IO E CHATGPT E17: L'allenamento del pensiero critico e del dibattito
In questo episodio esploriamo un uso avanzato: come utilizzare l’IA per sviluppare il pensiero critico, l’arte del dibattito e la capacità di argomentare.
zerodays.podbean.com/e/io-e-ch…
First Transistor Computer Reborn
Ok, we’ll admit it. If you asked us what the first transistorized computer was, we would have guessed it was the TC from the University of Manchester. After all, Dr. Wilkes and company were at the forefront and had built Baby and EDSAC, which, of course, didn’t use transistors. To be clear, we would have been guessing, but what we didn’t know at all was that the TC, with its magnetic drums and transistors in 1955, had a second life as a commercial product from Metropolitan-Vickers, called the Metrovick 950. [Nina Kalinina] has a simulator inspired by the old machine.
The code is in Python, and you can find several programs to run on the faux machine, including the venerable lunar lander. If you haven’t heard of the Metrovick, don’t feel bad. Oral histories say that only six or seven were ever built, and they were used internally within the company.
It seems hard to imagine now, but in the 1950s, transistors for computing were actually a disadvantage. The devices were slow. The TC, for example, used old point-contact transistors (200 of them) and 1,300 point diodes. The Metrovick 950, mercifully, used more modern junction devices. You might think that transistors would be more robust, but the early devices often failed.
The Metrovick wasn’t totally transistor-based. Like the somewhat newer TRADIC from Bell Labs, it used a vacuum tube to produce a clock signal with enough oomph to feed the whole machine. The first fully transistorized machine is a bit of a moving target, but is probably either the Harwell CADET, the IBM 604, or an ICBM guidance computer from Burroughs. Want to know more? You can read the original engineering report (which included the title picture).
We have long been fascinated with the EDSAC and often wonder if we’d have been as smart as David Wheeler and invented the subroutine.
Hackaday Links: September 21, 2025
Remember AOL? For a lot of folks, America Online was their first ISP, the place where they got their first exposure to the Internet, or at least a highly curated version of it. Remembered by the cool kids mainly as the place that the normies used as their ISP and for the mark of shame an “@aol.com” email address bore, the company nevertheless became a media juggernaut, to the point that “AOL Time Warner” was a thing in the early 2000s. We’d have thought the company was long gone by now, but it turns out it’s still around and powerful enough of a brand that it’s being shopped around for $1.5 billion. We’d imagine a large part of that value comes from Yahoo!, which previous owner Verizon merged with AOL before selling most of the combined entity off in 2021, but either way, it’s not chump change.
For our part, the most memorable aspect of AOL was the endless number of CDs they stuffed into mailboxes in the 90s. There was barely a day that went by that one of those things didn’t cross your path, either through the mail or in free bins at store checkouts, or even inside magazines. They were everywhere, and unless you were tempted by the whole “You’ve got mail!” kitsch, they were utterly useless; they didn’t even make good coasters thanks to the hole in the middle. So most of the estimated 2 billion CDs just ended up in the trash, which got us thinking: How much plastic was that? A bit of poking around indicates that a CD contains about 15 grams of polycarbonate, so that’s something like 30,000 metric tonnes! To put that into perspective, the Great Pacific Garbage Patch is said to contain “only” around 80,000 metric tonnes of plastic. Clearly the patch isn’t 37% AOL CDs, but it still gives one pause to consider how many resources AOL put into marketing.
You want lice? Because hacking a network of smart washing machines on a college campus is how you get lice. Or at least that’s the somewhat overwrought fear after someone broke into the smart washing machines at a housing complex serving Amsterdam college students earlier in the year. The hack, which disabled the electronic payment system on the washers, was discovered in July, which seems like a strange time of year for students to be doing laundry, but whatever. The company that owns the machines finally disabled them, leaving 1,250 residents with only a couple of old coin-op machines, most of which they report are chronically out of order. That fits well with our college laundry experience, which more often than not was a waste of time and quarters, enough so that it was worth the drive home to use Mom’s machines. But what about the lice? It seems that some students are complaining that their unclean clothes are leaving them itchy and in fear of an outbreak of lice unless the laundry situation improves. So much for the hacker’s attempt to become a folk
Being an amateur radio operator, we’re always on the lookout for ham-adjacent stories, especially the increasing number where amateur allocations are being infringed upon or worse, privileges are being outright revoked. That’s why we were alarmed to see a story about amateur radio licenses being suspended in Equatorial Guinea, but it turns out that there’s a little more to the story than just anti-ham sentiment. All existing amateur licenses in the African nation were temporarily suspended thanks to the discovery of a foreign citizen who apparently illegally purchased a license and then accessed “sensitive areas” of the country. It sounds like Equatorial Guinea is pretty strict, requiring inspection of equipment and proper licensing prior to allowing radios into the country. The suspension of all licenses seems like overkill to us, especially since no apparent timeline for restoring privileges has been communicated. Separately, we’d also like to call out the article’s graphic designer for one of the worst examples of map gore we’ve ever seen.
If you write a column like this and you see a story with a title like “Jay Leno 3D prints toilet seat for Harrison Ford,” it’s really hard to resist writing it up. But as it turns out, there’s not a lot to the story, at least to those of us used to printing unobtanium parts. Jay Leno, famed for his amazing collection of antique and rare motor vehicles, has gotten into additive manufacturing in a big way, often printing parts for his restorations. Harrison Ford, on the other hand, isn’t much into 3D printing, but he does have a toilet he’s especially fond of — we can absolutely relate to this — but whose seat has seen better days. Being out of production, he couldn’t source a replacement until he remembered a visit to Jay’s garage, where he was first introduced to 3D printing. So Harrison sent the seat to Jay (eww) for reverse engineering and printing. We’d love to know a few details, such as what plastic was deemed fit for Indiana Jones’ tush. We’d also like to know which printing modality was used; we hope it wasn’t FDM, because layer lines would be pretty gross on a toilet seat.
And finally, clear your viewing calendar for this four-part series on custom bookbinding. We know, we know; bookbinding isn’t really the kind of tech we usually feature around here. But watching Dennis over at Four Keys Book Arts take a cheap book-club edition of Frank Herbert’s classic Dune and turn it into a work of art is absolutely mesmerizing. From disassembly and restoration of the original to tooling the new leather cover and applying gold leaf, every step along the way is absolute craftsmanship. Check it out; we doubt you’ll be disappointed. Enjoy!
youtube.com/embed/HqGPXpfp-CU?…
A Serial Mouse for a Homebrew 8-bit Computer
[Too Many Wires] has a custom computer he’s building. He wanted a mouse, but USB is a bit of a stretch for the fledgling computer. We might have opted for PS/2, but he went for something even older: a serial mouse connected with a DE-9 (colloquially, a DB-9). Check it out in his recent video update on the project below.
Don’t remember serial mice? They were very common many years ago, and apparently, you can still buy new ones, which makes you wonder what people are doing with them. If you are an old hand at serial, you’ll immediately know why he couldn’t get it to work at first. If you haven’t worked with RS-232 gear before, you’ll learn a lot.
The protocol is simple enough, and you can read the code or find plenty of old documents. He’s using a UART chip, which offloads the CPU. However, the PS/2 mice are very easy to work with directly, and you could skip the +/- 12V RS-232 and other issues.
Either way, however, using an RS-232 or PS/2 mouse in a project is relatively straightforward. You might not think you need a mouse, but don’t forget, they are really accurate two-axis sensors. An optical mouse on a motion table, for example, could be worth something.
The computer is based on [Ben Eater]’s design, if you want more details on that. Can’t decide between RS-232 and PS/2? You don’t have to.
youtube.com/embed/6Vz_RvOeN3E?…
Welding with Natural Gas and Oxygen
By virtue of its triple bond, acetylene burns hotter than any other common hydrocarbon when mixed with oxygen, but it isn’t the only flame hot enough for welding. With the assistance of a homemade oxygen concentrator, [Hyperspace Pirate] was able to make a natural gas torch that melts steel, even if welding with the torch remains difficult.
[Hyperspace Pirate] built his oxygen concentrator around a pressure-swing adsorption system, which uses two tanks of a molecular sieve to selectively adsorb and purge nitrogen, leaving behind mostly oxygen. [Hyperspace Pirate] used reverse-osmosis membrane casings as the tanks, solenoid valves to control gas flow, and an Arduino with some MOSFETs to control the timing. For fuel, he used a convenient source of natural gas, already installed in his garage: the water heater’s gas supply. Since the house’s meter regulates the gas down to a fairly low pressure, and the oxygen concentrator doesn’t produce high pressures, the torch didn’t need any inline regulators.
The oxygen supply by itself was an entertaining tool, turning smoldering pieces of charcoal or steel wool violently incandescent. With the assistance of some steel wool, [Hyperspace Pirate] set a steel tube on fire. With a bit more oxygen, it would probably make an effective thermic lance. If you still want to do your welding with acetylene, he’s also made that before.
youtube.com/embed/7IkyVFxDQQw?…
Low-Cost, High-Gain: A Smart Electronic Eyepiece for Capturing the Cosmos
We’ve all seen spectacular pictures of space, and it’s easy to assume that’s how it looks to the naked eye through a nice telescope. But in most cases, that’s simply not true. Space is rather dark, so to make out dim objects, you’ll need to amplify the available light. This can be done with a larger telescope, but that’s an expensive route. Alternatively, you can observe objects for longer periods. This second approach is what [BLANCHARD Jordan] chose, creating a budget electronic eyepiece for his telescope.
This eyepiece is housed in a 3D printed enclosure designed to fit a standard 1.25″ telescope focuser. The sleek, ergonomic enclosure resembles a night vision device, with a 0.39″ screen for real-time observation of what the camera captures through the telescope. The screen isn’t the only way to view — a USB-C video capture module lets you connect a phone or computer to save images as if you were peering through the viewfinder.
The star of this project is the IMX307 camera module, which supports sense-up mode for 1.2-second exposures and increased gain to capture dim objects without post-processing. This sensor, commonly used in low-light security cameras and dash cams, excels at revealing faint celestial details. All combined, this project cost under 200 Euros, an absolute steal in the often pricey world of astronomy.
Don’t have a telescope? Don’t worry, you can build one of those as well.
For a Robot Claw, the Eyes Have It
Have you ever wished your hand had an extra feature? Like, maybe, a second thumb? A scope probe pinky maybe? Well, if you are building a robot effector, you get to pick what extra features it has. [Gokux] has the aptly named Cam Claw, which is a 3D printed claw with a built-in camera so you can see exactly what it is doing.
