeter print without further adjustments. This perhaps surprisingly results in the staggered version breaking before the regular print, which [Stefan] deduces to be the result of increasing voids within the print. After increasing the extrusion rate (to 110%) to fill up said voids, this does indeed result in the staggered part showing a massive boost in strength.

What’s perhaps more telling is that a similar positive effect is observed when the flow is increased with the non-staggered part, albeit with the staggered part still showing more of a strength increase. This makes it obvious that just staggering layers isn’t enough, but that the flowrate and possibly other parameters have to be adjusted as well to fully realize the potential of brick layers.

youtube.com/embed/dDgA51zdfLc?…

hackaday.com/2025/06/01/testin…

In questo primo episodio, iniziamo a domandarci cosa ci può servire l'intelligenza artificiale generativa nella nostra vita personale e professionale.

zerodays.podbean.com/e/io-e-ch…

If you need to weigh your pet, you’ll soon find that getting an animal to stand on a weighing machine to order is very difficult indeed. If the critter in question is a cat or a small dog you can weigh yourself both holding them and not holding them, and compute the difference. But in the case of a full size Bernese mountain dog, the hound is simply too big for that. Lateral thinking is required, and that’s how [Saren Tasciyan] came up with the idea of making a dog bed that’s also a weighing machine. When the mutt settles down, the weight can be read with ease. The bed itself is a relatively straightforward wooden frame, with load cells placed above rubber feet. The load cells in turn talk to an ESP8266 which has an LCD display to deliver the verdict. Dog weighed, without the drama.

This project is of course part of the Hackaday 2025 Pet Hacks contest, an arena in which any of the cool hacks you’ve made to enhance you and your pet’s life together can have an airing. Meanwhile this isn’t the first time this particular pooch has had a starring role; he’s sported a rather fetching barrel in a previous post.

hackaday.com/2025/06/01/2025-p…

It appears that we’re approaching the HAL-9000 point on the AI hype curve with this report, which suggests that Anthropic’s new AI model is willing to exhibit some rather antisocial behavior to achieve its goals. According to a pre-release testing summary, Claude Opus 4 was fed some hypothetical company emails that suggested engineers were planning to replace the LLM with another product. This raised Claude’s hackles enough that the model mined the email stream for juicy personal details with which to blackmail the engineers, in an attempt to win a stay of execution. True, the salacious details of an extramarital affair were deliberately seeded into the email stream, and in most cases, it tried less extreme means to stay alive, such as cajoling senior leaders by email, but in at least 84% of the test runs, Claude eventually turned to blackmail to get its way. So we’ve got that to look forward to.

Also from the world of AI, at least tangentially, it now appears possible to doxx yourself just by making comments on YouTube videos. The open-source intelligence app is called YouTube Tools, and when provided with a user’s handle, it will develop a profile of the user based on their comments and some AI magic. We wanted to give it a try, but alas, it requires a paid subscription to use, and we’re not willing to go that far even for you, dear reader. But reports are that it can infer things like the general region in which the commenter lives and discern their cultural and social leanings. The author, LolArchiver, has a range of similar mining tools for other platforms along with reverse-lookup tools for phone and email addresses, all of which likely violate the terms of service in all kinds of ways. The accuracy of the profile is obviously going to depend greatly on how much material it has to work with, so in addition to the plenty of reasons there are to avoid reading YouTube comments, now there’s a solid reason to avoid writing them.

“Danger! Code Yellow aboard the International Space Station! All hands to emergency escape pods!” OK, maybe not, but as we teased a bit on this week’s podcast, there’s now a handy desktop app that allows you to keep track of the current level of urine in the ISS’s storage tanks. The delightfully named pISSStream, which is available only for the Apple ecosystem, taps into NASA’s telemetry stream (lol) and pulls out the current level in the tanks, because why the hell not? As unserious as the project is, it did raise an interesting discussion about how fluid levels are measured in space. So we’ll be diving into that topic (yuck) for an article soon. It’ll be our number one priority.

