Precision Reference Puts Interesting Part to Work
Interesting parts make for interesting projects, and this nifty precision voltage reference has some pretty cool parts, not to mention an interesting test jig.
The heart of [Gaurav Singh]’s voltage reference is an ADR1399, precision shunt reference from Analog Devices. The datasheet makes for pretty good reading and reveals that there’s a lot going on inside the TO-49 case, which looks unusually large thanks to a thick plastic coat. The insulation is needed for thermal stability for the heated Zener diode reference. The device also has a couple of op-amps built in, one that provides closed-loop voltage control and another that keeps the internal temperature at a toasty 95°C. The result is a reference that’s stable over a wide range of operating conditions.
[Gaurav]’s implementation maximizes this special part’s capabilities while making it convenient to use. The PCB has a precision linear regulator that accepts an input voltage from 16 V to 20 V, plus a boost converter that lets you power it from USB-C. The board itself is carefully designed to minimize thermal and mechanical stress, with the ADR1399 separated from the bulk of the board with wide slots. The first video below covers the design and construction of an earlier rev of the board.
One problem that [Gaurav] ran into with these boards was the need to age the reference with an extended period of operation. To aid in that, he built a modular test jig that completed PCBs can be snapped into for a few weeks of breaking in. The jigs attach to a PCB with pogo pins, which mate to test points and provide feedback on the aging process. See the second video for more details on that.
youtube.com/embed/Ty0r_sLv-CI?…
youtube.com/embed/RvmJLGUzDS0?…
$800 per compromettere un contractor nucleare UK? Gli IaB alzano la posta in gioco!
Nelle ultime ore un’escalation di post nella sezione “Access Market” del famoso forum nel DarkWeb. In vendita accessi ad una azienda di software italiana “Italian B2B Enterprise Software Solutions”, ad una delle più antiche università europee “One of Europe’s most oldest Universities”, a diverse municipalità degli stati uniti e molto altro.
L’hacker, che opera sotto lo pseudonimo di MYAKO, nelle ultime ore sta postando decine di accessi a enti governativi americani, ad aziende, a istituti pubblici e privati. I prezzi (tutti non negoziabili) variano da qualche centinaio di dollari a diverse migliaia. Le tipologie di accessi in vendita sono le più varie. Si possono comprare accessi ai firewall con privilegi di root, accessi ai sistemi di management ecc.
MYAKO vende anche “know how”. Nel suo post del 4 febbraio con oggetto “Intermediate Cyber Operations Guide” dove puoi “scoprire come navigare nel complesso panorama dello sfruttamento dei sistemi, della persistenza e del pivoting dal punto di vista di qualcuno che ha costantemente dimostrato la fragilità anche delle infrastrutture più ‘sicure’.” Per 500 dollari un pacchetto completo di: how-to, tool, repository, guide step-by-step. Il tutto scritto in linguaggio chiaro e conciso per appiattire la curva di apprendimento.
MYAKO si definisce un “operatore” autonomo, non sponsorizzato da qualche nazione. Si promuove facendo riferimento a diverse pubblicazioni che “parlano” di lui. Un’interessante intervista che ha rilasciato a Osint10x mette in luce il modo in cui opera, le tecniche, le procedure (TTPs). Osint10x lo identifica anche come admin di HellCat Group. Nell’intervista lui si dice interessato solo ai soldi.
ThreatMon lo identifica come “An Emerging Threat Actor with Advanced Capabilities” che utilizza tecniche di OSINT per identificare target di alto valore. Un suo biglietto da visita: il 13 dicembre 2024 ha messo in vendita per 2000 dollari l’accesso ad un firewall di una divisione dell’FBI, accesso venduto il 14 dicembre 2024.
Altro target italiano un ente di istruzione privato italiano. Sempre in vendita accesso root al firewall.
Per concludere è importante capire che ruolo giocano gli IAB (Initial Access Broker) nel panorama dell’underground, aprendo le porte a gruppi hacker che poi sfruttano questi accessi per portare a segno attacchi più importanti e potenzialmente devastanti.
L'articolo $800 per compromettere un contractor nucleare UK? Gli IaB alzano la posta in gioco! proviene da il blog della sicurezza informatica.
Make a Secret File Stash In The Slack Space
Disk space is allocated in clusters of a certain size. When a file is written to disk and the file size is smaller than the cluster(s) allocated for it, there is an unused portion of varying size between the end of the file’s data and the end of the allocated clusters. This unused space is the slack space, it’s perfectly normal, and [Zachary Parish] had an idea to write a tool to hide data in it.The demo uses a usb drive, using the slack space from decoy files to read and write data.
[Zachary]’s tool is in Python and can map available slack space and perform read and write operations on it, treating the disparate locations as a single unified whole in which to store arbitrary files. A little tar
and gzip
even helps makes things more efficient in the process.
There’s a whole demo implemented on Linux using a usb drive with some decoy files to maximize the slack space, and you can watch it in action in the video embedded below. It’s certainly more practical than hiding data in a podcast!
Note that this is just a demo of the concept. The approach does have potential for handling secret data, but [Zachary] points out that there are — from a serious data forensics point of view– a number of shortcomings in its current form. For example, the way the tool currently structures and handles data makes it quite obvious that something is going on in the slack space.
[Zachary] created this a few years ago and has some ideas about how to address those shortcomings and evolve the tool, so if you have ideas of your own or just want to try it out, the slack_hider
GitHub repository is where you want to go.
youtube.com/embed/ooYwYke9UFk?…
Nice PDF, But Can It Run Linux? Yikes!
The days that PDFs were the granny-proof Swiss Army knives of document sharing are definitely over, according to [vk6]. He has managed to pull off the ultimate mind-bender: running Linux inside a PDF file. Yep, you read that right. A full Linux distro chugging along in a virtual machine all encapsulated within a document. Just when you thought running DOOM was the epitome of it. You can even try it out in your own browser, right here. Mind-boggling, or downright Pandora’s box?
Let’s unpack how this black magic works. The humble PDF file format supports JavaScript – with a limited standard library, mind you. By leveraging this, [vk6] managed to compile a RISC-V emulator (TinyEMU) into JavaScript using an old version of Emscripten targeting asm.js instead of WebAssembly. The emulator, embedded within the PDF, interfaces with virtual input through a keyboard and text box.
The graphical output is ingeniously rendered as ASCII characters – each line displayed in a separate text field. It’s a wild solution but works astonishingly well for something so unconventional.
Security-wise, this definitely raises eyebrows. PDFs have long been vectors for malware, but this pushes things further: PDFs with computational power. We know not to trust Word documents, whether they just capable of running Doom, or trash your entire system in a blink. This PDF anomaly unfolds a complete, powerful operating system in front of your very eyes. Should we think lightly, and hope it’ll lead to smarter, more interactive PDFs – or will it bring us innocent looking files weaponized for chaos?
Curious minds, go take a look for yourself. The project’s code is available on GitHub.
youtube.com/embed/cWnN-FA3zRM?…
Blinds Automated With Offline Voice Recognition
Blinds are great for keeping light out or letting light in on demand, but few of us appreciate having to walk over and wind them open and shut on the regular. [DIY Builder] resented this very task, so set about creating an automated system to do the job for him.
The blinds in question use a ball chain to open and close, which made them relatively easy to interface with mechanically. [DIY Builder] set up a NEMA 17 stepper motor with an appropriate 3D-printed gear to interface with the chain, allowing it to move the blinds accurately. The motor is controlled via an Arduino Nano and an A4988 stepper motor driver.
However, that only covered the mechanical side of things. [DIY Builder] wanted to take the build a step further by making the blinds voice activated. To achieve this, the Arduino Nano was kitted out with a DFRobot Gravity voice recognition module. It’s a super simple way to do voice recognition—it’s an entirely offline solution with no cloud computing or internet connection required. You just set it up to respond to simple commands and it does the rest.
The result is a voice activated blind that works reliably whether your internet is up or not. We’ve seen some other great projects in this space, too. Video after the break.
youtube.com/embed/xdABENCrh98?…
Upgrading RAM on a Honda Infotainment System
Car infotainment systems somehow have become a staple in today’s automobiles, yet when it comes down to it they have all the elegance of a locked-down Android tablet. In the case of the Honda infotainment system that [dosdude1] got from a friend’s 2016/2017-era Honda Accord, it pretty much is just that. Powered by a dual-core Cortex-A15 SoC, it features a blazin’ 1 GB of RAM, 2 GB of storage and runs Android 4.2.2. It’s also well-known for crashing a lot, which is speculated to be caused by Out-of-RAM events, which is what the RAM upgrade is supposed to test.
After tearing down the unit and extracting the main board with the (Renesas) SoC and RAM, the SoC was identified as being an automotive part dating back to 2012. The 1 GB of RAM was split across two Micron-branded packages, leaving one of the memory channels on the SoC unused and not broken out. This left removing the original RAM chips to check what options the existing pads provided, specifically potential support for twin-die chips, but also address line 15 (A15). Unfortunately only the A15 line turned out to be connected.
This left double capacity (1 GB) chips as the sole option, meaning a total of 2 GB of RAM. After installation the infotainment system booted up, but only showed 1 GB installed. Cue hunting down the right RAM config bootstrap resistor, updating the boot flags and updating the firmware to work around the LINEOWarp hibernation image that retained the 1 GB configuration. Ultimately the upgrade seems to work, but until the unit is reinstalled in the car and tested it’s hard to say whether it fixes the stability issues.
Thanks to [Dylan] for the tip.
youtube.com/embed/9N1_8vz6R78?…
DeepSeek Nel Mirino! L’app iOS trasmette i dati ai backend senza crittografia!
I ricercatori di NowSecure hanno avviato un audit di sicurezza sull’app mobile DeepSeek per iOS e hanno scoperto gravi problemi. Il principale è che l’applicazione trasmette dati sensibili senza alcuna crittografia, esponendoli al rischio di intercettazione e manipolazione. Gli esperti sottolineano inoltre che l’applicazione non rispetta le norme di sicurezza e raccoglie una grande quantità di dati sugli utenti e sui loro dispositivi.
“DeepSeek per iOS trasmette alcuni dati di accesso tramite Internet senza crittografia”, hanno scritto gli analisti. – Ciò espone tutti i dati presenti nel traffico Internet ad attacchi sia passivi che attivi. DeepSeek per iOS disattiva a livello globale App Transport Security (ATS), una funzionalità di sicurezza a livello di piattaforma iOS che impedisce l’invio di dati sensibili tramite canali non crittografati. Poiché questa protezione è disattivata, l’app può trasmettere (e lo fa) dati non crittografati su Internet.”
Il rapporto di NowSecure elenca anche una serie di debolezze nell’implementazione della crittografia dei dati degli utenti. Tra questi rientra l’uso dell’algoritmo non sicuro 3DES; chiavi simmetriche che sono le stesse per tutti gli utenti iOS e sono codificate e memorizzate sul dispositivo; riutilizzo dei vettori di inizializzazione.