The brains are an ESP32-S3 and the eyes — well, the eye technically — uses an OV3660 camera. There’s even a light in case you are in a dark space. A servo drives it, and the printed gear train is pretty fun to watch, as you can see in the video below.
This project is all about the mechanics. The electronic hardware is trivial. A battery, a power controller, and a servo complement the ESP32 and camera. Six LEDs for light, and the job is done.
Obviously, the gripping power will only be as good as the servo. However, we really liked the idea of putting eyes on a robot hand where they count. Of course, the claw you really want a camera on is in the arcade. We’d like to see cameras on some other robot appendages.
youtube.com/embed/8faEnWKrBrA?…
La storia di Microsoft Solitaire: dal lancio con Windows 3.0 al successo duraturo
Microsoft lanciò Solitaire per la prima volta nel 1990 con Windows 3.0, come strumento per familiarizzare gli utenti con l’interfaccia grafica e l’uso del mouse. Il gioco fu creato da Wes Cherry, aiutato nel design Susan Kare, ed è diventato uno dei software più utilizzati nella storia di Windows.
Fin dalla sua introduzione, Solitaire divenne incredibilmente popolare in uffici e scuole, al punto che Microsoft ricevette lamentele per la perdita di produttività causata dal tempo impiegato a giocarlo. Una storia nota racconta di un dipendente licenziato a New York dopo che il sindaco Bloomberg vide il gioco sul suo schermo .
Negli anni successivi Microsoft ha ampliato l’offerta: con Windows 8 (2012) fu lanciata la Microsoft Solitaire Collection, sviluppata da Arkadium con design di William Bredbeck. Questa versione includeva nuove modalità come Spider, FreeCell, Pyramid e TriPeaks, oltre a nuove funzionalità come le “Daily Challenges” e l’integrazione con Xbox Live .
Solitaire ha mantenuto un successo duraturo: nel 2020, al suo trentesimo anniversario, Microsoft stimava 35 milioni di giocatori attivi mensili e oltre 100 milioni di partite giocate al giorno in tutto il mondo. Nel 2019 il gioco è stato inserito nella Video Game Hall of Fame del museo The Strong .
Nonostante la sua semplicità, il gioco continua ad attirare giocatori di tutte le età. La sua longevità si spiega con la combinazione di un’interfaccia familiare e rassicurante, meccaniche accessibili e tempi di gioco brevi. Molti vedono ancora in Solitaire una pausa mentale rilassante, una sorta di “rifugio digitale” in un’epoca frenetica .
Oggi la Microsoft Solitaire Collection è presente su Windows (8, 10, 11), Windows Phone, iOS e Android. Tuttavia, ha suscitato critiche per l’inserimento di pubblicità: per rimuoverle, gli utenti sono invitati a sottoscrivere un abbonamento Premium, che costa circa $1,49 al mese o $9,99 all’anno .
L'articolo La storia di Microsoft Solitaire: dal lancio con Windows 3.0 al successo duraturo proviene da il blog della sicurezza informatica.
Building a (Not Very) Portable Xbox
Modern handheld game consoles are impressive feats of engineering, featuring full fledged computers in near pocket-sized packages. So what happens if you take an original Xbox and sprinkle on some modern electronics and create a handheld? Well, if your [James] of James Channel, you end up with this sandwich of PCBs held together with hot glue and duck tape.
The first order of miniaturization in this Xbox was replacing the hard drive. Because a CompactFlash card uses serial ATA, that could be a simple drop in replacement. However, the Xbox locks the hard drive to the system requiring a mod chip for the CF card to work. Fortunately, the sacrificial Xbox came with a mod chip installed. After using an arcade machine to flash the card and copy over the contents of the drive, the CF card install was a breeze.
For the screen and batteries, a portable DVD player that had remained unused since 2006 was repurposed. The battery cells were rather unhappy, but managed to get resurrected with some careful charging. As it turns out, the iPod 30 pin connector inside the portable screen contains an S-Video line. By taping into that and adding in some power management for the batteries, the Xbox became a pile of PCBs that could maybe be taken places.
However, the form factor was not yet complete. With some careful angle grinder work, the controller got split in half, with jumper wires going between the two sides. By cutting slots into the housing, the Xbox mainboard could now rest between the two controller halves, along with some hot glue for good measure. By using hot glue as an insulating layer, the PCB sandwich started to resemble a handheld console.
A few gremlins still lurked inside, namely, inside the optical drive. The first issue was the mainboard supplied 2.5 V where 5 V is needed, so instead of debugging the issue, [James] simply tapped directly into a 5 V line. But the drive was still uncooperative. As it turned out, the hastily refurbished unit was broken, so a fresh one replaced it. Yet that still proved unsuccessful. Eventually, after testing eight drives, it turned out seven were broken, and the IDE cable needed to be re-crimped.
But at last, the portable Xbox could be used, so the build was finished off with a bit more hot glue and a case made of duck tape. While certainly not pretty, it does, in fact, work, with nearly 10 minutes of battery life. It’s not very handheld, or very portable, but it does meet the definitions of both while maintaining a CD drive, something likely never done before. Just keep your fingers clear of the spinning disc.
Looking for something that might actually fit in your pocket? Turns out the Wii can be turned into an incredibly compact handheld with some careful cutting.
youtube.com/embed/W3OK9A_RbSI?…
Edge vs Chrome: Microsoft promuove il suo browser con annunci aggressivi su Bing
Microsoft ha nuovamente lanciato una campagna aggressiva per il suo browser proprietario Edge. Questa volta, il colosso del software mostra una tabella comparativa completa tra Edge e Chrome direttamente nella pagina di ricerca quando un utente tenta di scaricare il browser web di Google tramite Bing.
Secondo windowslatest, tali annunci potrebbero essere visualizzati in determinate condizioni. Ad esempio, il grafico di confronto è visibile agli utenti che hanno effettuato l’accesso a un account Microsoft con un abbonamento attivo a Microsoft 365 e Windows 11 24H2. Ciò potrebbe indicare che Microsoft sta testando i nuovi annunci su un numero limitato di abbonati.
Quando un utente ha provato a scaricare Chrome tramite Bing, è apparso un messaggio che affermava che tutto il necessario per interagire con Internet era “già presente”. Questo si riferiva ovviamente a Bing.
Inoltre, più sotto, c’era un chiarimento che Edge “si basa sulla stessa tecnologia di Chrome, ma è più affidabile per Microsoft “. Oltre a questo, è apparso un grande banner sul lato destro della barra di ricerca, che metteva letteralmente in contrasto Edge con Chrome, rendendo il browser di Microsoft più accattivante.
Con il nuovo annuncio, Microsoft sta probabilmente suggerendo agli utenti che Edge è adatto alla visualizzazione di contenuti web, inclusi Gmail e YouTube, senza dover scaricare Chrome. I vantaggi di Edge includono la personalizzazione basata sull’intelligenza artificiale e il fatto che sia consigliato da Microsoft. È presente anche un pulsante “Scopri di più”, che gli utenti possono cliccare per saperne di più su Edge.
Se l’utente scorre la ricerca verso il basso e va alla pagina di download di Chrome, vedrà un’altra finestra pop-up che gli chiede di continuare a lavorare in Edge.
Se l’utente ignora questa finestra e sceglie di scaricare Chrome, nella parte superiore del sito web di Google apparirà un banner pubblicitario di Edge. Questo rallenterà leggermente il tempo di caricamento di Chrome e attirerà l’attenzione dell’utente, ma non impedirà l’installazione di Chrome.
L'articolo Edge vs Chrome: Microsoft promuove il suo browser con annunci aggressivi su Bing proviene da il blog della sicurezza informatica.
Il cervello robotico Nvidia, rivoluzionerà l’intelligenza artificiale abbinata alla robotica?
Il 24 agosto, l’account ufficiale di Nvidia Robotics ha condiviso sui social media l’immagine di una scatola regalo nera accompagnata da un biglietto d’auguri firmato dal fondatore Jensen Huang, con la didascalia “Goditela”. L’annuncio ha anticipato il lancio di un nuovo “cervello” per robot, suggerendo una svolta significativa nella strategia robotica dell’azienda.
Nel video di presentazione, un robot umanoide del produttore cinese Fourier prende il biglietto d’auguri e inizia a leggerlo, mentre aprendo la confezione emergono diversi tipi di braccia. Questo dettaglio indica che il nuovo cervello potrebbe essere compatibile con più modelli di robot umanoidi, aumentando la versatilità del sistema.
Negli ultimi anni, Nvidia ha rafforzato il proprio impegno nel settore della robotica. Alla China International Supply Chain Promotion Expo 2025, Huang ha sottolineato come i robot rappresenteranno la prossima ondata di intelligenza artificiale, capaci di ragionare, eseguire compiti e comprendere il mondo fisico. Jensen Huang ha più volte espresso ottimismo riguardo al potenziale del mercato dell’intelligence incorporata.
Già a giugno 2024, Huang aveva previsto significativi progressi nella robotica nei due-tre anni successivi, affermando che i robot umanoidi potrebbero diventare comuni quanto le automobili. Secondo il fondatore di Nvidia, la robotica rappresenta uno dei mercati con maggiore potenziale di crescita per l’azienda, accanto all’intelligenza artificiale.
Per lo sviluppo dei robot, le aziende cinesi utilizzano Nvidia Omniverse, una piattaforma grafica e di simulazione, che consente addestramento sicuro e collaborazione con esseri umani. Recentemente, Nvidia ha lanciato la nuova libreria Omniverse e il modello basato su NVIDIA Cosmos per accelerare lo sviluppo e l’implementazione di soluzioni robotiche, collaborando con diverse aziende produttrici di robot umanoidi.
Eventi come la cena di gala “Grazie di Primavera” a Pechino e la World Robot Conference di agosto hanno consolidato le relazioni di Nvidia con i principali attori della robotica cinese, come Yushu Technology e Galaxy General. Durante la conferenza, i dirigenti hanno discusso con Rev Lebaredian, vicepresidente di Omniverse and Simulation Technology, sul ruolo dei robot come veicolo principale dell’intelligenza artificiale applicata al mondo fisico.
Secondo Lebaredian, il portfolio tecnologico di Nvidia per la robotica comprende tre elementi fondamentali: il “cervello” del robot, supportato da software e piattaforme di intelligenza artificiale; il “corpo”, costituito dall’hardware di edge computing per elaborare dati e prendere decisioni in tempo reale; e i dati, ottenuti tramite simulazione e generazione di dati sintetici per addestrare l’intelligenza artificiale in scenari complessi.
