It takes quite a bit of effort to get a 0 out of 10 repairability score from iFixit, but in-ears like Apple’s AirPods are well on course for a clean streak there, with the AirPod Pro 3 making an abysmal showing in their vitriolic teardown video alongside their summary article. The conclusion is that while they are really well-engineered devices with a good feature set, the moment the battery wears out it is effectively e-waste. The inability to open them without causing at least some level of cosmetic damage is bad, and that’s before trying to glue the device back together. Never mind effecting any repairs beyond this.
Worse is that this glued-together nightmare continues with the charging case. Although you’d expect to be able to disassemble this case for a battery swap, it too is glued shut to the point where a non-destructive entry is basically impossible. As iFixit rightfully points out, there are plenty of examples of how to do it better, like the Fairbuds in-ears. We have seen other in-ears in the past that can have some maintenance performed without having to resort to violence, which makes Apple’s decisions here seem to be on purpose.
Although in the comments to the video there seem to be plenty of happy AirPod users for whom the expected 2-3 year lifespan is no objection, it’s clear that the AirPods are still getting zero love from the iFixit folk.
Seacom, operatore africano di infrastrutture sottomarine, ha annunciato il lancio di Seacom 2.0, un sistema di cavi internazionali progettato per collegare Europa, Medio Oriente, Africa e Asia.
Il progetto prevede un tracciato lungo 25.000 chilometri (15.534 miglia), dotato di 48 coppie di fibre ottiche, con 20 punti di atterraggio distribuiti in 15 paesi.
Secondo la società, il nuovo cavo risponde alla domanda crescente di servizi per l’intelligenza artificiale, il cloud e il trasferimento di dati in tempo reale. Seacom dichiara che la rete potrebbe ridurre i costi di connettività fino al 300%, favorendo lo sviluppo di servizi cloud, fintech e dell’ecosistema tecnologico regionale. Il percorso pianificato ha inizio a Marsiglia (Francia); attraversa il Mar Mediterraneo e il Mar Rosso prima di diramarsi in due rami: il primo prosegue verso est fino a Singapore, attraversando India e Pakistan; il secondo serve le coste del Nordafrica, dell’Africa occidentale e dell’Africa meridionale.
Nel comunicato ufficiale il CEO Alpheus Mangale ha definito Seacom 2.0 come “più di un semplice cavo“, sottolineando che l’iniziativa intende consolidare la sovranità digitale della regione e promuovere accesso aperto e integrazione regionale. L’azienda indica come obiettivo la creazione di una rete resiliente, sostenibile e inclusiva.
Dal punto di vista tecnico, Seacom 2.0 è concepito come una infrastruttura ad alta capacità e bassa latenza ottimizzata per i carichi di lavoro dell’intelligenza artificiale. È prevista la trasformazione delle stazioni di atterraggio in veri e propri “nodi di comunicazione dell’intelligenza artificiale”, volti a collegare l’infrastruttura AI sovrana africana ai data center globali.
Il progetto include obiettivi strategici economici e operativi: stimolare la crescita del PIL – sulla scia dell’impatto positivo già osservato da precedenti cavi sottomarini, che hanno contribuito a incrementare il PIL pro capite africano di oltre il 6% – supportare infrastrutture intelligenti (porti abilitati all’IoT, pianificazione urbana basata su AI, edge computing) e potenziare le piccole e medie imprese con connettività di livello aziendale per l’accesso al cloud e ai mercati digitali.
Seacom 2.0 si poggia sulla rete esistente dell’operatore, avviata nel 2009 in collaborazione con Tata Communications. Seacom gestisce stazioni di atterraggio lungo la costa orientale dell’Africa e detiene capacità su principali sistemi internazionali come WACS, TEAMS, EASSy, Main One, Equiano e Peace. Tra gli investitori figurano Industrial Promotion Services (Aga Khan Fund for Economic Development), Remgro, Solcon Capital e Sanlam.
L’annuncio richiama inoltre proiezioni macro: Seacom posiziona Seacom 2.0 in previsione di 10 miliardi di agenti di intelligenza artificiale entro il 2030 e della crescita demografica prevista per il bacino dell’Oceano Indiano, che secondo le stime ospiterà metà della popolazione mondiale entro il 2050.
Some things are more fun when there are more folks involved, and enjoying time in the pool is one of those activities. Knowing this, [Bert Wagner] started thinking of ways to best coordinate pool activities with his kids and their neighborhood friends. Out of this came the Splashflag, an IoT device built from the ground up that provides fun pool parties and a great learning experience along the way.
The USB-powered Splashflag is housed in a 3D-printed case, with a simple 2×16 LCD mounted on the front to display the notification. There’s also a small servo mounted to the rear that raises a 3D-printed flag when the notification comes in—drawing your attention to it a bit more than just text alone would. Hidden on the back is also a reset button: a long press factory-resets the device to connect to a different Wi-Fi network, and a quick press clears the notification to return the device to its resting state.
Inside is an ESP32-S3 that drives the servo and display and connects to the Wi-Fi. The ESP32 is set up with a captive portal, easing the device’s connection to a wireless network. The ESP32, once connected, joins an MQTT broker hosted by [Bert Wagner], allowing easy sending of notifications via the web app he made to quickly and easily send out invitations.
Thanks, [Bert Wagner], for sharing the process of building this fun, unique IoT device—be sure to read all the details on his website or check out the code and design files available over on his GitHub. Check out some of our other IoT projects if this project has you interested in making your own.
What the Flock? It’s probably just some quirk of The Almighty Algorithm, but ever since we featured a story on Flock’s crime-fighting drones last week, we’ve been flooded with other stories about the company, some of which aren’t very flattering. The first thing that we were pushed was this handy interactive map of the company’s network of automatic license plate readers. We had no idea how extensive the network was, and while our location is relatively free from these devices, at least ones operated on behalf of state, county, or local law enforcement, we did learn to our dismay that our local Lowe’s saw fit to install three of these cameras on the entrances to their parking lot. Not wishing to have our coming and goings documented, we’ll be taking our home improvement dollars elsewhere for now.
But it’s a new feature being rolled out by Flock that really got our attention: the addition of “human distress” detection to their Raven acoustic gunshot detection system. From what we understand, gunshot detection systems use the sudden acoustic impulse generated by the supersonic passage of a bullet, the shock wave from the rapidly expanding powder charge of a fired round, or both to detect a gunshot, and then use the time-of-arrival difference between multiple sensors to estimate the shot’s point of origin. Those impulses carry a fair amount of information, but little of it is personally identifiable, at least directly. On the other hand, human voices carry a lot of personal information, and detecting the sounds of distress, such as screaming, would require very different monitoring techniques. We’d imagine it would be akin to what digital assistants use to monitor for wake words, which would mean turning the world — or at least pockets of it — into a gigantic Alex. We don’t much like the idea of having our every public utterance recorded and analyzed, even with the inevitable assurances from the company that the “non-distress” parts of the audio stream will never be listened to. Yeah, right.
Botnets are bad enough when it’s just routers or smart TVs that are exploited to mine crypto or spam comments on social media. But what if a botnet were made of, you know, actual robots? That might be something to watch out for with the announcement of a vulnerability in certain Unitree robots, including several of their humanoid robots. The vulnerability, still unpatched at the time of the Spectrum story, lies in the Bluetooth system used to set up the robots’ WiFi configuration. It sounds like an attacker can easily craft a BLE packet to become an authenticated user, after which the WiFi SSID and password fields can be used to inject arbitrary code. The fun doesn’t end there, though, since a compromised robot could then go on to infect any other nearby Unitree bots via BLE. And since Unitree seems to be staking out a market position as the leader in affordable humanoid robots, who’s to say what could happen? If you want a zombie robot apocalypse, this seems like a great way to get it.
Also from the “Bad Optics for Robots” files comes this story about a Waymo car that went just a little off course. Or rather, on course — a golf course, to be precise. Viral video shows a Waymo self-driving Jaguar creeping slowly across a golf course fairway as bemused golfers look on. But you can relax, because the robotaxi company says that this isn’t a case of their AI driving system going awry, but rather a human-driven robotaxi preparing for an event at the golf course. The company seems to think this absolves them, and perhaps it does officially and legally. But a very distinctive car that’s well-known for getting into self-driving mischief, appearing in a place one doesn’t typically associate with vehicles larger than golf carts, seems like a bad look for the company.
And finally, back in December of 2023, we dropped a link to My Mechanics’ restoration of a 1973 Datsun 240Z. He’s been making slow but steady progress on the car since then, with the most recent video covering his painstaking restoration of the rear axle and suspension. Where most car rebuild projects use as many replacement parts as possible, My Mechanics prefers to restore the original parts wherever possible. So, where a normal person might look at the chipped cooling fins on the original Z-car’s brake drums and order new ones, My Mechanics instead pulls out the TIG welder and lays up some beads to patch the broken fins. He used a similar technique to restore the severely chowdered compression fittings on the brake lines, something we’ve never seen down before. Over the top? You bet it is, but it still makes for great watching. Enjoy!
There are all kinds of air quality sensors on the market that rely on all kinds of electro-physical effects to detect gases or contaminants and report them back as a value. [lucascreator] has instead been investigating a method of determining air quality that is closer to divination than measurement—using computer vision and a trained AI model.
The system relies on an Unihiker K10—a microcontroller module based around the ESP32-S3 at heart. The chip is running a lightweight convolutional neural network (CNN) trained on 12,000 images of the sky. These images were sourced from a public dataset; they were taken in India and Nepal, and tagged with the relevant Air Quality Index at the time of capture. [lucascreator] used this data to train their model to look at an image taken with a camera attached to the ESP32 and estimate the air quality index based on what it has seen in that existing dataset.