Inoltre, è stato rivelato che i dati venivano trasmessi a server gestiti dalla piattaforma di cloud computing e archiviazione dati Volcano Engine, di proprietà della società cinese ByteDance, proprietaria anche di TikTok.
I ricercatori hanno avvertito che, sebbene alcuni di questi dati fossero correttamente crittografati tramite TLS, una volta decrittografati sui server controllati da ByteDance, le informazioni sarebbero potute essere abbinate ad altri dati degli utenti raccolti altrove. Ciò potrebbe in ultima analisi portare all’identificazione di individui specifici e al potenziale monitoraggio delle richieste.
Sebbene la verifica di NowSecure non sia ancora stata completata, i ricercatori si sono subito affrettati ad avvertire che l’app DeepSeek per iOS “non è progettata o preparata per fornire una protezione di base per i tuoi dati e la tua identità”.
Secondo loro, DeepSeek per iOS non rispetta nemmeno le regole di sicurezza fondamentali, deliberatamente o accidentalmente. Allo stesso tempo, gli esperti hanno ritenuto l’app DeepSeek per Android ancora più problematica e hanno consigliato di rimuoverla.
Va notato che la scorsa settimana l’Associated Press ha riferito che il sito web DeepSeek è stato creato per trasmettere i dati degli utenti all’infrastruttura di China Mobile, una società di telecomunicazioni statale cinese a cui è vietato operare negli Stati Uniti.
Ad oggi, diversi paesi, tra cui Australia, Paesi Bassi e Corea del Sud, nonché numerose agenzie governative in India e negli Stati Uniti, hanno vietato l’uso di DeepSeek sui dispositivi governativi per motivi di sicurezza nazionale.
L'articolo DeepSeek Nel Mirino! L’app iOS trasmette i dati ai backend senza crittografia! proviene da il blog della sicurezza informatica.
Make Custom Shirts With a 3D Print, Just Add Bleach
Bleach is a handy way to mark fabrics, and it turns out that combining bleach with a 3D-printed design is an awfully quick-working and effective way to stamp a design onto a shirt.Plain PLA stamp with bleach gives a slightly distressed look to this design.
While conceptually simple, the details make the difference. Spraying bleach onto the stamp surface helps get even coverage, and having the stamp facing “up” and lowering the shirt onto the stamp helps prevent bleach from running where it shouldn’t. Prompt application of hot air with a heat gun (followed by neutralizing or flushing any remaining bleach by rinsing in plenty of cold water) helps keep the edges of the design clean and sharp.
We wondered if combining techniques with some of the tips on how to 3D print ink stamps would yield even better results. For instance, we notice the PLA stamp (used to make the design in the images here) produces sharp lines with a slightly “eroded” look overall. This is very much like the result of inking with a stamp printed in PLA. With a stamp printed in flex filament, inking gives much more even results, and we suspect the same might be true for bleach.
Of course, don’t forget that it’s possible to 3D print directly onto fabric if you want your designs to be a little more controlled (and possibly in multiple colors). Or, try silkscreening. Who knew there were so many options for putting designs onto shirts? If you try it out and learn anything, let us know by sending in a tip!
youtube.com/embed/LBNN1thLB3E?…
Keebin’ with Kristina: the One with the SEGA Pico Keyboard
It’s been a minute since I featured a tiny keyboard, and that’s okay. But if you want to get your feet wet in the DIY keyboarding community, making a little macro pad like [Arnov Sharma]’s Paste Pal is a great place to start.
Image by [Arnov Sharma] via Hackaday.IOThis is a follow-up to his original Paste Pal, which only had two buttons for copy and paste plus an OLED display. This updated version does three more things thanks to a total of five blue (!) switches. The selected command shows up on the screen so you know what you’ve done.
Right now, [Arnov] has the Paste Pal set up to do Copy, Paste, Enter, Scroll Up, and Scroll Down, but changing the assignments is as easy as updating a few lines of code.
Paste Pal Mk. II is at heart a Seeed Xiao SAMD21, which in this case is programmed in Arduino. If you want to make things easier on yourself, you could program it in CircuitPython instead, although [Arnov] includes the Arduino code in his excellent build guide.
A Good Soldier, Indeed
RIP to [Pure-Bullfrog-2569]’s 7-year-old masterpiece of a hand-wired build, which recently gave its last keystroke.
Image by [Pure-Bullfrog-2569] via redditEvidently this beauty is heavy, crappy, and hand-wired, but I have big doubts about the crappy part. It’s built out of layers of laser cut wood and hand-painted. It took [Pure-Bullfrog-2569] the better part of a year to pull this together. And now they feel too lazy to debug it.
At the urging of many redditors, it appears that [Pure-Bullfrog-2569] will set the keyboard aside for a later date, rather than just throwing or parting it out, or hanging it on the wall.
The controller itself is dead, which was a fake Teensy anyway, so maybe they’ll solder in an RP2040 or something and bring it back to life. Apparently it sounded pretty cool to type on. I bet it did!
The Centerfold: Screens, Screens Everywhere
Image by [theslinkyvagabond] via redditDo you like screens, bro? Some people do. I myself have two, but I also used a tablet back when I was streaming so I could manage my unruly chat full of tumbleweeds and crickets. Having sort of been there, I can see why a person would want a lot of screens if they have a lot going on. Apparently [theslinkyvagabond] does, what with the three-server home lab and all to manage. Maybe it’s the relative darkness, or the fact that all the screens are currently the same, but this somehow seems cozy for a five-screen setup. No mention of the keyboards, although the one on the left looks intriguing.
Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!
Historical Clackers: the SEGA Pico Keyboard
I know, I know; this looks like my typical centerfold choice. But hear me out. So I was trying to get ChatGPT to trawl GitHub for new-ish hardware keyboard projects on my behalf, and it came back with this intriguing picture of a SEGA keyboard. There was also a Hello Kitty variant!Image via Video Game Database
Now of course the actual link it listed goes to a DIY keyboard with a Raspberry Pi Pico inside, which is a nice build, by the way. You should check it out.
But anyway, back to this Japanese Fisher Price situation. It is apparently an accessory for the SEGA Pico system, which was a lot like a LeapPad, and used the same processor as the SEGA Mega Drive. It did sell in North America and Europe, but only for an unsuccessful four years before being discontinued. Apparently it has a regular PS/2 connector (Indonesian, translated) and works just fine as a computer input.
I don’t know what kind of switches this thing has, but I would love to find out. It looks fun to type on, at least. And I don’t just mean because of the colors. Those keycaps remind me of that 80s square gum with the goo inside. Freshen Up.
Finally, a Keyboard for Writers
So this floaty mechanical keyboard is the latest offering from Astrohaus, who rose to fame with their AlphaSmart NEO-like device called the Freewrite, which apparently I disliked enough to never even cover. Why bother with that when you have OG NEOs lying around? Also, those Freewrite things are pricey for what they are, and I’ve seen plenty of writer decks on Hackaday to believe that I could build my own if I wanted.Image via Astrohaus/Freewrite
Much like the Freewrite, the Wordrunner is aimed squarely at writers. And how do we feel about it? Well, as much as I love my Kinesis Advantage, it sure doesn’t have an electromechanical word counter or a sprint timer built into it like this one does.
It looks white, but the body is all metal and feels great according to Tom’s Hardware. All Wordrunners will ship with Kailh box browns and are not hot-swappable. Well, I suppose these are for writers and not necessarily keyboard enthusiasts. Perhaps the most interesting bit is that the F keys are replaced by common writerly actions, and there are a couple of programmable macro keys on top of those.
If there’s one thing writers love, it’s watching that word count go up. I can imagine how awesome it would be to watch it spin the faster you type, although that might trigger an urge to write nonsense. But sometimes great things come from such brainstorms.
Of course I don’t love that the Wordrunner is a standard TKL rectangle, but you gotta start somewhere, I suppose. Maybe they’ll make an ergonomic one someday. Like the other products under the Astrohaus/Freewrite umbrella, this one will launch on Kickstarter. Who knows how much it will be, probably at least $200, but you can reserve one for a refundable $1 ahead of time.
Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.
Microsoft lancia l’allarme: chiavi ASP.NET pubbliche usate per iniettare malware
Gli esperti Microsoft hanno lanciato l’allarme : gli attacchi di iniezione di codice ViewState hanno previsto che gli aggressori creeranno malware utilizzando chiavi ASP.NET statiche trovate su Internet.
Secondo Microsoft Threat Intelligence, alcuni sviluppatori utilizzano le chiavi ASP.NET validationKey e decryptionKey (destinate a proteggere ViewState da manomissioni e divulgazioni) nel proprio codice, reperibile nella documentazione del codice o in repository di terze parti.
Gli aggressori utilizzano anche chiavi macchina accessibili al pubblico nei loro attacchi per creare ViewState dannosi (utilizzati nei moduli Web ASP.NET per gestire lo stato e salvare le pagine) aggiungendovi falsi codici di autenticazione dei messaggi).
Gli esperti spiegano che quando si carica ViewState inviato tramite richieste POST, il runtime ASP.NET sul server di destinazione decifra e convalida i dati ViewState dannosi utilizzando le chiavi corrette, quindi li carica nella memoria del processo worker e li esegue. Ciò consente agli aggressori di eseguire codice da remoto sui server web IIS presi di mira, consentendo loro di distribuire payload aggiuntivi.
Ad esempio, in un incidente verificatosi nel dicembre 2024, un aggressore sconosciuto ha utilizzato una chiave macchina disponibile al pubblico per distribuire un framework di post-sfruttamento di Godzilla su un server web di destinazione, consentendo l’esecuzione di comandi dannosi e l’iniezione di shellcode.
“Microsoft ha identificato più di 3.000 chiavi ASP.NET esposte pubblicamente che potrebbero essere utilizzate in tali attacchi”, ha affermato l’azienda. — In precedenza, gli attacchi di iniezione ViewState utilizzavano solitamente chiavi compromesse o rubate, spesso vendute sui forum del darknet. “Ma le chiavi disponibili al pubblico possono rappresentare un rischio ancora maggiore perché sono disponibili in più repository e possono essere aggiunte al codice di sviluppo senza modifiche.”
Per proteggersi da tali attacchi, Microsoft consiglia agli sviluppatori di generare chiavi macchina in modo sicuro, di non utilizzare chiavi predefinite o chiavi trovate su Internet, di crittografare gli elementi machineKey e connectionStrings per bloccare l’accesso ai segreti in chiaro, di eseguire l’aggiornamento ad ASP.NET 4.8 per utilizzare l’interfaccia AMSI (Antimalware Scan Interface) e di rafforzare i server Windows.