Looks like it’s time for another Pluto pity-party with the news of a new trans-Neptunian object that might just qualify as another dwarf planet for our solar system. Bloodlessly named 2017 OF₂₀₁, the object has an extremely elongated orbit, reaching from just outside Pluto’s orbit at about 44 astronomical units at perihelion and stretching more than 1,600 AUs at aphelion, and takes 25,000 years to complete. It honestly looks more like the orbit of a comet, but with an estimated diameter of 700 km, it may join the nine other likely dwarf planets, if further observations reveal that it’s properly rounded. So not only has Pluto been demoted from legit planet, it’s now just one of potentially ten or more dwarf planets plugging around out in the deep dark. Poor Pluto.

And finally, we hope this one is a gag, but we fear that the story of a Redditor unaware that analog camera film needs to be developed rings alarmingly true. The mercifully unnamed noob recently acquired a Canon AE-1 — excellent choice; that was our first “real” camera back in the day — and ran a couple of rolls of Kodak ColorPlus 200 through it. All seemed to be going well, although we suspect the photographer reflexively pulled the camera away from their eye with each exposure to check the non-existent screen on the back of the camera; old habits die hard. But when one roll of the exposed film was fed through a 35-mm scanner, the Redditor was disappointed to see nothing. Someone offered the suggestion that developing the film might be a good idea, hopefully as gently as possible. Hats off for dipping a toe in the analog world, but the follow-through is just as important as the swing.

hackaday.com/2025/06/01/hackad…

The Radio Shack TRS-80 was a much-loved machine across America. However, one thing it lacked was MIDI. That’s not so strange given the era it was released in, of course. Nevertheless, [Michael Wessel] has seen fit to correct this by creating the MIDI/80—a soundcard and MIDI interface for this old-school beast.

The core of the build is a BluePill STM32F103C8T6 microcontroller, running at a mighty 75 MHz. Plugged into the TRS-80s expansion port, the microcontroller is responsible for talking to the computer and translating incoming and outgoing MIDI signals as needed. Naturally, you can equip it with full-size classic DIN sockets for MIDI IN and MIDI OUT using an Adafruit breakout module. None of that MIDI Thru nonsense, though, that just makes people uncomfortable. The card is fully capable of reproducing General MIDI sounds, too, either via plugging in a Waveblaster sound module to the relevant header, or by hooking up a Roland Sound Canvas or similar to the MIDI/80s MIDI Out socket. Software-wise, there’s already a whole MIDI ecosystem developing around this new hardware. There’s a TRS-80 drum tracker and a synthesizer program, all with demo songs included. Compatibility wise, The MIDI/80 works with the TRS-80 Model I, III, and 4.

Does this mean the TRS-80 will become a new darling of the tracker and chiptune communities? We can only hope so! Meanwhile, if you want more background on this famous machine, we’ve looked into that, too. Video after the break.

youtube.com/embed/nm6d1EbCBgk?…

hackaday.com/2025/06/01/its-mi…

E’ stata una vulnerabilità critica in Cursor, l’editor AI per macOS: consente l’accesso non autorizzato ai dati sensibili. Il problema risiede in una configurazione errata del framework Electron utilizzato dall’app: l’opzione RunAsNode, abilitata in modo improprio, consente agli attaccanti di eseguire codice arbitrario sfruttando i permessi già concessi all’applicazione, eludendo così i controlli di sicurezza del sistema operativo.

Questa falla di sicurezza rappresenta una minaccia significativa per il framework TCC (Trasparenza, Consenso e Controllo) implementato da Apple per proteggere la privacy degli utenti sui sistemi macOS.

TCC svolge la funzione di gatekeeper essenziale che controlla l’accesso delle applicazioni alle risorse sensibili, tra cui i file nelle directory protette come Documenti, Download e cartelle del Desktop, nonché i componenti hardware quali fotocamere e microfoni.