It might sound like a spurious concept, but it does have some value. [lucascreator] cites studies where video data was used for low-cost air quality estimation—not as a replacement for proper measurement, but as an additional data point that could be sourced from existing surveillance infrastructure. Performance of such models has, in some cases, been remarkably accurate.
[lucascreator] is pragmatic about the limitations of their implementation of this concept, noting that their very compact model didn’t always perform the best in terms of determining actual air quality. The concept may have some value, but implementing it on an ESP32 isn’t so easy if you’re looking for supreme accuracy. We’ve featured some other great air quality projects before, though, if you’re looking for other ways to capture this information. Video after the break.
The idea of using the Apple II home computer for digital photography purposes may seem somewhat daft considering that this is not a purpose that they were ever designed for, yet this is the goal that [Colin Leroy-Mira] had, requiring some image decoder optimizations. That said, it’s less crazy than one might assume at first glance, considering that the Apple II was manufactured until 1993, while the Apple QuickTake digital cameras that [Colin] wanted to use for his nefarious purposes saw their first release in 1994.
These QuickTake cameras feature an astounding image resolution of up to 640×480, using 24-bit color. Using the official QuickTake software for Apple Macintosh System 7 through 9 the photographs in proprietary QTK format could be fetched for display and processing. Doing the same on an Apple II would obviously require a bit more work, not to mention adapting of the image to the limitations of the 8-bit Apple II compared to the Motorola 68K and PowerPC-based Macs that the QuickTake was designed to be used with.
Targeting the typical ~1 MHz 6502 CPU in an Apple II, the dcraw QTK decoder formed the basis for an initial decoder. Many memory and buffer optimizations later, an early conversion to monochrome and various other tweaks later – including a conversion to 6502 ASM for speed reasons – the decoder as it stands today manages to decode and render a QTK image in about a minute, compared to well over an hour previously.
Considering how anemic the Apple II is compared to even a budget Macintosh Classic II system, it’s amazing that displaying bitmap images works at all, though [Colin] reckons that more optimizations are possible.
Se sfruttate con successo, queste falle avrebbero potuto indurre l’intelligenza artificiale a rubare dati e ad altre attività dannose.
Gli esperti di Tenable affermano che le vulnerabilità hanno interessato tre diversi componenti di Gemini:
Iniezioni di prompt in Gemini Cloud Assist. Il bug ha permesso agli aggressori di compromettere servizi e risorse cloud sfruttando la capacità dello strumento di riepilogare i log estratti direttamente dai log grezzi. Ciò ha consentito loro di nascondere un prompt nell’intestazione User-Agent nelle richieste HTTP a Cloud Functions e ad altri servizi, tra cui Cloud Run, App Engine, Compute Engine, Cloud Endpoints, Cloud Asset API, Cloud Monitoring API e Recommender API.
Iniezioni di ricerca nel modello di personalizzazione della ricerca Gemini. Il problema consentiva l’iniezione di prompt e il controllo del comportamento dell’IA per rubare le informazioni memorizzate e i dati sulla posizione di un utente. L’attacco funzionava come segue: l’aggressore manipolava la cronologia delle ricerche di Chrome della vittima utilizzando JavaScript, rendendo il modello incapace di distinguere le query legittime dell’utente dai prompt iniettati esternamente.
Iniezioni indirette di prompt nello strumento di navigazione Gemini. Questa vulnerabilità potrebbe essere utilizzata per estrarre informazioni utente e dati sulla posizione memorizzati su un server esterno. Lo sfruttamento funzionava tramite una chiamata interna effettuata da Gemini per riassumere il contenuto di una pagina web. Ciò significava che l’aggressore avrebbe inserito un prompt dannoso sul proprio sito web e, quando Gemini ne avesse riassunto il contenuto, avrebbe eseguito le istruzioni nascoste dell’aggressore. I ricercatori hanno osservato che queste vulnerabilità hanno consentito di incorporare dati privati degli utenti nelle richieste dell’aggressore, senza che Gemini avesse bisogno di visualizzare link o immagini.
“Uno degli scenari di attacco più pericolosi si presenta così: un aggressore inserisce un prompt che ordina a Gemini di interrogare tutte le risorse accessibili al pubblico o di trovare errori di configurazione IAM, per poi generare un collegamento ipertestuale con questi dati sensibili”, spiegano gli esperti, citando come esempio un bug di Cloud Assist. “Questo è possibile perché Gemini ha le autorizzazioni per interrogare le risorse tramite la Cloud Asset API.”
Nel secondo caso, gli aggressori dovevano attirare la vittima su un sito web predisposto per iniettare query di ricerca dannose con prompt Gemini nella cronologia del browser dell’utente, infettandola. Quindi, quando la vittima accedeva a Gemini Search Personalization, le istruzioni degli aggressori venivano eseguite, rubando dati riservati.
Dopo aver ricevuto informazioni sulle vulnerabilità, gli specialisti di Google hanno disabilitato il rendering dei collegamenti ipertestuali nelle risposte durante il riepilogo dei log e hanno inoltre implementato ulteriori misure di protezione contro le iniezioni rapide.
“Le di Gemini Trifecta dimostrano che l’intelligenza artificiale può diventare non solo un bersaglio, ma anche uno strumento di attacco. Quando si implementa l’intelligenza artificiale, le organizzazioni non possono trascurare la sicurezza“, sottolineano i ricercatori.
Aiming for small scale, [James] began with 6 mm blue phosphor glass tube, which was formed to reference Pink Pony Club, one of Chappell Roan’s more popular songs. The glass was then filled with pure neon up to a relatively low pressure of just 8 torr. This was an intentional choice to create a more conductive lamp that would be easier to run off a battery supply. The use of pure neon also made the tubes easy to repair in the event they had a leak and needed a refill. A Midget Script gas tube power supply is used to drive the tiny tubes from DC power. In testing, the tubes draw just 0.78 amps at 11.8 volts. It’s not a light current draw, but for neon, it’s pretty good—and you could easily carry a battery pack to run it for an hour or three without issue.
If you’re not a glass blower, fear not—you can always make stuff that has a similar visual effect with some LEDs and creativity. Meanwhile, if you’ve got your own neon creations on the go—perhaps for Halloween?—don’t hesitate to light up the tipsline!
Three friends an I are going to see Chappel Roan later this week in Queens. I like her pink pony club, and have been making a variety of pink ponies lately.
I decided to make some tiny pink "pony"s that the four of us could wear as necklaces to the concert. They also could be clipped onto hats. I got the tiniest 6mm blue phosphor glass I could get my hands on and filled them to just 8 torr neon (normally 18torr at this size) so they are nice an conductive an the battery lasts longer. Pure neon fill- so I can fix em if they break.
I do have to double check the rules of forest hills. I guess I could lie an say they are LEDs :). One of my friends requested a heart tiara (I think the tour has hearts in its theme) so I made two lil ones filled for battery life :).
I sure hope we can dance with the neon as a pink pony club :)
Skateboards were organically developed in the 1940s and 1950s; 30 years would then pass before the ollie was developed, unlocking new realms for skaters dedicated to the artform. The advent of powerful batteries and motors would later make the electric skateboard a practical and (un?)fashionable method of transport in more recent years. Now, [Ivan Miranda] is pushing the cutting edge of skateboarding even further, with an entirely weird build of his own design.
The build was inspired by one-wheels, which [Ivan] considers fun but ultimately too dangerous. Most specifically, he fears crashing when the one-wheel is tilted beyond a critical angle at which the motor can restore it to a level heading. His concept was to thus create a two-wheeled board that is nonetheless controlled with the leaning interface of a one-wheel.
The frame is assembled from a combination of 3D-printed brackets and aluminium extrusion. The rider stands on a platform which rides on rollers on top of the frame, tilting it to control the drive direction of the board. Detecting the angle is handled by an Arduino Due with an MPU6050 IMU onboard. The microcontroller is then responsible for commanding the speed controller to move the board. Drive is from a brushless DC motor, hooked up to one of the wheels via a toothed belt. Power is courtesy of three power tool batteries.
Early testing showed the design to be a bit of a death trap. However, with refinement to the control system code and an improved battery setup, it became slightly more graceful to ride. [Ivan] notes that more tuning and refinement is needed to make the thing safer than a one-wheel, which was the original goal. We’ve seen some other great builds from [Ivan] before, too. Video after the break.
The counter wheel and white worm gear inside the counter. (Credit: Anthony Francis-Jones, YouTube) Recently [Anthony Francis-Jones] decided to take a closer look at the inhaler that his son got prescribed for some mild breathing issues, specifically to teardown the mechanical counter on it. Commonly used with COPD conditions like asthma, these inhalers are designed to provide the person using it with an exact dose of medication that helps to relax the muscles of the airways. Considering the somewhat crucial nature of this in the case of extreme forms of COPD, the mechanical counter that existed on older versions of these inhalers is very helpful to know how many doses you have left.
Disassembling the inhaler is very easy, with the counter section easily extracted and further disassembled. The mechanism is both ingenious and simple, featuring the counter wheel that’s driven by a worm gear, itself engaged by a ratcheting mechanism that’s progressed every time the cylinder with the medication is pushed down against a metal spring.
After the counter wheel hits the 0 mark, a plastic tab prevents it from spinning any further, so that you know for certain that the medication has run out. In the video [Anthony] speculates that the newer, counter-less inhalers that they got with the latest prescription can perhaps be harvested for their medication cylinder to refill the old inhaler, followed by resetting the mechanical counter. Of course, this should absolutely not be taken as medical advice.