Inoltre, Microsoft ha descritto in dettaglio i passaggi per rimuovere o sostituire le chiavi ASP.NET nel file di configurazione web.config utilizzando PowerShell o la console di gestione IIS. L’azienda ha inoltre rimosso le chiavi di esempio dalla propria documentazione pubblica per impedire a chiunque di utilizzarle.
L'articolo Microsoft lancia l’allarme: chiavi ASP.NET pubbliche usate per iniettare malware proviene da il blog della sicurezza informatica.
8Base smantellato! Le forze dell’ordine chiudono il sito dei leak del gruppo ransomware
In un’operazione congiunta internazionale, le forze dell’ordine hanno recentemente smantellato il Data Leak Site (DLS) del gruppo ransomware 8Base, noto per aver colpito numerose aziende a livello globale. Questo sito fungeva da piattaforma per la pubblicazione di dati sensibili sottratti alle vittime che si rifiutavano di pagare il riscatto, esercitando così ulteriore pressione su di esse.
Attivo dal marzo 2022, 8Base ha guadagnato notorietà per la sua strategia di combinare la crittografia dei dati e la divulgazione pubblica delle informazioni rubate per costringere le vittime al pagamento. Nonostante l’intensa attività registrata, l’identità dei membri e le metodologie operative del gruppo sono rimaste a lungo nell’ombra.
Un aspetto peculiare di 8Base è la loro auto-definizione come “semplici pentester”, offrendo alle aziende violate una sorta di audit di sicurezza non richiesto. In un’intervista rilasciata a Red Hot Cyber, il gruppo ha dichiarato: “Vediamo falle nella sicurezza delle reti aziendali e le usiamo”. Questo approccio, sebbene criminale, evidenzia le gravi lacune nella sicurezza informatica di molte organizzazioni.
In Italia, 8Base ha preso di mira diverse organizzazioni, evidenziando la vulnerabilità delle infrastrutture informatiche nazionali. Questi incidenti sottolineano la necessità di rafforzare le misure di sicurezza informatica nel paese.
Il successo dell’operazione delle forze dell’ordine rappresenta un duro colpo per 8Base e per le attività illecite legate al ransomware. Tuttavia, gli esperti avvertono che la chiusura del DLS potrebbe non segnare la fine delle operazioni del gruppo, che potrebbe tentare di ristabilire la propria presenza online o evolvere le proprie tattiche per eludere le future indagini.
Questo evento sottolinea l’importanza di una cooperazione internazionale nella lotta contro il cybercrimine e la necessità per le aziende di adottare misure proattive di sicurezza informatica. Investire in sistemi di difesa avanzati, formazione del personale e monitoraggio continuo delle reti è fondamentale per prevenire attacchi futuri e proteggere dati sensibili da potenziali minacce.
L'articolo 8Base smantellato! Le forze dell’ordine chiudono il sito dei leak del gruppo ransomware proviene da il blog della sicurezza informatica.
Tiny Mouse Ring Uses Prox Sensors
A traditional computer mouse typically fits in the palm of your hand. However, with modern technology, there’s no need for mice to be so large, as demonstrated by [juskim]’s neat little mouse ring. Check it out in the video below.
The concept is simple—it’s a tiny mouse that sits neatly on the end of one of your fingers. You then get the slightly surreal experience of pointing on your computer just by moving a single finger instead of your whole hand.
The project uses a typical optical mouse sensor for movement, as you might expect. However, there are no conventional switches for the left and right mouse buttons. Instead, [juskim] realized a more compact design was possible by using proximity sensors instead. The sensors detect the presence of his fingers on either side of the ring mouse. When one of the fingers is lifted, the absence of the finger triggers a mouse click, either left or right, depending on the finger.
The build started with junk box parts, but hooking up an Arduino Pro Micro dev board and other modules proved too cumbersome to use effectively. Instead, the build relies on an ATTO board, a tiny PCB featuring the same ATmega32U4 microcontroller. Similarly, the build relies on tiny proximity sensors from STM to fit in the “ring” form factor. It’s all wrapped up in a 3D-printed enclosure that fits snugly on the user’s finger.
We’ve seen some other neat mouse rings before, too. Or, if you want something really different, grab some keychains and make a 6DOF mouse.
youtube.com/embed/vcZNPGWGGOU?…
How Magnetic Fonts Twisted Up Numbers And Saved Banking Forever
If you’ve ever looked at the bottom of a bank check, you probably glanced over some strangely formed numbers? If you’re a fan of science fiction or retro computers, you’ve probably spotted the same figures on any number of books from the 1980s. They’re mostly readable, but they’re chunky and thin in places you don’t expect.
Those oddball numerals didn’t come from just anywhere—they were a very carefully crafted invention to speed processing in the banking system. These special fonts were created to be readable both by humans and machines—us with our eyes, and the computers with magnetic sensors. Let’s explore the enigmatic characters built for Magnetic Ink Character Recognition (MICR).
Machines Will Do The Work
Early examples of machine-readable magnetic fonts from the Department of Commerce—Automatic Character Recognition, A State-Of-The-Art Report, May 1961.
These days, much of the money in the world is sent and received via digital transfers. Once upon a time, though, paper was king when it came to moving money. The almighty check was how you got money out of one account and into another one.
Sadly, as populations grew and economic activity skyrocketed, the status quo couldn’t hold. By the mid-1940s, the problem was already apparent, with the Federal Reserve dealing with 2 billion checks a year in 1946. While mechanical adding machines and various other techniques helped, fundamentally, bankers and clerks were processing millions of checks daily, all by hand.
The financial world needed a way to speed handling of checks as much as possible. The solution was to enable machines to read as much of the information on a check as possible, so they could handle the basic sorting and processing steps at speed. This would eliminate much of the manual reading and handling by humans, and greatly improve throughput.
The problem was that in the middle of the 20th century, technologies like optical character recognition, or even digital cameras, were decades away. Instead, the key innovation that saved banking was MICR—short for Magnetic Ink Character Recognition. It involved printing certain characters on checks with an iron oxide-based ink. The combination of the ink’s magnetic content and the unique shape of each number meant machines could read the checks easily and unambiguously—even in the case they were physically damaged. Meanwhile, the MICR characters were also designed to remain human readable, so they could be readily understood by the humans using them, too. This was an important backup in the event a check failed machine reading for whatever reason.An example US-style check with the MICR line along the bottom—printed with the E-13B font. Credit: Federal Reserve Bank of Philadelphia
With MICR, checks could be pre-printed with a bank’s routing number and the customer account to draw from, leaving just the payment amount to be read from the check user’s handwriting. Alternatively, even the amount could be printed in MICR characters if the check was fully machine-issued, speeding processing further. With the aid of magnetic ink, processing speeds went up prodigiously. In 1950, mechanical aids had allowed one clerk to process 1,300 checks in an hour. Fast forward to the magnetic ink era just a few years later, and clerks were able to handle 33,000 checks or more in the same amount of time.
As is so often the way, the world did not agree on one standard for MICR purposes. Developments across the banking world occurred during the 1950s, with two major magnetic fonts being developed in parallel.
If you’re based in the United States, Canada, the UK, Australia, or much of the rest of the English-speaking world, you’re probably most familiar with a font called E-13B. This is the one with the gloopy letters and the worst ‘1’ numeral ever committed to print. It was developed by General Electric and the Stanford Research Institute. Its designation was entirely pragmatic—E denoted that it was the fifth font considered, and B denoted the second revision. 13 referred to the fact it was designed for use on an 0013-inch grid.
The font was designed to create a unique magnetic signal pattern when each numeral or symbol was scanned by a magnetic reader. The shapes were specifically engineered to avoid any possible confusion – that’s why the 0 has those straight sides, and the 8 is so hefty at the bottom, for example. Each number generates a waveform that’s distinct from the others, making it easy to process the signal and read the check accurately. E-13B wasn’t perfect, with 2s and 5s putting out rather similar signals in some cases that could cause confusion, but it proved itself more than reliable enough to do the job.The 14 characters of the E-14B MICR font—the last four are for control purposes.
This book cover from the 1980s was typical of the era – leaning on E-13B tropes to convey a technical aesthetic.
The standard was trialled in 1956 and was adopted by the American Bankers Association by 1958. By 1963, the American National Standards Institute (ANSI) designated that E-13B would be the standard, and by 1967, the Federal Reserve mandated the use of magnetic ink on checks. E-13B went on to become a graphical motif commonly associated with computers and modernity, with artists commonly creating lookalike characters for the whole Latin alphabet. However, the official E-13B standard only ever had 14 characters—numerals 0 to 9, plus four additional control characters for check processing—”transit,” “on-us,” “amount,” and “dash.”The CMC-7 font, designed by Groupe Bull.
At roughly the same time, French computer company Groupe Bull was working on its own standard. In 1957, it developed the CMC-7 font, which used an entirely different approach to E-13B. Rather than relying on the varying the intensity of magnetism by the amount of ink in a character, CMC-7 instead relied on characters made up of vertical bars. The spacing between the bars could be read by machine to determine the numerals. The design gave CMC-7 characters more of a barcode-like appearance. Notably, CMC-7 also featured a full alphanumerical character set—41 glyphs, including A-Z, 0-9, and five control characters.An Italian check signed by Enzo Ferrari – note the CMC-7 font along the bottom. Credit: Morio, CC BY-SA 3.0
Thanks to the geopolitics of the mid-20th century, each MICR standard ended up with its own stomping ground. While E-13B dominated in the Anglophone world, CMC-7 ended up being used in France, Spain, and much of Europe and South America. At heart, both standards did the same thing—they enabled machines to read most of the data on a check with a minimum of fuss.
Banks might feel mostly digital these days, but MICR fonts are still an important standard in the financial world. If you’re issuing checks, you might end up running into some problems if you’re not printing them with the appropriate MICR font and magnetic ink. For most of us, checks are a simple tool of the past, but it turns out a great deal of engineering went into perfecting them before the computer came along.
NSA Data Leak: Documenti classificati trapelano su Breach Forums per la seconda volta
Un presunto leak di documenti classificati della National Security Agency (NSA) è stato pubblicato su Breach Forums, uno dei più noti marketplace underground per la compravendita di dati rubati.
L’utente “HumanError”, con il titolo di “GOD User” all’interno del forum, ha annunciato il caricamento di un set di documenti appartenenti alla Five Eyes Intelligence Group, l’alleanza di intelligence che comprende Stati Uniti, Regno Unito, Canada, Australia e Nuova Zelanda.
Secondo il post, il leak sarebbe avvenuto attraverso l’intrusione nei sistemi di Acuity Inc., un’azienda che collabora direttamente con il governo degli Stati Uniti e i suoi alleati.
Cosa è stato compromesso?
Il post pubblica una serie di samples e fornisce alcune informazioni sul contenuto dei dati sottratti, tra cui:
- Nomi completi, email, numeri di telefono (personali e aziendali)
- Indirizzi email governativi, militari e del Pentagono
- Comunicazioni classificate tra Five Eyes, 14 Eyes e i loro alleati
L’autore del leak menziona anche il coinvolgimento di altri membri con gli alias @IntelBroker, @Sangsiero e @EnergyWeaponUser, suggerendo che l’operazione possa essere stata condotta da un gruppo piuttosto che da un singolo attore.
