The gear pump prototype in action. (Credit: Artisan Makes, YouTube)
Hydraulic gear pumps are deceptively simple: just two gears rotating together, forcing the hydraulic oil from one side to the other where the teeth don’t meet, and thus providing the ability to pressurize said oil to make hydraulic cylinders, final drives, etc. do their thing. As with most machining projects like this, the devil is absolutely in the details, particularly in the tolerances. This is the crash course that the [Artisan Makes] channel on YouTube is currently going through.

In this part one of a series on a DIY gear pump, scrap aluminium is used for the housing, along with 1045 medium carbon steel for the gears and W1A high carbon steel for bearings and other wear surfaces. Since at least one of the gears needs to be driven, a lip seal rated for 10 bar is used to provide a path for the shaft. As noted in the video, this is supposed to be a learning experience, ergo it’s a simplified design that merely targets being functional as a gear pump.

With the basic design figured out, the parts were created on the lathe and mill, followed by assembly. Most of the controversy is about the tolerances within the housing, as any leakage will reduce the efficiency. This means the spacing between the gears and housing, space between the gears and bearings, as well as that provided by the gasket that seals the housing base and top. This is where the comment section somewhat explodes with criticism and advice.

As can be seen in the demonstration with a better gasket, there is absolutely flow when driven at 1200 RPM, but also clearly severe leakage as evidenced by said flow not moving quite as fast as it should. We’re looking forward to the next part, in which addressing these tolerances is tackled, with hopefully a much more performant gear pump resulting.

youtube.com/embed/SIeOhI7Qng8?…

hackaday.com/2025/10/27/buildi…

For anyone who’s joined us for previous years, you’ll know that badge hacking and modification are core to the Hackaday Supercon experience. While you’re of course free to leave the badge completely stock, we encourage attendees to tear it apart, learn how it works, and (hopefully) rebuild it into something unique. There are even prizes for the best hacks.

As such, every decision about the badge’s hardware and software is made with hackability in mind. It’s why we always try to add an expansion port to the badge and, in recent years, have leaned into MicroPython to make it easier for attendees to modify the code.

But one thing that’s been largely missing in previous badges is aesthetic customization. Sure, you could strip out the firmware and write something entirely new, or hang some oddball peripheral off the side of the thing, but ultimately it still looked like the badge we gave you at the door. That’s because, at the end of the day, the badges are just PCBs. Short of designing your own enclosure (which has certainly been done), every badge looks the same. That is, until now.

This year’s badge is unique among Supercon badges because it isn’t just a PCB. It’s actually a stack-up of two PCBs! That might not sound like much of a distinction, but in this case, the front board has no electrical function — its only purpose is to hold the keyboard membrane against the dome switches on the rear PCB. The only reason we made it out of a PCB in the first place is that it was convenient and cheap at the scale we needed. But if those weren’t concerns, it could just as easily have been 3D-printed or cut out with a laser or a CNC router.

While the necessities of running two hacker cons on opposite sides of the planet within a couple of months of each other meant we needed to think at scale, attendees are free to do whatever they want between now and when they get their badges on Friday. Want to carve a front panel out of aluminum on your CNC? Awesome. Perhaps laser-cut some thin plywood and give it a nice stain for that old-school look? We love it. Want to see what that fancy multi-material 3D printer you’ve got is capable of? So do we.
Hailing frequencies open, Captain.

Some Assembly Required

Want to make the 2025 Hackaday Supercon badge your own? Just head over to the “hardware/mechanicals_and_models” directory in the badge’s GitHub repository and you’ll find STEP, DXF, and SVG versions of the front panel. We’re eager to see some wild and wonderful front panels, but there are a few things to keep in mind:

• Spacing between the rear and front boards should be approximately 2 mm.
• The area around the keyboard should be roughly PCB thickness (~1.7 mm) for optimal typing.
• You’ll need to provide hardware (M3 nuts/bolts work well) to attach the front panel to the badge.