04/10/2025 – Darkforums.st: “303” Rivendica Data Breach di 9 GB su Apple.com
Nelle prime ore del 4 ottobre 2025, sul forum underground Darkforums è comparsa una rivendicazione di data breach proveniente dall’utente “303” (profilo: Java Maniac, rank “GOD”, reputazione 197, registrato gennaio 2025). Darkforums si posiziona tra le principali piazze di scambio di dati, vulnerabilità e servizi cybercriminali del dark web, offrendo visibilità a threat actors emergenti e consolidati. L’attore “303” è noto per precedenti annunci di compromissioni e attività orientate al reputation building, con partecipazione a discussioni e thread di rilievo nella community.
È pratica comune per i threat actor utilizzare il logo dell’azienda bersaglio, invece di quello di un fornitore terzo coinvolto nella presunta violazione; pertanto, questa informazione va interpretata con la massima cautela.
Attualmente, non possiamo confermare l’autenticità della notizia, poiché l’organizzazione non ha ancora pubblicato un comunicato ufficiale sul proprio sito web in merito all’incidente. Le informazioni riportate provengono da fonti pubbliche accessibili su siti underground, pertanto vanno interpretate come una fonte di intelligence e non come una conferma definitiva.
Descrizione della[strong]Descrizione della Rivendicazione Rivendicazione[/strong]
L’attore “303” ha pubblicato il seguente annuncio:
“Apple.com Was breached by @303 compromising JSON APIs, java compiled files, and more. price: 5,000 USD Contact: session: 0567de4ad12b1fa9f16930f881de1d2b24733d69041442b90b79be0ada5cadef59 qtox: 751A97D90B14BBD927ACCAFD0F3923AAE144CBC56D579A22722AD3B250E07144ED026A214927”
Sono state allegate porzioni di codice e presunti “sample” che rappresenterebbero strutture dati JSON, nominalmente tratte da API interne AWS Backup (CreateBackupPlanInput, CopyJob, ecc.), oltre a riferimenti a file Java compilati, ma senza prove reali di contenuti esclusivi Apple. Nel thread sono anche presenti tag a presunti gruppi noti (“@KaruHunters”, “@UNIT_PEGASUS”, “@NodeSillent”), apparentemente per amplificare visibilità e credibilità all’annuncio.
[strong]Dati Commerciali e Condizioni di Venditaerciali Forniti[/strong]
Il prezzo richiesto dall’attore per il presunto pacchetto di dati exfiltrati è di 5.000 USD, con contatti pubblici via session e qtox. Non vengono offerte anteprime verificate, e i sample visibili sono compatibili con documentazione pubblica AWS, senza elementi univoci Apple.
Apple Inc. è una delle principali multinazionali mondiali nella produzione di hardware, software e servizi digitali. Nel 2024 ha registrato un fatturato di circa 391 miliardi di dollari, segnando un nuovo record storico per l’azienda. Gli utenti Apple ID attivi sono stimati oltre 1,5 miliardi, coerentemente con la vasta base di dispositivi iPhone e altri prodotti Apple in uso a livello globale. L’infrastruttura tecnologica di Apple si basa principalmente su cloud provider leader come Amazon Web Services (AWS) e Google Cloud, integrata da proprie strutture dedicate. Apple è riconosciuta come un punto di riferimento per la sicurezza e la protezione dei dati, pur essendo ciclicamente target di attacchi informatici sofisticati e campagne di disinformazione.
Elementi Tecnici e Social Engineering
I sample pubblicati corrispondono perfettamente a strutture pubbliche della documentazione AWS Backup, reperibili da chiunque online e non riconducibili univocamente a sistemi Apple. Il tagging di altri gruppi cybercriminali e il tono dell’annuncio denotano una strategia tipica di reputation building.
Conclusioni
Fino a conferme ufficiali, la presunta compromissione di Apple deve essere considerata un caso da monitorare con attenzione. Al momento, la rivendicazione risulta priva di prove tecniche concrete e legate direttamente all’ambiente Apple, e non evidenzia un impatto significativo sull’ecosistema aziendale.
Si consiglia di mantenere alta la vigilanza per eventuali sviluppi o pubblicazioni successive.
Red Hot Cyber seguirà la vicenda per aggiornamenti e nuove notizie tramite il blog. Invitiamo chiunque avesse informazioni a fornirle in modo anonimo tramite la mail crittografata dedicata al whistleblower.
[Tim] noticed recently that a large number of projects recreating discrete logic tend to do so with technology around 70 years old like resistor-transistor logic (RTL) or diode-transistor logic (DTL). To build something with these logic families nowadays requires an intense treasure hunt of antique components bordering on impossible and/or expensive. Rather than going down this rabbit hole he decided to invent a somewhat new logic system using analog components in this entry in our Component Abuse Challenge.
The component in question here is an analog multiplexer, which is normally used to select one of two (or several) signal lines and pass them through to an output. Unlike digital multiplexers which only pass 1s and 0s, analog multiplexers can pass analog signals since the transistors aren’t driven to saturation. He has come up with an entire system of logic gates using these components, with trickier devices like latches eventually implemented with help from a capacitor.
The first attempt at using this logic system had a small mistake in it which caused these latches to behave as oscillators instead, due to a polarity mistake. But a second attempt with simplified design and reduced component count ended up working, proving out [Tim]’s concept. Not only that but his second prototype is functioning at an impressive 15 MHz, with a possibility of an even higher clock speed in future designs. Not bad!
These days, you can buy full graphical LCD or OLED displays for just a few dollars. However, if you’re so inclined, you can actually get your own segmented LCDs made to suit your own projects. [Icoso Labs] explains how it’s done, with plenty of handy tips along the way.
There are three primary things you need to do to design a segmented LCD. First, you need to design it visually, laying out all the individual elements you want on the display. Then you need to determine how you want to split them up into segments. Some elements you’ll just want to be a single monolithic on-or-off shape, while other areas you might want to create things like seven-segment numerals for displaying numbers and so on. With that done, you also need to specify various engineering details—such as whether you want a transmissive, reflective, or transflective display, and thicknesses, colors, and other important things. Armed with all that, you can take your design to a manufacturer and get them to make a bunch for you. Often, there’s a moderately high tooling cost to start a run, but you can then turn out more examples of your design for just a few bucks apiece.
It’s a neat guide to designing something few of us have ever considered sourcing for ourselves. We’ve featured other insights into the world of segmented LCDs before, too. Video after the break.
The Zynq-7000 usage at the core of the robot controller. (Credit: Excessive Overkill, YouTube) Industrial robots like robotic arms are basically everywhere, albeit usually out of the public’s eye in factories. This also means that they get replaced and scrapped all the time, making for many opportunities to snap up an industrial robot that once cost as much as a pretty fancy car for essentially peanuts. Over the years the bloke behind the [Excessive Overkill] YouTube channel did this a lot, which also revealed the main issue with these ‘cheap’ robots: the electronics and associated software, with the manufacturer rarely going out of their way to appease to hobbyists trying to fix up one of these units, never mind for free.
That said, if you’re persistent enough, you can reverse-engineer these beasts to the point where you can develop your own controller hardware and software solution. This is exactly what was done, resulting in an open source controller, found on the ExcessiveMotion GitHub page, that should allow you to control many of these industrial robots. At the core is a Zynq-7000 hybrid FPGA-ARM SoC chip, running real-time Linux (with preemptive scheduling patch) on the SoC side and custom HDL on the FPGA side to handle the hard real-time tasks. The controller during testing. (Credit: Excessive Overkill, YouTube) The controller is made to be modular, with a backplane that can accept various interface cards in addition to the current RS-485 and RS-422 interfaces that are commonly used in industrial settings, such as here for controlling the individual servo drives of the robots. To make assembly and testing interesting, the first controller and integration with a robot was made ready for display at the Open Sauce 2025 event, requiring things to be rushed along, including reverse-engineering the servo protocol for a small-ish industrial robot suitable for public display and use, as well as developing the kinematics for the robotic arm.
With the controller now demonstrated, clearly this is the perfect time to rush out and get one of these fun industrial robots for a few hundred bucks. Currently the controller is still being finalized, with the author asking for feedback on what it should be able to support. If you have a particularly unusual industrial robot lounging around without the requisite controller, this might be your chance to revive it.
The modern era of virtual reality really kicked off in earnest just over a decade ago, when the Oculus Rift promised 3D worlds beyond your wildest dreams. Since then, nobody’s been able to come up with a killer app to convince even a mild fraction of consumers to engage with the technology. Still, if you’re keen to tinker, you might like to make your own headset like [CNCDan] has done.
The build is based almost entirely on 3D-printed components and parts sourced from AliExpress. It offers 2880x1440p resolution, thanks to a pair of square 1440×1440 LCD displays, one for each eye, paired with a couple of 34 mm lenses. The headset has adjustable interpupiliary distance so you can dial the view in to properly suit your eyes. The 3D-printed housing is designed to be compatible with headrest pads from the HTC Vive Pro for comfort’s sake. Head tracking is also available, with the inclusion of an IMU and an Arduino onboard. [CNCDan] apparently put the build together for under $150, which is not bad compared to the price of a commercial off-the-shelf unit. Files are on Github for the curious.
[CNCDan] reports good results with the DIY headset, using it primarily with his racing simulator setup. He has had some issues, however, with his LCD screens, which don’t properly run at a 90 Hz refresh rate at full resolution, which is frustrating. It’s an issue he’s still looking into. We’ve seen some other neat VR builds over the years, too. Video after the break.