Tali informazioni sono interconnesse ad una precedente fuoriuscita di informazioni di Aprile del 2024, quando IntelBroker pubblicò un post analogo riportando dei dati trapelati dalle infrastrutture della NSA. Infatti i samples pubblicati in entrambi i post risultano gli stessi.
L'articolo NSA Data Leak: Documenti classificati trapelano su Breach Forums per la seconda volta proviene da il blog della sicurezza informatica.
Basically, It’s BASIC
The BASIC language may be considered old-hat here in 2025, and the days when a computer came as a matter of course with a BASIC interpreter are far behind us, but it can still provide many hours of challenge and fun. Even with our love of all things 8-bit, though, we’re still somewhat blown away by [Matthew Begg]’s BASIC interpreter written in 10 lines of BASIC. It’s an entry in the BASIC 10-liner competition, and it’s written to run on a Sinclair ZX Spectrum.
The listing can be viewed as a PNG file on the linked page. It is enough to cause even the most seasoned retrocomputer enthusiasts a headache because, as you might expect, it pushes the limits of the language and the Sinclair interpreter. It implements Tiny Basic as a subset of the more full-featured BASICs, and he’s the first to admit it’s not fast by any means. He gives a line-by-line explanation, and yes, it’s about as far away from the simple Frogger clones we remember bashing in on our Sinclairs as it’s possible to get.
We love it that there are still boundaries to be pushed, even on machines over four decades old, and especially that this one exceeds what we thought was a pretty good knowledge of Sinclair BASIC. Does this language still have a place in the world? We always look forward to the BASIC 10-liner competition.
Header: background by Bill Bertram, CC BY-SA 2.5.
Il Giallo Dell’Attacco Hacker All’azienda italiana! Chi ha perso un milione Accessi SAP?
Era una mattina qualunque per i dipendenti di un’importante azienda italiana del settore retail. L’aria nei corridoi profumava ancora di caffè e il tintinnio delle tastiere riempiva gli uffici. Nessuno avrebbe mai immaginato che, in quello stesso momento, i loro dati fossero in vendita nel dark web.
Un post comparso su un noto forum di cybercriminalità informatica chiuso (accesso su presentazione o attraverso pagamento) aveva appena messo in vendita l’accesso a un database contenente più di un milione di clienti: nomi, email, numeri di telefono, indirizzi, persino informazioni sui pagamenti.
Il venditore, noto con lo pseudonimo Panigale, offriva un accesso privilegiato a un sistema SAP compromesso, permettendo a chiunque fosse disposto a pagare 10.000 dollari di effettuare ordini fraudolenti e accedere alle email aziendali.
Ma chi era la vittima? Il post non la menzionava esplicitamente. Solo pochi dettagli lasciavano intendere che fosse un’azienda italiana, forse un grande rivenditore con un’enorme base di clienti.
Initial Access broker: i mercanti del crimine digitale
Quello che stava avvenendo non era un caso isolato. I broker di accesso, come Panigale, sono figure chiave nell’ecosistema del cybercrime. Non sono necessariamente gli autori dell’attacco iniziale, ma fungono da intermediari: ottengono credenziali compromesse, accessi a database o interi sistemi aziendali e li rivendono a gruppi ransomware o altri cybercriminali.
Nel caso specifico, l’offerta riguardava un accesso a SAP, il cuore pulsante della gestione aziendale di molte multinazionali. Controllando questo sistema, un attaccante potrebbe manipolare ordini, visualizzare informazioni finanziarie o persino sabotare la catena di approvvigionamento.
Ma non tutti possono vedere i dettagli dell’inserzione: per visualizzare i sample, il forum richiede più di 100 reazioni, una misura per limitare l’accesso ai soli membri fidati e mantenere la community al sicuro da infiltrazioni delle forze dell’ordine.
La reputazione del venditore: un fattore chiave
Nel dark web, la reputazione è tutto. Panigale non è un novellino: con 150 messaggi e 37 reazioni ricevute, è considerato un utente affidabile. Inoltre, ha già utilizzato il servizio di “garante automatico”, una funzione del forum che permette di effettuare transazioni sicure con il supporto di un escrow. Questo dettaglio rafforza la sua credibilità, attirando potenziali acquirenti pronti a sfruttare i dati rubati.
Ma la vera domanda rimane: quale azienda italiana ha subito questa violazione? E, soprattutto, si è già accorta dell’intrusione?
L'articolo Il Giallo Dell’Attacco Hacker All’azienda italiana! Chi ha perso un milione Accessi SAP? proviene da il blog della sicurezza informatica.
Flip Flops Make Great Soft Switches
Mechanical switches are pretty easy to understand—the contacts touch, the current flows, and Bob is, presumably, your uncle. But what about soft switches? Well, they’re not that difficult to understand either, as explained by [EDN].You can build a touch switch quite easily with old-school chips.
The traditional softswitch takes input from a momentary single-pole pushbutton and lets you press to toggle power on and off. This operation is easy to achieve with a simple flip-flop constructed with old-school logic to create a “bistable” circuit. That means it will happily remain stable in one of two states unless you do something to make it switch.
So far, so simple. However, you’ll need to consider that a simple mechanical pushbutton tends to have an issue with the contacts bouncing as they come into contact. If ignored, this would see your softswitch rapidly flicking on and off at times, which is no good at all. To avoid this, you simply need hook up an RC network to smooth out or “debounce” the button input.
Read the post for the full circuit dynamics, as well as how to make the system work with a touchpad instead of a pushbutton. It’s rare to construct such elements from raw logic these days, what with microcontrollers making everything so easy. Still, if you want or need to do it, the old techniques still work just fine! There’s more than one way to solve the problem, of course.
Hack That Broken Zipper!
We’ve all been there. That sad day when the zipper on our favorite hoodie, bag, or pair of pants breaks in some seemingly irreparable way. But there is hope, and [Magic Stitches] is gonna show you how to make some common repairs using household items and, in some cases, just a little bit of easy hand sewing. After a warm up with a kitchen fork, the video moves on to more significant problems.
The first problem — a chewed-away zipper bottom — is quite common, but requires no sewing to fix. As you’ll see in the video below, all it takes is a drinking straw, some hot glue, a lighter, and a pair of scissors to recreate the plastic bit that keeps the zipper from splitting in twain.
Now the second issue concerns a pair of pants wherein the head has come off the static side of the zipper. This one seems impossible to fix, but [Magic Stitches] cuts into the static side about five teeth from the bottom, slides the head back on, and sews the bottom of the zipper together.
This one we take a little bit of an issue with, because it assumes that you can get your jeans on over your hips without needing the zipper head to be fully down. But what else are you going to do but throw the jeans away upcycle the jeans into a fanny pack or something to immortalize them?
For the third issue, we’re back to the poor red hoodie, which also has a run in the zipper tape. After cutting off the fuzzies, [Magic Stitches] sews it back together with a contrasting thread (presumably to help us see the repair). If they had used black, it wouldn’t show at all, except now there is just a tiny bit of pull on the hoodie where the snag was. Again, we’re saving a presumably beloved hoodie here, and some people like their repairs to show.
Finally, [Magic Stitches] has a duffel bag with a zipper that comes back apart once it’s been zipped. At first, they tried squeezing the zipper head with pliers while the zipper was still attached, but that didn’t fix the problem. By carefully cutting the end of the tape, they could slide the head off of the ends and squish both sides with pliers more effectively. This is probably the hardest repair of all because it involves threading the head back on. In the end, all you have to do is sew a few stitches across the end of the teeth and then sew the tape back to the bag.
Got a broken zipper box? You can fix that with 3D printing. Mystified about how zippers work? No need to be.
youtube.com/embed/xox768Pcwtg?…
Powerful Flashlight Gets Active Air Cooling
LEDs were once little more than weedy little indicators with low light output. Today, they’re absolute powerhouses, efficiently turning a flow of electrons into a searing beam of light. Despite their efficiency, they can still put out a fair whack of heat. Thus, if you’re building a powerful flashlight like [CrazyScience], you might wanna throw some active cooling on there just to keep things happy. Check out the video below.
The build will not be unfamiliar to any casual observer of the modern DIY flashlight scene. It uses a flatpack LED module of great brightness and a wad of 18650 lithium-ion cells to provide the juice to run it. The LED itself is mounted in a 3D-printed frame, which leaves its rear exposed, and a small PC fan is mounted for air cooling. It’s not the most optimized design, as airflow out of the fan is somewhat restricted by the 3D-printed housing, but it’s a lot better than simple passive cooling. It allows the torch to be more compact without requiring a huge heatsink to keep the LED at an acceptable temperature.
The final torch doesn’t have the most ergonomic form factor, but it does work. However, as a learning project for a new maker, it’s a start, and the learning value of building something functional can’t be understated. If your desire for flashlights swerves to the more powerful, we’ve covered those, too. Just be careful out there.
youtube.com/embed/LG4hLKVjkgM?…
Hackaday Links: February 9, 2025
January 9 ended up being a very expensive day for a Culver City, California man after he pleaded guilty to recklessly operating a drone during the height of the Pacific Palisades wildfire. We covered this story a bit when it happened (second item), which resulted in the drone striking and damaging the leading edge of a Canadian “Super Scooper” plane that was trying to fight the fire. Peter Tripp Akemann, 56, admitted to taking the opportunity to go to the top of a parking garage in Santa Monica and launching his drone to get a better view of the action to the northwest. Unfortunately, the drone got about 2,500 meters away, far beyond visual range and, as it turns out, directly in the path of the planes refilling their tanks by skimming along the waters off Malibu. The agreement between Akemann and federal prosecutors calls for a guilty plea along with full restitution to the government of Quebec, which owns the damaged plane, plus the costs of repair. Akemann needs to write a check for $65,169 plus perform 150 hours of community service related to the relief effort for the fire’s victims. Expensive, yes, but probably better than the year in federal prison such an offense could have earned him.
Another story we’ve been following for a while is the United States government’s effort to mandate that every car sold here comes equipped with an AM radio. The argument is that broadcasters, at the government’s behest, have devoted a massive amount of time and money to bulletproofing AM radio, up to and including providing apocalypse-proof bunkers for selected stations, making AM radio a vital part of the emergency communications infrastructure. Car manufacturers, however, have been routinely deleting AM receivers from their infotainment products, arguing that nobody but boomers listen to AM radio in the car anymore. This resulted in the “AM Radio for Every Vehicle Act,” which enjoyed some support the first time it was introduced but still failed to pass. The bill has been reintroduced and appears to be on a fast track to approval, both in the Senate and the House, where a companion bill was introduced this week. As for the “AM is dead” argument, the Geerling boys put the lie to that by noting that the Arbitron ratings for AM stations around Los Angeles spiked dramatically during the recent wildfires. AM might not be the first choice for entertainment anymore, but while things start getting real, people know where to go.