If you’ve got other questions or need some assistance, leave a comment below or check in on the #badge-hacking channel in the Hackaday Discord server. See you at Supercon!

hackaday.com/2025/10/27/the-su…

an article by Gideon Levy:
haaretz.com/israel-news/twilig…

see also:
mizanonline.ir/en/news/2933/on…

AI "abstract":

A 9-year-old Palestinian boy named Mohammad al-Hallaq was killed on October 16, 2025, in the village of al-Rihiya in the occupied West Bank, according to a report by Haaretz journalist Gideon Levy.
The incident occurred during an Israeli military raid when soldiers fired shots into the air, causing panic among children playing in a schoolyard. Mohammad, who stood still by a wall believing the situation was safe, was shot in the right thigh by an Israeli soldier; the bullet exited through his left side, destroying major blood vessels and internal organs.
He collapsed and died shortly after being rushed to the hospital, despite medical efforts to save him.
Eyewitnesses reported that the soldier who shot Mohammad raised his hands in celebration, with fellow soldiers joining in cheers, and that Israeli forces fired tear gas at local residents attempting to assist the child before leaving the scene.
The Israeli military stated that the incident was "clear" and that the Military Prosecutor’s Unit was reviewing it, but Haaretz reported that no formal investigation had been conducted.
The Israeli internal security service, Shin Bet, reportedly warned the family against holding demonstrations during the funeral.
Gideon Levy, who reported on the case, questioned the lack of accountability and highlighted the broader pattern of violence against Palestinian children in the occupied West Bank.
The article also references a separate incident in February 2025 where Palestinian detainees released from Israeli prisons were forced to wear white T-shirts with a blue Star of David and the message "we will not forget nor forgive," which Levy criticized as a form of forced political messaging.

A 9-year-old Palestinian boy stood at a distance. An Israeli soldier knelt and shot him dead

Eyewitnesses say Muhammad al-Halaq stood with his arms folded, posing no threat, when a single, deadly shot was fired. The soldiers later appeared to celebrate. The IDF said the incident is under review

^{Gideon Levy (Haaretz)}

La mia opinione su splittypie

Hai organicato un viaggio con degli amici, ecco lo strumento giusto:
NESSUNA ISCRIZIONE;
Funziona ovunque Accessibile su qualsiasi dispositivo con un browser web
Per condividere basta passare un link a un amico, il gioco è fatto.

🌖 per me è uno strumento indispensabile per molte occasioni.

Si esiste anche spliit, graficamente più accattivante, ma l'ho trovato un po' più complicato, splittypie è semplice e veloce.

The basic principles of a motion picture film camera should be well understood by most readers — after all, it’s been well over a hundred years since the Lumière brothers wowed 19th century Paris with their first films. But making one yourself is another matter entirely, as they are surprisingly complex and high-precision devices. This hasn’t stopped [Henry Kidman] from giving it a go though, and what makes his camera more remarkable is that it’s 3D printed.

The problem facing a 16mm movie camera designer lies in precisely advancing the film by one frame at the correct rate while filming, something done in the past with a small metal claw that grabs each successive sprocket. His design eschews that for a sprocket driven by a stepper motor from an Arduino. His rotary shutter is driven by another stepper motor, and he has the basis of a good camera.

The tests show promise, but he encounters a stability problem, because as it turns out, it’s difficult to print a 16mm sprocket in plastic without it warping. He solves this by aligning frames in post-processing. After fixing a range of small problems though, he has a camera that delivers a very good picture quality, and that makes us envious.

Sadly, those of us who ply our film-hacking craft in 8mm don’t have the luxury of enough space for a sprocket to replace the claw.

youtube.com/embed/ZAtYJYfV2nA?…

hackaday.com/2025/10/27/a-3d-p…

As a Hackaday writer, I see a lot of web pages, social media posts, videos, and other tips as part of my feed. The best ones I try to bring you here, assuming of course that one of my ever-vigilant colleagues hasn’t beaten me to it. Along the way I see the tropes of changing content creator fashion; those ridiculous pea-sized hand held microphones, or how all of a sudden everything has to be found in the woods. Some of them make me laugh, but there’s one I see a lot which has made me increasingly annoyed over the years. I’m talking of course about the craftsman myth.