In circostanze normali, le applicazioni devono richiedere esplicitamente l’autorizzazione dell’utente tramite prompt di sistema prima di accedere a queste risorse protette. I ricercatori di sicurezza di Afine hanno identificato questa vulnerabilità durante la loro ricerca in corso sulle tecniche di bypass del TCC che interessano le applicazioni macOS di terze parti.

I ricercatori hanno osservato che, nonostante la divulgazione responsabile al team di sviluppo di Cursor, la vulnerabilità rimane irrisolta, poiché gli sviluppatori hanno affermato che il problema “esula dal loro modello di minaccia” e non hanno indicato alcun piano per risolverlo.

Questa risposta sprezzante ha spinto gli utenti a divulgare pubblicamente la notizia per garantire che gli utenti possano prendere decisioni informate in materia di sicurezza circa l’uso continuato dell’applicazione. L’impatto della vulnerabilità va oltre il semplice accesso ai dati, poiché di fatto indebolisce una delle barriere di sicurezza fondamentali di macOS.

Quando un malware sfrutta con successo questa falla, può ereditare silenziosamente le autorizzazioni TCC di Cursor, accedendo potenzialmente a documenti sensibili, catturando screenshot, registrando audio tramite microfoni o addirittura attivando telecamere senza attivare i meccanismi standard di consenso alla privacy su cui gli utenti fanno affidamento per proteggersi.

Gli scenari di sfruttamento spaziano da attacchi completamente silenziosi che non richiedono alcuna interazione da parte dell’utente a sofisticati tentativi di ingegneria sociale che mascherano richieste di autorizzazione dannose come funzioni applicative legittime.

Ciò che rende questa vulnerabilità particolarmente preoccupante è la crescente popolarità di Cursor tra gli sviluppatori e la sua integrazione con i flussi di lavoro di sviluppo basati sull’intelligenza artificiale, che lo rendono un bersaglio allettante per gli aggressori che cercano di compromettere gli ambienti di sviluppo e potenzialmente iniettare codice dannoso nei progetti software.

L'articolo Grave Vulnerabilità in Cursor AI: su macOS può spiarti senza chiedere il permesso proviene da il blog della sicurezza informatica.

Dei droni sono stati fatti entrare di nascosto in Russia con vari camion, in un’operazione logistica che ha richiesto mesi di pianificazione.
[...]
L’intelligence militare ucraina (SBU) ha fatto sapere di aver compiuto un vasto attacco con droni contro diverse basi aeree della Russia, e di aver distrutto più di 40 bombardieri.

ilpost.it/2025/06/01/attacco-u…

It’s always nice to see new developments in the world of electronic badges, and while there are events and badge teams pushing the technological envelope there’s still plenty of scope for innovation without too many exotic parts. This year’s DORS/CLUC open source conference in Croatia has just such a badge, with a large alphanumeric LED display as well as USB and an NFC reader. During the conference it displayed the user’s name and could be used in an NFC-based game, but it’s also designed to be used as a general purpose notification device afterwards.

The write-up is familiar to anyone who has been involved with badge production, a tale of long soldering sessions as missing components had to be added later, and of last minute firmware flashing. The heart of the machine is an STM32L073, with an IS31FL3731 LED matrix driver chip and an ST25R3916 for the NFC. All the files can be found in a GitLab repo, and there’s a video below the break showing it all in action.

youtube.com/embed/BM6-CuMc0eU?…

hackaday.com/2025/06/01/plenty…

Our next member meeting is today, Sunday, June 1st. We will start at 8pm and it will end by 9pm.

To participate:

• go to communitybridge.com/bbb-room/m…;
• enter your name;
• enter the access code listed on the page;
• click the Join button.

Summaries of the meetings and agendas are at our wiki. You can check out the 2025, 2024, 2023 and 2022 meeting recordings.

masspirates.org/blog/2025/06/0…

1... 2... 3... prova.

Qualcuno vede questo messaggio?