Most of us are probably familiar with the concept of a honeypot, which is a system set up to entice black hat hackers with the promise of juicy information but instead traps them. It’s a time-honored security tactic, but one that relies on human traits like greed and laziness to work. Protecting yourself against non-human attacks, like those coming from bots trying to train large language models on your content, is a different story. That’s where you might want to look at something like Nepenthes, a tarpit service intended to slow down and confuse the hell out of LLM bots. Named after a genus of carnivorous pitcher plants, Nepenthes traps bots with a two-pronged attack. First, the service generates a randomized but deterministic wall of text that almost but not quite reads like sensible English. It also populates a bunch of links for the bots to follow, all of which point right back to the same service, generating another page of nonsense text and self-referential links. Ingeniously devious; use with caution, of course.
When was the last time you actually read a Terms of Service document? If you’re like most of us, the closest you’ve ever come is the few occasions where you’ve got to scroll to the bottom of a text window before the “Accept Terms” button is enabled. We all know it’s not good to agree to something legally binding without reading it, but who has time to trawl through all that legalese? Nobody we know, which is where ToS; DR comes in. “Terms of Service; Didn’t Read” does the heavy lifting of ToS and EULAs for you, providing a summary of what you’re agreeing to as well as an overall grade from A to E, with E being the lowest. Refreshingly, the summaries and ratings are not performed by some LLM but rather by volunteer reviewers, who pore over the details so you don’t have to. Talk about taking one for the team.
And finally, how many continents do you think there are? Most of us were taught that there are seven, which would probably come as a surprise to an impartial extraterrestrial, who would probably say there’s a huge continent in one hemisphere, a smaller one with a really skinny section in the other hemisphere, the snowy one at the bottom, and a bunch of big islands. That’s not how geologists see things, though, and new research into plate tectonics suggests that the real number might be six continents. So which continent is getting the Pluto treatment? Geologists previously believed that the European plate fully separated from the North American plate 52 million years ago, but recent undersea observations in the arc connecting Greenland, Iceland, and the Faroe Islands suggest that the plate is still pulling apart. That would make Europe and North America one massive continent, at least tectonically. This is far from a done deal, of course; more measurements will reveal if the crust under the ocean is still stretching out, which would support the hypothesis. In the meantime, Europe, enjoy your continental status while you still can.
A Twin-Lens Reflex Camera That’s Not Quite What It Seems
The Camp Snap is a simple fixed-focus digital camera with only an optical viewfinder and a shot counter, which has become a surprise hit among photography enthusiasts for its similarity to a disposable film camera. [Snappiness] has one, and also having a liking for waist-level viewfinders as found on twin-lens reflex cameras, decided to make a new Camp Snap with a waist-level viewfinder. It’s a digital twin-lens reflex camera, of sorts.
Inside the Camp Snap is the little webcam module we’ve come to expect from these cameras, coupled with the usual microcontroller PCB that does the work of saving to SD card. It’s not an ESP32, but if you’ve ever played with an ESP32-CAM board you’re on a similar track. He creates a 3D-printed TLR-style case designed to take the PCB and mount the camera module centrally, with ribbon cable extensions taking care of placement for the other controls. The viewfinder meanwhile uses a lens, a mirror, and a Fresnel lens, and if you think this might look a little familiar it’s because he’s based it upon his previous clip-on viewfinder project.
The result, with an added “Snappiflex” logo and filter ring, is a rather nice-looking camera, and while it will preserve the dubious quality of the Camp Snap, it will certainly make the process of using the camera a lot more fun. We think these cheap cameras, and particular their even less expensive AliExpress cousins, have plenty of hacking potential as yet untapped, and we’re keen to see more work with them. The full video is below the break.
youtube.com/embed/6lx6p_pr80E?…
Your Chance to Get A Head (A Gnu Head, Specifically)
The Free Software Foundation is holding an auction to celebrate its 40th anniversary. You can bid on the original sketch of the GNU head by [Etienne Suvasa] and [Richard Stallman’s] Internet Hall of Fame medal.
There are some other awards, including the FSF’s 1999 Norbert Wiener Award. There’s even a katana that symbolizes the fight for computer user freedom.
The FSF has done a lot of important work to shape the computing world as we know it. We hope this sale isn’t a sign that they are running out of money. Maybe they are just funding their birthday party in Boston.
If you use Linux (even if it is disguised as Android, a Raspberry Pi OS, or hiding on a web server you use), you can thank the FSF. While we commonly call them “Linux systems,” Linux is just the kernel. Most of the other things you use are based on either GNU-sponsored code or builds on that GNU-sponsored code. If you want to know more about the history of the organization, you can catch [ForrestKnight’s] video below.
Without the GNU tools and the Linux kernel, you have to wonder what our computers would look like. While [Richard Stallman] is a sometimes controversial figure, you can’t argue that the FSF has had a positive impact on our computers. Maybe we’d all be on BSD. It is worth noting that the FSF even certifies hardware.
youtube.com/embed/sQDvkd2wtxU?…
Moving Power Grids In A Weekend, The Baltic States Make The Switch
A significant event in the world of high-power electrical engineering is under way this weekend, as the three Baltic states, Lithuania, Latvia, and Estonia, disconnect their common power grid from the Russian system, and hook it up to the European one. It’s a move replete with geopolitical significance, but it’s fascinating from our point of view as it gives a rare insight into high voltage grid technology.
There are a few news videos in the air showing contactors breaking the circuit, and even a cable-cutting moment, but in practice this is not as simple a procedure as unplugging an appliance from a wall socket. The huge level of planning that has gone into this move is evident in the countrywide precautions in case of power loss, and the heightened security surrounding the work. As we understand it at the moment the three countries exist as a temporary small grid of their own, also isolating the Russian exclave of Kaliningrad which now forms its own grid. The process of aligning the phase between Baltic and European grids has been under way overnight, and an online monitor shows significant frequency adjustments during that time. At some point on Sunday a new connection will be made to the European grid via Poland, and the process will be completed. We imagine that there will be a very relieved group of electrical engineers who will have completed their own version of a Moon landing when that has happened.
If you happen to live in either region, there’s still some time to watch the process in action, by monitoring the supply frequency for yourself. It’s not the first time that geopolitics have affected the European grid, as the continent lost six minutes a few years ago, and should you Americans think you are safe from such problems, think again.
Matthias Wandel Hates CNC Machines in Person
Prolific woodworking YouTuber [Matthias Wandel] makes some awesome mechanical contraptions, and isn’t afraid of computers, but has never been a fan of CNC machines in the woodshop. He’s never had one either, so until now he couldn’t really talk. But he had the parts on hand, so he built a wooden CNC router. It’s lovely.
The router itself is what 3D printer folks would call a bed-slinger, and it’s cobbled together out of scrap plywood. Some of the parts have extra holes drilled in them, but “measure once, drill twice” is our motto, so we’re not one to judge. He spends a lot of time making “crash pads” that keep the frame from destroying itself while he’s building it – once the CNC is actually controlling things with the limit switches, we presume they won’t be necessary, but their design is fun anyway.
If you’re at all interested in CNC machines, you should give this video a watch. Not because it’s done the “right” way, but because it’s a CNC that’s being built on a budget from first principles by an experienced wood builder, and it’s illuminating to watch him go. And by the end of the video, he is making additional parts for the machine on the machine, with all the holes in the right places, so he’s already stepping in the right direction.
He doesn’t love digital design and fabrication yet, though. If you’re making one-offs, it probably isn’t worth the setup time to program the machine, especially if you have all of his jigs and machines at your disposal. Still, we kind of hope he’ll see the light.
Of course, this isn’t the first wooden CNC router we’ve seen around these parts, and it probably won’t be the last. If you want to go even more fundamental, [Homo Faciens]’s series of CNC machines is a lovely mashup of paperclips and potential. Or, if refinement is more your style, this benchtop machine is the bee’s knees.
youtube.com/embed/wMi0TJx-7ks?…
C++ is 45 Years Old. [Stroustrup] Says You Still Don’t Get It!
We were surprised when we read a post from C++ creator [Bjarne Stroustrup] that reminded us that C++ is 45 years old. His premise is that C++ is robust and flexible and by following some key precepts, you can avoid problems.
We don’t disagree, but C++ is much like its progenitor, C, in that it doesn’t really force you to color inside the lines. We like that, though. But it does mean that people will go off and do things the way they want to do it, for any of a number of good and bad reasons.
Bjarne Stroustrup
We will admit it. We are probably some of the worst offenders. It often seems like we use C++ the way we learned it several decades ago and don’t readily adopt new features like auto variables and overly fancy containers and templates.
He proposes guidelines, including the sensible “Don’t subscript pointers.” Yet, we are pretty sure we will, eventually. Even if you are going to, also, it is still worth a read to see what you ought to be doing. We were hoping for more predictions in the section entitled “The Future.” Unfortunately — unlike Hackaday authors — he is much too smart to fall for that trap, so that section is pretty short. He does talk about some of the directions for the ISO standards committee, though.
We should have known about the 45 years, as we covered the 30th birthday. We like safer code, but we disagree with the idea that C++ is unsafe at any speed.
Photograph by [Victor Azvyalov] CC-BY-SA-2.0.
Linux dentro un PDF?! Il progetto folle che sfida ogni limite di Ading2210
I browser basati su Chromium possono ora eseguire una versione del sistema operativo Linux proprio dentro un PDF. Questo fantastico progetto chiamato LinuxPDF è stato sviluppato da uno studente soprannominato Ading2210. In precedenza aveva sviluppato DoomPDF, una versione del gioco di culto Doom che funzionava direttamente dentro il documento.
Linux all’interno di un file PDF funziona grazie a una versione modificata dell’emulatore TinyEMU RISC-V. Secondo lo sviluppatore, LinuxPDF funziona in modo simile a DoomPDF, ma presenta gravi problemi di prestazioni, risultando 100 volte più lento del previsto.
L’emulatore è incorporato nel PDF utilizzando una versione precedente di Emscripten che compila il codice in asm.js anziché in WebAssembly. Quando si apre un documento, viene lanciato un kernel Linux minimo progettato per l’architettura RISC-V. Dopo aver cliccato sul pulsante “Avvia emulatore”, l’utente vede l’interfaccia LinuxPDF con un messaggio di benvenuto nel terminale.
L’interfaccia grafica di LinuxPDF ricorda quella di DoomPDF: uno schermo grigio a basso contrasto e un output ASCII. Sotto il terminale è presente una tastiera virtuale composta da pulsanti PDF, ma è più rapido immettere i comandi tramite un campo apposito sulla destra.
