Button Debouncing With Smart Interrupts
Debouncing button or switch inputs on microcontrollers can be a challenging problem for those first starting to program these devices. Part of the reason for this difficulty is that real-world buttons don’t behave like the idealized textbook components we first learn about, and therefore need special consideration to operate like one would expect. There are simple ways to debounce inputs like adding a delay after a button is pressed, but for more efficient use of computer resources as well as adding some other capabilities to inputs you might want to look at this interrupt service routine (ISR) method from [Lee] aka [stockvu].
The strategy with this debounce method is not simply to use a single ISR for the button input, but to activate a second timer-based ISR at that time that runs at a certain interval which timestamps any button press and checks the amount of time the button has been active. If it’s under a certain threshold the ISR assumes it’s caused by bounce and blocks the bounce. If the timestamp ages past another longer threshold it knows the button has been released. This method allows on-the-fly adaptation between long button presses and rapid button presses and is capable of debouncing both types.
For those wanting to try this out, [stockyu] has included some example Arduino code for others to use. It’s an interesting take on a solution for a common problem, and puts very little load on the microcontroller. There are about as many ways to debounce inputs as there are microcontroller platforms, though, and you can even use a 555 timer to get this job done which frees up 100% of the microcontroller’s CPU.
A New Life For a Conference Badge, Weighing Bees
We love electronic conference badges here at Hackaday, but it’s undeniable that many of them end up gathering dust after the event. Most of them are usable as development boards though, so it’s nice to see them appear in projects from time to time. [Benjamin Blundell] has a good one, he’s using an EMF Camp 2014 badge to power a set of load cells in a bee scale.
Not being skilled in the art of apiary here at Hackaday we’re thankful for his explanation. Beekeepers weigh their hives as a means of gauging their occupancy, and the scale for this purpose has a few application specific features. The EMF 2014 badge (known as the TiLDA MKe) meanwhile is an Arduino Due compatible ARM Cortex M0 board with an LCD display, making it perfect for the job. He devotes quite some time to describing the load cells, mounting them on extrusion, and calibration, all of which should be of use to anyone making a scale.
The software for the badge is an odd mix of Arduino and FreeRTOS, and he takes one of the stock apps and modifies it for the scale. It’s very much a badge of its era, being programmable but not with a built-in interpreter for MicroPython or similar. You can see the whole project at work in the video below the break.
If you’ve not seen a TiLDA MKe before, we wrote about it when it was released.
youtube.com/embed/KWlVOn8AhTU?…
BitLocker Sotto Attacco! La Dimostrazione Shock al Chaos Communication Congress
Alla conferenza annuale Chaos Communication Congress (CCC), organizzata dalla più grande comunità di hacker d’Europa, il ricercatore Thomas Lambertz ha presentato il rapporto “Windows BitLocker: Screwed without a Screwdriver”.
Nel suo discorso, ha dimostrato come aggirare la protezione crittografica BitLocker e ottenere l’accesso ai dati. Sebbene il CVE-2023-21563 sia stato ufficialmente aggiornato con la patch nel novembre 2022, può ancora essere sfruttato nelle versioni attuali di Windows. Per fare ciò, è sufficiente l’accesso fisico una tantum al dispositivo e la connessione alla rete.
L’attacco rientra nella categoria “bitpixie” e non richiede manipolazioni complesse, come l’apertura del case del computer. La tecnica prevede l’utilizzo del boot loader legacy di Windows tramite Secure Boot per estrarre la chiave di crittografia nella RAM, dopodiché la chiave viene estratta utilizzando Linux. Ciò dimostra che gli aggiornamenti volti a correggere la vulnerabilità non erano abbastanza efficaci.
Il problema è legato alle restrizioni su dove sono archiviati i certificati in UEFI. Si prevede che i nuovi certificati Secure Boot non verranno visualizzati prima del 2026. Come soluzione temporanea, Lambertz consiglia agli utenti di creare i propri PIN per BitLocker o disabilitare l’accesso alla rete nel BIOS. Inoltre anche un semplice dispositivo di rete USB può essere utilizzato per sferrare un attacco.
Per gli utenti comuni, la minaccia rimane improbabile. Tuttavia, negli ambienti aziendali, governativi e in altri ambienti mission-critical, la capacità di decrittografare completamente un disco tramite l’accesso fisico rappresenta una seria preoccupazione.
Per uno studio più approfondito dell’argomento, la registrazione integrale della presentazione di Lambertz è a disposizione degli interessati sul sito web del CCC Media Center. Dura 56 minuti e contiene dettagli tecnici che spiegano perché risolvere la vulnerabilità è così impegnativo.
L'articolo BitLocker Sotto Attacco! La Dimostrazione Shock al Chaos Communication Congress proviene da il blog della sicurezza informatica.
Polizia Postale 2024: 144 Arrestati Per Pedopornografia e 2.300 siti oscurati per cyberterrorismo
È stato pubblicato ieri il consueto rapporto annuale della Polizia Postale e delle Comunicazioni relativo al 2024. Il documento evidenzia come l’istituzione abbia affrontato sfide sempre più complesse nel cyberspazio, rafforzando il suo ruolo di pilastro nella lotta contro i crimini informatici.
Il report offre una panoramica dettagliata delle attività svolte, mettendo in luce risultati significativi in molteplici ambiti, tra cui la protezione delle infrastrutture critiche, il contrasto alla criminalità digitale e la tutela dei minori online.
Un focus centrale del rapporto riguarda il contrasto alla pedopornografia online. Il Centro Nazionale per il Contrasto alla Pedopornografia Online (CNCPO) ha intensificato il monitoraggio della rete, inserendone 2.775 in una blacklist. Le operazioni investigative hanno portato all’arresto di 144 individui, segnando un aumento rispetto all’anno precedente. Questo risultato sottolinea l’efficacia di una strategia che combina tecnologie avanzate e cooperazione internazionale.
La tutela dei minori ha incluso anche campagne educative come “Una Vita da Social” e “Cuori Connessi,” che hanno raggiunto migliaia di giovani in tutta Italia. Queste iniziative, volte a promuovere un uso consapevole della rete, si sono affiancate a interventi diretti contro fenomeni quali sextortion, revenge porn e adescamento online. La crescente diffusione di queste minacce ha spinto la Polizia Postale a rafforzare i propri programmi di sensibilizzazione nelle scuole.
Parallelamente, il Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche (CNAIPIC) ha incrementato le attività di prevenzione contro attacchi ransomware e DDoS. In un contesto geopolitico instabile, gli attacchi sponsorizzati da stati o gruppi ideologici rappresentano una minaccia crescente. L’impegno della Polizia Postale è stato essenziale per garantire la sicurezza di eventi di rilievo come il Vertice G7 e il Giubileo della Speranza 2025.
Il Centro nazionale anticrimine informatico per la protezione delle infrastrutture critiche (Cnaipic) ha gestito circa 12.000 attacchi informatici e diramato 59.000 alert, concentrandosi su eventi critici come il Vertice G7 in Puglia. In un contesto caratterizzato da attacchi ransomware e DDoS, sono state identificate 180 persone coinvolte in attività cybercriminali, spesso legate a gruppi sponsorizzati da Stati.
Nel contrasto al cyberterrorismo, sono stati monitorati oltre 290.000 siti web e oscurati 2.364 per prevenire radicalizzazioni e minacce terroristiche.
Per quanto riguarda il contrasto al crimine finanziario online, l’analisi dei dati ha evidenziato un aumento costante di truffe nel tempo, che, nel quadro del generale rinnovamento della struttura organizzativa del Servizio Polizia Postale, ha portato all’istituzione di una Divisione operativa dedicata. I principali crimini riguardano il phishing, il vishing e lo smishing, frodi basate sul social engineering (come la BEC fraud) e truffe tramite investimenti online (falso trading). In crescita anche l’uso delle criptovalute, le cui transazioni sono più difficili da tracciare, richiedendo competenze specializzate.
Infine, il Commissariato di P.S. online, sito ufficiale della Polizia Postale e strumento di diretto contatto con i cittadini, ha ricevuto 3 milioni di visite e gestito oltre 82.000 segnalazioni e 23.000 richieste di assistenza. Attraverso iniziative come “Una vita da social” e “Cuori Connessi”, ha sensibilizzato studenti e cittadini sui rischi della rete, promuovendo comportamenti sicuri online con materiali informativi distribuiti in collaborazione con enti e aziende locali.
L'articolo Polizia Postale 2024: 144 Arrestati Per Pedopornografia e 2.300 siti oscurati per cyberterrorismo proviene da il blog della sicurezza informatica.
High Performance RISC-V
From the Institute of Computing Technology division of the Chinese Academy of Sciences and Peng Cheng Laboratory comes a high-performance and well-documented RISC-V core called XiangShan.
In the Git repository, you’ll find several branches including at least two stable branches: Yanqihu and Nanhu. The currently developed architecture, Kunminghu, is impressive, with a sophisticated instruction fetch unit, a reorder buffer, and a register renaming scheme.
The point of these types of circuits in a CPU is to allow multiple instructions to process at once. This also implies that instructions can be executed out of order. A cursory glance didn’t show any branch prediction logic, but that may be a limitation of the documentation. If there isn’t one, that would be an interesting thing to add in a fork if you are looking for a project.
On the computing side, the processor contains an integer block, a floating point unit, and a vector processor. Clearly, this isn’t a toy processor and has the capability to compete with serious modern CPUs.
There is a separate GitHub for documentation. It looks like they try to keep documentation in both Mandarin and English. You can also find some of the academic papers about the architecture there, too.
We love CPU design, and this is an interesting chance to contribute to an open CPU while there are still interesting things to do. If you need to start with something easier, plenty of small CPUs exist for educational purposes.
Math on a Checkerboard
The word “algorithm” can sometimes seem like a word designed to scare people away from math classes, much like the words “calculus”, “Fourier transform”, or “engineering exam”. But in reality it’s just a method for solving a specific problem, and we use them all the time whether or not we realize it. Taking a deep dive into some of the ways we solve problems, especially math problems, often leads to some surprising consequences as well like this set of algorithms for performing various calculations using nothing but a checkerboard.
This is actually a demonstration of a method called location arithmetic first described by [John Napier] in 1617. It breaks numbers into their binary equivalent and then uses those representations to perform multiplication, division, or to take the square root. Each operation is performed by sliding markers around the board to form certain shapes as required by the algorithms; with the shapes created the result can be viewed directly. This method solves a number of problems with other methods of performing math by hand, eliminating other methods like trial-and-error. The video’s creator [Wrath of Math] demonstrates all of these capabilities and the proper method of performing the algorithms in the video linked below as well.