L'articolo Il cervello robotico Nvidia, rivoluzionerà l’intelligenza artificiale abbinata alla robotica? proviene da il blog della sicurezza informatica.
RevengeHotels migliora VenomRAT con l’uso dell’intelligenza artificiale
Gli esperti di Kaspersky Lab hanno rilevato una nuova ondata di attacchi da parte del gruppo RevengeHotels. Una caratteristica distintiva di questa campagna è che molti dei nuovi campioni di malware sono stati creati utilizzando l’intelligenza artificiale.
RevengeHotels (noto anche come TA558) è attivo dal 2015 ed è specializzato nel furto di dati delle carte di credito di ospiti di hotel e viaggiatori. Gli hacker criminali inviano in genere email con link di phishing che reindirizzano i visitatori a siti web camuffati da siti di archiviazione documenti. Questi siti web scaricano script dannosi che infettano i computer presi di mira.
I payload finali sono vari trojan di accesso remoto (RAT) che consentono agli aggressori di controllare i sistemi compromessi, rubare dati sensibili, ottenere un punto d’appoggio nell’infrastruttura e così via.
Nell’estate del 2025, gli specialisti hanno rilevato nuovi attacchi del gruppo contro gli hotel, utilizzando impianti e strumenti sempre più sofisticati. Gli obiettivi principali del gruppo erano gli hotel in Brasile, ma sono stati identificati obiettivi anche in diversi paesi di lingua spagnola: Argentina, Bolivia, Cile, Costa Rica, Messico e Spagna.
Nelle campagne precedenti, il gruppo RevengeHotels aveva preso di mira utenti in Russia, Bielorussia, Turchia, Malesia, Italia ed Egitto.
Questa volta, gli aggressori hanno continuato a inviare e-mail di phishing (camuffate da fatture, richieste di prenotazione alberghiera o domande di lavoro nel settore alberghiero) per distribuire VenomRAT utilizzando loader basati su JavaScript e PowerShell.
L’analisi ha dimostrato che una parte significativa del codice di infezione iniziale e di caricamento dell’impianto in queste campagne potrebbe essere stata generata utilizzando agenti LLM. I ricercatori ritengono che gli hacker stiano utilizzando attivamente le tecnologie di intelligenza artificiale per migliorare le proprie capacità.
“Sebbene la firma di RevengeHotels rimanga riconoscibile, gli aggressori stanno affinando i loro metodi. In particolare, una parte significativa del codice dannoso è stata presumibilmente scritta utilizzando modelli linguistici su larga scala (LLM). Ciò indica l’uso attivo di tecnologie di intelligenza artificiale per migliorare l’efficacia degli attacchi informatici. È importante comprendere che i dati bancari e altri dati sensibili possono essere a rischio anche sui siti web di hotel grandi e noti, quindi la cautela è sempre essenziale”, commenta Dmitry Galov, responsabile di Kaspersky GReAT in Russia.
VenomRAT è una versione aggiornata del trojan open source QuasarRAT, scoperto per la prima volta a metà del 2020. VenomRAT è distribuito sul darknet, con un prezzo fino a 650 dollari per una licenza a vita. Nonostante la fuga di notizie del codice sorgente di VenomRAT, il malware continua a essere venduto e utilizzato dagli aggressori.
L'articolo RevengeHotels migliora VenomRAT con l’uso dell’intelligenza artificiale proviene da il blog della sicurezza informatica.
March to the Beat of Your Own Piezoelectric Drum
Drums! You hit them, and they vibrate. It’s kind of fun. Piezoelectric elements can create electric current when they vibrate. [Will Dana] put two and two together to try and charge his phone on his YouTube channel WillsBuilds embedded below.
It worked… about as well as you might expect. Which is to say: not very well. The random piezo elements [Will] glues to his drum almost certainly aren’t optimized for this use case. Adding weight helps, but it doesn’t look like a tuned system. Even if it was, piezoelectric generators aren’t terribly efficient by nature, and the (small) losses from the required bridge rectifiers aren’t helping. An energy-harvesting chip might have worked better, but it probably wouldn’t have worked well.
Since he cannot produce enough voltage in real time, [Will] opts to charge a capacitor bank that he can dump into the phone once it gets enough charge in it to register with the phone’s circuitry. It takes about 30 minutes drumming to charge the capacitors in parallel, before switching to series to get the voltage up to discharge. The capacitors drain in about a quarter second, probably to no measurable result– but the phone does read as “charging”, which was the goal.
Did it work? Technically, yes. The phone was “charging”. Is it practical? Certainly not. Is it a hack? Undeniably so.
youtube.com/embed/c5p8IywkwLQ?…
When Low SRAM Keeps the DOOM off Your Vape
The PIXO Aspire is a roughly $35 USD vape that can almost play DOOM, with [Aaron Christophel] finding that the only thing that realistically stops it from doing so is that the Cortex-M4-based Puya PY32F403XC MCU only has 64 kB of SRAM. CPU-wise it would be more than capable, with a roomy 16 MB of external SPI Flash and a 323×173 pixel LC touch screen display covering the other needs. It even has a vibration motor to give you some force feedback. Interestingly, this vape has a Bluetooth Low-Energy chip built-in, but this does not seem to be used by the original Aspire firmware.
What [Aaron] did to still get some DOOM vapors on the device was to implement a screenshare firmware, allowing a PC to use the device as a secondary display via its USB interface. This way you can use the regular PC mouse and keyboard inputs to play DOOM, while squinting at the small screen.
Although not as completely overpowered as a recent Anker charging station that [Aaron] played DOOM on, we fully expect vapes in a few years to be perfectly usable for some casual gaming, with this potentially even becoming an original manufacturer’s function, if it isn’t already.
youtube.com/embed/rVsvtEj9iqE?…
A Ruggedized Raspberry Pi for Sailors
Nautical navigation has a long history of innovation, from the compass and chronometer to today’s computer-driven autopilot systems. That said, the poor compatibility of electronics with saltwater has consequently created a need for rugged, waterproof computers, a category to which [Matti Airas] of Hat Labs has contributed with the open-source HALPI2.
Powered by the Raspberry Pi Compute Module 5, the electronics are housed in a heavy duty enclosure made of aluminium, which also serves as a heat sink, and closes with a waterproof seal. It has a wide variety of external connectors, all likewise waterproofed: power, HDMI, NMEA 2000 and NMEA 0183, Ethernet, two USB 3.0 ports, and an external WiFi or Bluetooth antenna. The external ports are plugged into the carrier board by short extension cables, and there are even more ports on the carrier board, including two HDMI connectors, two MIPI connectors, four USB ports, and a full GPIO header. The case has plugs to install additional PG7 or SP13 waterproof connectors, so if the existing external connectors aren’t enough, you can add your own.
Besides physical ruggedness, the design is also resistant to electrical damage. It can run on power in the 10-32 volt range, and is protected by a fuse. A supercapacitor bank preserves operation during a power glitch, and if the outage lasts for more than five seconds, can keep the system powered for 30-60 seconds while the operating system shuts down safely. The HALPI2 can also accept power over NMEA 2000, in which case it has the option to limit current draw to 0.9 amps.
The design was originally created to handle navigation, data logging, and other boating tasks, so it’s been configured for and tested with OpenPlotter. Its potential uses are broader than that, however, and it’s also been tested with Raspberry Pi OS for more general projects. Reading through its website, the most striking thing is how thoroughly this is documented: the site describes everything from the LED status indicators to the screws that close the housing – even a template for drilling mounting holes.
Given the quality of this project, it probably won’t surprise you to hear this isn’t [Matti]’s first piece of nautical electronics, having previously made Sailor HATs for the ESP32 and the Raspberry Pi.
Venus Climate Orbiter Akatsuki’s Mission Has Ended
Japan’s Venus Climate Orbiter Akatsuki was launched on May 21, 2010, and started its active mission in 2015 after an initial orbital insertion failure. Since that time, Akatsuki has continuously observed Venus from orbit until issues began to crop up in 2024 when contact was lost in April of that year due to attitude control issues. Japan’s space agency, JAXA, has now announced that the mission has officially ended on September 18, 2025, after a period of trying to coax the spacecraft back into some level of functionality again.
The Akatsuki spacecraft had six instruments, consisting of cameras covering the visible spectrum, ultraviolet and infrared spectra, as well as an oscillator for radio occultation experiments.
All primary mission goals were successfully completed in April of 2018, but engineers determined Akatsuki was capable of lasting at least another few years. This puts it well past its original design lifespan, and has provided us with much more scientific data than we could have hoped for.
Unfortunately, the shutdown of Akatsuki represents the end of the last active Venus mission, with much uncertainty surrounding any potential upcoming mission to Earth’s near-twin planet. The next potential mission is the Venus Life Finder, as an atmospheric mission penciled in for a 2026 launch. It would take at least until 2028 for a potential orbiter mission to launch, so for the foreseeable future Venus will be left alone, without its artificial moon that has kept it company for a decade.
Regretfully: $3,000 Worth of Raspberry Pi Boards
We feel for [Jeff Geerling]. He spent a lot of effort building an AI cluster out of Raspberry PI boards and $3,000 later, he’s a bit regretful. As you can see in the video below, it is a neat build. As Jeff points out, it is relatively low power and dense. But dollar for dollar, it isn’t much of a supercomputer.
Of course, the most obvious thing is that there’s plenty of CPU, but no GPU. We can sympathize, too, with the fact that he had to strip it down twice and rebuild it for a total of three rebuilds. One time, he decided to homogenize the SSDs for each board. The second time was to affix the heatsinks. It is always something.
With ten “blades” — otherwise known as compute modules — the plucky little computer turned in about 325 gigaflops on tests. That sounds pretty good, but a Framework Desktop x4 manages 1,180 gigaflops. What’s more is that the Framework turned out cheaper per gigaflop, too. Each dollar bought about 110 megaflops for the Pis, but about 140 for the Framework.
So was it good for AI anyway? Predictably, no. While the Pi 5 does have an integrated GPU, llama can’t use the version of Vulkan for speedups. Even a cheap consumer PC can turn in better performance. The Framework without its GPU did about six or seven times better. With the GPU? Around 14X compared to the Pi cluster.
Should you build it? [Jeff] says no, unless you have a very special use case for it. However, we build plenty of things that aren’t super practical. If you have a use for the beast, let us know in the comments.