No. The Last True Nuts And Bolts Are Not Being Made In Japan

If you don’t recognise the craftsman myth immediately, I’m sure you’ll be familiar with it even if you don’t realise it yet. It goes something like this: somewhere in Japan (or somewhere else perceived as old-timey in online audience terms like Appalachia, but it’s usually Japan), there’s a bloke in a tin shed who makes nuts and bolts.

But he’s not just any bloke in a tin shed who makes nuts and bolts, he’s a special master craftsman who makes nuts and bolts like no other. He’s about 120 years old and the last of a long line of nut and bolt makers entrusted with the secrets of nut and bolt making, father to son, since the 8th century. His tools are also mystical, passed down through the generations since they were forged by other mystical craftsmen centuries ago, and his forge is like no other, its hand-cranked bellows bring to life a fire using only the finest cedar driftwood charcoal. The charcoal is also made by a 120 year old master charcoal maker Japanese bloke whose line stretches back to the n’th century, yadda yadda. And when Takahashi-san finally shuffles off this mortal coil, that’s it for nuts and bolts, because the other nuts and bolts simply can’t compare to these special ones.
Something that’s genuinely in decline where this is being written, this craftsman is making a cricket bat in India. Amit.kapil, CC BY-SA 4.0.
Purple prose aside, this type of media annoys me, because while Takahashi-san and his brother craftsmen in Appalachia and anywhere else in the world possess amazing skills and should without question be celebrated, the videos are not about that. Instead they’re using them as a cipher for pushing the line that The World Ain’t What It Used To Be, and along the way they spread the myth that either there are no blokes in tin sheds left wherever you live, or if there are, their skills are of no significance. Perhaps the saddest part of the whole thing is that there are truly disappearing crafts which should be highlighted, but they probably don’t generate half the YouTube clicks so we don’t see much of them.

Celebrate your Local Craftsmen

My dad was a craftsman in a tin shed, just like the ones in the videos but in central southern England. Partly as a result of this I have known and dealt with a lot of blokes in tin sheds throughout my lifetime, and I am certain I would feel right at home standing in that Japanese one.

Part of coming to terms with the disturbed legacy of my own dysfunctional family has come in evaluating what from them I recognise as part of me and what I don’t, and it’s in my dad’s workshop that I realise what made me. Like all of us, he instinctively made things, usually with great success but let’s face it, like all of us too, sometimes where just buying the damn thing would have made more sense. He had truly elite skills in his craft that I will never equal, just as in my line I have mastered construction techniques which weren’t even conceived when he took his apprenticeship.

But here’s the point, my dad was not unique, and all the other blokes in tin sheds were not necessarily the same age as he was. Indeed one of the loose community of blacksmiths around where I grew up was someone who was in another year at the same school as me when I was a teenager. Even the crafts weren’t all of the mystical tools variety, I am immediately thinking of the tin shed full of CNC machine tools, or the bloke running an injection moulding operation. Believe me, both of those last two are invaluable craftsmen to know when you need their services, but they don’t fit the myth, do they? They’re not exotic.

So by all means watch those YouTube videos showing faraway folks in tin sheds and their craft, you’ll see some amazing work. But please don’t buy the mystique, or the premise that they automatically represent a disappearing world. Your part of the world will have blokes in tin sheds doing things just as impressive and useful, whether they be hand-forging steel on the anvil or working it using cutting-edge technology, and we should be seeking them out rather than lamenting a probably made-up tale from the other side of the world.

Early 20th century Japanese craftsman: Elstner Hilton, CC BY 2.0 .

hackaday.com/2025/10/27/explod…

Secondo una nuova ricerca di Barracuda Networks, un nuovo kit particolarmente insidioso e persistente di Phishing-as-a-Service (PhaaS) sta rubando credenziali e token di autenticazione agli utenti di Microsoft 365. Gli esperti di Barracuda stanno monitorando questa nuova minaccia da luglio 2025 e l’hanno denominata Whisper 2FA.

I ricercatori nell’ultimo mese, hanno rilevato quasi un milione di attacchi Whisper 2FA rivolti agli account all’interno di diverse campagne di phishing su larga scala: una cifra che rende Whisper il terzo kit di PhaaS più diffuso dopo Tycoon ed EvilProxy.