While not a “hack” in the traditional sense, it’s important to be aware of algorithms like this as they can inform a lot of the way the world works on a fundamental level. Taking that knowledge into another arena like computer programming can often yield some interesting results. One famous example is the magic number found in the code for the video game Quake, but we’ve also seen algorithms like this used to create art as well.
youtube.com/embed/_Qe_0aj4eEM?…
Custom Firmware Adds Capabilities to Handie Talkie
Although ham radio can be an engaging, rewarding hobby, it does have a certain reputation for being popular among those who would fit in well at gated Florida communities where the preferred mode of transportation is the golf cart. For radio manufacturers this can be a boon, as this group tends to have a lot of money and not demand many new features in their technology. But for those of us who skew a bit younger, there are a few radios with custom firmware available that can add a lot of extra capabilities.
The new firmware is developed by [NicSure] for the Tidradio TD-H3 and TD-H8 models and also includes a browser-based utility for flashing it to the radio without having to install any other utilities. Once installed, users of these handheld radios will get extras like an improved S-meter and detection and display of CTCSS tones for repeater usage. There’s also a programmer available that allows the radio’s memory channels to be programmed easily from a computer and a remote terminal of sorts that allows the radio to be operated from the computer.
One of the latest firmware upgrades also includes a feature called Ultra Graph which is a live display of the activity on a selected frequency viewable on a computer screen. With a radio like this and its upgraded firmware, a lot of the capabilities of radios that sell for hundreds of dollars more can be used on a much more inexpensive handheld. All of this is possible thanks to an on-board USB-C interface which is another feature surprisingly resisted by other manufacturers even just for charging the batteries.
youtube.com/embed/2QbwW1Sgy5o?…
Landing Soon: This Beautiful Weather Display
All wiring is beautiful, except when it isn’t. But is there anything more lovely to behold than circuit sculpture? Once again, [Mohit Bhoite] has made this process look easy like Sunday morning. This time, he’s created a weather display in the form of a lander.
There’s also a pulse-density microphone (PDM) breakout board and a buzzer, and the build is capped off with a red 0805 LED. We’re not sure what the feet are made of, but they sure make this lander cute (and accurate).
All the project logs are picture-rich, which is really the most we could ask for when trying to imitate this level of greatness. This is apparently an ongoing project, and we’re excited for the end result, although it looks fairly complete from here.
Do you want to bend it like Bhoite? Then be sure to check out his Hackaday Supercon talk on the subject.
Organizing Components, The Easy Way
There’s an old joke: What do you get someone who has everything? A place to put it. For hackers like [Christian], everything is a hoard of priceless electronic components. His solution is using small zipper bags, either regular plastic or anti-static. These attach using hook and loop fastener to plastic binder sheets which then live in a binder. Combined with some custom printed labels and a few other tricks, it makes for a nice system, as you can see in the video below.
Honestly, we’ve done something similar before, using a binder with little pockets, but the bag and custom labels beat our system. He even has QR codes on some of them to locate data sheets easily. Seems like a barcode for inventory management might have been good, too.
Some advice from us. If you are just starting out, this might seem like overkill. But if you start out doing something — this or something else — then ten years from now, you won’t have to be like us and think, “I’d get everything organized, but it is going to take months to work through what I already have…” That usually makes it a project you never really get started with. Develop good habits early!
Even if you don’t want to store your components this way, his binder hacks probably work for lots of other things, too. It isn’t as flashy as some systems we’ve seen, but it is very practical. If only you didn’t have to turn the pages in the binder yourself.
youtube.com/embed/N9kQCDN8lkk?…
Hackaday Podcast Episode 302: Scroll Wheels, Ball Screws, and a New Year for USB-C
After a bit too much eggnog, Elliot Williams and Al Williams got together to see what Hackaday had been up to over the holiday. Turns out, quite a bit. There was a lot to cover, but the big surprise was the “What’s that Sound” competition. Do you know who had the correct answer from the last show? No one! So they guys did the right thing and drew from all the entrants for a coveted Hackaday Podcast T-shirt.
Back to the hacks, you’ll hear about USB-C and the EU, what to do when the Kickstarter product you had your heart set on doesn’t deliver, and a very strange way to hack some power grids wirelessly.
If you are interested in physics cameras, modifying off-the-shelf gear, or a fresh approach to color 3D printing, they’ll talk about that, too. Finally, you can find out what Tom Nardi thought of Hackaday in the year past, and if your next ocean voyage will have to stop for a charge.
html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Download the MP3 full of optimism for 2025 resolutions.
Episode 302 Show Notes:
News:
What’s that Sound?
- Congrats to [Henré Botha] for winning the dice roll. We’ll have to do whale sounds someday!
Interesting Hacks of the Week:
- Beam Me Up: Simple Free-Space Optical Communication
- Gigabit Ethernet Through The Air
- Hackaday Superconference 2017 – Michael Ossmann & Dominic Spill
- Getting Started With GNU Radio
- Doomscroll Precisely, And Wirelessly
- 38C3: Taking Down The Power Grid Over Radio
- Ball Nut Modification Charts A Middle Course Between Building And Buying
- Taking “Movies” Of Light In Flight
- Full Color 3D Printing With PolyDye And Existing Inkjet Cartridges
Quick Hacks:
- Elliot’s Picks
- Protect Your Site With A DOOM Captcha
- 2024 Brought Even More Customization To Boxes.py
- VPlayer Puts Smart Display In Palm Of Your Hand
- Al’s Picks:
- Wire Rope: Never Saddle A Dead Horse
- Circuit Secrets: Exploring A $5 Emergency Light
- Creating A Mechanical Qubit That Lasts Longer Than Other Qubits
Can’t-Miss Articles:
hackaday.com/2025/01/03/hackad…
3D Printed Case Turns Pixel 6 Pro into Palmtop
Despite initial interest in the 1990s and early 2000s, palmtop computers never really took off. Realistically most consumers were probably satisfied enough with smartphones as they became more widely available, but those of us who would prefer a real keyboard on our mobile devices are still feeling the pain. Today there are still a few commercial palmtop-like machines out there, but they aren’t exactly mainstream.
Which is why this 3D printed case for the Pixel 6 Pro from [TypingCat] is so interesting. It takes a relatively popular and capable contemporary phone, pairs it with a physical keyboard, and manages to create something that looks quite practical. Thanks to Termux, you can even get a fairly usable Linux environment going on the thing.
While the Pixel 6 Pro is a solid enough choice to base this project around, we’re interested in seeing if the community will come up with variants of this case to hold other similarly sized phones. It’s interesting to note that [TypingCat] has decided to use the “No Derivatives” variant of the Creative Commons license for the bottom half of the case. But since the top half is a remix of an existing Pixel 6 Pro case from [JoshCraft3D], it carries a more permissive license and must be distributed separately. Long story short, folks can create and distribute custom versions of the phone-side of this case, but the bottom needs to remain the same.
If you’ve got filament to burn extrude and would rather have a more pure Linux experience, we saw a printable Raspberry Pi Zero palmtop a couple months back that looked quite promising.
This Week in Security: IOCONTROL, (Location) Leaking Cars, and Passkeys
Claroty’s TEAM82 has a report on a new malware strain, what they’re calling IOCONTROL. It’s a Linux malware strain aimed squarely at embedded devices. One of the first targets of this malware, surprisingly, is the Iraeli made Orpak gas station pumps. There’s a bit of history here, as IOCONTROL is believed to be used by CyberAv3ngers, a threat actor aligned with Iran. In 2023 a group aligned with Israel claimed to have compromised the majority of the gas stations in Iran. IOCONTROL seems to have been deployed as retribution.
There are a few particularly interesting aspects of this malware, and how TEAM82 went about analyzing it. The first is that they used unicorn to emulate the obscure ARM platform in question. This was quite an adventure, as they were running the malicious binary without the normal Linux OS under it, and had to re-implement system calls to make execution work. The actual configuration data was encrypted as the data section of the executable, presumably to avoid simple string matching detection and analysis.
Then to communicate with the upstream command and control infrastructure, the binary first used DNS-Over-HTTPS to resolve DNS addresses, and then used the MQTT message protocol for actual communications. Once in place, it has the normal suite of capabilities, like code execution, cleanup, lateral scanning, etc. An interesting speculation is that the level of control this malware had over these gas pumps, it was in a position to steal credit card information. This malware family isn’t limited to gas pumps, either, as it’s been spotted in IoT and SCADA devices from a whole host of vendors.
Bit-unlocker
We have another attack against TPM backed Bitlocker full disk encryption. The idea here is that by default Bitlocker uses an encryption key provided by the system’s Trusted Platform Module (TPM). Unless the user intentionally turns on Bitlocker PIN, this key from the TPM is the only credential needed to decrypt the drive, and is automatically provided at boot time. We’ve covered one attack against Bitlocker, where the key is sniffed while it’s being transferred from the external TPM. The conclusion as of that coverage was that a firmware TPM saves you from this attack, since there’s no accessible bus to sniff data from.
Well. There’s another approach, as you might have guessed. Modern memory requires constant refreshing to not lose its value, but that doesn’t mean that it’s entirely lost immediately. That’s what [Jack Crouse] discovered, and put to work here. Using the reset pins on a motherboard, the system is reset and booted off a flash drive. That drive contains a very minimal EFI application that just reads system memory and dumps it to the flash drive. Because the memory is mostly intact, if you reset the machine at the right point during boot, the memory dump includes the disk encryption key, allowing for easy drive decryption. If nothing else, this should be your queue to add a PIN to your Bitlocker setup. This was also a talk given at 38c3, which is now available!
Stars for Sale
GitHub stars are a useful way to determine the popularity of a project, and by extension how trustworthy that project is. At least, that’s the idea. Like any measure of popularity and trustworthiness, the GitHub Stars system has been gamed. Given how easy it is to create a GitHub account, and that giving out stars is a free action, it’s not surprising. The research suggested that between 3 and 4.5 million stars were fake, and GitHub has been quite responsive at removing the accounts and stars that are very likely to be inauthentic.
The Downside to a Connected Car
In a tale that gets worse the more you think about it, it’s revealed that 800,000 Volkswagen electric vehicles were leaking their precise information history via an unsecured Amazon storage instance. This wasn’t explicitly referred to as an S3 bucket, but we’ll use the “bucket” term for ease of discussion. This was discovered via an unnamed whistleblower, so it’s unclear whether the bucket name was accidentally made public. Regardless, it was accessible without any authentication. The broader question is why VW needs to keep these records on their drivers. It’s the downside to an always connected car.
How’s the Passkey Doing?
