UTF-8 Is Beautiful
It’s likely that many Hackaday readers will be aware of UTF-8, the mechanism for incorporating diverse alphabets and other characters such as 
UTF-8 extends ASCII from codes which fit in a single byte, to codes which can be up to four bytes long. The key lies in the first few bits of each byte, which specify how many bytes each character has, and then that it is a data byte. Since 7-bit ASCII codes always have a 0 in their most significant bit when mapped onto an 8-bit byte, compatibility with ASCII is ensured by the first 128 characters always beginning with a zero bit. It’s simple, elegant, and for any of who had to deal with character set hell in the days before it came along, magic.
We’ve talked surprisingly little about the internals of UTF-8 in the past, but it’s worthy of note that this is our second piece ever to use the pop emoji, after our coverage of the billionth GitHub repository.
Emoji bales: Tony Hisgett, CC BY 2.0.
IO E CHATGPT E16: Il self-coaching e la crescita personale
Il coaching personale è una pratica sempre più diffusa per migliorare sé stessi, prendere decisioni consapevoli, trovare chiarezza nei momenti di transizione. ChatGPT, se usato con consapevolezza, può offrirti uno spazio di riflessione quotidiana, aiutarti a fare il punto, motivarti, ascoltarti. Ne parliamo in questo episodio.
zerodays.podbean.com/e/io-e-ch…
e-Waste and Waste Oil Combine to Make Silver
As the saying goes, “if it can’t be grown, it has to be mined”– but what about all the metals that have already been wrested from the bosom of the Earth? Once used, they can be recycled– or as this paper charmingly puts it, become ore for “urban mining” techniques. The technique under discussion in the Chemical Engineering Journal is one that extracts metallic silver from e-waste using fatty acids and hydrogen peroxide.
Right now, recycling makes up about 17% of the global silver supply. As rich sources of ore dry up, and the world moves to more sustainable footing, that number can only go up. Recycling e-waste already happens, of course, but in messy, dangerous processes that are generally banned in the eloped world. (Like open burning, of plastic, gross.)
This paper describes a “green” process that even the most fervant granola-munching NIMBY wouldn’t mind have in their neighborhood: hot fatty acids (AKA oil) are used as an organic solvent to dissolve metals from PCB and wire. The paper mentions sourcing the solvent from waste sunflower, safflower or canola oil. As you might imagine, most metals, silver included, are not terribly soluble in sunflower oil, but a little refining and the addition of 30% hydrogen peroxide changes that equation.
More than just Ag is picked up in this process, but the oils do select for silver over other metals. The paper presents a way to then selectively precipitate out the silver as silver oleate using ethanol and flourescent light. The oleate compound can then be easily washed and burnt to produce pure silver.
The authors of the paper take the time to demonstrate the process on a silver-plated keyboard connector, so there is proof of concept on real e-waste. Selecting for silver means leaving behind gold, however, so we’re not sure how the economics of this method will stack up.
Of course, when Hackaday talks about recycling e-waste, it’s usually more on the “reuse” part of “reduce, reuse, recycle”. After all, one man’s e-waste is another man’s parts bin–or priceless historical artifact.
Thanks to [Brian] for the tip.Your tips can be easily recycled into Hackaday posts through an environmentally-friendly process via our tipsline.
Hackaday Links: September 14, 2025
Is it finally time to cue up the Bowie? Or was the NASA presser on Wednesday announcing new findings of potential Martian biosignatures from Perseverance just another in a long line of “We are not alone” teases that turn out to be false alarms? Time will tell, but from the peer-reviewed paper released simultaneously with the news conference, it appears that biological activity is now the simplest explanation for the geochemistry observed in some rock samples analyzed by the rover last year. There’s a lot in the paper to unpack, most of which is naturally directed at planetary scientists and therefore somewhat dense reading. But the gist is that Perseverance sampled some sedimentary rocks in Jezero crater back in July of 2024 with the SHERLOC and PIXL instruments, extensive analysis of which suggests the presence of “reaction fronts” within the rock that produced iron phosphate and iron sulfide minerals in characteristic shapes, such as the ring-like formations they dubbed “leopard spots,” and the pinpoint “poppy seed” formations.
The big deal with these redox reactions is that they seem to have occurred after the material forming the rock was deposited; in other words, possibly by microorganisms that settled to the bottom of a body of water along with the mineral particles. On Earth, there are a ton of aquatic microbes that make a living off this kind of biochemistry and behave the same way, and have been doing so since the Precambrian era. Indeed, similar features known as “reduction haloes” are sometimes seen in modern marine sediments on Earth. There’s also evidence that these reactions occurred at temperatures consistent with liquid water, which rules out abiotic mechanisms for reducing sulfates to sulfides, since those require high temperatures.