L’analisi tecnica di Barracuda dimostra che la funzionalità di Whisper 2FA è sia avanzata sia adattabile. Le sue caratteristiche innovative includono loop continui per rubare i token di autenticazione, diversi livelli di camuffamento e tattiche ingegnose per ostacolare l’analisi del codice malevolo e dei dati rubati. Una minaccia concreta per le organizzazioni che si sta evolvendo rapidamente.

Stando a quanto emerso, le caratteristiche principali di Whisper 2FA comprendono:

• Loop di furto delle credenziali. Whisper 2FA può ripetere continuamente il processo di furto delle credenziali di un account finché gli aggressori non sono certi di aver ottenuto un token di autenticazione a più fattori (MFA) funzionante. Per i difensori, ciò significa che nemmeno i codici scaduti o errati riescono a fermare l’attacco, poiché il kit di phishing continua a richiedere alla vittima di reinserire i propri dati e ricevere un nuovo codice fino a quando gli aggressori non ne ottengono uno funzionante. Inoltre, Whisper 2FA è stato progettato per adattarsi a qualsiasi metodo MFA utilizzato.
• Tattiche complesse per eludere il rilevamento e l’analisi. Queste includono più livelli di offuscamento, come la codifica e la crittografia del codice di attacco, l’impostazione di trappole per gli strumenti di analisi e il blocco delle scorciatoie da tastiera comunemente utilizzate per l’ispezione. Ciò rende difficile per gli addetti alla sicurezza e gli strumenti di difesa analizzare l’attività di Whisper 2FA e rilevare automaticamente azioni sospette e dannose.
• Una tattica di phishing versatile. Il form di phishing di Whisper 2FA invia tutti i dati inseriti dalla vittima ai cyber criminali, indipendentemente dal pulsante premuto dall’utente. I dati rubati vengono rapidamente manipolati e crittografati, rendendo difficile per chiunque monitori la rete rendersi immediatamente conto che i dati di accesso sono stati sottratti.

Il kit di phishing Whisper 2FA sta progredendo rapidamente sia in termini di complessità tecnica sia di strategie anti-rilevamento. L’analisi di Barracuda evidenzia come le prime varianti del kit presentassero commenti testuali aggiunti dagli sviluppatori, alcuni livelli di offuscamento e tecniche anti-analisi che si concentravano principalmente sulla disabilitazione del menu contestuale (tasto destro del mouse), utilizzato nell’ispezione del codice.

Al contrario, le varianti più recenti del kit individuate da Barracuda sono prive di commenti, l’offuscamento è diventato più denso e stratificato e sono state aggiunte nuove protezioni per rendere più difficile ai difensori analizzare o manomettere il sistema. Tra queste figurano trucchi per rilevare e bloccare gli strumenti di debugging, disabilitare le scorciatoie utilizzate dagli sviluppatori e mandare in tilt gli strumenti di ispezione. Inoltre, questa variante consente di convalidare i token di autenticazione in tempo reale attraverso il sistema di comando e controllo degli aggressori.

“Le caratteristiche e le funzionalità di Whisper 2FA dimostrano come i kit di phishing si siano evoluti da semplici strumenti per il furto di credenziali a sofisticate piattaforme di attacco”, afferma Saravanan Mohankumar, Manager, Threat Analysis team di Barracuda. “Combinando l’intercettazione dell’autenticazione multifattoriale in tempo reale, più livelli di offuscamento e tecniche anti-analisi, Whisper 2FA ostacola ulteriormente gli utenti e i team di sicurezza nel rilevamento delle frodi. Per rimanere protette, le organizzazioni devono superare le difese statiche e adottare strategie multilivello: formazione degli utenti, MFA resistente al phishing, monitoraggio continuo e condivisione delle informazioni sulle minacce”.

L’analisi di Whisper 2FA di Barracuda mostra alcune somiglianze con Salty 2FA, un nuovo PhaaS incentrato sul furto delle credenziali M365 segnalato di recente da AnyRun, ma anche notevoli differenze rispetto a rivali più vecchi e affermati come Evil Proxy, tra cui un sistema di furto delle credenziali semplificato e più difficile da rilevare.