[Dan Goodin] is no stranger to the pages of this column, and he has thoughts about Passkeys. This isn’t a vulnerability — the FIDO2 specification hasn’t been broken in some new and clever way. Passkeys are still a good, secure way to use a trusted device as an authentication source. The problem is, they’re sort of a pain to use. Say you’re using Google Chrome on an Apple device. A site prompts you to create a passkey. Is that passkey managed by Apple, or Google? The answer is, by Apple, unless you explicitly ask Chrome to manage it. And then, Chrome on Mac isn’t allowed to sync Passkeys to Chrome on an iPhone.
And those are essentially the two problems with Passkeys: Every vendor wants users to use their platform to store passkeys, and once stored it’s devilishly difficult to manage and move passkeys to another device/platform. The silver lining is that many password managers can act as a Passkey store, and handle syncing between devices. But then again, there’s not much difference between passwords and passkeys, when you use a password manager to handle them.
Double-Click-Jack
And in related news, there’s a new approach to harvesting unintended clicks. Clickjacking is what happens when a site loads an advertisement at the top of the page, just as you’re trying to click on something, and your click gets hijacked to something else. Browsers have added protections to make truly malicious clickjacking harder to pull off. But Doubleclickjacking neatly sidesteps all of them. It’s simple: Launch another tab that claims to be a captcha, asking the user to double-click to prove they are human. Close the tab after a single click, and the second click goes to a different window. It’s clever and devious, and one more thing to watch out for.
youtube.com/embed/4rGvRRMrD18?…
Bits and Bytes
The US Treasury has reported that it was breached, via the ironically named BeyondTrust remote support vendor. It’s reported that this was an APT affiliated with the Chinese government, though very few details are available.
The intersection of data scraping and AI writing has led to dangerously good targeted phishing emails. Part of the danger here is that so much of the legitimate emails that spam filters are trained on are also written by LLMs, and executives are so used to that style of message, phishing emails fit right in.
[Mateusz Jurczyk] has released part five of the Windows Registry deep dive over at Google Project Zero. This installment is all about how the data is actually encoded into the registry files, as well as how those files are loaded and verified. Good stuff.
FPV Flying in Mixed Reality is Easier than You’d Think
Flying a first-person view (FPV) remote controlled aircraft with goggles is an immersive experience that makes you feel as if you’re really sitting in the cockpit of the plane or quadcopter. Unfortunately, while your wearing the goggles, you’re also completely blind to the world around you. That’s why you’re supposed to have a spotter nearby to keep watch on the local meatspace while you’re looping through the air.
But what if you could have the best of both worlds? What if your goggles not only allowed you to see the video stream from your craft’s FPV camera, but you could also see the world around you. That’s precisely the idea behind mixed reality goggles such as Apple Vision Pro and Meta’s Quest, you just need to put all the pieces together. In a recent video [Hoarder Sam] shows you exactly how to pull it off, and we have to say, the results look quite compelling.
[Sam]’s approach relies on the fact that there’s already cheap analog FPV receivers out there that act as a standard USB video device, with the idea being that they let you use your laptop, smartphone, or tablet as a monitor. But as the Meta Quest 3 is running a fork of Android, these devices are conveniently supported out of the box. The only thing you need to do other than plug them into the headset is head over to the software repository for the goggles and download a video player app.
With the receiver plugged in and the application running, you’re presented with a virtual display of your FPV feed hovering in front of you that can be moved around and resized. The trick is to get the size and placement of this virtual display down to the point where it doesn’t take up your entire field of vision, allowing you to see the FPV view and the actual aircraft at the same time. Of course, you don’t want to make it too small, or else flying might become difficult.
[Sam] says he didn’t realize just how comfortable this setup would be until he started flying around with it. Obviously being able to see your immediate surroundings is helpful, as it makes it much easier to talk to others and make sure nobody wanders into the flight area. But he says it’s also really nice when bringing your bird in for a landing, as you’ve got multiple viewpoints to work with.
Perhaps the best part of this whole thing is that anyone with a Meta Quest can do this right now. Just buy the appropriate receiver, stick it to your goggles, and go flying. If any readers give this a shot, we’d love to hear how it goes for you in the comments.
youtube.com/embed/XOmeAAlSTWM?…
Pico Pal Puts RP2350 Into Game Boy Color Shell
While modern gaming systems deliver ever more realistic experiences, there’s still something to be said for the consoles and handhelds of the 80s and 90s. For many, the appeal is nostalgic. Others are attracted to the “lo-fi” graphical and sound design of these games, necessitated by the limited hardware of the time.
That said nobody would claim those old systems were perfect. Which is why a hybrid approach like [Peter Khouly] has been working on with the Pico Pal might be the ultimate solution. This replacement motherboard for the Game Boy Color (GBC) is powered by the RP2350, meaning the external hardware will have the same look and feel as it did back in 1998, but you’ll still be able to reap the benefits of modern emulation.
The most recent status update is from just last week, where [Peter] goes over some of the new features he’s been working on. A major one is the soft power solution, where the physical power switch doesn’t just pull the plug like it did back in the 1990s. Instead, the switch triggers the board to save the game and enter into a low-power mode so that it can come right back on to where you left off. This does impact battery life, but so far, it looks like the Pico Pal GBC will be able to run for at least five hours on a charge, and more than twice that if you don’t mind turning off the audio.
It sounds like there’s still several gremlins to track down in the design, but even in its current state, the Pico Pal GBC looks very interesting. We’re immediately reminded of the phenomenal work [Bucket Mouse] has put in on a similar refit for the original DMG-1 Game Boy.
Dress Up Your 3D Prints with Toner-Transfer Labels
We’ve always found the various methods for adding text and graphics to 3D prints somewhat underwhelming. Embossed or debossed characters are fuzzy, at best, and multi-color printers always seem to bleed one color into the next. Still, the need for labels and logos is common enough that it’s worth exploring other methods, such as this easy toner transfer trick.
Home PCB makers will probably find the method [Squalius] describes in the video below very familiar, and with good reason. We’ve seen toner transfer used to mask PCBs before etching, and the basic process here is very similar. It starts with printing the desired graphics on regular paper using a laser printer; don’t forget to mirror the print. The printed surface is scuffed up a bit, carefully cleaned, and coated with a thick layer of liquid acrylic medium, of the kind used in paint pouring. The mirrored print is carefully laid on the acrylic, toner-side down, and more medium is brushed on the back of the paper. After the print dries, the paper is removed with a little water and some gentle friction, leaving the toner behind. A coat of polyurethane protects the artwork reasonably well.
[Squalius] has tested the method with PLA and PETG and reports good results. The text is clear and sharp, and even fine text and dithered graphics look pretty good. Durability could be better, and [Squalius] is looking for alternative products that might work better for high-wear applications. It looks like it works best on lightly textured surfaces, too, as opposed to surfaces with layer lines. We’d love to see if color laser prints work, too; [Squalius] says that’s in the works, and we’ve seen examples before that are reason for optimism.
youtube.com/embed/wWhU4gyD9Bk?…
Thanks to [greg_bear] for the tip.
555 Timers Bring Christmas Charm to Miniature Village
The miniature Christmas village is a tradition in many families — a tiny idyllic world filled happy people, shops, and of course, snow. It’s common to see various miniature buildings for sale around the holidays just for this purpose, and since LEDs are small and cheap, they’ll almost always have some switch on the bottom to light up the windows.
This year, [Braden Sunwold] and his wife started their own village with an eye towards making it a family tradition. But to his surprise, the scale lamp posts they bought to dot along their snowy main street were hollow and didn’t actually light up. Seeing it was up to him to save Christmas, [Braden] got to work adding LEDs to the otherwise inert lamps.
This could have been an excuse to drag out a microcontroller. But instead, [Braden] did as any good little Hackaday reader should do, and called on Old Saint 555 to save Christmas. After doing some research, he determined that a trio of 555s rigged as relaxation oscillators could be used to produce quasi-random triangle waves. When fed into a transistor controlling the LED, the result would be a random flickering instead of a more aggressive strobe effect. It took a little tweaking of values, but eventually he got it locked down and sent away to have custom PCBs made of the circuit.
With the flicker driver done, the rest of the project was pretty simple. Since the lamp posts were already hollow, feeding the LEDs up into them was easy enough. The electronics went into a 3D printed base, and we particularly liked the magnetic connectors [Braden] used so that the lamps could easily be taken off the base when it was time to pack the village away.
We can’t wait to see what new tricks [Braden] uses to bring the village alive for Christmas 2025. Perhaps the building lighting could do with a bit of automation?
youtube.com/embed/SH6hXkraL7c?…
The Ultimate Distraction Free Writing Environment
The art of writing has become a cluttered one to follow, typically these days through a graphical word processor. There may be a virtual page in front of you, but it’s encumbered by much UI annoyance. To combat this a variety of distraction free software and appliances have been created over the years.
But it’s perhaps [Liam Proven]’s one we like the most — it’s a bootable 16-bit DOS environment with a selection of simple text and office packages on board. No worries about being distracted by social media when you don’t even have networking.
The zip file, in the releases section of the repository, is based upon SvarDOS, and comes with some software we well remember from back in the day. There’s MS Word 5.5 for DOS, in the public domain since it was released as a Y2K fix, Arnor Protext, and the venerable AsEasyAs spreadsheet alongside a few we’re less familiar with. He makes the point that a machine with a BIOS is required, but those of you unwilling to enable BIOS emulation on a newer machine should be able to run it in a VM or an emulator. Perhaps it’s one to take on the road with us, and bang away in DOS alongside all the high-powered executives on the train with their fancy business projections.
We recently talked about SvarDOS, and it shouldn’t come as a surprise that our article linked to a piece [Liam] wrote for The Register.
A Modern Battery For a Classic Laptop
Aside from their ability to operate fairly well in extreme temperatures, lead-acid batteries don’t have many benefits compared to more modern battery technology. They’re heavy, not particularly energy dense, have limited charge cycles, and often can’t be fully discharged without damage or greatly increased wear. With that in mind, one can imagine that a laptop that uses a battery like this would be not only extremely old but also limited by this technology. Of course, in the modern day we can do a lot to bring these retro machines up to modern standards like adding in some lithium batteries to this HP laptop.
Simply swapping the batteries in this computer won’t get the job done though, as lead-acid and lithium batteries need different circuitry in order to be safe while also getting the maximum amount of energy out. [CYUL] is using a cheap UPS module from AliExpress which comes with two 18650 cells to perform this conversion, although with a high likelihood of counterfeiting in this market, the 18650s were swapped out with two that were known to be from Samsung. The USB module also needs to be modified a bit to change the voltage output to match the needs of the HP-110Plus, and of course a modernized rebuild like this wouldn’t be complete without a USB-C port to function as the new power jack.