Even if your cluster isn’t as powerful as this one, you can still pretend it is a Cray. We wonder if ten Pi 5s can beat 1,060 Pi 3s?
youtube.com/embed/8SiB-bNyP5E?…
Computer Has One Instruction, Many Transistors
There’s always some debate around what style of architecture is best for certain computing applications, with some on the RISC side citing performance per watt and some on the CISC side citing performance per line of code. But when looking at instruction sets it’s actually possible to eliminate every instruction except one and still have a working, Turing-complete computer. This instruction is called subleq or “subtract and branch if less-than or equal to zero“. [Michael] has built a computer that does this out of discrete components from scratch.
We’ll save a lot of the details of the computer science for [Michael] or others to explain, but at its core this is a computer running with a 1 kHz clock with around 700 transistors total. Since the goal of a single-instruction computer like this is simplicity, the tradeoff is that many more instructions need to be executed for equivalent operations. For this computer it takes six clock cycles to execute one instruction, for a total of about 170 instructions per second. [Michael] also created an assembler for this computer, so with an LCD screen connected and mapped to memory he can write and execute a simple “hello world” program just like any other computer.
[Michael] does note that since he was building this from Logisim directly he doesn’t have a circuit schematic, but due to some intermittent wiring issues might have something in the future if he decides to make PCBs for this instead of using wire on a cardboard substrate. There’s plenty of other information on his GitHub page though. It’s a unique project that gets to the core of what’s truly needed for a working computer. There are a few programming languages out there that are built on a similar idea.
youtube.com/embed/10Kjh3kQZHY?…
“Simplest” Oscilloscope is a Cunning Vector Display
Superlatives are tricky things. [mircemk]’s guide “How to make Simplest ever Oscilloscope Clock” falls into that category. It’s that word, simplest. Certainly, this is an oscilloscope clock, and a nice one. But is it simple?
There’s a nice oscilloscope circuit with a cute 2″ 5LO38I CRT and EF80 tubes for horizontal and vertical deflection that we’d say is pretty simple. (It’s based on an earlier DIY oscilloscope project [mircemk] did.) The bill of materials is remarkably sparse– but it’s modules that do it. One entry is a DC-DC step up supply to get the needed HV. Another is a LM317 to get 6.3 V to heat the tubes. The modules make for a very simple BOM, but on another level, there’s quite a bit of complex engineering in those little modules.
When we get to the “clock” part of the oscilloscope clock, that quandary goes into overdrive. There’s only one line on the BOM, so that’s very simple. On the other hand, it’s an ESP32. Depending on your perspective, that’s not simple at all. It’s a microcomputer, or at least something that can play at emulating one.
Oh, in the ways that matter to a maker — parts count, time, and effort, this oscilloscope clock is very simple. The fact that its actually a vector display for a powerful little micro just adds to the versatility of the build. We absolutely love it, to be honest. Still, the idea that you can have millions of transistors in a simple project — never mind the “simplest ever” — well, it just seems weird on some level when you think about it.
It all comes back to what counts as “simple”. If we’re taking lines on a BOM, arguably this would be even simpler if you used an existing oscilloscope.
In Cina, al via la corsa per l’innovazione con il suo primo concorso di IA
La città di Karamay, nello Xinjiang, ha ospitato l’apertura della finale e della mostra del primo concorso di applicazioni di intelligenza artificiale. L’evento, svoltosi presso il Museo della Scienza e della Tecnologia, ha visto ventiquattro progetti contendersi i premi finali in nove aree chiave, dalla sanità all’energia industriale fino all’istruzione. La manifestazione ha incluso anche una mostra dei risultati, la firma di accordi e la cerimonia di premiazione, con l’obiettivo di valorizzare il ruolo dell’IA nello sviluppo locale e nella costruzione di una “città del potere computazionale”.
Il concorso, intitolato “Camminare con la digitalizzazione, potenziare lo sviluppo”, è stato organizzato dal Comitato del Partito Municipale e dall’Amministrazione di Karamay, insieme a enti di innovazione e sviluppo digitale. Più di 300 partecipanti, tra esperti, accademici e rappresentanti del settore, hanno preso parte alla competizione. Nel suo intervento, Shi Gang ha sottolineato la trasformazione della città da centro basato sulle risorse a polo fondato sull’innovazione, con l’intelligenza artificiale come motore trainante.
Durante la cerimonia, Wusuer Salamu, accademico dell’Accademia Cinese di Ingegneria, ha evidenziato come l’intelligenza artificiale stia vivendo una fase di profonda integrazione. In particolare, i modelli di grandi dimensioni sono stati descritti come il passaggio da semplici strumenti a veri agenti intelligenti, in linea con la strategia di Karamay di costruire una nuova città della potenza di calcolo.
Il concorso, lanciato a maggio, ha ricevuto la candidatura di 495 progetti presentati da 286 organizzazioni, in settori che spaziavano dall’energia all’agricoltura, dalla sanità alla gestione urbana. Dopo una selezione accurata, 24 progetti sono stati ammessi alla finale. La valutazione si è concentrata sull’innovazione tecnologica, sull’applicazione pratica e sul potenziale di leadership, con un format che prevedeva presentazioni, dimostrazioni e discussioni dirette.
Nella competizione finale il primo premio è stato assegnato al progetto dedicato a una piattaforma di ottimizzazione intelligente basata sui dati per la fratturazione e la sua applicazione pratica sul campo. Il secondo premio è andato a un sistema AIGC e a un agente intelligente per i servizi sanitari, mentre il terzo ha premiato un assistente AI per i servizi governativi, un modello di controllo per la perforazione e un sistema di previsioni meteorologiche. Dodici progetti hanno ricevuto premi di eccellenza.
Oltre alla gara, durante l’evento sono stati firmati sei accordi per progetti chiave in diversi settori. Le innovazioni selezionate saranno accelerate per l’implementazione e la trasformazione a Karamay, in linea con la strategia della città di sviluppare nuova produttività e rafforzare la sua competitività tecnologica.
Il concorso ha rappresentato una vetrina per talenti, tecnologie e progetti di alto livello, rafforzando il ruolo di Karamay come centro emergente nell’economia digitale dello Xinjiang. L’evento ha dimostrato le potenzialità dell’intelligenza artificiale nell’alimentare una crescita economica di qualità e nel fornire nuovo slancio allo sviluppo regionale.
L'articolo In Cina, al via la corsa per l’innovazione con il suo primo concorso di IA proviene da il blog della sicurezza informatica.
Un grave attacco informatico colpisce gli aeroporti europei. Voli fermi
Sabato 20 settembre 2025 un attacco informatico ha colpito un fornitore di servizi utilizzati da diversi aeroporti europei, tra cui Bruxelles, Berlino e Londra-Heathrow. L’incidente ha causato notevoli disagi con ritardi e cancellazioni di voli.
L’aeroporto di Londra Heathrow ha informato i passeggeri che la causa del caos era un “problema tecnico”, mentre l’aeroporto di Bruxelles è stato un po’ più disponibile, ammettendo che la causa principale del problema era un attacco informatico al fornitore terzo dei suoi sistemi di check-in.
Il blocco degli aereoporti europei
La società coinvolta, Collins Aerospace, ha comunicato di essere alle prese con problemi tecnici a livello internazionale che riguardano i sistemi di gestione aeroportuale.
L’azienda ha assicurato che i propri tecnici stanno lavorando per riportare la situazione alla normalità.
“Collins Aerospace sta lavorando per risolvere rapidamente l’inconveniente”, si legge nel comunicato ufficiale pubblicato sui canali social di Heathrow.
A Heathrow, le autorità aeroportuali hanno consigliato ai viaggiatori di verificare lo stato del volo prima di partire da casa e di arrivare con largo anticipo: tre ore per le tratte internazionali e due ore per quelle nazionali.
Anche a Bruxelles l’operatività è compromessa: le procedure di check-in e imbarco vengono eseguite manualmente a causa del blocco dei sistemi automatici, con conseguenti code e possibili cancellazioni.
Situazione critica pure a Berlino, dove il malfunzionamento dei sistemi ha provocato rallentamenti significativi nelle operazioni aeroportuali. Le autorità hanno spiegato che sono già in corso interventi tecnici per risolvere il guasto.
Dallo scalo berlinese è arrivata anche una raccomandazione ai passeggeri: chi deve viaggiare il 20 settembre deve prima confermare con la compagnia se il volo è operativo e recarsi in aeroporto solo dopo aver ottenuto la certezza della partenza.
A differenza di altri hub, l’aeroporto di Francoforte non risulta toccato dall’attacco. Secondo un portavoce, le attività proseguono regolarmente, pur mantenendo alta l’attenzione in attesa che il fornitore di servizi ripristini completamente i sistemi compromessi.
la Supply chain e i rischi per le grandi aziende
In questo contesto storico, assistiamo sempre più spesso a perdite “collaterali” o disservizi legati a problematiche nella supply chain. Non si tratta di disserviI che avvengono direttamente dalle infrastrutture IT delle aziende colpite, ma di violazioni che interessano terze parti e fornitori esterni con cui esse collaborano. Questo scenario mette in evidenza come oggi i fornitori rappresentino un vero e proprio “tallone d’Achille” per la cybersecurity aziendale. Non solo nella produzione, ma anche nella protezione dei dati e dei servizi digitali, è fondamentale prestare la massima attenzione a queste dinamiche.
Gli attacchi alla supply chain possono manifestarsi in molteplici forme: vulnerabilità nei sistemi, infezioni malware, oppure condotte scorrette da parte di dipendenti infedeli. Gli effetti possono essere devastanti, arrivando a causare fermi delle linee produttive e danni a catena su clienti, partner e reputazione aziendale.
Per questo motivo, le attività di controllo e monitoraggio non devono limitarsi alle sole infrastrutture IT interne, ma devono necessariamente estendersi anche ai sistemi tecnologici di partner e fornitori. È fondamentale prevedere nei contratti specifiche clausole che regolamentino gli standard minimi di sicurezza informatica da rispettare.
In un contesto dove ogni anello della catena può rappresentare una vulnerabilità, è indispensabile investire con decisione nella gestione del rischio della supply chain. Il nostro consiglio è di adottare misure concrete che prevedano il diritto di audit, consentendo così al cliente di effettuare controlli periodici sulla sicurezza, per verificare il rispetto dei requisiti stabiliti nei contratti di fornitura. Approfondire questi aspetti non è più un’opzione, ma una necessità strategica per ogni azienda. Questo viene anche richiesto dal NIS2 che riporta che le entità devono adottare misure adeguate e proporzionate per valutare e gestire i rischi, compresi quelli relativi alla sicurezza delle catene di approvvigionamento, e garantiscono che i contratti con i fornitori includano clausole che permettano la verifica della conformità ai requisiti di sicurezza.
