These days, we take it for granted that you can connect a cheap piece of hardware to a microcontroller and have an amazing debugging experience. Stop the program. Examine memory and registers. You can see and usually change anything. There are only a handful of ways this is done on modern CPUs, and they all vary only by detail. But this wasn’t always the case. Getting that kind of view to an actual running system was an expensive proposition.

Today, you typically have some serial interface, often JTAG, and enough hardware in the IC to communicate with a host computer to reveal and change internal state, set breakpoints, and the rest. But that wasn’t always easy. In the bad old days, transistors were large and die were small. You couldn’t afford to add little debugging pins to each processor you produced.

This led to some very interesting workarounds. Of course, you could always run simulators on a larger computer. But that might not work in real time, and almost certainly didn’t have all the external things you wanted to connect to, unless you also simulated them.

The alternative? Create a special chip, often called a bond-out chip. These were usually expensive and had some way to communicate with the outside world. This might be a couple of pins, or there might be a bundle of wires coming out of the top of the chip. You replaced your microprocessor with the expensive bond-out chip and connected it to your very expensive in-circuit emulator.
If you have a better scan of the ICE-51 datasheet, we’d love to see it.
For example, the venerable 8051 had an 8051E chip that brought out the address and data bus lines for debugging. In fact, the history of the 8051 notes that they developed the bond-out chip first. The chip was bigger and sold in lower volumes, so it was more expensive. It needed not just connections but breakpoint hardware to stop the CPU at exactly the right time for debugging.

In some cases, the emulator probe was a board that sat between a stock CPU and the CPU socket. Of course, that meant you had to have room to accommodate the large board. Of course, it also assumes that at least your development board had a socket, although in those days it was rare to have an expensive CPU soldered right down to the board.
Another poor scan, this time of the Lauterbach emulator probe for the 68000.
For example, the Lauterbach ICE-68300 here could take a bond-out chip or a regular chip, although it would be missing features if you didn’t have the special chip.

Of course, you can still find them in circuit emulators, but the difference is that they almost certainly have supporting hardware on the standard chip and simply use a serial communication protocol to talk to the on-chip hardware.

Of course, if you want an emulator for an old CPU, you have enough horsepower now that you can probably emulate it like with a modern processor, like the IZE80 does in the video below. Then you can incorporate all kinds of magical debugging features. But be careful what you take on. To properly mimic the hardware means tight timing for things like DRAM refresh and a complete understanding of all the bus timings involved.

But it can be done. In any event, on chip debugging or real in-circuit emulation, it sure makes life easier.

youtube.com/embed/Gdode3PfTbs?…

hackaday.com/2025/10/01/lost-t…

[Mukesh Sankhla] has been tinkering in the world of Point of Sale systems of late. His latest creation is a simple, straightforward kiosk system, and he’s open sourced the design.

The Latte Panda MU single-board computer is at the heart of the build, handling primary duties and communicating with the outside world. It’s hooked up to a touchscreen display which shows the various items available for purchase. As an x86 system, the Latte Panda runs Windows 11, along with a simple kiosk software package written in Python. The software uses Google Firebase as a database backend. There’s also an Xiao ESP32 S3 microcontroller in the mix, serving as an interface between the Latte Panda and the thermal printer which is charged with printing receipts.

It’s worth noting that this is just a point-of-sale system; it executes orders, but doesn’t directly deliver or vend anything. With that said, since it’s all open-source, there’s nothing stopping you from upgrading this project further.

We’ve featured other interesting point-of-sale systems before; particularly interesting was the San Francisco restaurant that was completely automated with no human interaction involved

youtube.com/embed/sL1OeTtPDf0?…

hackaday.com/2025/10/01/buildi…

In the middle of the 20th century, the atom was all the rage. Radiation was the shiny new solution to everything while being similarly poorly understood by the general public and a great deal of those working with it.

Against this backdrop, Firestone Tire and Rubber Company decided to sprinkle some radioactive magic into spark plugs. There was some science behind the silliness, but it turns out there are a number of good reasons we’re not using nuke plugs under the hood of cars to this day.

Hot Stuff

The Firestone Polonium spark plug represented a fascinating intersection of Cold War-era nuclear optimism and automotive engineering. These weren’t your garden-variety spark plugs – they contained small amounts of polonium-210. The theory behind radioactive spark plugs was quite simple from an engineering perspective. As the radioactive polonium decayed into lead, it would release alpha particles supposed to ionize the air-fuel mixture in the combustion chamber, making an easier path for the spark to ignite and reducing the likelihood of misfires. Thus, the polonium-210 spark plugs would theoretically create a better, stronger spark and improve combustion efficiency.
Firestone decided polonium, not radium, was the way to go when it filed a patent of its own. Credit: US Patent
These plugs hit the market sometime around 1940, though the idea dates back at least a full 11 years earlier. In 1924, Albert Hubbard applied for a patent (US 1,723,422), which was granted five years later. His patent concerned the use of radium to create an ionized path through the gas inside an engine’s cylinder to improve spark plug performance.