[CYUL] notes at the end of the build log that even without every hardware upgrade made to this computer (and ignoring its limited usefulness in the modern world) it has a limited shelf life as the BIOS won’t work past 2035. Hopefully with computers like this we’ll start seeing some firmware modifications as well that’ll let them work indefinitely into the future. For modern computers we’ll hope to avoid the similar 2038 problem by switching everything over to 64 bit systems and making other software updates as well.
Crafting a Cardboard Tribute to Puzzle Bobble
What do you get when you cross cardboard, deodorant rollers, and a love for retro gaming? A marvel of DIY engineering that brings the arcade classic Puzzle Bobble to life—once again! Do you remember the original Puzzle Bobble aiming mechanism we featured 12 years ago? Now, creator [TomTilly] has returned with a revamped version, blending ingenuity with a touch of nostalgia. [Tom] truly is a Puzzle Bobble enthusiast. And who could argue that? The game’s simplicty makes for innocent yet addictive gameplay.
[Tom]’s new setup recreates Puzzle Bobble’s signature aiming mechanic using surprising materials: deodorant roller balls filled with hot glue (to diffuse LED colours), bamboo skewers, and rubber bands. At its heart is an Arduino UNO, which syncs the RGB LED ‘bubbles’ and a servo-driven aiming arm to the game’s real-time data. A Lua script monitors MAME’s memory locations to match the bubble colours and aimer position.
But this isn’t just a static display. [Tom] hints at a version 2.0: a fully functional controller complete with a handle. Imagine steering this tactile masterpiece through Puzzle Bobble’s frantic levels!
Need more inspiration? Check out other quirky hacks like [Tom]’s deodorant roller controller we featured in 2023. Whether you’re into cardboard mechanics or retro gaming, there’s no end to what clever hands can create.
youtube.com/embed/uzLQa7_EQDE?…
Programming Ada: Atomics and Other Low-Level Details
Especially within the world of multi-threaded programming does atomic access become a crucial topic, as multiple execution contexts may seek to access the same memory locations at the same time. Yet the exact meaning of the word ‘atomic’ is also essential here, as there is in fact not just a single meaning of the word within the world of computer science. One type of atomic access refers merely to whether a single value can be written or read atomically (e.g. reading or writing a 32-bit integer on a 32-bit system versus a 16-bit system), whereas atomic operations are a whole other kettle of atomic fish.
Until quite recently very few programming languages offered direct support for the latter, whereas the former has been generally something that either Just Worked
In the case of Ada there has been a reluctance among the language designers to add support for atomic operations to the language, with the (GNU) toolchain offering the same intrinsics as a fallback. With the Ada 2022 standard there is now direct support in the System.Atomic_Operations library, however.
Defining Atomic Operations
As mentioned earlier, the basic act of reading or writing can be atomic based on the underlying architecture. For example, if you are reading a 32-bit value on a fully 32-bit system (i.e. 32-bit registers and data bus), then this should complete in a single operation. In this case the 32-bit value read cannot suddenly have 8 or 16-bits on the end that were written during said reading action. Ergo it’s guaranteed to be atomic on this particular hardware platform. For Ada you can use the Atomic pragma to enforce this type of access. E.g.:
A : Unsigned_32 with Atomic;
A := 0;
A := A + 1;
-- This generates:
804969f: a1 04 95 05 08 mov 0x8059504,%eax
80496a4: 40 inc %eax
80496a5: a3 04 95 05 08 mov %eax,0x8059504
Now imagine performing a more complex operation, such as incrementing the value (a counter) even as another thread tries to use this value in a comparison. Although the first thread’s act of reading is atomic and writing the modified value back is atomic, this set of operations is not, resulting in a data race. There’s now a chance that the second thread will read the value before it is updated by the first, possibly causing the second thread to miss the update and requiring repeated polling. What if you could guarantee that this set of atomic operations was itself atomic?
The traditional way to accomplish this is through mutual exclusion mechanisms such as the common concept of mutexes. These do however come with a fair amount of overhead when contended due to the management of the (implementation-defined) mutex structures, the management of which uses the same atomic operations which we could directly use as well. As an example there are LOCK XADD (atomic fetch and add) and LOCK CMPXCHG (atomic compare and exchange) in the x86 ISA which a mutex implementation is likely to use, but which we’d like to use for a counter and comparison function in our own code too.
Reasons To Avoid
Obviously, having two or more threads compete for the same resources is generally speaking not a great idea and could indicate a flaw in the application’s architecture, especially in how it may break modularity. Within Ada an advocated approach has been to use protected objects and barriers within entries, which provides language-level synchronization between tasks. A barrier is defined using the when keyword, followed by the condition that has to evaluate to true before execution can continue.
From a more low-level programming perspective as inspired by C code and kin, the use of directly shared resources makes more sense, and can be argued to have performance benefits. This contrasts with the philosophy behind Ada, which argues that neither safety nor ease of maintenance should ever be sacrificed in the name of performance. Even so, if one can prove that it is in fact safe and does not invite a maintenance nightmare, it could be worth supporting.
One might even argue that since people are going to use this feature anyway – with toolchain intrinsics if they have to – one may as well provide a standard library version. This is something that could be immensely helpful to newcomers as well, as evidenced by my recent attempt to port a lock-free ring buffer (LFRB) from C++ to Ada and running into the atomic operations details head-first.
Fixing A Lock-Free Ring Buffer
In my original Ada port of the LFRB I had naively taken the variables that were adorned with the std::atomic STL feature and replaced that with the with Atomic; pragma, blissfully unaware of this being actually an improvement over the ‘everything is implementation dependent and/or undefined behavior’ elements in C++ (and C). Since I insisted on making it a straight port without a major redesign, it would seem that here I need to use this new Ada 2022 library.
Since the code uses both atomic operations on Boolean and Integer types we need the following two packages:
with System.Atomic_Operations.Integer_Arithmetic;
with System.Atomic_Operations.Exchange;
These generic packages of course also need to have a specific package defined for our use:
type Atomic_Integer is new Integer with Atomic;
package IAO is new System.Atomic_Operations.Integer_Arithmetic(Atomic_Integer);
type Atomic_Boolean is new Boolean with Atomic;
package BAO is new System.Atomic_Operations.Exchange(Atomic_Boolean);
These new types are defined as being capable of atomic read and write operations, which is a prerequisite for more complex atomic operations and thus featured in the package instantiation. Using these types is required to perform atomic operations on our target variables, which are declared as follows:
dataRequestPending : aliased Atomic_Boolean;
unread : aliased Atomic_Integer;
The [url=https://en.wikibooks.org/wiki/Ada_Programming/Keywords/aliased]aliased[/url] keyword here means that the variable has to be in memory (i.e. have a memory address) and not just in a register, allowing it to be the target of an access (pointer) type.
When we want to perform an atomic operation on our variables, we use the package which we instantiated previously, e.g.:
IAO.Atomic_Subtract(unread, len);
IAO.Atomic_Add(free, len);
The first of which will subtract the value of len from unread followed by the second line which will add the same value to free. We can see that we are now getting memory barriers in the generated assembly, e.g.:
lock add DWORD PTR [rsp+4], eax #,, _10
Which is the atomic addition operation for the x86 ISA, confirming that we are now indeed performing proper atomic operations. Similarly, for booleans we can perform atomic operations such as assigning a new value and returning the previous value:
while BAO.Atomic_Exchange(dataRequestPending, false) loop
null;
end loop;
Atomic Differences
I must express my gratitude to the commentators to the previous LFRB Ada article who pointed out these differences between atomic in C++ (and C) and Ada. Along with their feedback there are also tools such as the Godbolt Compiler Explorer site where it’s quite easy to drop in some C++ and Ada code for comparison between the generated assembly, even across a range of ISAs. Since I did not consult any of these previously consider this article my mea culpa for getting things so terribly wrong earlier.
Correspondingly, before passing off the above explanation as the absolute truth, I will preface it by saying that it is my best interpretation of The Correct Way
For corrections and feedback, feel free to sound off in the comments.
Estensioni Chrome hackerate! 540.000 installazioni minacciano i tuoi dati
Venerdì scorso, l’azienda Cyberhaven specializzata nella prevenzione del furto di dati ha confermato di essere stata vittima di un attacco informatico lanciato la sera del 24 dicembre, che ha portato alla pubblicazione di una versione corrotta della sua estensione sul Chrome Web Store il 25 mattina. I team di sicurezza hanno impiegato quasi un giorno in più per rilevare l’attacco e altri 60 minuti per sostituire il plug-in dannoso (v24.10.4) con una versione sana (v24.10.5). All’alba del 26 tutto era tornato alla normalità, o quasi.
Estensioni Chrome hackerate: cosa hanno sfruttato i malintenzionati
Se Cyberhaven si è preso il tempo necessario prima di comunicare ufficialmente i dettagli di questo attacco, ora sappiamo cosa è successo. In modo del tutto classico, un dipendente sarebbe caduto vittima di un attacco di phishing particolarmente ben congegnato. Gli hacker sono poi riusciti a rubare le sue credenziali di connessione al Chrome Web Store per pubblicare una versione dannosa del plugin ufficiale. Secondo l’azienda, solo i browser Chromium configurati per aggiornare automaticamente le estensioni sarebbero a rischio.
Ma le conseguenze non sono meno importanti per la sicurezza dei dati. Secondo John Tuckner, ricercatore di Secure Annex, l’estensione corrotta, che conta più di 400.000 installazioni, conteneva codice in grado di esfiltrare sessioni autenticate e cookie su un server remoto. Tuttavia, tra i clienti di Cyberhaven che probabilmente utilizzeranno il suo plugin, troviamo grandi nomi come Snowflake, Motorola, Canon e persino Reddit.
Non un caso isolato
In seguito a questa scoperta, Jaime Blasco, un altro ricercatore, questa volta della Nudge Security, ha preso l’iniziativa di continuare l’indagine sulla base degli indirizzi IP e dei domini registrati sul server pirata. È emerso che l’attacco a Cyberhaven non è stato un caso isolato, ma parte di una serie di hack coordinati.
Blasco è stato infatti in grado di identificare che lo stesso codice dannoso era stato iniettato anche in altre quattro estensioni popolari, vale a dire Internxt VPN (10.000 installazioni, patchata il 29 dicembre), VPNCity (50.000, rimossa dallo store), Uvoice (40.000, patchata dicembre 31) e ParrotTalks (40.000, rimossi dallo store).
Come ciliegina sulla torta, Blasco ha scoperto anche altri domini che puntano a potenziali vittime, mentre Tuckner hanno confermato di aver identificato diverse altre estensioni contenenti lo stesso codice dannoso, ancora attive al 31 dicembre, tra cui Bookmark Favicon Changer, Castorus, Search Copilot AI Assistant per Chrome , VidHelper o assistente YesCaptcha. In totale, il set aggiuntivo di questi moduli compromessi ha accumulato fino ad oggi più di 540.000 installazioni.