Il problema più grande del progetto è la velocità dei lavori. L’avvio del kernel Linux richiede dai 30 ai 60 secondi, ovvero 100 volte in più del normale. Lo sviluppatore fa notare che a causa del compilatore JIT disabilitato nel motore PDF non è ancora possibile accelerare il processo.
Puoi provare LinuxPDF in qualsiasi browser basato su Chromium, ma non funziona su Firefox. Puoi anche semplicemente guardare video, che illustra il processo di caricamento ed esecuzione dei comandi. Il codice sorgente del progetto è disponibile su GitHub.
L'articolo Linux dentro un PDF?! Il progetto folle che sfida ogni limite di Ading2210 proviene da il blog della sicurezza informatica.
Repairing an Old Heathkit ‘Scope
With so many cheap oscilloscopes out there, the market for old units isn’t what it used to be. But if you have a really old scope, like the Heathkit O-10 that [Ken] found in his basement, there is vintage cred to having one. [Ken’s] didn’t work, so a repair session ensued. You can see the results in the video below.
You can tell this is in an old scope — probably from the mid 1950s — because of its round tube with no graticle. Like many period scopes, the test probe input was just 5-way binding posts. The O-10 was the first Heathkit “O-series” scope that used printed circuit boards.
The device looked pretty good inside, except for a few dents. Of course, the box has tubes in it, so every power up test involves waiting for the tubes to warm up. [Ken] was very excited when he finally got a single green dot on the screen. That did, however, require a new CRT.
It wasn’t long after that he was able to put a waveform in and the scope did a good job of reproducing it. The unit would look good in an old movie, but might not be the most practical bench instrument these days.
These Heathkit scopes and their cousins were very popular in their day. The $70 price tag sounds cheap, but in the mid-1950s, that was about a month’s rent in a four-room house. While primitive by today’s standards, scopes had come a long way in 9 or 10 years.
youtube.com/embed/NtNeDr6ydho?…
Your Favorite Basic Oscilloscope Operation Guide?
Like many pieces of lab equipment, oscilloscopes are both extremely useful and rather intimidating to a fledgling user. Unlike a digital multimeter with its point-and-measure functionality, digital storage oscilloscopes (DSOs) require fundamental knowledge before they can be used properly. Yet at the same time nobody likes reading manuals, so what is one to do? Try the Absolute Beginner’s Guide to DSOs by [Arthur Pini]
[Pini’s] Cliff’s Notes version of your scope’s manual isn’t half bad. It covers the basic user interface and usage of a (stand-alone) DSO. Unfortunately, it focuses a bit too much on a fancy touch-screen Teledyne LeCroy MSO rather than something the average hobbyist is likely to have lying around.
We rather like the PSA-type videos such as the classic ‘“How not to blow up your oscilloscope” video by [Dave] over at EEVBlog. Many guides and introductions cover “what to do,” but covering common safety issues like improper grounding, isolation, or voltages might be a better place to start.
What tutorial or reference work would you hand to an oscilloscope newbie? We can endorse a hands-on approach with a suitable test board. We also enjoyed [Alan’s] video on the topic. Even if you are an old hand, do you know how to use all those strange trigger modes?
youtube.com/embed/xaELqAo4kkQ?…
Turn Your Phone into a POV Hologram Display
It seems obvious once you think about it, but if you can spin your cell phone and coordinate the display with the motion, you can create a 3D display. [Action Lab] had used such a setup to make a display that you could view from any angle. After he showed it, a viewer wrote him to mention that if you spin the picture at the same rate, it will appear in 3D. The results look great, as you can see in the video below.
The spinning mechanism in this case is an inexpensive pottery wheel. Whatever you use, though, you need a way to match the speed of the graphics to the speed of the phone’s rotation. For this example, there are just a few pre-spun 3D models on a website. However, creating your own viewer like this wouldn’t be that hard. Even more interesting would be to read the phone sensors and spin the image in sync with the phone’s motion.
We keep hearing about awesome commercial 3D stuff coming out “any day now.” Meanwhile, you can always settle for Pepper’s Cone.
youtube.com/embed/ric-95ig5oE?…
Jeff Dunham Finds A NOS 1958 Philco Predicta
When you see a ventriloquist like [Jeff Dunham], you probably expect to see him with a puppet. This time – spoilers ahead – you won’t. Besides his fame on stage, [Dunham] is also a collector of vintage tech and a die-hard television enthusiast. In the video below, [Dunham] has gotten his hands on a rarity: an unboxed 1958 Philco Predicta TV. The original tape was still on the box. We get to follow along on his adventure to restore this sleek, retro-futuristic relic!
[Dunham]’s fascination with the Predicta stems from its historical significance and bold design. At a time when television was making its way into American homes, the Predicta dared to be different with its swivel-mounted picture tube and early printed circuit boards. Despite its brave aesthetics, the Predicta’s ambition led to notorious reliability issues. Yet, finding one in pristine condition, sealed and untouched for over six decades, is like unearthing a technological time capsule.
What makes this story unique is [Dunham]’s connection to both broadcasting and his craft. As a ventriloquist inspired by Edgar Bergen — whose radio shows captivated America — [Dunham] delights in restoring a TV from the same brand that first brought his idol’s voice to airwaves. His love for storytelling seamlessly translates into this restoration adventure.
After unboxing, [Dunham’s] team faces several challenges: navigating fragile components, securing the original shipping brace, and cautiously ramping up voltage to breathe life into the Predicta. The suspense peaks in the satisfying crackle of static, and the flicker of a 65-year-old screen finally awakened from slumber.
Have you ever come across an opportunity like this? Tell us about your favorite new old stock find in the comments. Buying these can be a risk, since components have a shelf life. We appreciate when these old TVs play period-appropriate shows. Who wants to watch Game of Thrones on a Predicta?
youtube.com/embed/4bW1VlnkkFI?…
Freed At Last From Patents, Does Anyone Still Care About MP3?
The MP3 file format was always encumbered with patents, but as of 2017, the last patent finally expired. Although the format became synonymous with the digital music revolution that started in the late 90s, as an audio compression format there is an argument to be made that it has long since been superseded by better formats and other changes. [Ibrahim Diallo] makes that very argument in a recent blog post. In a world with super fast Internet speeds and the abstracting away of music formats behind streaming services, few people still care about MP3.
The last patents for the MP3 format expired in 2012 in the EU and 2017 in the US, ending many years of incessant legal sniping. For those of us learning of the wonders of MP3 back around ’98 through services like Napster or Limewire, MP3s meant downloading music on 56k dialup in a matter of minutes to hours rather than days to weeks with WAV, and with generally better quality than Microsoft’s WMA format at lower bitrates. When portable media players came onto the scene, they were called ‘MP3 players’, a name that stuck around.
But is MP3 really obsolete and best forgotten in the dustbin of history at this point? Would anyone care if computers dropped support for MP3 tomorrow?
Alternatives
It’s hard to disagree with [Ibrahim]’s point that MP3 isn’t quite as important anymore. Still, his argument of AAC being a good alternative to MP3 misses that the AAC format is also patent-encumbered. Specifically, there’s a patent license for all manufacturers and developers of “end-user codecs,” which involves per-unit pricing. Effectively, every device (computer, headphones, smartphone, etc.) incurs a fee. That’s why projects like FFmpeg implement AAC and other encumbered formats while leaving the legal responsibilities to the end-user who actually uses the code.
While FLAC and Vorbis (‘ogg’) are truly open formats, they’re not as widely supported by devices. Much like VGA, MP3 isn’t so much sticking around because it’s a superior technological solution but because it Just Works® anywhere, unlike fancier formats. From dollar store MP3 players to budget ‘boomboxes’ to high-end audio gear, they’ll all playback MP3s just fine. Other formats are likely to be a gamble, at best.
This compatibility alone means that MP3 is hard to dislodge, with formats like Ogg Vorbis trying to do so for decades and still being relatively unknown and poorly supported, especially when considering hardware implementations.
Audio Quality
Since the average person is not an audiophile who is concerned with exact audio reproduction and can hear every audio compression artefact, MP3 is still perfectly fine in an era where the (MP2-era) Bluetooth SBC codec is what most people seem to be content with. In that sense, listening to 320 kbps VBR MP3 files with wired headphones is a superior experience over listening to FLAC files with the Bluetooth SBC codec in between.
This leads to another point made by [Ibrahim]. The average person does not deal with files anymore. Many people use online applications for everything from multimedia to documents, which happily abstract away the experience of managing file formats. Yet, at the same time, there’s a resurgence in interest in physical media and owning a physical copy of content, which means dealing with files.
We see this also with MP3 players. Even though companies like Apple abandoned their iPod range and Sony’s current Walkmans are mostly rebranded Android smartphones with the ‘phone’ part stripped out, plenty of portable media players are available brand-new. People want portable access to their media in any format.
Amidst this market shift back to a more basic, less online focus, the MP3 format may not be as visible as it was even a decade ago, but it is by no means dead.
These days, rolling your own MP3 player is almost trivial. We’ve seen some fairly small ones.
Il Mercato Sotterraneo degli Exploit 0day: Intermediari, PSOA e la Corsa agli Armamenti Cibernetici
Negli ultimi anni, il commercio di vulnerabilità informatiche è diventato un settore estremamente redditizio, al punto da essere considerato una vera e propria industria parallela alla cybersecurity. Il mercato underground degli exploit 0day– vulnerabilità sconosciute e non ancora patchate – è un ecosistema complesso in cui si muovono attori di vario tipo: hacker indipendenti, broker specializzati, gruppi criminali organizzati e governi che investono milioni di dollari per ottenere accesso a questi strumenti.
Dalla vendita di exploit nei forum underground alle acquisizioni da parte di società come Zerodium e Crowdfense, fino agli attacchi sponsorizzati da Stati con operazioni come Stuxnet, il mercato degli 0day è diventato il nuovo campo di battaglia della guerra cibernetica globale.
Un acquirente in un mercato underground chiuso in lingua russa cerca exploit 0day RCE e offre fino a 10 milioni di dollari.
Gli Exploit 0day: Cosa Sono e Perché Sono Così Preziosi?
Un exploit zero-day (0day) è una vulnerabilità software sconosciuta agli sviluppatori e, quindi, senza una patch disponibile. Questi bug possono essere utilizzati per compromettere sistemi informatici, rubare dati, spiare individui o causare danni irreparabili alle infrastrutture critiche di uno stato avversario.
Le vulnerabilità 0day si dividono principalmente in due categorie:
- Exploit infrastrutturali: Colpiscono server, sistemi operativi e librerie utilizzate su larga scala, come nel caso di Log4Shell, che ha messo a rischio milioni di dispositivi a livello globale.
- Exploit su dispositivi consumer (0-click e 1-click): Target primari degli spyware e dei gruppi di sorveglianza, mirano ad applicazioni di largo utilizzo come WhatsApp, iMessage, Android e iOS, permettendo l’accesso ai dispositivi senza alcuna interazione da parte dell’utente.