Le nuove tecniche di offuscamento dei link malevoli di Tycoon

In un altro report recente, Barracuda ha anche portato alla luce nuove tecniche usate dal kit di Phishing-as-a-Service Tycoon per nascondere link malevoli nelle e-mail. In particolare, queste strategie sono pensate per offuscare, confondere e alterare la struttura dei link o degli URL e ingannare così i sistemi di rilevamento automatico assicurandosi che i link non vengano bloccati. Di seguito, alcuni esempi:

• Inserire una serie di spazi invisibili nel link dannoso, digitando ripetutamente il codice ” ” nella sua barra degli indirizzi;
• Aggiungere al link caratteri insoliti, come un simbolo “Unicode” che assomiglia a un punto ma non lo è;
• Inserire un indirizzo e-mail nascosto o un codice speciale alla fine del link;
• Elaborare un URL solo parzialmente ipertestuale o contenente elementi non validi, come due “https” o l’assenza di “//”, per nascondere la destinazione reale del link, assicurandosi che la parte attiva sembri innocua;
• Utilizzare il simbolo “@” nell’indirizzo del link. Infatti, tutto ciò che precede “@” viene trattato dai browser come “informazione utente”, quindi gli aggressori inseriscono in questa sezione un testo che appare affidabile e attendibile, come ad esempio “office365”. La destinazione effettiva del link si trova invece dopo il simbolo “@”;
• Utilizzare link web con simboli anomali, come barre rovesciate “” o il simbolo del dollaro “$”, che normalmente non vengono usati negli URL. Questi caratteri possono alterare il modo in cui gli strumenti di sicurezza leggono l’indirizzo, aiutando un link malevolo a sfuggire ai sistemi di rilevamento automatico;
• Creare un URL in cui la prima parte è innocua e ipertestuale, mentre la seconda parte, quella dannosa, appare come un semplice testo. Ma, poiché la parte dannosa non è collegata a nulla, non viene letta correttamente dagli strumenti di sicurezza.

L'articolo Whisper 2FA: il nuovo kit di phishing che ruba le credenziali di Microsoft 365 proviene da Red Hot Cyber.

Il 27 ottobre alle ore 15.00, presso la Sala Galileo della Biblioteca, la Direttrice, dott.ssa Elisabetta Sciarra, ha presentato le principali linee programmatiche dell’Istituto per il 2026, in relazione agli obiettivi e ai compiti dell’amministrazione.

Sono stati illustrati i maggiori programmi di spesa in termini di esecuzione di lavori e acquisizione di servizi, nonché le attività e gli eventi previsti, con particolare riferimento alle risorse economiche, umane e strumentali impiegate.

Relazione programmatica 2026

Strategie per affrontare le sfide finanziarie e promuovere l’accesso alla cultura (ppt)

L'articolo La programmazione della Biblioteca nazionale centrale di Firenze per il 2026 proviene da Biblioteca nazionale centrale di Firenze.

Sometimes when you’re making a PCB that you plan on programming over USB, but you only plan on plugging in a couple of times, it would be nice to make that connection without another BOM item. Over on GitHub [AnasMalas] has released a PCB edge USB-C connection symbol/footprint to do just that!

This isn’t the first PCB edge USB-C connector we’ve seen, but this one has some nice features. It’s available in both KiCad and EasyEDA formats, allowing you to easily add it into your preferred ECAD software. As well as supporting multiple software packages, there are two versions included: a 10-pin and 14-pin version. The 10-pin version has, on each side, 2 USB voltage pins, 2 ground pins, and a CC1 or CC2 pin on its respective side; this version is ideal if you’re looking to just supply power via the connector. The 14-pin version has all the pins of the 10-pin version with the addition of four data-positive and data-negative pins needed to relay information to the board, ideal if you’re planning on programming a microcontroller with this connection.

One important note is that, while most PCBs default to 1.6 mm thickness, if you use this connector you’ll need to drop that down to ~0.8 mm to properly interface with a common USB cable. [AnasMalas] also suggests using ENIG board finish to preserve the connectors on your USB cable.

For such a small and common connector, USB-C holds a ton of potential. Be sure to check out our series all about USB-C for more details.

Thanks to [Ben] for the tip.

hackaday.com/2025/10/27/connec…