Infine, occorre ricordare che, nel momento in cui avviene una violazione, è quasi sempre il brand del cliente finale ad apparire sui giornali, mentre il fornitore coinvolto resta spesso in secondo piano. Un ulteriore motivo per cui la sicurezza nella catena di approvvigionamento non può essere trascurata.
L'articolo Un grave attacco informatico colpisce gli aeroporti europei. Voli fermi proviene da il blog della sicurezza informatica.
Fnirsi IPS3608: A Bench Power Supply With Serious Flaws
Fnirsi is one of those brands that seem to pop up more and more often, usually for portable oscilloscopes and kin. Their IPS3608 bench power supply is a bit of a departure from that, offering a mains-powered PSU that can deliver up to 36 VDC and 8 A in a fairly compact, metal enclosure. Recently [Joftec] purchased one of these units in order to review it and ended up finding a few worrying flaws in the process.
One of the claims made on the product page is that it is ‘much more intelligent than traditional power supplies’, which is quite something to start off with. The visual impression of this PSU is that it’s somewhat compromised already, with no earth point on the front next to the positive and negative banana plug points, along with a tilting screen that has trouble staying put. The USB-C and -A ports on the front support USB-PD 3.0 and a range of fast charge protocols
The ‘intelligence’ claim seems to come mostly from the rather extensive user interface, including a graphing function. Where things begin to fall apart is when the unit locks up during load testing presumably due to an overheating event. After hooking up an oscilloscope, the ripple at 1 VDC was determined to be about 200 mV peak-to-peak at 91 kHz. Ripple increased at higher voltages, belying the ’10 mV ultra-low ripple’ claim.
A quick teardown revealed the cause for the most egregious flaw of the unit struggling to maintain even 144 Watt output: a very undersized heatsink on the SMPS board. The retention issues with the tilting issue seemed to be due to a design choice that prevents the screen from rotating without breaking plastic. While this latter issue could be fixed, the buggy firmware and high ripple on the DC output make this €124 ‘285 Watt’ into a hard pass.
youtube.com/embed/qkTGTxcNuoQ?…
Fire Extinguishers, Optical Density Ratings and Safely Using Home Lasers
After [Ross] from FauxHammer miniature model fame got lured into reviewing laser engravers and similar via the Bambu Lab H2D’s laser module, he found himself getting slightly nervous about the whole ‘safety’ aspect of these lasers. After all, lasers can not only light stuff on fire, but it’s a well-known fact that even reflected laser light can be sufficient to cause permanent damage to your retinas. Or worse.
Since your eyes generally do not regenerate, it makes sense to get caught up on laser safety before turning on one of those plentiful-and-increasingly-affordable home laser systems for engraving and/or cutting.
While the issue of stuff catching on fire is readily solved by having a good CO2 extinguisher – and plan B options – at the ready, for safety glasses it’s significantly more complex. There’s not just the issue of finding glasses that block the wavelength of the laser system that you are using, but also with the right optical density (OD) rating. Every mm of the safety lens material can attenuate a certain amount of laser light at the given wavelength, so the OD rating of your laser safety goggles need to match the laser’s power output level, or you might be living with a false sense of security.
Finally, there is the issue of the smoke and fumes produced by these lasers as they obliterate the target material. Much of what is in this smoke you do not want to breathe in, even ignoring long-term dust and VOC exposure issues, so having a solid fume extraction setup and PPE as necessary are absolute necessities. As [Ross] puts it, you don’t want to breathe in the smell of regret today, for your future self to reflect on a decade from now.
Work safe, work smart, don’t become the subject of a laser safety PSA.
youtube.com/embed/rd6rCU8ZMhY?…
BCacheFS is now a DKMS Module After Exile from the Linux Kernel
It’s been a tense few months for users of the BCacheFS filesystem, as amidst the occasional terse arguments and flowery self-praise on the Linux Kernel mailing list the future of this filesystem within the Linux kernel hung very much in the balance. After some initial confusion about what ‘externally maintained’ means in Linux parlance, it’s now clear that this means that BCacheFS has effectively been kicked out of the kernel as [Linus] promised and will ship as a DKMS module instead. The gory details of this change are discussed in a recent video by [Brodie Robertson].
We covered the BCacheFS controversy in the Linux world a few months ago, amidst reports of data loss and filesystem corruption among its users. Its lead developer, [Kent Overstreet], came to blows with [Linus Torvalds] on the LKML after [Kent] insisted on repeatedly pushing new features into kernel release candidate branches along with rather haughty statements on why he should be able to do this.
To make a long story short, [Linus] didn’t like this and froze BCacheFS support in the current kernel release with all future in-kernel development ceased. Distributions like SuSE have initially said that will disable BCacheFS starting in kernel version 6.17, meaning that users of BCacheFS may now have to install the DKMS module themselves. Some distributions like Arch are likely to include this DKMS module by default, which is something you want to check if you use this filesystem.
youtube.com/embed/aG-nmpCTkoY?…
Test Pattern Generator for SCART and RGB TVs
CRTs don’t last forever, and neither do the electronics that drive them. When you have a screen starting to go wonky, then you need a way to troubleshoot which is at fault. A great tool for that is a pattern generator, but they’re not the easiest to come by these days. [baritonomarchetto] needed a pattern generator to help repair his favourite arcade machine, and decided to make his own DIY Portable RGB CRT Test Pattern Generator.
While he does cite [Nicholas Murray]’s RP2040 test pattern generator as a starting point (which itself builds on the PicoVGA library once featured here), he couldn’t just build one. That worthy project only outputs VGA and because [baritonomarchetto] is in Europe, he needed a SCART connector. Since he’s working on arcade machines, he needed non-SCART RGB signals, too. The arcade signals need to be at higher voltages (TLL level) than the RGB signal you’d find in SCART and VGA.
The upshot is while he’s using [Nicholas]’s code for the RP2040, he’s rolled his own PCB, including a different resistor ladders to provide the correct voltages depending on if he’s dealing with a home TV or arcade CRT. To make life easier, the whole thing runs off a 9V battery.
If you’re wondering what the point of these test patterns is, check out this 1981-vintage pattern generator for some context from the era. If a digital replica doesn’t float your boat, it is possible to recreate the original analog circuitry that generated these patterns back when the CRT was king.
Haasoscope Pro: Open-Everything 2 GHz USB Oscilloscope
Our hacker [haas] is at it again with the Haasoscope Pro, a full redesign of the original Haasoscope, which was a successful Crowd Supply campaign back in 2018.
This new Pro version was funded on Crowd Supply in April this year and increases the bandwidth from 60 MHz to 2 GHz, the vertical resolution from 8 to 12 bits, and the sample rate from 125 MS/s to 3.2 GS/s. Selling for $999 it claims to be the first open-everything, affordable, high-bandwidth, real-time sampling USB oscilloscope.
The firmware and software are under active development and a new version was released yesterday.
The hardware has an impressive array of features packed into a slick aluminum case with quiet 40 mm internal fan and 220 x 165 x 35 mm (8.66 x 6.5 x 1.38 in) form-factor weighing in at 0.9 kg (1.98 lbs). Also available is an active probe supporting up to 2 GHz analog bandwidth.
The Haasoscope Pro is miles ahead of alternatives such as this USB oscilloscope from back in 2010 and you can find a bunch of support material on GitHub: drandyhaas/HaasoscopePro.
youtube.com/embed/CLMbfLL2_jQ?…
Unobtanium No More; Perhaps We Already Have All The Elements We Need
It’s been a trope of the news cycle over the past decade or so, that there’s some element which we all need but which someone else has the sole supply, and that’s a Bad Thing. It’s been variously lithium, or rare earth elements, and the someone else is usually China, which makes the perfect mix of ingredients for a good media scare story. Sometimes these things cross from the financial pages to the geopolitical stage, even at times being cited in bellicose language. But is there really a shortage?
The Colorado School of Mines say perhaps not, as they’ve released a paper from an American perspective pointing out that the USA already has everything it needs but perhaps doesn’t realize it. We’re surprised it seems to have passed unnoticed in a world preoccupied with such matters.
We’ve covered a few stories about mineral shortages ourselves, and some of them even point to the same conclusion reached by the School of Mines, that those mineral riches lie not in the mines of China but in the waste products closer to American industry. In particular they point to the tailings from existing mines, a waste product of which there is a huge quantity to hand, and which once stripped of the metal they were mined for still contain enough of the sought-after ones to more than satisfy need.
The history of mining from medieval lead miners processing Roman tailings to 19th century gold miners discovering that their tailings were silver ore and on to the present day, includes many similar stories. Perhaps the real story is economic both in the publicity side and the mining side, a good scare story sells papers, and it’s just cheaper to buy your molybdenum from China rather than make your own. We’ll keep you posted if we see news of a tailings bonanza in the Rockies.
Hackaday Podcast Episode 338: Smoothing 3D Prints, Reading CNC Joints, and Detecting Spicy Shrimp
This week, Hackaday’s Elliot Williams and Kristina Panos met up over the tubes to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous seven days or so.
In Hackaday news, we’ve got a new contest running! Read all about the 2025 Component Abuse Challenge, sponsored by DigiKey, and check out the contest page for all the details. In sad news, American Science & Surplus are shuttering online sales, leaving just the brick and mortar stores in Wisconsin and Illinois.
On What’s That Sound, it’s a results show, which means Kristina gets to take a stab at it. She missed the mark, but that’s okay, because [Montana Mike] knew that it was the theme music for the show Beakman’s World, which was described by one contestant as “Bill Nye on crack”.
After that, it’s on to the hacks and such, beginning with a really cool way to smooth your 3D prints in situ. JWe take a much closer look at that talking robot’s typewriter-inspired mouth from about a month ago. Then we discuss several awesome technological feats such as running code on a PAX credit card payment machine, using the alphabet as joinery, and the invention of UTF-8 in general. Finally, we discuss the detection of spicy shrimp, and marvel at the history of email.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
html5-player.libsyn.com/embed/…
Download in DRM-free MP3 and savor at your leisure.
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 338 Show Notes:
News:
- 2025 Hackaday Component Abuse Challenge: Let The Games Begin!
- American Science And Surplus Ends Online Sales
What’s that Sound?
- Congratulations to [Montana Mike], the Beakmaniest of them all!