As an example, [Nicola] demonstrates the concept using an AVR128DA28 microcontroller. It’s paired with a 4052 multiplexer IC and a CH340 USB-to-serial chip. Everything is wired up such that the 4052 acts as a switch for the signal coming from the CH340. When the RTS flow-control signal is set high, it switches the 4052 to hook up the CH340’s RX and TX pins to the UDPI interface on the AVR microcontroller. Conversely, when the RTS signal is set low, the CH340 is instead hooked up to the serial UART on the microcontroller. From there, it’s a simple matter of configuring avrdude to properly set the RTS pin when attempting to program the attached device.
If you’re working with UPDI devices and you want to be able to talk to them and program them with a minimum of fuss, this project might be useful for you. We’ve looked at dedicated UPDI programmers before, too. If you’re cooking up your own nifty microcontroller hacks, don’t hesitate to let us know on the tipsline.
It was one of those weeks last week at Hackaday’s home office. My mother-in-law handed me her favorite power bank and said “it’s not charging”. She had every expectation that I’ll open it up, desolder the weary pouch inside, scrounge a LiPo out of some corner of the basement, and have it back up and running before the weekend. And of course that’s what happened, although maybe it looks a little worse for wear because it was hard to open the sealed case without excessive force. Sorry about that!
Then on the weekend, I finally got fed up with the decomposing foam on the face seal on my FPV goggles. It was leaking light all over the place. Of course I could have bought a new seal, but then I’d have to wait a week or so for delivery. So I pulled the velcro backing off, tossed it in the bed scanner, pulled the image up in Inkscape, converted it to Gcode, and cut out a couple seals out of EVA foam on the laser. Not only are they essentially indestructible, but I was able to customize them a little bit, and the fit is now better than ever.
And then, one of our neighbors bought a new garage door fob, flipped the DIP switches into the right configuration, and couldn’t figure out why it wouldn’t open the garage door. Knock knock knock. Using the tried-and-true RF probe that everyone with a scope probe has sitting around, namely hooking the ground pin to the tip and putting the radio device in the loop, it was clear that the sense of the DIP switches was inverted from what it said in the instructions. That was a fun little puzzle.
It was the garage door opener that triggered me to think about how normal people would handle any of these situations. “How do the normies even get by?” were the exact words that went through my head. And let’s face it: we’re not entirely normal. Normal people don’t have a soldering setup just sitting around ready to get hot 24/7, or a scope to diagnose a garage door RF transmitter at the drop of a hat. But these things seem to happen to me all the time. How do the normal people survive? Maybe they all know someone with a scope?
I take it as my service to the world to be “that guy” for most of our friends and family, and I pretty much do it without complaint. “With great power” and all that. My wife is just about as gracious when she’s stuck debugging a parent’s Windows setup, so I’m not saying I’m the only saint in the world, either. Surely you have similar stories.
But last week it made me reflect on how good we’ve got it, and that does make me want to pay it forward a little bit. If you’re one of the people who can, try to help out those who can’t.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
It’s a well-known conundrum that while most computers these days are digital in nature, almost nothing in nature is. Most things we encounter in the real world, whether it’s temperature, time, sound, pressure, or any other measurable phenomenon comes to us in analog form. To convert these signals to something understandable by a digital converter we need an analog-to-digital converter or ADC, and [Igor] has built a unique one from scratch called a delta sigma converter.
What separates delta sigma converters apart is their high sampling rate combined with a clever way of averaging the measurements to get a very precise final value. In [Igor]’s version this average is provided by an op-amp that integrates the input signal and a feedback signal, allowing for an extremely precise digital value to be outputted at the end of the conversion process. [Igor] has built this one from scratch as well, and is using it to interface a magnetic rotary encoder to control digital audio playback.
Although he has this set up with specific hardware, he has enough detail in his video (including timing diagrams and explanations of all of the theory behind these circuits) for anyone else to build one of these for other means, and it should be easily adaptable for plenty of uses. There are plenty of different ADC topologies too, and we saw many different ones a few years ago during our op-amp challenge.
La storia di SoopSocks è quella che, purtroppo, conosciamo bene: un pacchetto PyPI che promette utilità — un proxy SOCKS5 — ma in realtà introduce un impianto malevolo ben orchestrato.
Non stiamo parlando del solito script improvvisato; dietro SoopSocks c’è una catena di azioni pensata per ottenere persistenza, ridurre il rumore e stabilire un canale di comando/controllo stabile. Il pacchetto è stato pubblicato su PyPI (Python Package Index), il registro ufficiale dei pacchetti Python.
Il pacchetto ingannevole, denominato “soopsocks“, ha totalizzato 2.653 download prima di essere rimosso. È stato caricato per la prima volta da un utente di nome “soodalpie” il 26 settembre 2025, la stessa data di creazione dell’account. Questa combinazione è pensata per massimizzare la percentuale di successo: componenti compilati per l’esecuzione, script per l’integrazione e meccanismi nativi per la persistenza. Il risultato è un pacchetto che funziona come “utility” e nello stesso tempo costruisce un punto di appoggio remoto.
Strategia dell’attaccante: stealth e affidabilità
SoopSocks si presentava come una libreria Python, riportano i ricercatori di sicurezza, per offrire un proxy SOCKS5. In realtà, su Windows metteva in piedi un piccolo impianto di backdoor persistente: si installava come servizio, apriva la porta giusta sul firewall, rimaneva attivo ai riavvii e inviava periodicamente informazioni all’esterno.
Come entra e si installa: dopo l’installazione, il pacchetto non si limitava ai moduli Python. In alcune versioni depositava un eseguibile compilato (scritto in Go) e uno o più script di orchestrazione (PowerShell/VBScript). Questi componenti servivano per:
installare un servizio Windows con avvio automatico (così si riaccendeva ad ogni boot);
predisporre un piano B di persistenza tramite un’attività pianificata, se la creazione del servizio falliva;
eseguire comandi PowerShell in modalità “silenziosa” (bypassando le execution policy e riducendo i messaggi a schermo) per configurarsi e restare sotto traccia.
Cosa fa una volta attivo
Ufficialmente esponeva un proxy SOCKS5 (tipicamente sulla porta 1080). Dietro le quinte:
aggiungeva regole al firewall per aprire la porta del proxy, così il traffico in ingresso non veniva bloccato;
manteneva persistenza (servizio + task) in modo da sopravvivere a riavvii o tentativi di “pulizia” incompleti;
avviava una telemetria a basso profilo: a intervalli regolari raccoglieva informazioni sulla macchina (nome host, versione del sistema, configurazione e stato della rete, indirizzi IP) e le spediva verso l’esterno usando canali comuni (HTTPS), di solito con pacchetti piccoli e frequenti per non dare nell’occhio.
Perché è difficile da notare
Molte azioni passavano per strumenti legittimi di Windows (PowerShell, Task Scheduler, gestione firewall). Agli occhi di un monitoraggio basato solo su firme, queste operazioni possono sembrare normali attività amministrative. Inoltre, offrendo davvero un SOCKS5 “funzionante”, il pacchetto abbassava la soglia di sospetto: chi lo provava vedeva che “fa il suo dovere” e raramente andava a controllare i componenti extra.
Il punto chiave
SoopSocks univa funzionalità utile (il proxy) e meccaniche di intrusione/persistenza ben note. Questo mix trasformava una libreria apparentemente innocua in un punto d’appoggio remoto: un host che l’attaccante può usare come proxy controllabile e da cui raccogliere dati, con un profilo di “rumore” di rete volutamente basso.
Questa strategia dimostra una conoscenza pratica di come operano team di difesa aziendali: gli attaccanti progettano le loro tecniche per apparire «normali» rispetto al profilo operativo quotidiano. L’utilizzo di ambienti di sviluppo, come punto di diffusione, permette di creare punti di persistenza per movimenti laterali. Inoltre l’utilizzo i repository interni/locali possono conservare versioni malevoli anche dopo che sono state rimosse online, perché restano in cache. Senza regole di verifica e pulizia periodica, i team di sviluppo rischiano di continuare a usarle senza accorgersene.
SoopSocks non ha rivoluzionato il panorama delle minacce, ma ha mostrato come la combinazione di componenti legittimi e tecniche già collaudate possa trasformare una libreria in un serio vettore di compromissione. Per le organizzazioni la sfida non è solo tecnica, ma soprattutto processuale: difendere la filiera software richiede controlli e procedure
The MOS Technologies 6581, or SID, is perhaps the integrated circuit whose sound is most sought-after in the chiptune world. Its three voices and mix of waveforms define so much of our collective memories of 1980s computing culture, so it’s no surprise that modern musicians seek out SID synthesisers of their own. One of these is the MIDISID, produced by [MIDI IN], and in a recent video she investigates an unexpected tuning problem.
It started when she received customer reports of SIDs that were out of tune, and in the video she delves deeply into the subject. The original SID gained its timing from a clock signal provided by the Commodore 64, with thus different timing between NTSC and PAL versions of the machine. This meant European SID music needed different software values to American compositions, and along the way she reveals a localisation error in that the British Commodore 64 manual had the wrong table of values.
Modern SIDs are emulated unless you happen to have an original, and her problem came when switching from one emulated SID to another. The first one used that clock pin while the second has its own clock, resulting in some music being off-tune. It’s a straightforward firmware fix for her, but an interesting dive into how these chips worked for the rest of us.
In un noto forum underground è recentemente apparso un post che sta attirando l’attenzione della comunità di cybersecurity. Un utente con il nickname KaruHunters, figura già conosciuta per la sua attività all’interno di circuiti criminali digitali, ha pubblicato un annuncio in cui sostiene di essere in possesso dei dati compromessi di RIPE NCC (Réseaux IP Européens Network Coordination Centre).