Migliora la tua postura cyber per evitare di rimanere vittima
Se utilizzi una o più di queste estensioni compromesse, controlla innanzitutto che siano state aggiornate dopo il 31 dicembre. Altrimenti disinstallale immediatamente. Inoltre, reimposta le impostazioni del browser, elimina i cookie, modifica tutte le password, configura la 2FA e opta per le passkey quando possibile. Per aiutarti, considera l’utilizzo di un gestore di password sicuro.
In generale, limita il più possibile il numero di estensioni installate sul tuo browser e privilegia quelle di sviluppatori affidabili e reattivi. Controlla regolarmente le autorizzazioni concesse a ciascuno di essi: un controllo captcha non ha bisogno di accedere al tuo microfono, alla tua fotocamera o alla tua posizione GPS, ad esempio. Infine, monitora gli avvisi di sicurezza e valuta la possibilità di installare un antivirus affidabile per agire rapidamente in caso di un nuovo problema.
L'articolo Estensioni Chrome hackerate! 540.000 installazioni minacciano i tuoi dati proviene da il blog della sicurezza informatica.
2024: As The Hardware World Turns
With 2024 now officially in the history books, it’s time to take our traditional look back and reflect on some of the top trends and stories from the past twelve months as viewed from the unique perspective Hackaday affords us. Thanks to the constant stream of tips and updates we receive from the community, we’ve got a better than average view of what’s on the mind of hardware hackers, engineers, and hobbyists.
This symbiotic relationship is something we take great pride in, which is why we also use this time of year to remind the readers just how much we appreciate them. We know it sounds line a line, but we really couldn’t do it without you. So whether you’ve just started reading in 2024 or been with us for years, everyone here at Hackaday thanks you for being part of something special. We’re keenly aware of how fortunate we are to still be running a successful blog in the era of YouTube and TikTok, and that’s all because people like you keep coming back. If you keep reading it, we’ll keep writing it.
So let’s take a trip down memory lane and go over just a handful of the stories that kept us talking in 2024. Did we miss your favorite? Feel free to share with the class in the comments.
Boeing’s Bungles
We’ll start off with what was undoubtedly one of the biggest stories in the tech and engineering world, although you’ll find little mention of it on the pages of Hackaday up until now. We’re talking, of course, of the dramatic and repeated failures of the once unassailable Boeing.
Nor did we cover the repeated delays of Boeing’s Starliner capsule, a crewed spacecraft that the company was paid $4.2 billion to build under NASA’s Commercial Crew Program — nearly double the sum SpaceX received for the development of their Crew Dragon.
Things only got worse once the capsule finally left the launch pad in June. With human lives in the balance, it seemed in poor taste for us to cover Starliner’s disastrous first crewed flight to the International Space Station. The mission was so fraught with technical issues that NASA made the unprecedented decision to send the capsule back to Earth without its crew onboard. Those two astronauts, Barry E. Wilmore and Sunita Williams, still remain on the ISS; their planned eight-day jaunt to the Station has now been extended until March of 2025, at which point they’ll be riding home on SpaceX’s capsule.
We won’t speculate on what exactly is happening at Boeing, although we’ve heard some absolutely hair-raising stories from sources who wish to remain anonymous. Suffice to say, as disheartening as it might be for us on the outside to see such a storied company repeatedly fumble, it’s even worse for the those on the inside.
Desktop 3D Printing Reshuffling
While the tectonic shifts in the desktop 3D printer market didn’t start last year, 2024 really seemed to be the point where it boiled over. For years the market had been at a standstill, with consumers essentially having two paths forward depending on what they were willing to spend.
Had $200 or $300 to play with? You’d buy something like an Ender 3, a capable enough machine if you were willing to put in the time and effort. Or if you could stand to part with $800, you brought a Prusa i3, and didn’t worry about the little details like bed leveling or missed steps because it was automated enough to just work most of the time.
But while Bambu’s printers have dazzled consumers, they bring along some unfortunate baggage. Suddenly 3D printing involves cloud connectivity, proprietary components, and hardware that was designed for production rather than repairability. In short, desktop 3D printing seems on the verge of breaking into the legitimate mainstream, with all the downsides that comes with it these days.
It’s wasn’t all bad news though. When the community started experimenting with running alternate firmware on their hardware, Bambu’s response was better than we’d feared: users would be allowed to modify their firmware, but would have to waive their warranty. It’s not a perfect solution, but considering Prusa did more or less the same thing in 2019 when they released the Mini, the community had already shown they would accept the compromise.
Speaking of Prusa, feelings on how they’ve decided to respond to this newfound competition have been mixed, to put it mildly. In developing their new Core ONE printer it looks like they’ve engineered a worthy opponent for Bambu’s X1, but unfortunately, it appears the company has all but abandoned their open source hardware roots in the process.
RP2350 Has a Rocky Start
The release of the Pi Pico development board made our list of highlights for 2021, and in the intervening years, the RP2040 microcontroller at its heart has become a favorite of makers and hackers. We’ve even used it for the last two Supercon badges at this point. So the fact that its successor made this year’s list should come as no surprise.
Ultimately, the erratum for the RP2350 was amended to better describe the nature of the issue. But as for an actual hardware fix, well that’s a different story. The WiFi-enabled version of the Pico 2 was released just last month, and it’s still susceptible to the same bug. Given that the hardware workaround for the issue — adding external pull-downs — isn’t expensive or complicated to implement, and that most users probably wouldn’t run into the problem in the first place, it seems like there’s no rush to produce a new version of the silicon.
Voyager 1 Shows its Age
Admittedly, any piece of hardware that’s been flying through deep space for nearly 50 years is bound to run into some problems, especially one that was built with 1970s era technology. But even still, 2024 was a rough year for humanity’s most distant explorer, Voyager 1.
The far-flung probe was already in trouble when the year started, as it was still transmitting gibberish due to being hit with a flipped-bit error in December of 2023. Things looked pretty grim for awhile, but by mid-March engineers had started making progress on the issue, and normal communication was restored before the end of April.
In celebration Dan Maloney took a deep-dive into the computers of Voyager, a task made surprisingly difficult by the fact that some of the key documentation he was after apparently never got never digitized. Things were still going well by June, and in September ground controllers were able to pull off a tricky reconfiguration of the spacecraft’s thrusters.
But just a month later, Voyager suffered another major glitch. After receiving a command to turn on one of its heaters, Voyager went into a fault protection mode that hadn’t been triggered since 1981. In this mode only the spacecraft’s low power S-band radio was operational, and there was initially concern that NASA wouldn’t be able to detect the signal. Luckily they were able to pick out Voyager’s faint cries for help, and on November 26th, the space agency announced they had established communications with the probe and returned it to normal operations.
While Voyager 1 ended 2024 on a high note, there’s no beating the clock. Even if nothing else goes wrong with the aging hardware, the spacecraft’s plutonium power source is producing less and less energy each year. Various systems can be switched off to save power, something NASA elected to do with Voyager 2 back in October, but eventually even that won’t be enough and the storied spacecraft will go silent for good.
CH32 Gains Momentum
We first got word of the CH32 family of low-cost RISC-V microcontrollers back in early 2023, but they were hard to come by and the available documentation and software toolchains left something to be desired. A 10¢ MCU sounds great, but what good is it if you can’t buy the thing or program it?
In May bitluni had clustered 256 of them together, another hacker had gotten speech recognition running on it, and there was even a project that aimed to turn the SOIC-8 variant of the chip into the world’s cheapest RISC-V computer.
We even put our own official stamp of approval on the CH32 by giving each and every attendee of Supercon 2024 one to experiment with. Not only did attendees get a Simple-Add On (SAO) protoboard with an onboard CH32, but the badge itself doubled as a programmer for the chip, thanks in no small part to help from [CNLohr].
Evolution of the SAO
The response was phenomenal. Compared to the more complex interfaces used in previous Supercon badges, focusing on the SAO standard greatly reduced the barrier of entry for those who wanted to produce their own modular add-ons in time for the November event. Instead of only a handful of ambitious attendees having the time and experience necessary to produce a modular PCB compatible with the badge, a good chunk of the ticket holders were able bring along SAOs to show off and trade, adding a whole new dimension to the event.
While it’s unlikely we’ll ever make another Supercon badge that’s quite as SAO-centric as we did in 2024, we hope that the experience of designing, building, and sharing these small add-ons will inspire them to keep the momentum going in 2025 and beyond.
Share Your 2024 Memories
Even if this post was four times as long, there’s no way we’d be able to hit on everyone’s favorite story or event from 2024. What would you have included? Let us know in the comments, and don’t be afraid to speculate wildly about what might be in store for the hacking and making world in 2025.
DIYFPV: A New Home for Drone Builders
If you’re looking to get into flying first-person view (FPV) remote controlled aircraft, there’s an incredible amount of information available online. Seriously, it’s ridiculous. In fact, between the different forums and the countless YouTube videos out there, it can be difficult to sort through the noise and actually find the information you need.
What if there was one location where FPV folks could look up hardware, compare notes, and maybe even meet up for the occasional flight? That’s the idea behind the recently launched DIYFPV. In its current state the website is a cross between a social media platform, a hardware database, and a tech support forum.
But the part of DIYFPV that has us the most interested is the interactive builder tool. As explained in the announcement video below, once this feature goes live, it will allow users to pick parts from the database and virtually wire them together. Parts are represented by high-quality illustrations that accurately represent connectors and solder pads, so you won’t be left guessing where you’re supposed to connect what. Schematics can be shared with others to help with troubleshooting or if you want to get feedback.
The potential here is immense. Imagine a function to estimate the mass of the currently selected electronics, or a simulation of how much current it will draw during flight. It’s not clear how far DIYFPV plans on taking this feature, but we’re eager to find out.
youtube.com/embed/0iD4j3tdXxA?…
Worldcoin: Il Futuro dell’Economia è Scritto nell’Iride?
Quando guardiamo nell’abisso dell’Intelligenza Artificiale, cosa vediamo? E cosa vede l’IA quando guarda noi? Sam Altman, soprannominato il “padre dell’IA” e CEO di OpenAI, si è fatto portatore di una rivoluzione tecnologica epocale, paragonata a invenzioni come la ruota e l’elettricità. Ma chi è davvero quest’uomo che promette di plasmare il futuro dell’umanità?
Nato nel 1985, Altman ha incontrato il suo destino all’età di 8 anni, quando ricevette in dono un Macintosh LC II. Da allora, la sua vita è stata un’inarrestabile ascesa nel mondo digitale. Tra gli oggetti più cari ad Altman c’è la mezuzah, un simbolo di fede e tradizione, una pergamena contenente due passaggi della Torah, custodita in un astuccio, a testimonianza delle sue radici culturali e del suo legame con l’eredità ebraica.