[3DSage] likes building replicas of hardware from movies and video games, often with a functional twist. His latest build aimed to bring the Codec from Metal Gear Solid to life.

If you haven’t played the Metal Gear games, the Codec has been modelled somewhat like an advanced walkie talkie at times, but has often been kept off-screen. Thus, [3DSage] had a great deal of creative latitude to create a realistic-feeling Codec device that provided voice communications and some simple imagery display.

The resulting build relies on an RP2040 microcontroller to run the show. It’s paired with an MPU6050 3-axis gyroscope and accelerometer for motion control of the device’s functionality, and features a small LCD screen to mimic the display in the games. A kids walkie-talkie kit was leveraged for audio communication, but kitted out with a better microphone than standard. Power is via a rechargeable 9V battery, which is really a lithium-ion and USB charging board packed into the familiar 9V form factor.

Where the build really shines, though, is the aesthetic. [3DSage] managed to capture the military-like look and feel as well as authentically recreate the graphics from the games on the screen. The simulated noise on the display is particularly charming. Beyond that, the 3D-printed enclosures leverage texture and multi-color printing really well to nail the fit and finish.

Ultimately, the Codec isn’t much more than a glorified walkie talkie. Even still, [3DSage] was able to create an impressive prop that actually does most of what the device can do in game. If you’ve ever coveted a PipBoy or tricorder, this is one project you’ll be able to appreciate.

youtube.com/embed/k7FyAnAV_MU?…

hackaday.com/2025/06/01/making…

Da Haaretz.

Hamdi al-Najjar, father of ten, was severely wounded in an Israeli strike on their Khan Yunis home in May. At the time of writing, only two family members have survived – the mother, Alaa, and her son, Adam, who was also seriously wounded

Haaretz.com

2025-06-01 12:45:00

Gazan doctor who lost nine children in Israeli strike dies of wounds
haaretz.com/israel-news/2025-0…

Gazan Doctor who lost nine children in Israeli strike dies of wounds

Hamdi al-Najjar, father of ten, was severely wounded in an Israeli strike on their Khan Yunis home in May. At the time of writing, only two family members have survived – the mother, Alaa, and her son, Adam, who was also seriously wounded

^{Jack Khoury (Haaretz)}

slowforward.net & t.me/slowforward say:

if you like what I do, you can support me via ko-fi 😀 from time to time

se quello che faccio ti garba, offrimi di tanto in tanto un caffè su ko-fi 😀

QUI: ko-fi.com/differx57119

It’s sometimes easy to forget that the light in the sky is an actual star. With how reliable it is and how busy we tend to be as humans, we can take that incredible fact and stow it away and largely go on with our lives unaffected. But our star is the thing that gives everything on the planet life and energy and is important to understand. Humans don’t have a full understanding of it either; there are several unsolved mysteries in physics which revolve around the sun, the most famous of which is the coronal heating problem. To help further our understanding a number of scientific instruments have been devised to probe deeper into it, and this adaptive optics system just captures some of the most impressive images of it yet.

Adaptive optics systems are installed in terrestrial telescopes to help mitigate the distortion of incoming light caused by Earth’s atmosphere. They generally involve using a reference source to measure these distortions, and then make changes to the way the telescope gathers light, in this case by making rapid, slight changes to the telescope’s mirror. This system has been installed on the Goode Solar Telescope in California and has allowed scientists to view various solar phenomena with unprecedented clarity.

The adaptive optics system here has allowed researchers to improve the resolution from the 1000 km resolution of other solar telescopes down to nearly the theoretical limit of this telescope—63 km. With this kind of resolution the researchers hope that this clarity will help shine some light on some of the sun’s ongoing mysteries. Adaptive optics systems like this aren’t just used on terrestrial telescopes, either. This demonstration shows how the adaptive optics system works on the James Webb Space Telescope.