Dai Forum Underground ai Broker 0day: Il Business della Vendita
L’immagine sopra riportata è un chiaro esempio di come funziona il mercato degli exploit. Il threat actor, pubblica un annuncio in cui si dice disposto a comprare exploit 0day RCE per cifre fino a 10 milioni di dollari.
Questo dimostra non solo l’enorme valore degli 0day, ma anche il fatto che spesso gli acquirenti diretti non sono gli utilizzatori finali. Chi compra vulnerabilità di questo tipo?
Listino prezzi aggiornato al 08/02/2025 di Crowdfense, noto broker 0day
- Intermediari e Broker 0day
- Alcuni hacker indipendenti scoprono vulnerabilità e le mettono in vendita in forum underground o su marketplace specializzati. Tuttavia, la maggior parte di questi bug non viene venduta direttamente, ma passa attraverso broker come Zerodium o Crowdfense, aziende che acquistano vulnerabilità per poi rivenderle (anche su base asta) a entità governative o aziendali.
- I prezzi per questi exploit sono esorbitanti: fino a 2,5 milioni di dollari per un 0day 0-click su iOS, prima che Zerodium decidesse di rimuovere il listino prezzi pubblico, probabilmente per alzare ulteriormente il valore delle offerte.
- Private Sector Offensive Actors (PSOA)
- Gli PSOA, ovvero attori offensivi del settore privato, sono entità legate a governi che operano nel settore della sorveglianza e della sicurezza informatica offensiva. Aziende come NSO Group (Pegasus), Cytrox (Predator) e altre realtà meno conosciute operano come fornitori di exploit e malware per agenzie governative e forze dell’ordine. Si parla di queste due aziende, anche quelle che vengono riportate al livello main stream è solo la punta dell’iceberg del fenomeno.
- Gli spyware come Pegasus e Predator fanno ampio uso di exploit 0day 0-click per prendere il controllo di smartphone di giornalisti, attivisti e oppositori politici senza lasciare tracce evidenti.
- Governi e Operazioni Cibernetiche
- Stati Uniti, Cina, Russia, Israele e altri Paesi investono massicciamente nel settore degli 0day per scopi di intelligence e guerra cibernetica.
- Un esempio storico è Stuxnet, il malware sviluppato da USA e Israele nell’ambito dell’operazione “Giochi Olimpici”, utilizzato per sabotare il programma nucleare iraniano nella centrale di Natanz. Questo attacco è stato il primo a dimostrare come gli exploit 0day possano essere utilizzati come vere armi cibernetiche.
EternalBlue: L’Exploit Trafugato dalla NSA e la Sua Eredità Distruttiva
EternalBlue è uno degli exploit più famosi nella storia della cybersecurity, non solo per la sua efficacia devastante, ma anche per il modo in cui è stato reso pubblico. Originariamente sviluppato dalla National Security Agency (NSA) degli Stati Uniti, l’exploit faceva parte di un arsenale di cyber weapons segrete utilizzate per attività di intelligence e operazioni offensive. Tuttavia, nel 2017, un misterioso gruppo noto come The Shadow Brokers pubblicò un’enorme quantità di strumenti di hacking trafugati dai server della NSA nella fuga “Lost In Translation”, inclusi exploit avanzati come EternalBlue. Questa fuga di dati rivelò al mondo intero alcune delle tecniche più sofisticate usate dall’intelligence americana, sollevando gravi preoccupazioni sulla sicurezza e sulla gestione delle vulnerabilità.
Prima di essere reso pubblico, EternalBlue era un’arma segreta impiegata dalla NSA per almeno cinque anni. Questo exploit prendeva di mira una vulnerabilità critica nel protocollo SMBv1 di Windows, consentendo l’accesso remoto e l’esecuzione di codice arbitrario su qualsiasi sistema non patchato. Il fatto che l’agenzia statunitense abbia mantenuto questa vulnerabilità segreta per anni, senza segnalarla a Microsoft, dimostra come le agenzie di intelligence considerino spesso le vulnerabilità software come strumenti strategici, piuttosto che falle da correggere immediatamente per proteggere gli utenti.
Quando EternalBlue venne reso pubblico, Microsoft si trovò costretta a reagire rapidamente. La gravità della falla era tale che l’azienda rilasciò una patch d’emergenza non solo per le versioni supportate di Windows, ma anche per sistemi operativi ormai considerati “End of Life”, come Windows XP. Questo è un evento estremamente raro nella storia della sicurezza informatica e dimostra quanto fosse critica la vulnerabilità. Tuttavia, nonostante la disponibilità della patch, molti sistemi rimasero esposti a causa della scarsa applicazione degli aggiornamenti di sicurezza, aprendo la strada a una serie di attacchi devastanti.
Uno dei primi gruppi a sfruttare EternalBlue dopo la sua fuoriuscita fu Lazarus, un gruppo di cybercriminali legato alla Corea del Nord. Utilizzando l’exploit, Lazarus creò WannaCry, uno dei ransomware più distruttivi della storia. Nel maggio 2017, WannaCry si diffuse rapidamente in tutto il mondo, infettando oltre 230.000 computer in 150 paesi. Il ransomware bloccava i sistemi infetti e chiedeva un riscatto in Bitcoin per decriptare i file, colpendo ospedali, aziende, enti governativi e persino infrastrutture critiche. Questo attacco mise in evidenza quanto potessero essere pericolosi gli exploit di livello governativo una volta finiti nelle mani sbagliate.
Park Jin Hyok, presumibilmente associato al gruppo APT Lazarus ritenuto il colpevole della scrittura del malware wannacry
Se WannaCry fu un disastro globale, NotPetya rappresentò un ulteriore passo avanti nella guerra cibernetica. Apparentemente simile a un ransomware, NotPetya in realtà non aveva l’obiettivo di generare profitti, ma di distruggere i sistemi colpiti. Questo attacco, avvenuto nel giugno 2017, prese di mira aziende e infrastrutture in Ucraina, ma si diffuse rapidamente colpendo multinazionali come Maersk e FedEx, causando danni stimati in oltre 10 miliardi di dollari. NotPetya dimostrò come un exploit come EternalBlue potesse essere trasformato in un’arma geopolitica, usata per destabilizzare interi settori economici.
Il caso di EternalBlue e dei suoi utilizzi successivi dimostra come gli exploit sviluppati dai governi siano vere e proprie cyber weapons, capaci di generare danni su scala globale se non gestiti con estrema cautela. Le agenzie di intelligence di tutto il mondo possiedono arsenali di vulnerabilità 0day pronte per essere utilizzate in campagne di spionaggio, sabotaggio e cyber warfare. Il mercato di questi exploit è vastissimo e coinvolge sia attori statali sia broker privati come Zerodium e Crowdfense, che acquistano vulnerabilità per milioni di dollari.
Il caso di EternalBlue ci insegna che la gestione delle cyber weapons è un tema critico della sicurezza internazionale e che il rischio di fuoriuscite incontrollate è sempre presente, con conseguenze potenzialmente catastrofiche.
0day e Guerra Cibernetica: Un’Industria in Espansione
Il mercato degli 0day non è più un semplice spazio di nicchia per hacker e cybercriminali, ma un’industria multimilionaria che si muove nell’ombra. Alcuni punti chiave mostrano come questa realtà stia crescendo:
- Aumento degli attacchi mirati: Governi e gruppi di cybercriminali stanno diventando sempre più selettivi nell’uso degli 0day, scegliendo obiettivi precisi per massimizzare l’impatto.
- Crescente domanda di exploit 0-click: Gli attacchi più avanzati non richiedono interazione dell’utente e sono ideali per operazioni di sorveglianza di alto livello.
- Meno vulnerabilità pubbliche, più vulnerabilità vendute nel mercato nero: Nonostante il numero di vulnerabilità con CVSS >9,5 sembri stabile o in lieve calo, ciò non significa che il software sia più sicuro. Piuttosto, molte vulnerabilità critiche finiscono direttamente nel mercato underground invece di essere divulgate pubblicamente.
Conclusioni: 0day, Il Mercato Delle Nuove Armi
Se un tempo la sicurezza informatica era vista come un settore tecnico di nicchia, oggi è chiaro che il cyberspazio è il nuovo campo di battaglia globale e geopolitico dell’era moderna. Il commercio di exploit 0day è diventato l’equivalente della corsa agli armamenti nucleari durante la Guerra Fredda: chi possiede i migliori strumenti ha il controllo strategico sulle operazioni di intelligence e della guerra cibernetica.
D’altra parte, agire nell’ombra all’interno della zona grigia consente agli Stati di condurre operazioni di interferenza, influenza e spionaggio industriale con un livello di discrezione molto più elevato. Inoltre, offre sempre la possibilità di negare il coinvolgimento diretto, scaricando la responsabilità su gruppi di hacker affiliati o milizie informatiche, creando così un velo di plausibile negabilità.
La crescita del mercato degli 0day, il ruolo sempre più dominante dei broker specializzati e l’interesse delle agenzie governative dimostrano che il cyberspazio è ora il nuovo fronte della geopolitica globale. Mentre le vulnerabilità più critiche non vengono più segnalate pubblicamente, il mercato sotterraneo continua a espandersi, lasciando sempre più spazio a nuovi attori e consolidando il dominio di chi ha accesso alle armi digitali più potenti.
L'articolo Il Mercato Sotterraneo degli Exploit 0day: Intermediari, PSOA e la Corsa agli Armamenti Cibernetici proviene da il blog della sicurezza informatica.
Software in Progress
Open source software can be fantastic. I run almost exclusively open software, and have for longer than I care to admit. And although I’m not a serious coder by an stretch, I fill out bug reports when I find them, and poke at edge cases to help the people who do the real work.
For 3D modeling, I’ve been bouncing back and forth between OpenSCAD and FreeCAD. OpenSCAD is basic, extensible, and extremely powerful in the way that a programming language is, and consequently it’s reliably bug-free. But it also isn’t exactly user friendly, unless you’re a user who likes to code, in which case it’s marvelous. FreeCAD is much more of a software tool than a programming language, and is a lot more ambitious than OpenSCAD. FreeCAD is also a program in a different stage of development, and given its very broad scope, it has got a lot of bugs.
I kept running into some really serious bugs in a particular function – thickness for what it’s worth – which is known to be glitchy in the FreeCAD community. Indeed, the last time I kicked the tires on thickness, it was almost entirely useless, and there’s been real progress in the past couple years. It works at least sometimes now, on super-simple geometries, and this promise lead me to find out where it still doesn’t work. So I went through the forums to see what I could do to help, and it struck me that some people, mostly those who come to FreeCAD from commercial programs that were essentially finished a decade ago, have different expectations about the state of the software than I do, and are a lot grumpier.
Open source software is working out its bugs in public. Most open source is software in development. It’s growing, and changing, and you can help it grow or just hang on for the ride. Some open-source userland projects are mature enough that they’re pretty much finished, but the vast majority of open-source projects are coding in public and software in progress.