Dopo aver fondato Loopt e guidato Y Combinator, Altman ha co-fondato OpenAI, un’organizzazione che si propone di creare un’intelligenza artificiale “a beneficio dell’umanità”. Una missione nobile, ma che solleva interrogativi sul potenziale uso di una tecnologia così potente. Chi controllerà questa tecnologia e come verrà utilizzata?
Come Worldcoin punta a cambiare l’economia globale
Come Worldcoin punta a cambiare l’economia globale? In che modo Sam Altman e Alex Blania, cofondatore di Tools for Humanity, immaginano di raggiungere l’obiettivo di un’economia più equa? Il 17 ottobre 2024 in diretta da San Francisco, Altman e Blania hanno tenuto un evento live intitolato “A New World” (tenete a mente questo titolo), durante il quale hanno illustrato gli ultimi sviluppi del progetto. Il progetto Worldcoin, sviluppato dall’azienda Tools for Humanity fondata da Altman e Blania, si basa su un sistema che combina innovazioni tecnologiche con modelli economici inclusivi.
Sfruttando la potenza delle criptovalute e dell’intelligenza artificiale, mira a creare nuove opportunità di distribuzione delle risorse, affrontando problemi come la disuguaglianza economica e la mancanza di accesso ai servizi finanziari per molte persone. Uno degli elementi distintivi di Worldcoin è il World ID, un sistema di identificazione biometrica univoco basato sulla scansione dell’iride. Questo sistema è progettato per distinguere gli esseri umani dai bot, un’operazione sempre più cruciale nell’era dell’intelligenza artificiale, garantendo un accesso equo ai benefici della piattaforma.
Criptovalute: un sistema decentralizzato
Le criptovalute, come il famoso Bitcoin, sono nate con la promessa di essere un sistema finanziario decentralizzato, libero dal controllo di banche e governi. Sfruttando la tecnologia peer-to-peer, i computer di tutto il mondo si connettono tra loro, creando una rete in cui ogni nodo funziona sia come client che come server. Nessuno controlla la rete; solo algoritmi complessi garantiscono l’emissione e la validità delle monete digitali. A differenza di Bitcoin che si basa su un algoritmo di consenso di tipo Proof of Work, Ethereum, la blockchain su cui si basa Worldcoin, utilizza il protocollo Proof of Stake. Worldcoin, con la sua promessa di un “sistema economico più giusto”, si inserisce in questo contesto. Utilizza la tecnologia blockchain di Ethereum, che la differenzia per una distribuzione più equa e il focus sull’identità digitale. Ma quali sono le sue caratteristiche principali? E in cosa si distingue dalle altre criptovalute?
Progetto Worldcoin: come funziona?
Il sogno di Altman e del suo team è sviluppare tecnologie, come l’IA, così potenti da trasformare non solo la società ma anche il sistema economico globale. Queste tecnologie mirano ad aiutare le persone a fare ciò che prima non era possibile o a farlo in modo radicalmente diverso. L’intelligenza artificiale, ad esempio, viene utilizzata per l’analisi delle immagini dell’iride da parte dell’Orb e potrebbe avere un ruolo futuro nella gestione della rete. Per realizzare questa visione, è stato necessario immaginare nuove infrastrutture: “luoghi” virtuali in cui esseri umani e agenti di intelligenza artificiale possano scambiarsi risorse. La missione di questa rete finanziaria è duplice: creare un’identità digitale globale e una rete economica inclusiva. Worldcoin si basa su un sistema globale di identità digitale supportato dal protocollo Layer 2 di Ethereum, Optimism, scelto per la sua capacità di migliorare la scalabilità e ridurre le commissioni di transazione.
World ID, WorldApp, Worldcoin
Per accedere al network World, gli utenti devono ottenere un’identità digitale univoca. Allo scopo di prevenire la falsificazione di profili, questa identità viene creata esclusivamente tramite un dispositivo biometrico dedicato. Lo strumento, sviluppato da Tools for Humanity, è denominato Orb ed è basato su tecnologia open source. Questo dispositivo, a forma di sfera, utilizza lenti specializzate per scansionare l’iride, generando un World ID unico per ogni utente. L’immagine dell’iride viene trasformata in un codice hash, una sorta di “impronta digitale” univoca che non può essere ricondotta all’immagine originale, garantendone così l’anonimato. Una volta completata la registrazione, tramite l’applicazione WorldApp – un portafoglio digitale che gestisce sia le credenziali di accesso che la criptovaluta – gli utenti possono ricevere e utilizzare la moneta digitale WLD (Worldcoin). Inizialmente, gli utenti ricevono dei token WLD gratuiti come incentivo per registrarsi, un aspetto importante del modello di distribuzione di Worldcoin.
È importante sottolineare che possedere un World ID non implica la condivisione di dati personali come nome, numero di telefono, indirizzo e-mail o domicilio. I dati raccolti dall’Orb vengono trasformati in un codice hash univoco, progettato per garantire l’anonimato e proteggere la privacy degli utenti. World ID, inoltre, potrebbe essere usato in futuro per accedere ad altri servizi online, oltre a Worldcoin, come i social network o le piattaforme di e-commerce.
I Paesi che hanno aderito a Worldcoin
I Paesi in cui è possibile registrarsi al progetto Worldcoin tramite scansione dell’iride effettuata con un Orb sono: Argentina, Austria, Brasile, Cile, Colombia, Corea del Sud, Germania, Giappone, Guatemala, Ecuador, Messico, Malesia, Panama, Perù, Polonia, Portogallo, Singapore. La lista è in continuo aggiornamento. Questi paesi hanno aderito al progetto perché vedono in Worldcoin un’opportunità per l’inclusione finanziaria o per l’innovazione tecnologica. Per il momento il progetto non è ancora stato introdotto in Italia.
Il caso Italia
Il GPDP analizzando il caso specifico ha avvertito che il progetto violerebbe il Regolamento Ue. Il provvedimento del Garante Per La Protezione Dei Dati Personali si è espresso in maniera chiara: “il trattamento dei dati biometrici basato sul consenso degli aderenti al progetto, rilasciato sulla base di una informativa insufficiente, non può essere considerato una base giuridica valida secondo i requisiti richiesti dal Regolamento europeo.” E Oltretutto, “la promessa di ricevere WLD token (moneta digitale) gratuiti da parte di Wordcoin incide negativamente sulla possibilità di esprimere un consenso libero e non condizionato al trattamento dei dati biometrici effettuato attraverso gli Orb. Infine, i rischi del trattamento risultano ulteriormente amplificati dall’assenza di filtri per impedire l’accesso agli Orb e alla World App ai minori di 18 anni.”
Worldcoin: Critiche e Controversie
Worldcoin, pur rappresentando una visione ambiziosa per il futuro dell’economia e dell’identità digitale, ha sollevato numerose critiche. Nel 2023, il progetto è stato sospeso in Kenya a causa di preoccupazioni relative alla privacy e alla raccolta dei dati biometrici. La Spagna è stata il primo paese europeo a bloccare l’iniziativa, evidenziando gli elevati rischi per la tutela dei dati personali. Anche l’ex analista della NSA Edward Snowden ha criticato apertamente il modello di privacy di Worldcoin. Ha sottolineato che, anche se le scansioni biometriche venissero cancellate per motivi di privacy – come dichiarato dall’azienda – l’identificatore univoco generato potrebbe essere utilizzato per collegare future analisi biometriche agli stessi individui.
Nel suo tweet del 24 ottobre 2021, Snowden ha affermato: “Non utilizzare la biometria per l’antifrode. In realtà, non usare la biometria per nulla.” Le preoccupazioni etiche e le questioni legate alla privacy rimangono centrali nel dibattito su Worldcoin. Il progetto sarà in grado di mantenere le sue promesse senza compromettere i diritti fondamentali degli individui? Curiosamente, l’evento del 17 ottobre 2024, intitolato “A New World”, ricorda il titolo del romanzo di fantascienza distopica, Il mondo nuovo (Brave New World) di Aldous Huxley. Opera nella quale Huxley immagina una società futura in cui il controllo sociale e la perdita di libertà individuali sono ottenuti attraverso la tecnologia e la standardizzazione. Coincidenze!
L'articolo Worldcoin: Il Futuro dell’Economia è Scritto nell’Iride? proviene da il blog della sicurezza informatica.
Light Brite Turned Sci-Fi Console on the Cheap
Generally, the projects featured on Hackaday actually do something. We won’t go as far as to say they are practical creations, but they usually have some kind of function other than to sit there and blink. But what if just sitting still and blinking away randomly is precisely what you want a piece of hardware to do?
That was exactly the goal when [createscifi] set out to dress a Lite Brite up as a futuristic prop. On a technical level, this project is pretty much as simple as it gets. But we appreciated seeing some of the techniques brought to bear on this project, and perhaps more importantly, really like the channel’s overall goal of creating affordable sci-fi props using common components. We don’t plan on filming our own space epic anytime soon…but we like to know the option is there.
The process starts off with creating some 2D imagery to represent various components on the final “control panel”, such as sliders, knobs, and a logo. These details, plus the big opening for the Lite Brite itself, are then cut out of thin wood using a diode laser.
After gluing the parts together, [createscifi] sprays the whole thing black and then rubs graphite powder into the surface to give it a unique metallic texture. Finally, small discs are glued onto the surface to represent knobs and buttons — a process known as “greebling” in the model and prop making world.
The very last step of the process is to glue the Lite Brite into the back of the console, and set it off randomly blinking. Personally, we’d have liked to have seen some attempt made to cover the Lite Brite. It seems like putting the thing behind a piece of scuffed up acrylic to act as a diffuser would have made for a more mysterious visual, but as [createscifi] points out, he considers the fact that its still recognizably a child’s toy to be something of a visual gag.
We love prop builds; from ray guns to historical recreations, they’re multi-disciplinary projects that really allow the creator to stretch their creativity without getting bogged down by the tyranny of practicality. It’s been a couple years since the last Sci-Fi Contest, perhaps it’s time for another?
youtube.com/embed/sSPEUNTuqXU?…
Broken USB Lamp Saved with a Bit of Woodworking
For many of us, when we think of creating a custom enclosure, our minds immediately go towards our 3D printer. A bit of time in your CAD program of choice, and in an hour (or several), you’ve got a bespoke plastic box. A hacker’s dream come true.
But extruded plastic is hardly perfect. For one thing, you might want a finished piece that looks a little more attractive on your desk. Which is why we appreciate this quick hack from [Tilma]. When faced with a broken LED light and minimal equipment, he decided to transplant the repaired electronics into a scratch-built wooden frame that not only looks better than the original, but is more functional.