Interesting Hacks of the Week:
- Smooth! Non-Planar 3D Ironing
- A Closer Look Inside A Robot’s Typewriter-Inspired Mouth
- Running Code On A PAX Credit Card Payment Machine
- Jointly Is A Typeface Designed For CNC Joinery
- Complex Wood Joints, Thanks To New Software’s Interactive Features
- 50 Digital Wood Joints by Jochen Gros – WINTERDIENST
- Original Mac Limitations Can’t Stop You From Running AI Models
- UTF-8 Is Beautiful
Quick Hacks:
- Elliot’s Picks:
- Oil-Based Sprengel Pump Really Sucks
- Reverse-Engineering The Milwaukee M18 Diagnostics Protocol
- A 10″ Telescope, Because You Only Live Once
- USB-C PD Decoded: A DIY Meter And Logger For Power Insights
- Kristina’s Picks:
- Making A Laptop With A Mechanical Keyboard
- Hosting A Website On A Disposable Vape
- When Is Your Pyrex Not The Pyrex You Expect?
Can’t-Miss Articles:
hackaday.com/2025/09/19/hackad…
2025 Hackaday Component Abuse Challenge: Let The Games Begin!
In theory, all parts are ideal and do just exactly what they say on the box. In practice, everything has its limits, most components have non-ideal characteristics, and you can even turn most parts…Hackaday
Imagining the CPS-1: An Early 70s 4-bit Microcomputer from Canada
[Michael Gardi] wrote in to let us know about his project: CPS-1: Imagining An Early 70s 4-bit Microcomputer.
The CPS-1 was the first Canadian microprocessor-based computer. It was built by Microsystems International Ltd. (MIL) in Ottawa between 1972 and 1973 and it is unknown how many were made and in what configurations. The CPS-1 supported a 12-bit address bus and a 4-bit data bus. MIL also developed the supporting hardware including RAM. The processor was called the MIL 7114.
[Michael] worked in collaboration with [Zbigniew Stachniak] from York University Computer Museum. [Zbigniew] had developed a MIL CPS-1 Emulator and [Michael]’s job was to implement a front panel hardware interface for the emulator which runs on a Raspberry Pi. The only complication: there are no remaining CPS-1 computers, and no known photographs, so no one can say for sure what a real front panel might have looked like!
With a bit of guess work and 3D printing, as well as some inspiration from contemporaneous hardware such as the DEC PDP-11, [Michael] came up with an implementation. He used an IO extender HAT which adds 32 IO pins to the existing Pi GPIO pins that are accessible via an 3-wire I2C interface. This was enough hardware to support the 26 switches and 29 LEDs on the panel. There’s a brief demo of the custom printed switches in the video embedded below.
If you’re interested in old school 4-bit tech you might also like to check out 4-bit Single Board Computer Based On The Intel 4004 Microprocessor.
youtube.com/embed/tPiEd84HB2M?…
This Week in Security: The Shai-Hulud Worm, ShadowLeak, and Inside the Great Firewall
Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was millions of downloads on NPM, but this week it’s something much more concerning. Malware published on NPM is now looking for NPM tokens, and propagating to other NPM packages when found. Yes, it’s a worm, jumping from one NPM package to another, via installs on developer machines.
It does other things too, like grabbing all the secrets it can find when installed on a machine. If the compromised machine has access to a Github account, a new repo is created named Shai-Hulud, borrowed from the name of the sandworms from Dune. The collected secrets and machine info gets uploaded here, and a workflow also uploads any available GitHub secrets to the webhook.site domain.
How many packages are we talking about? At least 187, with some reports of over 500 packages compromised. The immediate attack has been contained, as NPM has worked to remove the compromised packages, and apparently has added filtering code that blocks the upload of compromised packages.
So far there hasn’t been an official statement on the worm from NPM or its parent companies, GitHub or Microsoft. Malicious packages uploaded to NPM is definitely nothing new. But this is the first time we’ve seen a worm that specializes in NPM packages. It’s not a good step for the trustworthiness of NPM or the direct package distribution model.
Token Impersonation in Azure
There’s an interesting write-up from [Dirk-jan Mollema] detailing his findings regarding Azure impersonation tokens and how to abuse them. This is about the Entra ID service, the identity and access management component of the Azure cloud. Azure has a function that allows a service like Exchange to generate an actor token, allowing the service to interact with the rest of Azure on behalf of a user.
These tokens are just signed JSON Web Tokens (JWTs). For a service to actually use one of these tokens, it’s embedded inside yet another, unsigned JWT. This outer token container has multiple fields indicating the the tenant that signed the inner token and the tenant the request is intended for. You may already wonder, what happens if we could get our hands on one of these double-wrapped tokens, and manipulate the target tenant field?
If an attacker can discover the tenant ID and a valid netId for a user in the victim tenant, one of these impersonation tokens could be generated from the attacker-owned tenant, and then manipulated to point to the victim tenant. From there, the attacker could perform any action as that user. It was an extremely significant flaw, and Microsoft pushed an immediate patch within days. The CVE scores a perfect 10 base score in the CVSS 3.1 scale.
ShadowLeak and Prompt Injection, the Attack That Won’t Go Away
There’s yet another example of weaponizing prompt injections against LLMs, in the form of ShadowLeak. And again, it’s the case where agentic AI can fall to social engineering.
The setup is that the AI is handling incoming emails, and the prompt is hidden inside an incoming email, perhaps as white text on a white background. The real challenge here isn’t sneaking the prompt in, but how to exfiltrate data afterwards. OpenAI’s Deep Research agent includes browser.open, to allow the AI to interact with the Internet. And of course, this gives the agent the ability to send data to a remote endpoint.
Firewall Warnings
SonicWall has announced that their MySonicWall systems were breached, and customers have been warned that their firewall configuration backups may have been compromised. These backups appear to include passwords.
Watchguard Firebox firewalls have an out-of-bounds write that can allow Remote Code Execution (RCE) on firewalls running VPNs with IKEv2. A fix is available for the units that are still actively supported, and it’s possible to mitigate against the flaw.
Inside The Great Wall
There was a huge, 600 GB leak last week, of source code and information about the Great Firewall of China. If you click through, the 600 GB leak is available to download, but it’s not something to download and interact with lightly. Put simply, it’s a lot of data produced by level state-sponsored actors, dealing with rather sensitive capabilities.
Among the non-source files, there are some interesting details, such as how the Chinese firewall has been exported to multiple other countries. The source code itself is still being analyzed, and so far it’s an interesting look into the cat and mouse game that has been long played between the Chinese government and VPN technologies. This leak will likely take quite some time to fully analyze, but promises to provide a significant look into the internals of the Great Firewall.
Bits and Bytes
LG TVs running WebOS had a fun issue, where plugging in a USB drive exposed the files on a web endpoint. The filename to download is specified via a parameter to that url, and that parameter doesn’t do path traversal filtering. This gives arbitrary read access to the whole device filesystem.
Google has uncovered and then squashed the SlopAds advertising fraud campaign. This campaign was a collection of apps that presented themselves as hastily made, “AI slop” apps. But when installed, these apps clicked as fast as they could on ads that paid out for the attackers. This represents 224 malicious applications removed, and was resulting in 2.3 billion ad hits per day.
The Inside Story of the UK’s Great CB Petrol Scam
Looking at gasoline prices today, it’s hard to believe that there was a time when 75 cents a gallon seemed outrageous. But that’s the way it was in the 70s, and when it tripped over a dollar, things got pretty dicey. Fuel theft was rampant, both from car fuel tanks — remember lockable gas caps? — and even from gas stations, where drive-offs became common, and unscrupulous employees found ways to trick the system into dispensing free gas.
But one method of fuel theft that escaped our attention was the use of CB radios to spoof petrol pumps, which [Ringway Manchester] details in his new video. The scam happened in the early 80s, only a few years after CB became legal in the UK but quite a while since illegal use had exploded. The trick involved a CB transceiver equipped with a so-called “burner,” a high-power and highly illegal linear amplifier used to boost the radiated power of the signal. When keyed up in the vicinity of dispensers with digital controls, the dispensing rate on the display would appear to slow down markedly, while the pump itself stayed at the same speed. The result was more fuel dispensed than the amount reported to the cashier.
If this sounds apocryphal, [Ringway] assures us that it wasn’t. When the spoofing was reported, authorities up to and including Scotland Yard investigated and found that it was indeed plausible. The problem appeared to be the powerful RF signal interfering with the pulses from the flowmeter on the dispenser. The UK had both 27 MHz and 934 MHz CB at the time; [Ringway] isn’t clear which CB band was used for the exploit, but we’d guess it was the former, in which case we can see how the signals would interfere. Another thing to keep in mind is that CB radios in the UK were FM, as opposed to AM and SSB in the United States. So we wonder if the same trick would have worked here.
At the end of the day, no matter how clever you are about it, theft is theft, and things probably aren’t going to go well for you if you try to pull this off today. Besides, it’s not likely that pumps haven’t been hardened against these sorts of attacks. Still, if you want a look inside a modern pump to see if you can find any weaknesses, have at it. Just don’t tell them where you heard about it.
youtube.com/embed/DI6OFzDChuQ?…
Threat landscape for industrial automation systems in Q2 2025
Statistics across all threats
In Q2 2025, the percentage of ICS computers on which malicious objects were blocked decreased by 1.4 pp from the previous quarter to 20.5%.
Percentage of ICS computers on which malicious objects were blocked, Q2 2022–Q2 2025
Compared to Q2 2024, the rate decreased by 3.0 pp.
Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 11.2% in Northern Europe to 27.8% in Africa.
Regions ranked by percentage of ICS computers on which malicious objects were blocked
In most of the regions surveyed in this report, the figures decreased from the previous quarter. They increased only in Australia and New Zealand, as well as Northern Europe.
Changes in percentage of ICS computers on which malicious objects were blocked, Q2 2025
Selected industries
The biometrics sector led the ranking of the industries and OT infrastructures surveyed in this report in terms of the percentage of ICS computers on which malicious objects were blocked.
Ranking of industries and OT infrastructures by percentage of ICS computers on which malicious objects were blocked
In Q2 2025, the percentage of ICS computers on which malicious objects were blocked decreased across all industries.
Percentage of ICS computers on which malicious objects were blocked in selected industries
Diversity of detected malicious objects
In Q2 2025, Kaspersky security solutions blocked malware from 10,408 different malware families from various categories on industrial automation systems.
Percentage of ICS computers on which the activity of malicious objects from various categories was blocked
The only increases were in the percentages of ICS computers on which denylisted internet resources (1.2 times more than in the previous quarter) and malicious documents (1.1 times more) were blocked.
Main threat sources
Depending on the threat detection and blocking scenario, it is not always possible to reliably identify the source. The circumstantial evidence for a specific source can be the blocked threat’s type (category).
The internet (visiting malicious or compromised internet resources; malicious content distributed via messengers; cloud data storage and processing services and CDNs), email clients (phishing emails), and removable storage devices remain the primary sources of threats to computers in an organization’s technology infrastructure.