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Il post nel forum underground
Nel post, KaruHunters dichiara esplicitamente: “Today I am selling RIPE NCC Data Breach, thanks for reading and enjoy!”. L’attore rivendica un presunto attacco informatico avvenuto nell’ottobre 2025 ai danni del RIPE NCC, che avrebbe portato all’esfiltrazione di codice sorgente privato e strumenti interni dell’organizzazione. Viene menzionata anche una compromissione che include un’alberatura dei dati, senza tuttavia fornire dettagli tecnici concreti nel messaggio pubblico.
Un elemento di particolare rilievo è la parte commerciale dell’annuncio: i dati vengono messi in vendita a partire da 500 dollari (con possibilità di negoziazione), mentre l’accesso interno ai sistemi compromessi viene offerto a 1.200 dollari. KaruHunters aggiunge inoltre che le informazioni sottratte riguarderebbero un’entità con un fatturato dichiarato di 37,5 milioni di dollari, sebbene questa cifra debba essere trattata con cautela e verificata.
Il post è stato corredato da un logo del RIPE NCC, un dettaglio che rientra spesso nelle strategie di social engineering adottate dai criminali per conferire maggiore credibilità alle loro offerte. Tuttavia, come spesso accade in questi casi, non sono state fornite prove verificabili a supporto della presunta intrusione, almeno non nel messaggio pubblico. È probabile che eventuali “proof of concept” vengano condivise soltanto in trattative private con potenziali acquirenti.
Cos’è il RIPE
Il RIPE NCC (Réseaux IP Européens Network Coordination Centre) è il Regional Internet Registry (RIR) responsabile per l’Europa, il Medio Oriente e alcune parti dell’Asia centrale. Si tratta di un’organizzazione no-profit con sede ad Amsterdam, fondata nei primi anni ’90, che ha il compito principale di gestire e distribuire le risorse numeriche di Internet, come gli indirizzi IP e i Numeri di Sistema Autonomo (ASN).
Il RIPE NCC non va confuso con il RIPE (Réseaux IP Européens), che è una comunità aperta di operatori di rete e specialisti. Mentre la comunità RIPE si occupa di definire politiche e linee guida per il funzionamento della rete, il RIPE NCC è l’entità che mette in pratica tali decisioni attraverso la gestione operativa delle risorse.
Tra i compiti principali del RIPE NCC rientrano:
l’assegnazione e la registrazione di indirizzi IPv4 e IPv6;
la distribuzione dei Numeri di Sistema Autonomo (ASN);
la gestione del RIPE Database, un archivio pubblico che contiene informazioni tecniche e amministrative relative a indirizzi IP e ASN;
il supporto tecnico alla comunità di operatori e provider;
attività di ricerca e monitoraggio della stabilità di Internet a livello globale.
Il ruolo del RIPE NCC è cruciale per il funzionamento ordinato e trasparente della rete, poiché garantisce che l’allocazione delle risorse IP avvenga in modo equo, tracciabile e conforme alle politiche stabilite dalla comunità. In sostanza, rappresenta una delle fondamenta invisibili ma indispensabili per il funzionamento di Internet come lo conosciamo oggi.
Il profilo del threat actors e i potenziali impatti
Il profilo di KaruHunters all’interno del forum mostra un livello di reputazione piuttosto elevato, con 154 punti e la qualifica di “GOD”, indice di un certo riconoscimento da parte della community. L’utente risulta registrato dal mese di agosto 2024, con all’attivo 26 post e 18 thread aperti. Questo dato rafforza l’idea che non si tratti di un nuovo arrivato, ma di un soggetto che ha saputo conquistare credibilità nel contesto criminale.
Se confermato, un data breach ai danni di RIPE NCC avrebbe conseguenze potenzialmente gravi per l’intero ecosistema di internet europeo e non solo, poiché l’organizzazione gestisce informazioni sensibili legate alla connettività di rete globale. Tuttavia, non è raro che su questi forum vengano pubblicati annunci esagerati o falsi, utilizzati più come operazioni di marketing criminale che come reali vendite di dati compromessi.
In conclusione, il post di KaruHunters va preso con la dovuta cautela. Da un lato, la reputazione dell’utente nel forum conferisce un certo peso alla sua dichiarazione; dall’altro, l’assenza di prove tangibili impone di attendere verifiche indipendenti. Quel che è certo è che la semplice comparsa di questo annuncio rappresenta un campanello d’allarme per il settore della sicurezza informatica, ricordando quanto gli attori malevoli siano costantemente alla ricerca di punti critici nelle infrastrutture che regolano internet stesso.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione dell’organizzazione qualora voglia darci degli aggiornamenti su questa vicenda e saremo lieti di pubblicarla con uno specifico articolo dando risalto alla questione. RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali.
Once upon a time, ham radio was all about CW and voice transmissions and little else. These days, the hobby is altogether richer, with a wide range of fancy digital data modes to play with. [KM6LYW Radio] has been tinkering in this space, and whipped up a compact ham radio data rig that you can build for well under $100.
Radio-wise, the build starts with the Baofeng UV-5R handheld radio. It’s a compact VHF/UHF transceiver with 5W output and can be had for under $25 USD if you know where to look. It’s paired with a Raspberry Pi Zero 2W, which is the brains of the operation. The Pi is hooked up to the All-In-One-Cable which is basically a soundcard-like interface that plugs into USB and hooks up to the mic and speaker outputs of the Baofeng handheld. The final pieces of the puzzle are a USB PD battery pack and a small OLED screen to display status information.
What does that kit get you? The capability to transmit on all sorts of digital modes with the aid of the DigiPi software package. You can send emails, jump on APRS, or even chat on the web. You can configure all of this through a web interface running on the Raspberry Pi.
The 600W is not the output rating, despite all appearances. (Credit: Denki Otaku, YouTube) We have seen many scam USB chargers appear over the years, with a number of them being enthusiastically ripped apart and analyzed by fairly tame electrical engineers. Often these are obvious scams with clear fire risks, massively overstated claims and/or electrocution hazards. This is where the “600W” multi-port USB charger from AliExpress that [Denki Otaku] looked at is so fascinating, as despite only outputting 170 Watt before cutting out, it’s technically not lying in its marketing and generally well-engineered.
The trick being that the “600W” is effectively just the model name, even if you could mistake it for the summed up output power as listed on the ports. The claimed GaN components are also there, with all three claimed parts counted and present in the main power conversion stages, along with the expected efficiency gains.
While testing USB-PD voltages and current on the USB-C ports, the supported USB-PD EPR wattage and voltages significantly reduce when you start using ports, indicating that they’re clearly being shared, but this is all listed on the product page.
The main PCB of the unit generates the 28 VDC that’s also the maximum voltage that the USB-C ports can output, with lower voltages generated as needed. On the PCB with the USB ports we find the step-down converters for this, as well as the USB-PD and other USB charging control chips. With only a limited number of these to go around, the controller will change the current per port dynamically as the load increases, as you would expect.
Considering that this particular charger can be bought for around $30, is up-front about the limitations and uses GaN, while a genuine 300 Watt charger from a brand like Anker goes for $140+, it leads one to question the expectations of the buyer more than anything. While not an outright scam like those outrageous $20 ‘2 TB’ SSDs, it does seem to prey on people who have little technical understanding of what crazy amounts of cash you’d have to spend for a genuine 600 Watt GaN multi-port USB charger, never mind how big such a unit would be.
When taking pictures of the night sky, any noise picked up by the sensor can obscure the desired result. One major cause of noise in CMOS sensors is heat—even small amounts can degrade the final image. To combat this, [Francisco C] of Deep SkyLab retrofitted an old Canon T1i DSLR with an external cooler to reduce thermal noise, which introduces random pixel variations that can hide faint stars.
While dedicated astrophotography cameras exist—and [Francisco C] even owns one—he wanted to see if he could improve an old DSLR by actively cooling its image sensor. He began with minor surgery, removing the rear panel and screen to expose the back of the sensor. Using a sub-$20 Peltier cooler (also called a TEC, or Thermoelectric Cooler), he placed its cold side against the sensor, creating a path to draw heat away.
Reassembling the camera required some compromises, such as leaving off the LCD screen due to space constraints. To prevent light leaks, [Francisco C] covered the exposed PCBs and viewfinder with tape. He then tested the setup, taking photos with the TEC disabled and enabled. Without cooling, the sensor started at 67°F but quickly rose to 88°F in sequential shots. With the TEC enabled, the sensor remained steady at 67°F across all shots, yielding a 2.8x improvement in the signal-to-noise ratio. Thanks to [Francisco C] for sharing this project! Check out his project page for more details, and explore our other astrophotography hacks for inspiration.
The tides! Such a unique thing, because on Earth, we don’t just have oceans full of liquid water—we also have a big ol’ moon called Moon to pull them around. You might like to keep track of the tides; if so, this tide clock from [rabbitcreek] could come in handy.
The motions of the tides are moderately complex; it was in the late 19th century that Sir William Thomson figured out a reasonable method to predict the tides mathematically and with a mechanical contrivance of his own design. These days, though, you don’t need pulleys and ropes to build a tide clock; you can just use electronics for display and the NOAA API to get the information you need.
[rabbitcreek’s] build is based around the Xiao ESP32 S3, which is charged with using its Wi-Fi connection to query NOAA up-to-date tide height data. It then uses this information to drive the position of a servo, installed inside a 3D-printed housing. The servo rotates a little red Moon indicator around a central Earth, with our home planet surrounded by a stretched blue marker indicating the swelling of the tides as influenced by the Moon’s gravity.