The video starts with a teardown of the original light, which was a flexible affair meant to plug directly into a USB port. [Tilma] found that the reason it failed was because of a broken solder joint, presumably due to repetitive motion. Of course, to find this failure he needed to cut away the rubbery sleeve it was encased in, hence the need for a new home.
After tacking on some longer wires to the driver board, [Tilma] connected an external button that he thought would last longer then the stock membrane affair on the PCB. Once it was confirmed that the light worked with the modified electronics, the rest of the video covers how the wooden components were assembled using hand tools. Compared to the high-tech gadgetry we cover on a daily basis here, there’s something refreshing about seeing a person working with chisels, clamps, and rulers.
We think the final result looks quite nice for as simplistic as it is, and is unquestionably more practical than a weird little light bar that sticks out from your USB port. If you’d like to add a bit of woodworking to your bag of tricks, [Dan Maloney] covered some of the basics for us several years ago.
youtube.com/embed/ABwkEgxiedY?…
Is There Nothing DOOM Can’t Do?
We all know that “Can it run Doom?” is the first question of a hardware hacker. The 1993 first person shooter from id Software defined an entire genre of games, and has since being made open source, appeared on almost everything. Everything, that is, except a Captcha, those annoying “Are you a human” tests where we’re all expected to do a search giant’s image classification for them. So here’s [Guillermo Rauch] with a Doom captcha, in which you must gun down three bad guys to proceed.
As a way to prove you’re a human we can’t imagine a more fitting test than indiscriminate slaughter, and it’s interesting to read a little about what goes on behind the scenes. It’s a WebAssembly application as you might have guessed, and while it’s difficult to shake that idea from the early ’90s that you needed a powerful computer to run the game, in reality it shows just how powerful WebAssembly is, as well as how far we’ve come in three decades. We’d prefer a few different entry points instead of always playing the same level, and we were always more handy with the mouse than the keyboard back in the day, but it’s certainly a bit of fun.
More Doom? How about seeing it on hardware nobody would have believed in 1993?
Protect Your Site with a DOOM Captcha
We all know that “Can it run DOOM?” is the first question of a hardware hacker. The 1993 first person shooter from id Software defined an entire genre of games, and has since been made open source, appearing on almost everything. Everything, that is, except a Captcha, those annoying “Are you a human” tests where we’re all expected to do a search giant’s image classification for them. So here’s [Guillermo Rauch] with a DOOM captcha, in which you must gun down three bad guys to proceed.
As a way to prove you’re a human we can’t imagine a more fitting test than indiscriminate slaughter, and it’s interesting to read a little about what goes on behind the scenes. It’s a WebAssembly application as you might have guessed, and while it’s difficult to shake that idea from the early ’90s that you needed a powerful computer to run the game, in reality it shows just how powerful WebAssembly is, as well as how far we’ve come in three decades.
We’d prefer a few different entry points instead of always playing the same level, and we were always more handy with the mouse than the keyboard back in the day, but it’s certainly a bit of fun. It’s worth noting that simply playing the game isn’t enough to verify your humanity — if you’re killed in the game before vanquishing the required three foes, you’ll have to start over. As the game is running at “Nightmare” difficulty, proving your worth might be a tad harder than you’d expect…
Need more DOOM? How about seeing it on hardware nobody would have believed in 1993?
38C3: Taking Down the Power Grid Over Radio
You know how you can fall down a rabbit hole when you start on a project? [Fabian Bräunlein] and [Luca Melette] were looking at a box on a broken streetlamp in Berlin. The box looked like a relay, and it contained a radio. It was a Funkrundsteueremfänger – a radio controlled power controller – made by a company called EFR. It turns out that these boxes are on many streetlamps in many cities, and like you do, they thought about how cool it would be to make lights blink, but on a city-wide basis. Haha, right? So they bought a bunch of these EFR devices on the used market and started hacking.
They did a lot of background digging, and found out that they could talk to the devices, both over their local built-in IR port, but also over radio. Ironically, one of the best sources of help they found in reversing the protocol was in the form of actually pressing F1 in the manufacturer’s configuration application – a program’s help page actually helped someone! They discovered that once they knew some particulars about how a node was addressed, they could turn on and off a device like a street lamp, which they demo with a toy on stage. So far, so cute.
But it turns out that these boxes are present on all sorts of power consumers and producers around central Europe, used to control and counteract regional imbalances to keep the electrical grid stable. Which is to say that with the same setup as they had, maybe multiplied to a network of a thousand transmitters, you could turn off enough power generation, and turn on enough load, to bring the entire power grid down to its knees. Needless to say, this is when they contacted both the manufacturer and the government.
The good news is that there’s a plan to transition to a better system that uses authenticated transmissions, and that plan has been underway since 2017. The bad news is that progress has been very slow, and in some cases stalled out completely. The pair view their work here as providing regulators with some extra incentive to help get this important infrastructure modernization back on the front burner. For instance, it turns out that large power plants shouldn’t be using these devices for control at all, and they estimate that fixing this oversight could take care of most of the threat with the least effort.
National power grids are complicated machines, to say the least, and the impact of a failure can be very serious. Just take a look at what happened in 2023 in the US northeast, for instance. And in the case of real grid failure, getting everything back online isn’t as simple a just turning the switches back on again. As [Fabian] and [Luca] point out here, it’s important to discover and disclose when legacy systems put the grid in potential danger.
FLOSS Weekly Episode 814: The Banksy Situation
This week, Jonathan Bennett and Rob Campbell talk with Alistair Woodman about FRRouting, the Internet routing suite that helps make all this possible. But also business, and how an open source project turns the corner into a successful way to support programmers.
FRR github.com/FRRouting/frr
frrouting.org/
Erlang Ecosystem Foundation
erlef.org/
youtube.com/embed/x5ufOHxIwCk?…
Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
hackaday.com/2025/01/01/floss-…
2024 Brought Even More Customization to Boxes.py
If you have access to a laser cutter, we sincerely hope you’re aware of boxes.py. As the name implies, it started life as a Python tool for generating parametric boxes that could be assembled from laser-cut material, but has since become an invaluable online resource for all sorts of laser projects. Plus, you can still use it for making boxes.
But even if you’ve been using boxes.py for awhile, you might not know it was actually an entry in the Hackaday Prize back in 2017. Creator [Florian Festi] has kept up with the project’s Hackaday.io page all this time, using it as a sort of development blog, and his recent retrospective on 2024 is a fascinating read for anyone with an eye towards hot photonic action.
At the end, [Florian] has some interesting thoughts on how the community as a whole has developed over the years. He notes that in the early days, any code or designs proposed by users for inclusion in the project usually needed work before they were ready for prime time. But now that everything is more established, the pull requests he’s getting are so well done that they rival any of the original work he put in.
We’re glad to hear that the community is coming together to make this already fantastic project even better. It sounds like [Florian] is even getting some help to track down and eliminate the remaining Python 2.x code that’s still lingering around.
Here’s to many more excellent years for Boxes.py!
LED Wall Clock Gets Raspberry Pi Pico Upgrade
When [Rodrigo Feliciano] realized that the reason his seven-segment LED wall clock wasn’t working was because the original TG1508D5V5 controller was fried, he had a decision to make. He could either chuck the whole thing, or put in the effort to reverse engineer how the displays were driven and replace the dead controller with something a bit more modern. Since you’re reading this post on Hackaday, we bet you can guess which route he decided to take.
If you happen to own the same model of clock as [Rodrigo], then you really lucked out. He’s done a fantastic job documenting how he swapped the original controller out for a Raspberry Pi Pico W, which not only let him bring the clock back to life, but let him add new capabilities such as automatic time setting via Network Time Protocol (NTP).
Pretty soon he not only had a 3D model of the clock’s PCB, but a schematic he could use to help wire in the Pi Pico. Admittedly this is a pretty straightforward PCB to try and reverse engineer, but hey, you have to start somewhere.
We had high hopes for KiCad’s image import feature when it was introduced, and it’s great to see real-world examples like this trickle in as more folks learn about it.
youtube.com/embed/z3l11CKApYk?…
Creating Temporal Light Reflections With Metamaterials
Owing to the wave nature of light there are many ways that such different waves can interact with each other, but also with materials. Everyone knows about reflecting light with a mirror, which is a property of materials like metals, but specific structures can cause the light to behave in a way that creates rather amazing results.
Examples of this are cases of iridescence in nature (like butterfly wings) and eye color, where the perceived colors are the result of environmental light interacting with these structures rather than pigmentation or dyes. An even more interesting interaction has now been demonstrated by reflecting multiple microwave radiation beams off each other, creating a time reflection.
The study by [Emanuele Galiffi] et al. (shared copy) was published in Nature Physics. By creating a metamaterial that allows for temporal coherent wave control (CWC) the electromagnetic radiation was controlled to where it allowed for this kind of unusual interaction. The key here being that there is no major constructive or destructive interaction between the two waves as with spatial CWC, rather the wave reflect off each other, or more specifically the time interface.
Although the popular reporting talks about ‘turning back time’ and ‘watching the back of your own head in a mirror’, the impact is far less dramatic: in the article conclusion the researchers mention unveiling new light-matter interactions in the microwave- and other parts of the spectrum, as well as new ways to control and shape light.
Top image: Temporal coherent wave control and photonic collisions enabled by time-interfaces. (Credit: Emanuele Galiffi et al., Nature Physics, 2023)
Falso allarme su 7-Zip: la bufala di un exploit smentito dallo sviluppatore
Lunedì un utente del social network con lo pseudonimo sospetto @NSA_Employee39 ha annunciato la presenza di una vulnerabilità 0day nel popolare archiviatore gratuito 7-Zip. Sulla sua pagina X verificata, ha promesso di pubblicare la vulnerabilità per ringraziare i suoi poco più di 1.400 follower.
Come primo “regalo”, l’utente ha pubblicato su Pastebin un codice che presumibilmente dimostra la capacità di eseguire codice arbitrario (ACE) attraverso un archivio .7z appositamente preparato con un flusso LZMA corrotto.
Questo codice, dice, provoca un overflow del buffer nella funzione RC_NORM.
Tuttavia, nessuno degli esperti di sicurezza è riuscito a confermare la funzionalità del codice. Uno degli esperti ha osservato: “Forse semplicemente non so come, ma questo non sembra un vero exploit“.
Lo sviluppatore di 7-Zip Igor Pavlov ha smentito ufficialmente sul forum del programma: “Questo rapporto su Twitter è falso. Questa vulnerabilità non esiste in 7-Zip o LZMA.”