In Q2 2025, the percentage of ICS computers on which threats from email clients were blocked continued to increase. The main categories of threats from email clients blocked on ICS computers are malicious documents, spyware, malicious scripts and phishing pages. The indicator increased in all regions except Russia. By contrast, the global average for other threat sources decreased. Moreover, the rates reached their lowest levels since Q2 2022.
Percentage of ICS computers on which malicious objects from various sources were blocked
The same computer can be attacked by several categories of malware from the same source during a quarter. That computer is counted when calculating the percentage of attacked computers for each threat category, but is only counted once for the threat source (we count unique attacked computers). In addition, it is not always possible to accurately determine the initial infection attempt. Therefore, the total percentage of ICS computers on which various categories of threats from a certain source were blocked exceeds the percentage of threats from the source itself.
The rates for all threat sources varied across the monitored regions.
- The percentage of ICS computers on which threats from the internet were blocked ranged from 6.35% in East Asia to 11.88% in Africa
- The percentage of ICS computers on which threats from email clients were blocked ranged from 0.80% in Russia to 7.23% in Southern Europe
- The percentage of ICS computers on which threats from removable media were blocked ranged from 0.04% in Australia and New Zealand to 1.77% in Africa
- The percentage of ICS computers on which threats from network folders were blocked ranged from 0.01% in Northern Europe to 0.25% in East Asia
Threat categories
A typical attack blocked within an OT network is a multi-stage process, where each subsequent step by the attackers is aimed at increasing privileges and gaining access to other systems by exploiting the security problems of industrial enterprises, including technological infrastructures.
It is worth noting that during the attack, intruders often repeat the same steps (TTPs), especially when they use malicious scripts and established communication channels with the management and control infrastructure (C2) to move laterally within the network and advance the attack.
Malicious objects used for initial infection
In Q2 2025, the percentage of ICS computers on which denylisted internet resources were blocked increased to 5.91%.
Percentage of ICS computers on which denylisted internet resources were blocked, Q2 2022–Q2 2025
The percentage of ICS computers on which denylisted internet resources were blocked ranged from 3.28% in East Asia to 6.98% in Africa. Russia and Eastern Europe were also among the top three regions for this indicator. It increased in all regions and this growth is associated with the addition of direct links to malicious code hosted on popular public websites and file-sharing services.
The percentage of ICS computers on which malicious documents were blocked has grown for two consecutive quarters. The rate reached 1.97% (up 0.12 pp) and returned to the level seen in Q3 2024. The percentage increased in all regions except Latin America.
The percentage of ICS computers on which malicious scripts and phishing pages were blocked decreased to 6.49% (down 0.67 pp).
Next-stage malware
Malicious objects used to initially infect computers deliver next-stage malware (spyware, ransomware, and miners) to victims’ computers. As a rule, the higher the percentage of ICS computers on which the initial infection malware is blocked, the higher the percentage for next-stage malware.
In Q2 2025, the percentage of ICS computers on which malicious objects from all categories were blocked decreased. The rates are:
- Spyware: 3.84% (down 0.36 pp);
- Ransomware: 0.14% (down 0.02 pp);
- Miners in the form of executable files for Windows: 0.63% (down 0.15 pp);
- Web miners: 0.30% (down 0.23 pp), its lowest level since Q2 2022.
Self-propagating malware
Self-propagating malware (worms and viruses) is a category unto itself. Worms and virus-infected files were originally used for initial infection, but as botnet functionality evolved, they took on next-stage characteristics.
To spread across ICS networks, viruses and worms rely on removable media, network folders, infected files including backups, and network attacks on outdated software such as Radmin2.
In Q2 2025, the percentage of ICS computers on which worms and viruses were blocked decreased to 1.22% (down 0.09 pp) and 1.29% (down 0.24 pp). Both are the lowest values since Q2 2022.
AutoCAD malware
This category of malware can spread in a variety of ways, so it does not belong to a specific group.
In Q2 2025, the percentage of ICS computers on which AutoCAD malware was blocked continued to decrease to 0.29% (down 0.05 pp) and reached its lowest level since Q2 2022.
For more information on industrial threats see the full version of the report.
Qilin Ransomware Colpisce Nel Profondo la Finanza Sudcoreana
Immaginate di svegliarvi una mattina e scoprire che i vostri dati finanziari sensibili – contratti, liste clienti, strategie di investimento – sono esposti su un sito nascosto del dark web, con un timer che minaccia di renderli pubblici se non pagate un riscatto. È esattamente ciò che è accaduto a dieci società di asset management in Corea del Sud, vittime della campagna “Korean Leak” orchestrata dal gruppo ransomware Qilin.
La Campagna “Korean Leak”: Le Dieci Vittime e i Dati Esposti
Attraverso attività di monitoraggio CTI e OSINT — con fonti come Ransomware.live e H4ckmanac — è emerso che il gruppo Qilin ha preso di mira il settore sudcoreano dell’asset management. La verifica diretta sul loro sito onion ha confermato la pubblicazione, in data 14/09, delle schede dedicate alle vittime identificate come Korean Leak, corredate da campioni di dati esfiltrati. Di seguito le dieci organizzazioni colpite, sulla base di rivendicazioni verificate e IOC estratti dal Data Leak Site (DLS):
- Human & Bridge Asset Management: Rivendicazione con sample di report finanziari e liste clienti; IOC include FTP endpoint per exfiltrazione
- Vanchor Asset Management: Pubblicati dettagli su portafogli investitori; MD5 hash associati a file leakati.
- Klarman Asset Management: Scheda con screenshot di documenti interni; IP tracciati per comando e controllo.
- Taurus Investment & Securities Co: Esposti dati HR e partnership; tool di esfiltrazione come WinSCP identificati nei log.
- Apex Asset Management: Leak di analisi rischio; hash file.
- LX Asset Management: Pubblicati budget e proiezioni; IOC include Proxychains per networking.
- Majesty Asset Management Co: Dati compliance e contabili; evasion tools come EDRSandBlast menzionati.
- Melon Asset Management Co: Liste investitori esfiltrate; credential theft via Mimikatz.
- Pollex Asset Management Co: Analisi M&A interne; IP C2.
- Awesome Asset Management Co: Piani marketing e anagrafiche; exfiltration tramite EasyUpload.io.
Queste rivendicazioni, mostrano un pattern di pubblicazione progressiva: preview iniziali seguiti da full dump se il riscatto non è pagato.
L’Origine di Qilin: Da Mitologia a Minaccia Cibernetica
Qilin non è solo un nome: deriva da una creatura mitologica cinese simbolo di cambiamenti epocali, e il gruppo lo usa per rivendicare una missione che va oltre il profitto criminale. Come emerge dall’intervista esclusiva di Red Hot Cyber, Qilin si presenta come sostenitore di un “mondo multipolare”, con toni anti-occidentali e una struttura decentralizzata che coinvolge team in molteplici paesi. Ma dietro la retorica, c’è un’operazione RaaS (Ransomware-as-a-Service) sofisticata, con payload in Rust e C sviluppati internamente per evadere le difese.
Il gruppo è attivo dal 2022 e ha scalato le classifiche delle minacce: solo ad aprile 2025 ha rivendicato 72 vittime, inclusa l’ondata sudcoreana. La loro infrastruttura include un Data Leak Site (DLS) su Tor, noto come “WikiLeaks V2”, accessibile via onion address come ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion, dove pubblicano dati per pressione estorsiva.
Come Funziona l’Attacco: Tattiche e Tool Rivendicati
Dall’intervista di Red Hot Cyber, Qilin rivela di usare “tutto”: phishing, exploit 0-day/1-day ricercati internamente, e permanenza prolungata nelle reti per studiare processi prima della cifratura. Il loro stack include:
- Discovery: Nmap, Nping per mappatura reti.
- RMM Tools: ScreenConnect per accesso remoto.
- Defense Evasion: EDRSandBlast, PowerTool, driver come Toshiba power management per BYOVD.
- Credential Theft: Mimikatz per estrazione credenziali.
- OffSec: Cobalt Strike, Evilginx, NetExec per esecuzione avanzata.
- Networking: Proxychains per anonimizazione.
- LOLBAS: fsutil, PsExec, WinRM per abuso di tool legittimi.
- Exfiltration: EasyUpload.io per upload dati.
IOC specifici estratti includono IP C2 come 176.113.115.97 e numerosi MD5 hash di payload, confermando l’uso di FTP per trasferimento dati sottratti.
Il Modello di Business: RaaS e Pressione Legale
Qilin opera come RaaS con split 80/20 (affiliati/servizio), e parte dei ricavi è dichiarata destinata a “movimenti per la libertà”. La “doppia estorsione” è evoluta: oltre alla cifratura, minacciano aste, vendita a concorrenti o pubblicazione totale. Offrono persino “immunità” preventiva a pagamento, paragonata a un “vaccino”
Nel 2025, hanno aggiunto il “pacchetto intimidazione”: team legali e giornalisti interni per negoziazioni e campagne mediatiche, con 1 PB di storage e tool DDoS integrati. Qilin non è solo codice: è una minaccia ibrida che mescola crimine, ideologia e innovazione. Capirla è il primo passo per contrastarla.
L'articolo Qilin Ransomware Colpisce Nel Profondo la Finanza Sudcoreana proviene da il blog della sicurezza informatica.
Dirty Pots, Meet Power Tools!
Let’s face it, nobody likes scrubbing, but what option do you have? You can’t exactly break out the grinder to clean off the remains of last nights dinner… right? Well, maybe not a grinder, but thanks to this hack by [Markus Opitz], you can use an oscillating tool.
It’s a simple enough hack: [Markus] modeled the attachment for his Bosch oscillating tool in Tinkercad, and created a bracket to hold a large metal binder clip. The clip attaches with a screw, and can hold whatever scrubbing pad your carpel-tunnel afflicted hands can’t bear to hold on to. He’s using a self-cleaning stainless-steel sponge.
One nice touch is a pair of protective lips on the jaws of the metal clip, to keep it from accidentally scratching the delicate surface under care. Of course if you have a drill or a Dremel handy you can buy attachments for polishing disks of various grits, but what’s the fun in that? Doing the dishes with a hacked-together oscillating tool just somehow seems more fun. Plus this way you can’t accidentally produce an engine-turning pattern.
We don’t seem to have featured many hacks for these fun, buzzing, multi-purpose tools, so if you’ve got one send us a tip. We did feature an oscillating cutter for CNC once, but that was fully DIY.
Pronti per il Blocco Note con l’AI? Presto su Windows 11 con PC Copilot+!