Putting all this together, the paper’s authors come to the conclusion that the simplest explanation for all their observations is the activity of ancient Martian microbes. But they’re very careful to say that there may still be a much less interesting abiotic explanation that they haven’t thought of yet. They really went out of their way to find a boring explanation for this, though, for which they deserve a lot of credit. Here’s hoping that they’re on the right track, and that we’ll someday be able to retrieve the cached samples and give them a proper lab analysis here on Earth.
youtube.com/embed/HTcQwnSimk8?…
Back here on Earth, the BBC has a nice article about aficionados of old-school CRT televisions and the great lengths they take to collect and preserve them. Thirty-odd years on from the point at which we switched from CRT displays and TVs to flat-panel displays, seemingly overnight, it’s getting harder to find the old tube-based units. But given that hundreds of millions of CRTs were made over about 60 years, there’s still a lot of leaded glass out there. The story mentions one collector, Joshi, who scored a lot of ten displays for only $2,500 — a lot for old TVs, but these were professional video monitors, the kind that used to line the walls of TV studio control rooms and video editing bays. They’re much different than consumer-grade equipment, and highly sought by retro gamers who prize the look and feel of a CRT. We understand the sentiment, and it makes us cringe a bit to think of all the PVMs, TVs, and monitors we’ve tossed out over the years. Who knew?
And finally — yeah, a little short this week, sorry — Brian Potter has another great essay over at Construction Physics, this time regarding the engineering behind the Manhattan Project. What strikes us about the entire effort to produce the first atomic bombs is that everyone had a lot of faith in the whole “That which is not forbidden by the laws of physics is just an engineering problem” thing. They knew what the physics said would happen when you got just the right amount of fissile material together in one place under the right conditions, but they had no idea how they were going to do that. They had to conquer huge engineering problems, turning improbable ideas like centrifugal purification of gaseous uranium and explosive assembly with shaped charges into practical, fieldable technologies. And what’s more, they had to do it under secretive conditions and under the ultimate in time constraints. It’s an interesting read, as is Richard Rhodes’s “The Making of the Atomic Bomb,” which we read back in the late 1980s and which Brian mentions in the essay. Both are highly recommended for anyone interested in how the Atomic Age was born.
Retro x86 with 486Tang
Tang FPGA boards are affordable, and [nand2mario] has been trying to get an x86 core running on one for a while. Looks like it finally worked out, as there is an early version of the ao486 design on a Tang FPGA board using a Gowin device. That core’s available on the MiSTer platform, which emulates games using an Altera Cyclone device.
Of course, porting something substantial between FPGA architectures is not trivial. In addition, [nand2mario] made some changes. The original core uses DDR3 memory, but for the Tang and the 486, SDRAM makes more sense. The only problem is that the Tang’s SDRAM is 16 bits wide, which would imply you need two cycles per 32-bit access. To mitigate this, the memory system runs at twice the main clock frequency. Of course, that’s kind of double data rate, but not in the same way as DDR memory.
The MiSTer uses an ARM processor’s high-speed channel to link to the FPGA for disk access. The Tang board lacks a high-speed interface for this, so the disk storage is now on an SD card that the FPGA directly accesses. In addition, the first 128K of the SD card stores configuration settings that the FPGA now reads from that on boot up.
One of the most interesting things about the development was the use of Verilator to simulate the entire system, including things like the VGA card. It was possible to simulate booting to a DOS prompt, although it was slower than being on actual hardware, as you might expect. But, this lets you poke at the entire state of the system in a way that would be difficult on the actual hardware.
Want to give it a try? The Tang boards are cheap. (We have one on a shelf waiting for a future post.) Or, you could go the simulation route.
MiSTer has really put FPGAs on a lot of people’s radar. If you prefer the C64, that’s available on a Tang board, too.
Reverse-Engineering Aleratec CD Changers for Archival Use
Handling large volumes of physical media can be a bit of a chore, whether it’s about duplication or archiving. Fortunately this is a perfect excuse for building robotic contraptions, with the robots for handling optical media being both fascinating and mildly frustrating. When [Shelby Jueden] of Tech Tangents fame was looking at using these optical media robots for archival purposes, the biggest hurdle turned out to be with the optical drives, despite these Aleratec units being primarily advertised for disc duplication.