L’account @NSA_Employee39 non ha ancora commentato l’incidente.
Il motivo per cui l’utente ha deciso di rilasciare informazioni false rimane un mistero. Tuttavia, le vacanze possono rappresentare un periodo difficile per molti ed è importante ricordare che di essere solidali è disponibili.
L'articolo Falso allarme su 7-Zip: la bufala di un exploit smentito dallo sviluppatore proviene da il blog della sicurezza informatica.
Turning a Lada Into An EV With 50 Cordless Drills, Because Why Not?
[Garage 54] is no stranger to vehicle-related projects of the “because why not?” variety, and their latest is using 50 cordless drills combined into a monstrous mega-motor to turn a gutted (and extended) Lada into an electric vehicle (EV).
Doing this leans on some of [Garage 54]’s earlier projects, such as replacing the aforementioned Lada’s engine block with a frame containing sixteen chainsaws. That means they don’t need to start completely from scratch, and have a frame design that can drop into the vehicle once the “engine” is constructed.
Here’s what’s in the new engine: each of the drills has its chuck replaced with an aluminum pulley, and belts connect each group of drills to an output shaft. Ideally, every drill motor would run at the same time and at exactly the same speed, but one works with what they have. [Garage 54] originally worked to synchronize the drills by interfacing to each drill’s motor control board, but eventually opted to simply bypass all controls and power each drill’s motor directly from the batteries. Initial tests are done by touching bare cable ends with a turned-away face and squinted eyes, but we expect “Just A Big Switch” to end up in the final assembly.
It looks wild and we can think of more than a few inefficiencies present in a system like this, but the output shaft does turn and torque is being transferred, so the next step is interfacing to the car’s factory gearbox.
If it powers the car in any meaningful way, that Lada might very well become the world’s most gloriously hacked-together EV. And hey, if the power output of the EV motor is disappointing, you can just make your own.
youtube.com/embed/sqRfd2BSJjo?…
[via Motor1]
Repairing a BPS-305 30V Bench Power Supply
When [Tahmid Mahbub] recently reached for his ‘Lavolta’ BPS-305 bench supply, he was dismayed to find that despite it being a 30V, 5A-rated unit, the supply refused to output more than 15V. To be fair, he wasn’t sure that he had ever tried to push it beyond 15V in the years that he had owned it, but it had better live up to its specs. Ergo out came the screwdriver to open the power supply to see what had broken, and hopefully to fix it.
After some more probing around, he discovered that the unit had many more issues, including a highly unstable output voltage and output current measurement was completely wrong. Fortunately this bench power supply turns out to be very much like any number of similar 30V, 5A units, with repair videos and schematics available.
While [Tahmid] doesn’t detail his troubleshooting process, he does mention the culprits: two broken potentiometers (VR104 and VR102). VR104 is a 5 kOhm pot in the output voltage feedback circuit and VR102 (500 Ohm) sets the maximum output current. With no 500 Ohm pot at hand, a 5 kOhm one was combined with a 470 Ohm resistor to still allow for trimming. Also adjusted were the voltage and current trimpots for the front display as they were quite a bit off. Following some testing on the reassembled unit, this power supply is now back in service, for the cost of two potentiometers and a bit of time.
Quantum Mechanics and Negative Time With Photon-Atom Interactions
Within our comfortable world of causality we expect that reactions always follow an action and not vice versa. This why the recent chatter in the media about researchers having discovered ‘negative time’ with photons being emitted before the sample being hit by source photons created such a stir. Did these researchers truly just crack our fundamental concepts of (quantum) physics wide open? As it turns out, not really.
Much of the confusion stems from the fact that photons aren’t little marbles that bounce around the place, but are an expression of (electromagnetic) energy. This means that their resulting interaction with matter (i.e. groupings of atoms) is significantly more complicated, often resulting in the photonic energy getting absorbed by an atom, boosting the energy state of its electron(s) before possibly being re-emitted as the excited electrons decay into a lower orbit.
This dwell time before re-emission is what is confusing to many, as in our classical understanding we’d expect this to be a very deterministic process, while in a quantum world it most decidedly is not.
This is highlighted in the Scientific American article on the subject as well, specifically quantum probability. Within this system, it’s possible that there can be re-emissions before the atomic excitation has fully ceased. It was this original 2022 finding that was recently retested, with the findings confirmed.
As confusing as this all may sound, the authors of the recent paper stress that the core of the issue here is the so-called ‘group delay’ of the original pulse as it excites the cloud of rubidium atoms. If one were to think of this pulse as discrete quanta of photon particles, it’d seem to break causality, but as a wave function within quantum physics this is perfectly acceptable. Observations such as the rubidium atoms becoming excited despite photons passing through the cloud, and emitting a photon before the electrons returned to their ground state do not seem to make sense, but here we also have to consider how and what we are measuring.
The short version is that causality remains unbroken, and the world of quantum physics is intuitive in its own, strange ways. Research like this also gives us a much better fundamental understanding of photonics and related fields, none of which involve time travel.
Experimental setup and measured optical depth. (Credit: Josiah Sinclair et al., PRX Quantum, 2022)
A Foil Tweeter, Sound From Kitchen Consumables
The world of audio has produced a variety of different loudspeaker designs over the last century, though it’s fair to say that the trusty moving coil reigns supreme. That hasn’t stopped plenty of engineers from trying new ways to make sound though, and [R.U.H] is here with a home-made version of one of them. It’s a foil tweeter, a design in which a corrugated strip of foil is held in a magnetic field, and vibrates when an audio frequency current is passed through it.
He shows a couple of takes on the design, both with neodymium magnets but with different foils and 3D printed or wooden surrounds. They both make a noise when plugged into an amplifier, and unsurprisingly the thicker foil has less of the high notes.
We can see that in there is the possibility for a high quality tweeter, but we can’t help having one concern. This device has an extremely low impedance compared to the amplifier, and thus would probably be drawing far too much current. We’d expect it to be driven through a transformer instead, if he had any care for not killing the amplifier.
Happily there are other uses for a ribbon, they are far better known as microphones.
youtube.com/embed/Oa6pvTUlFYY?…
WinGet: Conosci il Super Strumento di Windows 11 per Gestire le Tue App!
Windows 11 fornisce agli utenti uno strumento in grado di semplificare notevolmente la gestione delle applicazioni. Stiamo parlando del Gestore pacchetti di Windows, noto come WinGet.
Questo gestore di pacchetti ti consente di cercare, installare, disinstallare e aggiornare le applicazioni tramite la riga di comando, rendendo le operazioni familiari più comode e veloci.
WinGet è una soluzione per coloro che sono stanchi di scaricare file di installazione da Internet, di sottoporsi a lunghe procedure guidate di installazione o di imbattersi in software aggiuntivo indesiderato.
Ora, per installare o aggiornare, basta inserire un semplice comando. WinGet funziona con repository di pacchetti affidabili, riducendo al minimo il rischio di scaricare software dannoso o non necessario. Inoltre l’installazione avviene automaticamente, senza finestre o conferme inutili.
Lo strumento ti aiuta anche a gestire in modo efficace le tue applicazioni già installate. Ad esempio, puoi trovare un elenco di tutti i programmi sul tuo computer, vedere le loro versioni e aggiornarli con un comando.
Ciò è particolarmente utile se è necessario aggiornare più programmi contemporaneamente, senza aprirli separatamente. Con WinGet, un utente può aggiornare in blocco tutte le proprie applicazioni alle versioni più recenti, evitando la necessità di interagire manualmente con ciascuna di esse.
A differenza dei file di installazione tradizionali, che spesso sono accompagnati da software indesiderato, WinGet scarica solo i file dell’applicazione necessari. Ciò aumenta il livello di sicurezza e riduce al minimo il rischio di installare qualcosa di non necessario. Per gli utenti di Windows 11, WinGet è già preinstallato. I possessori di Windows 10 possono scaricarlo gratuitamente dal Microsoft Store.
Sebbene l’utilizzo della riga di comando possa intimidire alcuni utenti, WinGet offre un semplice set di comandi che chiunque può padroneggiare. Ad esempio, il comando di ricerca di Winget ti consente di cercare programmi per nome o categoria e l’elenco di Winget mostra un elenco di tutte le applicazioni installate e le loro versioni. Per aggiornare i programmi è sufficiente utilizzare il comando winget upgrade –all .
Gli utenti che desiderano personalizzare la fonte per scaricare i programmi possono farlo anche utilizzando WinGet aggiungendo o modificando i repository. Tuttavia, ciò richiede cautela: il download da fonti non verificate potrebbe compromettere la sicurezza del sistema.
WinGet apre nuove possibilità per la gestione delle applicazioni in Windows. Automatizza i processi, fa risparmiare tempo e garantisce un’elevata sicurezza, rendendo la gestione del software il più semplice e conveniente possibile. Per coloro che desiderano utilizzare Windows al meglio, questo strumento diventerà un assistente indispensabile.
L'articolo WinGet: Conosci il Super Strumento di Windows 11 per Gestire le Tue App! proviene da il blog della sicurezza informatica.
Doomscroll Precisely, and Wirelessly
Around here, we love it when someone identifies a need and creates their own solution. In this case, [Engineer Bo] was tired of endless and imprecise scrolling with a mouse wheel. No off-the-shelf solutions were found, and other DIY projects either just used hacked mice scroll wheels, customer electronics with low-res hardware encoders, or featured high-res encoders that were down-sampled to low-resolution. A custom build was clearly required.
We loved seeing hacks along the whole process by [Engineer Bo], working with components on hand, pairing sensors to microcontrollers to HID settings, 3D printing forms to test ergonomics, and finishing the prototype device. When 3D printing, [Engineer Bo] inserted a pause after support material to allow drawing a layer of permanent marker ink that acts as a release agent that can later be cleaned with rubbing alcohol.
We also liked the detail of a single hole inside used to install each of the three screws that secure the knob to the base. While a chisel and UV-curing resin cleaned up some larger issues with the print, more finishing was required. For a project within a project, [Engineer Bo] then threw together a mini lathe with 3D printed and RC parts to make sanding easy.
Scroll down with your clunky device to see the video that illustrates the precision with a graphic of a 0.09° rotation and is filled with hacky nuggets. See how the electronics were selected and the circuit designed and programmed, the use of PCBWay’s CNC machining in addition to board assembly services, and how to deal with bearings that spin too freely. [Engineer Bo] teases that a future version might use a larger bearing for less wobble and an anti-slip coating on the base. Will the board files and 3D models be released, too? Will these be sold as finished products or kits? Will those unused LED drivers be utilized in an upcoming version? We can’t wait to see what’s next for this project.
youtube.com/embed/FSy9G6bNuKA?…
Thanks for the tip [UnderSampled]!