Gli utenti Windows 11 con PC Copilot+ potranno usufruire di funzionalità avanzate di intelligenza artificiale, ormai parte integrante dell’applicazione Blocco note, grazie ad un aggiornamento che include potenti strumenti per la creazione e la modifica del testo. Tra le nuove funzionalità ci sono “Riepiloga”, “Scrivi” e “Riscrivi”, utilizzabili senza necessità di sottoscrivere un abbonamento, direttamente sul dispositivo.
Gli strumenti innovativi basati sull’intelligenza artificiale, integrati in Blocco note, consentono agli utenti di creare, ottimizzare e sintetizzare il testo in modo efficiente. Funzionando direttamente sulla Neural Processing Unit (NPU) dei PC Copilot+, questi strumenti operano in locale, permettendo un utilizzo offline senza necessità di un abbonamento a Microsoft 365 o di accesso a un account Microsoft.
Un elemento cruciale di questo aggiornamento riguarda il cambio di strategia verso un modello di intelligenza artificiale incorporato direttamente nel dispositivo. Ciò consente una maggiore accessibilità a funzionalità avanzate di supporto alla scrittura. In passato, le capacità di intelligenza artificiale integrate in Blocco note dipendevano dall’elaborazione cloud e richiedevano sottoscrizioni a Microsoft 365, che mettevano a disposizione un quantitativo prestabilito di crediti di intelligenza artificiale. Adesso, grazie a PC Copilot+, gli utenti possono usufruire gratuitamente e senza restrizioni di tali funzionalità.
Gli utenti che sottoscrivono un abbonamento a Microsoft365 possono beneficiare di un sistema più versatile. A seconda delle loro necessità, è possibile passare agevolmente dalla versione gratuita, integrata nel dispositivo, alla versione avanzata basata sul cloud. Questo modello ibrido fa sì che gli strumenti di intelligenza artificiale di alta qualità siano accessibili a un’utenza più vasta, pur mantenendo disponibili funzionalità avanzate per chi ha sottoscritto l’abbonamento. Inizialmente, il lancio di queste funzioni sarà limitato a contenuti in lingua inglese.
Un’innovazione sostanziale caratterizza l’editor di testo classico con l’introduzione dell’intelligenza artificiale. Grazie alla funzione “Riscrivi”, è possibile adeguare il tono, il formato e la lunghezza di contenuti già esistenti, mentre la funzione “Scrivi” permette agli utenti di produrre nuovo testo partendo da un semplice suggerimento. Inoltre, con “Riepiloga”, gli utenti possono velocemente sintetizzare documenti estesi in resoconti compatti.
Questo aggiornamento segue una serie di recenti miglioramenti al Blocco Note, tra cui l’aggiunta di tabulazioni, un contatore di caratteri, il controllo ortografico e la correzione automatica, trasformandolo in un editor più completo. Gli utenti che preferiscono l’esperienza classica e senza fronzoli avranno la possibilità di disattivare le nuove funzionalità di intelligenza artificiale nelle impostazioni dell’app.
La nuova versione di Notepad (11.2508.28.0) è attualmente in fase di distribuzione per i Windows Insider nei canali Canary e Dev e si prevede che sarà disponibile per tutti gli utenti di Windows 11 con hardware compatibile nelle prossime settimane.
L'articolo Pronti per il Blocco Note con l’AI? Presto su Windows 11 con PC Copilot+! proviene da il blog della sicurezza informatica.
A GEM Of A Desktop Environment
Desktop environments are the norm as computer interfaces these days, but there was once a time when they were a futuristic novelty whose mere presence on a computer marked it out as something special. In the early 1980s you could buy an expensive but very fancy Mac from Apple, while on the PC there were early Windows versions, and GEM from Digital Research. It’s something of a footnote here in 2025, and some insight as to why comes from [Programming at the right level] with a retrospective on the software.
Coming from the perspective of an Atari user whose ST shipped with a version of GEM, it tracks the projects from its earliest roots with a Xerox employee, through development to launch on the PC and Atari ST. We learn about an Apple legal threat that resulted in the hobbled interface many of us remember from later GEM versions, and about the twists and turns in its path before the final dissolution of DR in the early 1990s.
From 2025 it’s clear that Windows won the PC desktop battle not by being special but by being the default; when GEM was an add-on extra it would have been a tough sell. The software was eventually made open-source by the eventual owner of the DR assets, Caldera (when they weren’t trying to torpedo Linux, presumably), and can be run today on FreeDOS.
GEM header image: Rolf Hartmann, CC BY-SA 3.0.
Think You Need a New PC for Windows 11? Think Again
As the sun sets on Windows 10 support, many venues online decry the tsunami of e-waste Windows 11’s nonsensical hardware requirements are expected to create. Still more will offer advice: which Linux distribution is best for your aging PC? [Sean] from Action Retro has an alternate solution: get a 20 year old Sun Workstation, and run Windows 11 on that.
The Workstation in question from 2005 is apparently among the first Sun made using AMD’s shiny new 64-bit Opteron processor. Since Windows has no legacy 32-bit support– something it shares with certain Linux distributions– this is amongst the oldest hardware that could conceivably install and run Redmond’s latest.
And it can! Not in unaltered form, of course– the real hack here is courtesy of [ntdevlabs], whose “Tiny11” project strips all the cruft from Windows 11, including its hardware compatibility checker. [ntdevlabs] has produced a Tiny11Builder script that is available on GitHub, but the specific version [Sean] used is available on Archive.org.
[Sean] needed the archived version of Tiny11 because Windows 11 builds newer than 22H2 use the POPCNT operation, which was not present in AMD’s first revision of the x86_64 instruction set. POPCNT is part of Intel’s SSE4 extension from 2007, a couple years after this workstation shipped.
If you’re sick of being told to switch to Linux, but can’t stomach staying with Windows either, maybe check out Haiku, which we reported as ready for daily driving early last year.
youtube.com/embed/LuyC0y7Ahfg?…
A Deep Dive on Creepy Cameras
George Orwell might’ve predicted the surveillance state, but it’s still surprising how many entities took 1984 as a how-to manual instead of a cautionary tale. [Benn Jordan] decided to take a closer look at the creepy cameras invading our public spaces and how to circumvent them.
[Jordan] starts us off with an overview of how machine learning “AI” is used Automated License Plate Reader (ALPR) cameras and some of the history behind their usage in the United States. Basically, when you drive by one of these cameras, an ” image segmentation model or something similar” detects the license plate and then runs optical character recognition (OCR) on the plate contents. It will also catalog any bumper stickers with the make and model of the car for a pretty good guess of it being your vehicle, even if the OCR isn’t 100% on the exact plate sequence.
Where the video gets really interesting is when [Jordan] starts disassembling, building, and designing countermeasures to these systems. We get a teardown of a Motorola ALPR for in-vehicle use that is better at being closed hardware than it is at reading license plates, and [Jordan] uses a Raspberry Pi 5, a Halo AI board, and You Only Look Once (YOLO) recognition software to build a “computer vision system that’s much more accurate than anything on the market for law enforcement” for $250.
[Jordan] was able to develop a transparent sticker that renders a license plate unreadable to the ALPR but still plainly visible to a human observer. What’s interesting is that depending on the pattern, the system could read it as either an incorrect alphanumeric sequence or miss detecting the license plate entirely. It turns out, filtering all the rectangles in the world to find just license plates is a tricky problem if you’re a computer. You can find the code on his Github, if you want to take a gander.
You’ve probably heard about using IR LEDs to confuse security cameras, but what about yarn? If you’re looking for more artistic uses for AI image processing, how about this camera that only takes nudes or this one that generates a picture based on geographic data?
youtube.com/embed/Pp9MwZkHiMQ?…
Enhanced Definition TV: “A Poor Man’s High-Def”
Although to many of us the progression from ‘standard definition’ TV and various levels of high-definition at 720p or better seemed to happen smoothly around the turn of the new century, there was a far messier technological battle that led up to this. One of these contenders was Enhanced Definition TV (EDTV), which was 480p in either 4:3 or 16:9, as a step up from Standard Definition TV (SDTV) traditional TV quality. The convoluted history of EDTV and the long transition to proper HDTV is the subject of a recent video by [VWestlife].
One reason why many people aren’t aware of EDTV is because of marketing. With HDTV being the hot new bullet point to slap on a product, a TV being widescreen was often enough to market an EDTV with 480p as ‘HD’, not to mention the ‘HD-compatible’ bullet point that you could see everywhere.
That said, the support for digital 480p and ‘simplified 1080i’ signals of EDTV makes these displays still quite usable today, more than SDTV CRTs and LCDs that are usually limited to analog signals-only at regular NTSC, PAL or SECAM. It may not be HD, but at least it’s enhanced.
youtube.com/embed/J0as4DiswGU?…
Worst Clock Ever Teaches You QR Codes
[WhiskeyTangoHotel] wrote in with his newest clock build — and he did warn us that it was minimalist and maybe less than useful. Indeed, it is nothing more than a super-cheap ESP32-C3 breakout board with an OLED screen and some code. Worse, you can’t even tell the time on it without pointing your cell phone at the QR code it generates. Plot twist: you skip the QR code and check the time on your phone.
But then we got to thinking, and there is actually a lot to learn from here on the software side. This thing pulls the time down from an NTP server, formats it into a nice human-readable string using strftime, throws that string into a QR code that’s generated on the fly, and then pushes the bits out to the screen. All in a handful of lines of code.
As always, the secret is in the libraries and how you use them, and we wanted to check out the QR code generator, but we couldn’t find an exact match for QRCodeGenerator.h. Probably the most popular library is the Arduino QRCode library by [ricmoo]. It’s bundled with Arduino, but labelled version 0.0.1, which we find a little bit modest given how widely it’s used. It also hasn’t been updated in eight years: proof that it just works?
That library drew from [nayuki]’s fantastically documented multi-language QR-Code-generator library, which should have you covered on any platform you can imagine, with additional third-party ports to languages you haven’t even heard of. That’s where we’d go for a non-Arduino project.
What library did [WTH] use? We hope to find out soon, but at least we found a couple good candidates, and it appears to be a version of one or the other.
We’ve seen a lot of projects where the hacker generates a QR code using some online tool, packs the bits into a C header array, and displays that. That’s fine when you only need a single static QR code, but absolutely limiting when you want to make something dynamic. You know, like an unreadable clock.
You will not be surprised to know that this isn’t the first unreadable QR-code clock we’ve featured here. But it’s definitely the smallest and most instructive.
youtube.com/embed/rA7HXQxqpPA?…