Both of the units are connected to a PC by USB, but operate mostly standalone, with a documented protocol for the basic unit that makes using it quite easy to use for ripping. This is unlike the larger, triple-drive unit, which had no documented protocol. This meant having to sniff the USB traffic that the original, very limited, software sends to the robot. The protocol has now been documented and published on the Tech Tangents Wiki for this Aleratec Auto Publisher LS.
Where [Shelby] hit a bit of a brick wall was with mixed-media discs, which standalone DVD players are fine with, but typical IDE/SATA optical drives often struggle with. During the subsequent search for a better drive, the internals of the robot were upgraded from IDE to SATA, but calibrating the robot for the new drives led [Shelby] down a maddening cascade of issues. Yet even after making one type of drive work, the mixed-media issue reared its head again with mixed audio and data, leaving the drive for now as an imperfect, but very efficient, ripper for game and multimedia content, perhaps until the Perfect Optical Drive can be found.
youtube.com/embed/AJzpp_Xr3SQ?…
Un raro sguardo dentro l’operazione di un attaccante informatico
Huntress si è trovata al centro di un acceso dibattito dopo la pubblicazione di uno studio che i suoi dipendenti avevano inizialmente definito “una buffa vergogna”. Ma dietro la presentazione superficiale si celava un materiale che divideva la comunità informatica in due schieramenti: alcuni lo consideravano un raro successo per i difensori, altri un problema etico.
La situazione si è sviluppata in modo quasi comico. Un aggressore sconosciuto , per ragioni poco chiare, ha installato una versione di prova del sistema Huntress EDR direttamente sul suo computer di lavoro. Da quel momento in poi, la sua attività è stata monitorata attentamente. I registri riflettevano tutto, dalle azioni quotidiane agli esperimenti con gli strumenti di attacco. I ricercatori hanno ottenuto una finestra senza precedenti sulla vita quotidiana dell’hacker e hanno monitorato le sue attività per tre mesi.
A complicare ulteriormente la situazione, l’aggressore ha anche installato l’estensione premium del browser Malwarebytes nel tentativo di proteggersi online. Ha persino scaricato il sistema EDR stesso cercando su Google “Bitdefender” e cliccando su un link pubblicitario che conduceva al pacchetto di installazione di Huntress. Il clic accidentale ha fornito ai difensori un set completo di dati di telemetria , osservando di fatto inavvertitamente le tattiche in evoluzione dell’aggressore.
Nel corso di tre mesi, è stata registrata un’ampia gamma delle sue attività: interesse per l’automazione degli attacchi, utilizzo dell’intelligenza artificiale, lavoro con kit di phishing ed exploit, test di vari campioni di malware. A giudicare dall’uso regolare di Google Translate, l’hacker parlava tailandese, spagnolo e portoghese e traduceva i testi in inglese, probabilmente utilizzato per inviare email di phishing per rubare le credenziali bancarie. Per i ricercatori, questo livello di dettaglio era quasi unico, poiché un simile accesso all’infrastruttura degli aggressori di solito non è disponibile.
Huntress ha pubblicato il rapporto completo il 9 settembre. Tuttavia, ancora una volta, non a tutti è piaciuta la presentazione ironica. Poco dopo la pubblicazione, sono emerse lamentele sull’aspetto etico del lavoro. Il CEO di Horizon3.ai, Snehal Antani, ha osservato sul social network X che una sorveglianza così approfondita forniva ai difensori dati preziosi, ma allo stesso tempo ha sollevato la questione: un’azienda privata ha il diritto di tracciare le azioni del nemico in modo così dettagliato, o le agenzie governative dovrebbero essere informate dopo aver spostato elementi di ricognizione? Si è chiesto dove sia il confine tra “contrattacco” e deterrenza, quando l’attaccante non teme più la cattura, ma è costretto a temere di essere scoperto.
Altri nel settore hanno definito il fatto una “invasione della privacy ” da parte del fornitore e alcuni si sono detti sorpresi dalla quantità di informazioni che tali prodotti di sicurezza potevano raccogliere.
Huntress ha rilasciato un chiarimento più tardi quel giorno, sottolineando che i suoi metodi di raccolta dati erano pienamente in linea con le prassi del settore, poiché tutti i sistemi EDR hanno un elevato livello di visibilità sui computer infetti. L’azienda ha affermato che il ricercatore si è imbattuto nel caso durante l’analisi di diversi avvisi relativi al lancio di codice dannoso. È stato successivamente confermato che si trattava dello stesso computer che era stato coinvolto in altri incidenti prima che il suo proprietario scaricasse una versione di prova del prodotto Huntress.