Firestone’s patent (US 2,254,169) came much later, granted in 1941. The company decided that polonium-210 was a more viable radioactive source. Radium was considered “too expensive and dangerous”, while uranium and thorium isotopes were found to be “ineffective.” Polonium, though, was the bee’s knees. From the patent filing:

Frequently, conditions will be so unfavorable that a spark will not occur at all, and it will be necessary to turn the engine over a number of times before a spark occurs. However, if the alpha rays of polonium are passing through the gap, a large number of extra ions are formed by each alpha ray (10,000 ions per-alpha ray) and the gap breaks down promptly after the voltage begins to rise and at a lower voltage value than that required by standard spark plugs. Thus, it might be said that polonium creates favorable conditions for gap breakdown under all circumstances. Many tests have been run which substantiate the above explanations. The most conclusive test of this type consisted in comparing the starting characteristics of many polonium-containing spark plugs with ordinary spark plugs, all plugs having had more than a year of hard service, in several engines at -15° F. It was found that thirty per cent fewer revolutions of an engine were required for starting when the polonium plugs were used.

Firestone was quite proud of its new Atomic Age product. Credit: Firestone
As per the patent, the radioactive material was incorporated into the electrodes by adding it to the nickel alloy used to produce them. This would put it in prime position to ionize the air charge in the spark gap where it mattered most.

The science seems to check out on paper, but polonium spark plugs were only on the market for a short period of time, with the last known advertisements being published sometime around 1953. If the radioactive spark plugs had serious performance benefits, one suspects they might have stuck around. However, physics tells us they may not have been that special in reality.

In particular, polonium-210 has a relatively short half-life of just 138 days. In a year, 84% of the initial polonium-210 would have already decayed. Thus, between manufacturing, shipping, purchase, and installation, it’s hard to say how much “heat” would have been left in the plugs by the time they even reached the consumer. These plugs would quickly lose their magic simply sitting on the shelf. Beyond that, there are some questions of their performance in a real working engine. Firestone’s patent claimed improved performance over time, but a more sceptical view would be that deposits left on the spark plug electrodes over time would easily block any alpha particles that would otherwise be emitted to help cause ionization.
Examples of the polonium-impregnated spark plugs can be readily found online, though the radioactive material decayed away long ago. Credit: eBay
Ultimately, while the plugs may have had some small benefit when new, any additional performance was minor enough that they never really found a market. Couple this with ugly problems around dispersal, storage, and disposal of radioactive material, and it’s perhaps quite a good thing that these plugs didn’t really catch on.

Despite the lack of market success, however, it’s still possible to find these spark plugs in the wild today. A simple search on online auction sites will turn up dozens of examples, though don’t expect them to show up glowing. The radioactive material within will long have decayed to the point where they’re not going to significantly exceed typical background radiation. Still, they’re an interesting call back to an era when radioactivity was the hottest new thing on the block.

hackaday.com/2025/10/01/the-ho…

Broadcom ha risolto una grave vulnerabilità di escalation dei privilegi in VMware Aria Operations e VMware Tools, che era stata sfruttata in attacchi a partire da ottobre 2024. Al problema è stato assegnato l’identificativo CVE-2025-41244. Sebbene l’azienda non abbia segnalato alcun exploit nel bollettino ufficiale, il ricercatore di NVISO Maxime Thibault lo ha segnalato a maggio che gli attacchi sono iniziati a metà ottobre 2024. L’analisi ha collegato gli attacchi al gruppo cinese UNC5174.

La vulnerabilità consente a un utente locale senza privilegi di inserire un file binario dannoso in directory che corrispondono a espressioni regolari generiche. Una variante osservata in attacchi reali è l’utilizzo della directory /tmp/httpd. Affinché il malware venga rilevato dal servizio VMware, è necessario eseguirlo come utente normale e aprire un socket di rete casuale.

Di conseguenza, gli aggressori ottengono la possibilità di aumentare i privilegi di root ed eseguire codice arbitrario all’interno della macchina virtuale. NVISO ha anche pubblicato un exploit dimostrativo che mostra come questa falla venga utilizzata per compromettere VMware Aria Operations in modalità con credenziali e VMware Tools in modalità senza credenziali.

Secondo Google Mandiant, UNC5174 opera per conto del Ministero della Sicurezza di Stato cinese. Nel 2023, il gruppo ha venduto l’accesso alle reti di appaltatori della difesa statunitensi, agenzie governative britanniche e organizzazioni asiatiche sfruttando la vulnerabilità CVE-2023-46747 in F5 BIG-IP.

Nel febbraio 2024, hanno sfruttato la vulnerabilità CVE-2024-1709 in ConnectWise ScreenConnect, attaccando centinaia di istituzioni negli Stati Uniti e in Canada.

Nella primavera del 2025, il gruppo è stato osservato anche mentre sfruttava la vulnerabilità CVE-2025-31324 , un errore di caricamento file in NetWeaver Visual Composer che consentiva l’esecuzione di codice arbitrario. Anche altri gruppi cinesi hanno partecipato ad attacchi ai sistemi SAP, tra cui Chaya_004, UNC5221 e CL-STA-0048, che hanno installato backdoor su oltre 580 istanze NetWeaver, comprese quelle in infrastrutture critiche negli Stati Uniti e nel Regno Unito.

L'articolo Un bug critico in VMware Aria Operations e VMware Tools utilizzato da mesi dagli hacker cinesi proviene da il blog della sicurezza informatica.

Dopo tre anni, perfino i ricercatori di OpenAI ammettono che le "allucinazioni" sono una caratteristica intrinseca dei modelli linguistici. Dopo tre anni, perfino il Wall Street Journal comincia a parlare di bolla speculativa dell'AI. Preparatevi.

spreaker.com/episode/dk-10x04-…