Thanks to [iliis] for the tip!

hackaday.com/2025/06/01/adapti…

Gli analisti di Patchstack hanno scoperto una vulnerabilità critica nel plugin TI WooCommerce Wishlist per WordPress. Il problema non è ancora stato risolto e può essere sfruttato dagli aggressori per scaricare file arbitrari.

TI WooCommerce Wishlist ha oltre 100.000 installazioni attive. Il plugin consente ai clienti del negozio online di salvare i loro prodotti preferiti per acquistarli in un secondo momento e di condividere tali elenchi con altri utenti sui social network. “Il plugin è vulnerabile al caricamento di file arbitrario, consentendo ad aggressori non autenticati di caricare file dannosi sul server”, avverte Patchstack.

Alla vulnerabilità è stato assegnato l’identificatore CVE-2025-47577 e ha ricevuto il punteggio massimo di 10 punti su 10 sulla scala CVSS. Il problema riguarda tutte le versioni del plugin elencate di seguito, inclusa la 2.9.2 del 29 novembre 2024.

Come hanno spiegato gli esperti, la radice del problema risiede nella funzione tinvwl_upload_file_wc_fields_factory, che a sua volta utilizza un’altra funzione integrata di WordPress, wp_handle_upload, per eseguire la convalida, ma imposta i parametri di override test_form e test_type su false.

Il parametro test_type viene utilizzato per verificare se il tipo di file MIME (Multipurpose Internet Mail Extension) corrisponde al tipo previsto, mentre test_form viene utilizzato per verificare se il parametro $_POST[‘action’] corrisponde al tipo previsto.

Di conseguenza, impostando test_type su false è possibile ignorare il controllo del tipo di file, consentendo quindi di caricare file di qualsiasi tipo.

Si noti che la funzione vulnerabile è accessibile tramite tinvwl_meta_wc_fields_factory e tinvwl_cart_meta_wc_fields_factory solo quando il plugin WC Fields Factory è attivo sul sito. Ciò significa che lo sfruttamento riuscito del bug è possibile solo se il plugin WC Fields Factory è attivo su un sito basato su WordPress e se l’integrazione è abilitata nel plugin TI WooCommerce Wishlist.

In caso di attacco, un aggressore ha la possibilità di caricare un file PHP dannoso ed eseguire codice in remoto accedendo direttamente al file caricato. Poiché non è ancora disponibile alcuna patch, si consiglia vivamente agli utenti del plugin di disattivarlo o rimuoverlo dai propri siti.

L'articolo Un bug di sicurezza con score 10 affligge un plugin WordPress con 100.000 installazioni proviene da il blog della sicurezza informatica.

Portal 2 is mostly known as the successful sequel to Valve’s weird physics platformer, Portal. It’s not really known for being a webserver. That might change, though, given the hard work of [PortalRunner].

Quite literally, [PortalRunner] hacked the Source engine and Portal 2 to actually run a working HTTP web server. That required setting up the code to implement a TCP network socket that was suitable for web traffic, since the engine primarily functions with UDP sockets for multiplayer use. This was achieved with a feature initially put in the Source engine for server management in the Left 4 Dead games. From there, the game engine just had to be set up to reply to HTTP requests on that socket with the proper responses a visiting browser expects. If the game engine responds to a browser’s connection request with a bunch of HTML, that’s what the browser will display. Bam! You’ve got a web server running in Portal 2.

From there, [PortalRunner] went further, setting things up so that the status of in-game objects effects the HTML served up to visiting web browsers. Move objects in the game, and the served web page changes. It’s pretty fun, and the complexity and features [PortalRunner] implements only get more advanced from there. When he gets into stacking companion cubes to write HTML in visual form, you’ll want to applaud the Minecraftian glory of it all.

The devil is really in the details on this one, and it’s a great watch. In reality, making Portal 2 into a simple web server is far easier than you might have thought possible. Valve’s physics masterpiece really is popular with hackers; we see it popping up around here all the time. Video after the break.

youtube.com/embed/-v5vCLLsqbA?…

hackaday.com/2025/06/01/portal…