In un commento ufficiale, l’azienda ha sottolineato che il suo lavoro si basa sempre su due obiettivi: rispondere alle minacce e formare la comunità professionale. Questi obiettivi sono stati il motivo della pubblicazione del blog. Il fornitore ha assicurato che, nella scelta delle informazioni da pubblicare, ha tenuto conto delle questioni relative alla privacy e ha condiviso solo i dati di telemetria utili ai difensori e che riflettono metodi di attacco reali. Secondo Huntress, il risultato è esattamente ciò che si prefigge: trasparenza, impatto educativo e danni ai criminali informatici.
L'articolo Un raro sguardo dentro l’operazione di un attaccante informatico proviene da il blog della sicurezza informatica.
This board helps you prototype circuits with tubes
There you are at the surplus store, staring into the bin of faded orange, yellow, red, and black, boxes–a treasure trove of vintage vacuum tubes—dreaming about building a tube amp for your guitar or a phonograph preamp for your DIY hi-fi sound system. But, if you are not already in possession of a vintage, purpose-built tube testing device, how would you test them to know whether they are working properly? How would you test out your designs before committing to them? Or maybe your goal is simply to play around and learn more about how tubes work.
One approach is to build yourself a breadboard for tubes, like [MarceloG19] has done. Working mostly with what was laying around, [MarceloG19] built a shallow metal box to serve as a platform for a variety of tube sockets and screw terminals. Connecting the terminals to the socket leads beneath the outer surface of the box made for a tidy and firm base on which to connect other components. The built-in on/off switch, fuse and power socket are a nice touch.
[MarceloG19’s] inaugural design is a simple Class A amplifier, tested with a sine wave and recorded music. Then it’s on to some manual curve tracing, to test a tube that turns out to be fairly worn-out but serviceable for certain use cases.
If you’re dipping your toes into tube-based electronics, you’re going to want a piece of equipment like this prototyping board and [MarceloG19’s] documentation and discussion are a good read to help get you started.
Once you have your board ready, it’s time to move on to building a stereo amplifier , a tube-based headphone preamp, or take things in a different direction with this CRT-driven audio amplifier.
Reverse-Engineering the Milwaukee M18 Diagnostics Protocol
As is regrettably typical in the cordless tool world, Milwaukee’s M18 batteries are highly proprietary. Consequently, this makes them a welcome target for reverse-engineering of their interfaces and protocols. Most recently the full diagnostic command set for M18 battery packs were reverse-engineered by [Martin Jansson] and others, allowing anyone to check useful things like individual cell voltages and a range of statistics without having to crack open the battery case.
These results follow on our previous coverage back in 2023, when the basic interface and poorly checksummed protocol was being explored. At the time basic battery management system (BMS) information could be obtained this way, but now the range of known commands has been massively expanded. This mostly involved just brute-forcing responses from a gaggle of battery pack BMSes.
Interpreting the responses was the next challenge, with responses like cell voltage being deciphered so far, but serial number and the like being harder to determine. As explained in the video below, there are many gotchas that make analyzing these packs significantly harder, such as some reads only working properly if the battery is on a charger, or after an initial read.
youtube.com/embed/tHj0-Gzvbeo?…
Linux in crisi: Rust divide la community e i manutentori se ne vanno
Il mondo Linux e i suoi dintorni stanno attraversando tempi turbolenti.
Gli sviluppatori discutono su come integrare Rust nel kernel mentre, i contributori chiave se ne vanno. Sullo sfondo di questi conflitti, si ricomincia a parlare di possibili fork, ma la realtà è molto più complessa: un intero gruppo di sistemi operativi alternativi sta maturando insieme a Linux, ognuno dei quali sta seguendo una propria strada e dimostrando approcci diversi all’architettura del kernel, alla sicurezza e alla compatibilità.
Le lotte intestine e le dimissioni dei manutentori
La storia di Rust è stata dolorosa per la comunità del kernel. La possibilità di utilizzare il linguaggio in componenti di basso livello ha aperto nuove prospettive, ma ha anche suscitato accesi dibattiti. Il responsabile della manutenzione del kernel Rust, Wedson Almeida Filho, ha lasciato il suo incarico. Dopo di lui, il responsabile di Asahi Linux, Hector Martin, coinvolto nel porting del kernel sui processori Apple Silicon, ha abbandonato il progetto.