If you’re a surfer or beach driver that’s always wanting to know the tidal state at a glance, this clock is for you. We’ve featured other tide clocks before, but never any projects that can actually influence the tides themselves. If you’ve figured out how to mess with gravity on a planetary scale, consider applying for a Nobel Prize—but do notify the tipsline before you do.
If you need to create a high vacuum, there are basically two options: turbomolecular pumps and diffusion pumps. Turbomolecular pumps require rotors spinning at many thousands of rotations per minute and must be carefully balanced to avoid a violent self-disassembly, but diffusion pumps aren’t without danger either, particularly if, like [Advanced Tinkering], you use mercury as your working fluid. Between the high vacuum, boiling mercury, and the previous two being contained in fragile glassware, this is a project that takes steady nerves to attempt – and could considerably unsteady those nerves if something were to go wrong.
A diffusion pump works by boiling a some working fluid – usually silicone oil – and creating a directed stream of vapor. The vapor molecules collide with air molecules and impart momentum to them, drawing them along with the vapor stream into a condenser. The condenser liquefies the working fluid, while a backing vacuum pump just past the condenser removes the entrained air molecules. The working fluid then flows back into the heating chamber to begin the cycle again. The earliest diffusion pumps did use mercury as a working fluid, a practice which has almost completely died out, but which did have one significant advantage: if, for some reason, air did flood back into the vacuum chamber, there was no risk of setting hot oil vapor on fire.
[Advanced Tinkering]’s diffusion pump is made of glass, which gives a good view of the internal process; It’s in equal parts fascinating and disquieting to see droplets of metal condensing on the glass parts. A Dewar flask of liquid nitrogen holds two cold traps to condense any mercury vapors leaving the pump: one on the line between the diffusion pump and the backing pump, and one between the diffusion pump and a vacuum gauge to make sure that mercury’s vapor pressure isn’t throwing off measurements. Another vacuum gauge is connected to the backing pump’s inlet, which lets the diffusion pump’s performance be measured. After a few hours of running, the pressure at the diffusion pump’s inlet was two orders of magnitude lower than at its outlet, and more vacuum-tight connections could probably have brought it even lower.
This isn’t [Advanced Tinkering]’s first time working with dangerous liquid metals, nor his first time building equipment for high vacuum. If you’re still looking for a safer vacuum, check out this budget diffusion pump.
Elliot Williams and Al Williams got together to share their favorite hacks of the week with you. If you listen in, you’ll hear exciting news about the upcoming SuperCon and the rare occurrence of Al winning the What’s That Sound game.
For hacks, the guys talk about the IEEE’s take on the “best” programming languages of 2025 and how they think AI is going to fundamentally transform the job of a programmer. On a lighter note, there’s an industrial robot who retired to bartending, a minimal drum machine, a high-powered laser, and a Fortran flight simulator reborn with Unity 3D.
In the “can’t miss” category, you’ll learn how not to switch Linux distributions and what to expect when you need surgery while on your next mission to outer space.
There’s lots more. Want to follow along? Check out the links below. As always, tell us what you think about this episode in the comments!
Al made short work of the sound again this week, racking up an uncharacteristic streak of two. Congrats to [Absolutely the Best Podcast: A Work in Progress] for getting the printing press right too!
Finding, collecting, and restoring vintage tech is the rewarding pastime of many a Hackaday reader. Working with old-school gear can be tough, though, when documentation or supporting resources are hard to find. If you’re in need of an old manual or a little scrap of software, you might find the Vintage Technology Digital Archive (VTDA) a useful destination.
The VTDA is a simple website. There is no search function, or fancy graphical way to browse the resources on offer. Instead, it’s merely a collection of files in a well-ordered directory tree. Click through /pics/DiskSleeves/VTDA/ and you’ll find a collection of high-resolution scans of various old diskettes and their packaging. /docs/computing/Centronics/ will give you all kinds of useful documentation, from press releases to datasheets for printers long forgotten. You can even find Heathkit schematics and old Windows bootdisk images if you dive into the depths.
While it doesn’t have everything, by any means, the VTDA has lots of interesting little bits and pieces that you might not find anywhere else. It’s a great counterpart to other archival efforts out on the web, particularly if you’re a member of the retrocomputing massive.
This week a reader sent me a story about a CVE in Notepad++, and something isn’t quite right. The story is a DLL hijack, a technique where a legitimate program’s Dynamic Link Library (DLL) is replaced with a malicious DLL. This can be used for very stealthy persistence as well as escalation of privilege. This one was assigned CVE-2025-56383, and given a CVSS score of 8.4.
This is key when evaluating a vulnerability write-up. What exactly is the write-up claiming? And what security boundary is actually being broken? The Common Weakness Enumeration (CWE) list can be useful here. This vulnerability is classified as CWE-427, an uncontrolled search path element — which isn’t actually what the vulnerability claims, and that’s another clue that something is amiss here. In reality this “vulnerability” applies to every application that uses a DLL: a CVSS 0.
Smish Boxes
There’s a trend to replace land lines with cellular modems. While wearing my phone tech hat, I’ve even installed a few cellular routers in hotel telecom closets. It turns out there’s a potential problem with that particular arrangement. Hotels and other commercial installations often assign a public IP address to each piece of equipment, and as a result it’s not uncommon for that equipment to be directly exposed to the Internet. And what happens when cellular routers are exposed to the Internet, sometimes with vulnerabilities or even default credentials? Naturally, scammers use them to send spammy SMS messages.
The scale of the problem is surprising. After researchers at Sekoia discovered the problem, they discovered 18,000 of these devices accessible on the Internet. It seems like this campaign may be responsible for the majority of the SMS spam being sent in modern smishing campaigns. It also appears that there may be an unknown 0-day being exploited in the campaign.
VMWare
VMware just fixed CVE-2025-41244, a local privilege escalation vulnerability that has been in use in the wild since at least October of last year. This vulnerability is in the service discovery feature of VMware Aria. The idea is that the installed VMware Tools can discover running services and probe for version numbers.
On a Linux guest, this probe works by listing the currently running processes, and if the a process matches one of the regular expressions, that process is run with the -v flag. As root. Yes, this vulnerability that was being actively exploited in the wild by a Chinese threat actor for over a year, was as simple as an over-matching regex and carelessly running binaries as root. The trick favored by the attackers was to place a malicious binary at /tmp/httpd, run it as a regular user, and just wait for the VMware tooling to come along and run it as root.
Sudo Chwoot
The maintainers behind sudo fixed a pair of vulnerabilities back in June that allowed a local attacker to escalate privileges. The most interesting of the two abuses is in the handling of the chroot option, resulting in an attack [Rich Mirch] refers to as “chwoot”.
The actual weakness is that sudo would use the chroot() system call while setting up the chroot environment, prior to dropping privileges. In this state, sudo performs Name Service Switch calls as root, which results in looking for /etc/nsswitch.conf inside the chroot directory. This config file can trigger a shared library load, and since it’s happening in the context of a chroot, that library is also first loaded from the chroot directory if it exists there, resulting in a handy escalation to root.
This behavior is enabled for all users by default, resulting in a serious vulnerability on many Linux machines. It was fixed and disclosed back in June, but has now been added to the CISA list of known exploited vulnerabilities.
Not in the Threat Model
Intel and AMD both have trusted computing solutions for encrypted VMs, that among other things, encrypt the bits in memory so even a compromised kernel can’t extract data from the running VM. The approaches from both companies are similar, using symmetric encryption with the memory location as part of the encryption Initialization Vector (IV). This means that while the same key is in use, a plaintext value in a given memory location will always be represented by the same encrypted value. Two pieces of research came out this week suggesting that this codebook-like behavior has security ramifications.
Before we dive into the rest of the details, it’s worth pointing out that asymmetric encryption is likely not a viable option for VM memory encryption, due to the processing latency overhead. The exploit here is to physically connect to the memory sticks inside a target computer, and record the encrypted bits. In some cases, an attacker can later run a malicious VM on the same hardware, and use the physical hack to replay the captured bits, allowing easy decryption. Another option is to replay the VM attestation report, falsely claiming that the virtual machine is still fully protected.
What’s initially surprising is that both Intel and AMD have maintained that their SGX and SEV-SNP systems are not intended to protect against physical access. But seeing what is possible with physical modification to system memory, it’s no longer a surprising line to draw. The other interesting note is that so far these attacks are limited to DDR4, as DDR5 memory has a higher data rate, making the entire operation even more difficult.
RCE Security dug into a product called TRUfusion Enterprise, a data transfer solution that is marketed as undergoing regular audits. It came as a surprise that they found four vulnerabilities that could be called low-hanging fruit. The takeaway: not all audits are created equal, and there’s no guarantee that this style of code review will catch every bug.
Our last two links are both about memory management. The first is from Cybervelia, looking at how to find uninitialized memory access with just a program binary and no source code. Binary Ninja is the tool that really shines here, but it’s certainly not an easy task.
La Community di Red Hot Cyber ha avuto l’opportunità di partecipare a “Oltre lo schermo”, l’importante iniziativa della Polizia Postale dedicata ai giovani del 2 ottobre, con l’obiettivo di invitarli a vivere la realtà oltre i confini dei social network. Un evento che conferma come, ormai da alcuni anni, la cyber security awareness sia diventata un pilastro fondamentale nei percorsi di formazione giovanile.
L’Auditorium Parco della Musica di Roma, gremito da oltre 1.200 studenti provenienti dalla capitale e dalla sua provincia, ha fatto da cornice all’incontro promosso dalla Polizia di Stato, in collaborazione con Google e One More Pictures. L’iniziativa rientra nella 13ª edizione di “Una Vita da Social”, la storica campagna educativa itinerante che porta nelle scuole italiane strumenti e riflessioni per un utilizzo sicuro e consapevole del web.