It seems to me that people who expect software to be done already are frustrated by this, and that when we promote super-star open projects like Inkscape or Blender, which are essentially finished, we are doing a disservice to the vast majority of useful, but still in progress applications out there that can get the job done anyway, but might require some workarounds. It’s exactly these projects that need our help and our bug-hunting, but if you go into them with the “finished” mentality, you’re setting yourself up for frustration.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
A Programming Language for Building NES Games
Generally speaking, writing your own games for retro consoles starts with C code. You’ll need to feed that through a console-specific tool-chain, and there’s certainly going to be some hoops to jump through, but if everything goes as expected, you should end up with a ROM file that can be run in an emulator or played on real hardware if you’ve got the necessary gadgetry to load it.
But NESFab takes things in a slightly different direction. While the code might look like C, it’s actually a language specifically tailored for developing games on the Nintendo Entertainment System (NES). The documentation claims that this targeted language not only compiles into considerably faster 6502 assembly than plain C on GCC or LLVM, but is designed to work around the strengths (and weaknesses) of the NES hardware.
Looking deeper into the example programs and documentation, NESFab offers quite a few quality of life features that should make developing NES games easier. For one thing, there’s integrated asset loading which automatically converts your image files into something the console can understand. One just needs to drop the image file into the source directory, open it in the code with the
file
function, and the build system will take care of converting it on the fly as the ROM is built. The nuances of bank switching — the organization of code and assets so they fit onto the physical ROM chips on the NES cartridge — are similarly abstracted away.
The obvious downside of NESFab is that, as with something like GB Studio, you’re going to end up putting effort into learning a programming environment that works for just one system. So before you get started, you really need to decide what your goals are. If you’re a diehard NES fan that has no interest in working on other systems, learning a language and build environment specifically geared to that console might make a certain degree of sense. But if you’d like to see your masterpiece running on more than just one system, working in straight C is still going to be your best bet.
Retrotechtacular: Point-of-Sale Through the Years
In days gone by, a common retail hack used by some of the less honorable of our peers was the price tag switcheroo. You’d find some item that you wanted from a store but couldn’t afford, search around a bit for another item with a more reasonable price, and carefully swap the little paper price tags. As long as you didn’t get greedy or have the bad luck of getting a cashier who knew the correct prices, you could get away with it — at least up until the storekeeper wised up and switched to anti-tamper price tags.
For better or for worse, those days are over. The retail point-of-sale (POS) experience has changed dramatically since the time when cashiers punched away at giant cash registers and clerks applied labels to the top of every can of lima beans in a box with a spiffy little gun. The growth and development of POS systems is the subject of [TanRu Nomad]’s expansive video history, and even if you remember the days when a cashier kerchunked your credit card through a machine to take an impression of your card in triplicate, you’ll probably learn something.
The history of POS automation stretches back to the 1870s, perhaps unsurprisingly thanks to the twin vices of alcohol and gambling. The “Incorruptible Cashier” was invented by a saloon keeper tired of his staff ripping him off, and that machine would go on to become the basis of the National Cash Register Corporation, or NCR. That technology would eventually morph into the “totalisator,” an early computer used to calculate bets and payout at horse tracks. In fact, it was Harry Strauss, the founder of American Totalisator, who believed strongly enough in the power of computers to invest $500,000 in a struggling company called EMCC, which went on to build UNIVAC and start the general-purpose computer revolution.
To us, this was one of the key takeaways from this history, and one that we never fully appreciated before. The degree to which the need of retailers to streamline their point-of-sale operations drove the computer industry is remarkable, and the video gives multiple examples of it. The Intel 4004, the world’s first microprocessor, was designed mainly for calculators but also found its way into POS terminals. Those in turn ended up being so successful that Intel came up with the more powerful 8008, the first eight-bit microprocessor. People, too, were important, such as a young Chuck Peddle, who cut his teeth on POS systems and the Motorola 6800 before unleashing the 6502 on the world.
So the next time you’re waving your phone or a chipped credit card at a terminal and getting a sterile “boop” as a reward, spare a thought for all those clunky, chunky systems that paved the way.
youtube.com/embed/mgOLHIqTgm8?…
Thanks to [Ostracus] for the tip.
Who’d Have Guessed? Graphene is Strange!
Graphene always sounds exciting, although we aren’t sure what we want to do with it. One of the most promising features of the monolayer carbon structure is that under the right conditions, it can superconduct, and some research into how that works could have big impacts on practical superconductor technology.
Past experiments have shown that very cold stacks of graphene (two or three sheets) can superconduct if the sheets are at very particular angles, but no one really understands why. A researcher at Northeaster and another at Harvard realized they were both confused about the possible mechanism. Together, they have started progressing toward a better description of superconductivity in graphene.
Part of the problem has been that it is hard to make large pieces of multi-layer graphene. By creating two-ply pieces and using special techniques, an international team is finding that quantum geometry explains how graphene superconductors resist changes in current flow more readily than conventional superconductors.
Another team found that adding another layer makes the material behave more like a family of conventional higher-temperature superconductors. The research appears in two different papers. One covers the two-ply material. The other talks about the material with three layers.
Making little bits of graphene isn’t hard. Making it in quantity is a different story. We keep dreaming of what we could do with a room-temperature superconductor.
All You Need To Make A Go-Kart, From Harbor Freight
The many YouTube workshop channels make for compelling viewing. even if their hackiness from a Hackaday viewpoint is sometimes variable. But from time to time up pops something that merits a second look. A case in point is [BUM]’s go-kart made entirely from Harbor Freight parts, a complete but rudimentary vehicle for around 300 dollars. It caught our eye because it shows some potential should anyone wish to try their luck with the same idea as a Power Racer or a Hacky Racer.
The chassis, and much of the running gear comes courtesy of a single purchase, a four-wheeled cart. Some cutting and welding produces a surprisingly useful steering mechanism, and the rear axle comes from a post hole digger. Power comes from the Predator gasoline engine, which seems to be a favourite among these channels.
The result is a basic but serviceable go-kart, though one whose braking system can be described as rudimentary at best. The front wheels are a little weak and require some reinforcement, but we can see in this the basis of greater things. Replacing that engine with a converted alternator or perhaps an electric rickshaw motor from AliExpress and providing it with more trustworthy braking would result in possibly the simplest Hacky Racer, or just a stylish means of gliding round a summer hacker camp.
youtube.com/embed/f89LCrEqDZs?…
UScope: A New Linux Debugger And Not A GDB Shell, Apparently
[Jim Colabro] is a little underwhelmed with the experience of low-level debugging of Linux applications using traditional debuggers such as GDB and LLDB. These programs have been around for a long time, developing alongside Linux and other UNIX-like OSs, and are still solidly in the CLI domain. Fed up with the lack of data structure support and these tools’ staleness and user experience, [Jim] has created UScope, a new debugger written from scratch with no code from the existing projects.
GBD, in particular, has quite a steep learning curve once you dig into its more advanced features. Many people side-step this learning curve by running GDB within Visual Studio or some other modern IDE, but it is still the same old debugger core at the end of the day. [Jim] gripes that existing debuggers don’t support modern data structures commonly used and have poor customizability. It would be nice, for example, to write a little code, and have the debugger render a data structure graphically to aid visualisation of a problem being investigated. We know that GDB at least can be customised with Python to create application-specific pretty printers, but perhaps [Jim] has bigger plans?
Anyway, Uscope currently supports only C and Zig, but work is in progress to add C++ and Go support, with plans for Rust, Odin and Jai. Time will tell whether they can gather enough interest to really drive development to support the more esoteric languages fully. Still, Rust at least has a strong support base, which might help get other people involved. It looks like early doors for this project, so time will tell whether it gets traction. We’ll certainly be keeping an eye on it in the future!
If you wish to play along at home, you’ll want to start with the GitHub page, read on from there, and maybe join this discord.
If you’re new to debugging on Linux, we’ve got a quick guide to GUI frontends to ease you in. If you’re less interested in code and more of a script junkie, here’s how to debug BASH script or even SED.
When Ignoring Spam Loses You an Ice Surfacer Patent
Bear with us for a moment for a little background. The Rideau Canal Skateway in Ottawa is the world’s largest natural skating rink, providing nearly 8 km of pristine ice surface during the winter. But maintaining such a large ice surface is a challenge. A regular Zamboni can’t do it; the job is just too big. So the solution is a custom machine called the Froster, conceived by Robert Taillefer and built by Sylvain Fredette.Froster spans almost twenty meters, and carries almost 4000 L of water. There’s no other practical way to maintain almost 8 km of skating rink.
A patent was filed in 2010, granted by the Canadian Intellectual Property Office, and later lost because important notifications started going to an apparently unchecked spam folder. The annual fee went unpaid, numerous emails went unanswered, an expiry date came and went, and that was that.
It’s true that emailed reminders (the agreed-upon — and only — method of contact) going unnoticed to spam was what caused Robert to not take any action until it was too late. We’d all agree that digital assistants in general need to get smarter, and that includes being better at informing the user about automatically-handled things like spam.
But what truly cost Robert Taillefer his patent was having a single point of failure for something very, very important. The lack of any sort of backup method of communication in case of failure or problem meant that this sad experience was, in a way, a disaster just waiting to happen. At least that’s how the Federal Court saw it when he took his complaint to them, and that’s how they continued to see it when he appealed the decision.
If you’ve never heard of the Rideau Canal Skateway or would like to see the Froster in action, check out this short video from the National Capital Commission of Canada, embedded just under the page break.
youtube.com/embed/-k1-A0DsU-w?…
Growing a Gallium-Arsenide Laser Directly on Silicon
As great as silicon is for semiconductor applications, it has one weakness in that using it for lasers isn’t very practical. Never say never though, as it turns out that you can now grow lasers directly on the silicon material. The most optimal material for solid-state lasers in photonics is gallium-arsenide (GaAs), but due to the misalignment of the crystal lattice between the compound (group III-V) semiconductor and silicon (IV) generally separate dies would be produced and (very carefully) aligned or grafted onto the silicon die.
Naturally, it’s far easier and cheaper if a GaAs laser can be grown directly on the silicon die, which is what researchers from IMEC now have done (preprint). Using standard processes and materials, GaAs lasers were grown on industry-standard 300 mm silicon wafers. The trick was to accept the lattice mismatch and instead focus on confining the resulting flaws through a layer of silicon dioxide on top of the wafer. In this layer trenches are created (see top image), which means that when the GaAs is deposited it only contacts the Si inside these grooves, thus limiting the effect of the mismatch and confining it to within these trenches.
There are still a few issues to resolve before this technique can be prepared for mass-production, of course. The produced lasers work at 1,020 nm, which is a shorter wavelength than typically used, and there still some durability issues due to the manufacturing process that have to be addressed.