Il focus di quest’anno è stato il confronto tra i modelli di perfezione proposti dai social e l’identità dei più giovani, con particolare attenzione alla body positivity e alla riscoperta del valore delle relazioni autentiche nella vita reale.
Il messaggio delle istituzioni
Ad aprire l’incontro, il Capo della Polizia Vittorio Pisani che ha ricordato ai ragazzi di non farsi condizionare dall’identità digitale:
“I rapporti umani sono quelli che arricchiscono davvero e vi preparano a fare la differenza nella vita quotidiana e nel futuro mondo del lavoro”.
Il prefetto ha ringraziato gli insegnanti, riconoscendo il loro compito fondamentale nel trasmettere valori e responsabilità alle nuove generazioni. Anche l’on. Federico Mollicone ha sottolineato, con un messaggio il valore sociale ed educativo del tema, definendo l’educazione digitale una sfida decisiva per il futuro.
Storie ed emozioni: il cortometraggio (IM)PERFETTA
Il momento più atteso è stato la proiezione del cortometraggio “(IM)PERFETTA”, prodotto da One More Pictures con Rai Cinema e presentato alla Mostra del Cinema di Venezia.
La storia di una ragazza che, dopo una delusione amorosa, si rifugia nei social inseguendo un ideale di perfezione, ha emozionato gli studenti. La protagonista scopre infine che la vera unicità sta nelle imperfezioni, ciò che rende autentici e irripetibili.
Scritto da Margherita Pezzella, il corto ha stimolato un confronto sincero, in cui molti giovani si sono riconosciuti. Magistrale il finale del corto nel quale la protagonista, come un novello Amleto, fissa le pillole dimagranti prima della sfumatura finale lasciando allo spettatore sempre presente lo spettro della tentazione mai sopita delle scorciatoie (ingannevoli) verso il risultato.
Testimonianze e ospiti
A rendere speciale l’evento, la partecipazione del cast del film, di artisti, sportivi e personalità del mondo della comunicazione. Non sono mancati i videomessaggi dei calciatori di A.S. Roma e S.S. Lazio, che hanno invitato i ragazzi a credere nel sacrificio, nel lavoro di squadra e nel valore della vita reale rispetto a quella virtuale.
Il conduttore radiofonico Renzo Di Falco e la Dottoressa Roberta Mestichella hanno guidato la giornata con energia, lasciando spazio a riflessioni e interventi anche in collegamento: da New York con Marco Camisani Calzolari, esperto di comunicazione digitale, e da un set cinematografico in Trentino Alto Adige.
Educazione digitale e responsabilità condivisa
Il confronto tra istituzioni e aziende ha ribadito la necessità di un’alleanza tra pubblico e privato.
Barbara Strappato, direttrice della Prima Divisione della Polizia Postale, e Martina Colasante di Google Italia hanno sottolineato l’impegno per sviluppare tecnologie sicure e costruite su misura per i più giovani.
Il produttore Carlo Raffronti ha ricordato che oggi il rischio è l'”analfabetismo digitale”, invitando i ragazzi a domandarsi sempre perché un contenuto viene loro proposto online.
Quasi tutti gli ospiti del talk hanno posto l’accento sul valore delle emozioni reali, più durature di quelle virtuali.
Un invito a scegliere quindi la realtà e ad utilizzare i social responsabilmente
Il filo conduttore dell’evento è stato chiaro: educazione, rispetto e accettazione di sé e degli altri come strumenti per contrastare fenomeni come il cyberbullismo. “Non esistono scorciatoie” hanno ricordato gli sportivi di Roma e Lazio presenti con un video messaggio, “servono sacrificio e dedizione, nello sport come nella vita”.
Durante i vari speech della giornata, ogni partecipante ha ricevuto un kit con materiali informativi: un quaderno Comix, un volantino della Polizia Postale con utili consigli per una navigazione sicura e il “The Future Report” di Google, ricerca veramente accurata sugli adolescenti europei e il loro rapporto con internet e l’intelligenza artificiale.
Più che un evento, un messaggio alle nuove generazioni ed ai loro genitori
“Oltre lo schermo” non è stato solo un momento di riflessione, ma un invito a vivere la tecnologia senza subirla, a non lasciarsi ingannare dalle illusioni dei social e a dare valore alle relazioni autentiche.
Perché, come ha ricordato uno dei relatori, “ciò che conta davvero è quello che pensano di voi le persone che vi conoscono nella vita reale, coloro che vi vogliono bene, non i commenti sui social”.
Volevo ringraziare Marco Bani e Lorenzo Basso per avermi regalato il loro libro “Il secolo dell’IA, capire l’intelligenza artificiale, decidere il futuro” (Il Mulino -Arel, 2025).
Mi è piaciuto molto e mi sono segnato diversi passaggi interessanti.
Il motivo è che di libri sull’IA ne ho letti parecchi in italiano, meno in inglese, a cominciare da quando studiavo psicologia a Stanford e giochicchiavo con le reti neurali negli anni ’90.
Ho letto il bellissimo Vita 3.0 di Max Tegmark, ho letto i libri di Luciano Floridi come Etica dell’Intelligenza artificiale, il libro di Cingolani, L’altra Specie; ho letto i libri di Guido Scorza e Alessandro Longo, quelli del mio amico Massimo Chiriatti (hashtag#humanless, Incoscienza artificiale), di Fabio Lazzini, e Andrea Colamedici (L’algoritmo di Babele): ho letto Breve e universale storia degli algoritmi di Luigi Laura, Nel paese degli algoritmi di Aurélie JEAN, Ph.D., L’economia dell’intelligenza artificiale di Stefano da Empoli; la trilogia di Nello Cristianini (La Scorciatoia, Machina Sapiens, Sovrumano); AI Work di Sergio Bellucci; Intelligenza Artificiale e democrazia di Oreste Pollicino e Pietro Dunn, Human in the Loop di Paolo Benanti eccetera eccetera… scusate non vi cito tutti.
Il libro di Bani e Basso mi è piaciuto per essere chiaro, sintetico, diretto. Con un forte afflato etico e con una impronta politica ma non partigiana. Volendo essere un libro divulgativo, il loro libro mi pare una buona summa del dibattito pubblico in corso pure senza essere un libro accademico o rivelatore.
Ottimo entry level, insomma, ha il pregio di poter essere compreso da un liceale come da un politico. I riferimenti sono corretti, la bibliografia discreta. un bel lavoro. Insomma, è da leggere. Funziona anche nei momenti di relax quando non hai voglia di studiare.
While not everyone agrees on the installation of wind turbines in their proverbial back yards, one thing not up for debate is that there is a drive to build them bigger, and bigger. Big turbines means big blades, and big blades need to be transported… somehow. If air freight is going to stay relevant to the industry, we’re gonna need a bigger airplane.
A startup called Radia has a plan for that plane, and it is a doosie. The “WindRunner” would clock in at a massive 108 meters (354 feet) long, but with a wingspan of just 80 m (262 ft). That’s very, very long, but it might not be the largest airplane, depending how you measure it. Comparing to the 88 m wingspan for the late, lamented An-225 Mriya, you can expect a lower payload capacity, but heavy payloads aren’t the point here. Wind turbine blades really aren’t that heavy. They’re big, or they can be — the WindRunner is designed to fit a single 105 m blade within its long fuselage, or a pair of 90 m blades.
You can tell it has one job; there’s just 3 m difference in length between the blade and the plane. Image: Radia. That’s very little clearance, which is why the cockpit sits up top in a bulge that makes the thing look a bit like an enormous Carvair, for anyone who remembers that old prop-job — except for the H-tail, that is. That’s for a different reason than the An-225’s use of the same feature, which was to keep the tails out of the wash of a back-mounted “Buran” space shuttle. With the WindRunner, the H-tail is simply so the tail will not be too tall to fit existing airport infrastructure. The Lockheed Constellation used a triple-tail for the same reason, way back when. The Carvair, another cargo hauler with exactly one job. It was actually based on a DC-4, and not a Convair, but for a car carrier the name fits. Image: Eduard Marmet, CC3.0 The aircraft will of course be short-runway and rough-field capable, capable of taking off and landing on dry packed dirt or gravel in just 1,800 m, or 6000 ft — a little more than 10x its own enormous length. The payload it hauls into those rough fields will break no records at only 72.6 tonnes; Mriya could do 250 tonnes, but again, heavy lift isn’t the goal here.
This plane has a very specific mission, to the point that we argue it might just qualify as a hack. It will be interesting to see if Radia can sign enough customers to get one (or more) built.
A Raspberry Pi Pico W acts as the heart of the build, armed with an SGP40 gas sensor. This sensor is intended for monitoring total volatile organic compounds in the air, which can be a useful measure of air quality in at least one dimension. It reports a simple air quality score from 0 to 500, based on a 1-1000 ppm ethanol equivalent reading. Based on the sensor’s output, the Pi Pico drives an LED matrix display — setting it green for good quality air, yellow for moderate, and red for poor air quality (i.e. high VOC content). The fun part is that rather than just show a simple color, the display plays Conway’s Game of Life to create an animated visual. We’d love it even more if poor air quality lead to the premature death of individual cells, making it even more interactive.
A settembre 2025 è emersa una nuova incarnazione del noto ransomwareLockBit, denominata LockBit 5.0. Non è solo un “aggiornamento”: è un adattamento operativo pensato per essere rapido, meno rumoroso e più impattante sulle infrastrutture virtualizzate. La caratteristica che va sottolineata fin da subito è che la 5.0 è cross-platform: sono stati identificati campioni per Windows, Linux e VMware ESXi — il che amplia la superficie d’attacco e richiede coordinamento tra team diversi (endpoint, server, virtualizzazione).
Che cosa cambia
La catena d’attacco resta la stessa, ma LockBit 5.0 la porta avanti più velocemente e con accorgimenti pensati per ridurre al minimo le tracce:
Esecuzione “in memoria” LockBit 5.0 punta a restare “sulla RAM”. Piuttosto che lasciare file sul disco, inietta e carica codice direttamente in memoria: così l’indicatore non è più il file sospetto, ma il comportamento di processi altrimenti legittimi. Vedi applicazioni “pulite” che all’improvviso aprono migliaia di file, creano thread in serie o iniziano a parlare in rete senza un eseguibile corrispondente. Sugli EDR/NGAV ben configurati questo si traduce spesso in avvisi di code injection o di moduli caricati solo in memoria, con sequenze tipiche del tipo VirtualAlloc → WriteProcessMemory → CreateRemoteThread o uso di MapViewOfSection. Non sempre però scatta l’allarme: offuscamento, syscalls indirette e tempi diluiti possono mascherare la catena; su postazioni protette solo da AV tradizionale, è facile che passi.
Riduzione della telemetria utile. LockBit 5.0 include azioni mirate a ostacolare la raccolta di eventi e log proprio nei momenti in cui questi dati servono di più. Questo non significa necessariamente che i log vengano cancellati sempre in modo evidente: più spesso si osservano incoerenze (mancanza di eventi attesi, salti temporali, o riduzione improvvisa del volume di eventi), disabilitazioni o alterazioni di provider di tracciamento e, in alcuni casi, comandi espliciti che svuotano i registri. In pratica, l’attaccante cerca di “zittire” gli strumenti che permetterebbero di ricostruire cosa è successo.
Attenzione mirata agli hypervisor (ESXi). La variante pensata per ESXi colpisce direttamente i file delle macchine virtuali (i .vmdk) e può eseguire più operazioni di cifratura in parallelo per completare l’attacco molto più rapidamente. In pratica, anziché scorrere e cifrare singoli server uno per uno, l’attaccante può “saturare” un datastore in pochi minuti, riducendo drasticamente la finestra utile per intervenire. Per questo motivo è necessario osservare con attenzione alcuni segnali pratici: picchi improvvisi di I/O sul datastore, scritture intensive e ripetute sui file .vmdk e allarmi o anomalie segnalate dai sistemi di storage.
Comportamento modulare e selettivo. Le analisi indicano che LockBit 5.0 si comporta più come un “kit” parametrizzabile che come un singolo binario monolitico. E’ possibile configurare opzioni di targeting, scegliere percorsi da includere o escludere e decidere quanto aggressiva debba essere la cifratura. Di conseguenza ci si può aspettare forme diverse dello stesso attacco a seconda della macchina colpita.
L’immagine mostra i parametri, e come utilizzarli. per lanciare la cifratura
LockBit 5.0 sposta il gioco sulla memoria e allarga il perimetro: non basta più l’endpoint, vanno protetti anche gli ambienti che lo orchestrano. La risposta efficace combina patching costante, hardening degli host ESXi, monitoraggio proattivo dei log e protezione endpoint e di rete”. Backup isolate, meglio se immutabili, e testati restano essenziali per il recovery. In parallelo, è necessario ridurre la superficie d’attacco (funzionalità non essenziali off), applicare least privilege e sorvegliare le anomalie di rete. Investire in MDR e threat hunting proattivo è cruciale per individuare attività stealth prima che diventino crittografia massiva
When [Reit Tech] needed something to do with an old Nintendo Wii, he turned to Google. When the AI overview told him it could not be used as a server, he had his mission: prove that clanker wrong. It already runs Doom, so what else is there to do?
Of course should not that hard: Linux has been available on the Wii for years now. In fact there are several; he settles on “Arch, btw”, after trying Debian, Ubuntu, and even NetBSD. “Of course it runs NetBSD”– but NetBSD didn’t work with his USB network adapter, which is sadly as predictable as the hardware running NetBSD.
OK, it’s not vanilla Arch; it’s the Wii-Linux Continuation Project, based on ArchPOWER fork that compiles Arch for PPC. As the young YouTuber was surprised to discover, despite not being a PC or particularly powerful, the Wii has a PowerPC CPU. (He might be younger than the console, so we’ll give him a pass.) Wii-Linux couldn’t run the USB adapter either (appropriate apologies were offered to NetBSD), but it turns out the internal Ethernet adapter was available all along.
As a file server, python-based Copyparty worked flawlessly, but the rust-based Minecraft server he picked was not particularly usable. A little optimization would fix that, since you can serve Minecraft from an ESP32 and the Wii absolutely has more horsepower than that. Doubtless he could have loaded a web-server, and proved Google’s AI summary wrong, but the iPad-induced ADHD we all suffer from these days kicks in, so he settled for posting a screenshot of someone else’s blog, hosted on a Wii from NetBSD. So the LLM was wrong from the get-go, but the tour of “what home-brew loaded OSes still work in 2025” was certainly educational.
We could hunt that blog Wii-based blog down for you, but we’d be reluctant to link to it anyway: while the AI summary is wrong, and you can use the Wii as a server, that doesn’t mean it makes a good one. We’d don’t feel the need to inadvertently DDOS some poor unsuspecting shmuck’s Nintendo, so we’ll let you try and find it yourself.
Usually databases are treated primarily as fairly dumb data storage systems, but they can be capable of much more. Case in point the PostgreSQL database and its – Ada-based – PL/pgSQL programming language, which allows you to perform significantly more complex operations than would be realistically possible with raw SQL. Case in point the implementation of a Kalman Filter by the folk over at Traconiq, which thus removes the necessity for an external filtering pipeline.
Using a Kalman Filter is highly desirable when you’re doing something like vehicle tracking using both dead-reckoning and GPS coordinates, as it filters out noise that can be the result of e.g. GPS reception issues. As noted in the article, transferring state from one row to the next requires a bit of lateral thinking, but is doable with some creative SQL usage. As PL/pgSQL is very similar to Oracle’s PL/SQL, this same code should work there too without too much porting required.
The code for the different implementations and associated benchmarks can be found on GitHub, though the benchmark results make it abundantly clear that the most efficient approach is to run an offline aggregate processing routine. This coincides with the other batch processing tasks that are typically performed by a database server to e.g. optimize storage, so this isn’t entirely unsurprising.
Tent camping lets you explore places on foot you could never reach another way, but sometimes you want to camp with a bit more luxury. [Levi Kelly] decided to see how small you could make an RV. [via Autopian]
While we won’t argue one way or another on his claim to world’s smallest, as that likely depends on your definition of an RV, starting with a kei truck certainly puts you in a more compact format than something built on a bus chassis. With four wheel drive and a small footprint, this could be better for overlanding than the Rivian bed camper we featured recently.
The 21 sq. ft. (1.95 m2) camper portion itself is framed in 2 x 2s (38 x 38 mm) to save weight and uses foam board insulation. A working faucet uses a pump to draw drinking water from a 5 gallon (19L) refillable jug and empties into a 7 gallon (26L) grey water tank. A solar panel on the roof charges the battery that drives the pump, ventilation fan, and can also be used to run other devices like a hot plate for cooking.
A teeny tiny wood stove can be used for heat, although [Kelly] is using a different fuel source to reduce unpredictability from a wood fire in such a small space. A faucet-mounted sprayer can be routed to the outside of the camper to create a makeshift shower and is run from the sink water system. There’s even a small cabinet above the foot area of the bed to house a portable toilet and a bubble window to observe your surroundings while you do your business.
Just about every laptop, desktop, and smartphone in your life can tell you the date, time, and current weather predictions. However, sometimes it’s nice to have simple data displayed on a bespoke device. That’s what inspired [Mario] to create ESPTimeCast.
As you might have guessed by the name, the project is designed around the ESP32 and ESP8266 microcontrollers; either one is up to the task of running the show here. Both come with Wi-Fi connectivity out of the box, which makes it easy for them to hook up to the Internet to query NTP servers for the time and weather data from OpenWeatherMap. The data is then displayed on an LED matrix display, made up of four 8×8 LED modules and driven with the aid of the MAX7219 IC. Configuration is handled over a simple web interface hosted on the device itself. All the parts are wrapped up in a 3D-printed housing that would be very fitting in any home that appreciates the magic of late 60s/early 70s decor.
Aliens is the second film from the legendary science-fiction series about, well… aliens. Naturally, it featured some compelling future-tech — such as the M314 Motion Tracker. [RobSmithDev] wanted to recreate the device himself, using modern technology to replicate the functionality as closely as possible.
While a lot of cosmetic replicas exist in the world, [Rob] wanted to make the thing work for real. To that end, he grabbed the DreamHAT+ Radar HAT for the Raspberry Pi. It’s a short-range radar module, and thus is useless for equipping your own air force or building surface-to-air weaponry. However, it can detect motion in a range of a few meters or so, using its 60 GHz transmitter and three receivers all baked into the one chip.
[Rob] does a great job of explaining how the radar works, and how he integrated it into a viable handheld motion tracker that works very similarly to the one in the movie. It may not exactly keep you safe from alien predators, but it’s always fun to see a functional prop rather than one that just looks good.
This isn’t the first time we’ve seen somebody try to replicate this particular prop, but the modern electronics used in this build definitely bring it to the next level.