Anche figure chiave che lavoravano allo stack grafico per questi processori hanno abbandonato il progetto: la sviluppatrice di driver GPU nota come Asahi Lina, e poi un’altra partecipante in questo settore, Alyssa Rosenzweig. Quest’ultima si è già trasferita in Intel, dove molti sperano che la sua esperienza contribuisca ad accelerare lo sviluppo di driver aperti per le moderne schede video dell’azienda. Parallelamente, un tentativo decennale di integrare il file system bcachefs si è concluso con il suo trasferimento a un supporto esterno, non essendo stato accettato nel kernel.
Con così tante perdite di personale e disaccordi tecnici, sorge spontanea la domanda: dove andranno le persone quando saranno stanche delle lotte intestine all’interno di Linux?
La risposta sono progetti che sviluppano nuovi kernel e sistemi da zero. E sebbene molti sembrino esperimenti accademici, il loro livello di maturità e il loro set di funzionalità stanno diventando sempre più seri.
Managarm
Managarm esiste da circa sei anni, anche se la sua descrizione suona quasi fantascientifica. È un sistema operativo basato su microkernel, in cui l’asincronia permea tutti i livelli, e su cui gira un numero enorme di applicazioni scritte per Linux. Sono supportate diverse architetture: x86-64, Arm64 e RISC-V è in fase di sviluppo attivo. Sono supportati multiprocessore, dischi ACPI, AHCI e NVMe, reti IPv4, virtualizzazione Intel e QEMU, funzionano sia Wayland che X11, oltre a centinaia di utility del set GNU e persino giochi come Doom.
Il sistema è scritto in C++ ed è completamente disponibile su GitHub, con un’ampia documentazione sotto forma di Managarm Handbook. Nonostante la natura di ricerca del progetto, il set di funzioni e la capacità di eseguire programmi familiari lo rendono un fenomeno eccezionale tra gli sviluppi di microkernel.
Asterinas
Asterinas rappresenta una direzione diversa. È anch’esso un sistema in grado di eseguire programmi scritti per Linux, ma il suo kernel è completamente diverso. Il progetto è scritto in Rust e si basa sul concetto di framekernel descritto nell’articolo accademicoFramekernel: A Safe and Efficient Kernel Architecture via Rust-based Intra-kernel Privilege Separation. A differenza di un microkernel tradizionale, che divide i componenti in base ai livelli di privilegio del processore, il framekernel utilizza le funzionalità del linguaggio Rust stesso.
Di conseguenza, solo una parte minima del kernel può funzionare con codice non sicuro e tutti gli altri servizi devono essere scritti in un sottoinsieme sicuro del linguaggio. Questa architettura riecheggia tentativi precedenti, ad esempio RedLeaf OS, il progetto SPIN su Modula-3 o HOUSE su Haskell, ma Rust offre molte più possibilità pratiche. Asterinas dispone già di una documentazione notevole e il suo sviluppo è seguito da molti, perché il linguaggio stesso è diventato uno degli argomenti chiave nel settore IT.
Xous
Esiste una terza iniziativa che combina le caratteristiche delle due precedenti. Xous è un sistema microkernel scritto in Rust che non cerca di essere compatibile con Linux. Il suo obiettivo è diverso: creare una piattaforma sicura con applicazioni e hardware proprietario. Il progetto è guidato dal famoso ricercatore hardware Andrew Huang, noto a molti con il nome di Bunnie.
Il suo team ha collegato Xous all’iniziativa Betrusted e il dispositivo Precursor è già stato rilasciato: un computer tascabile con schermo e batteria, progettato per l’archiviazione sicura di identificatori digitali. Esegue l’applicazione Vault, che combina la gestione di U2F/FIDO2, TOTP e password tradizionali in un’unica interfaccia. Precursor può essere utilizzato come Yubikey, connettendosi a un PC per l’autenticazione, ma con un’importante differenza: l’utente vede sul display quale servizio sta sbloccando. Inoltre, il progetto dispone di un Plausibly Deniable DataBase (PDDB), un database che riflette la profonda attenzione degli sviluppatori alle questioni relative alla privacy. Tutto ciò è supportato dalla documentazione: Xous Book e Betrusted wiki, che descrivono i dettagli dell’architettura e dell’implementazione.
Una nicchia che minaccia Linux
Questi sistemi sono ancora di nicchia, ma dimostrano l’ampiezza delle idee che nascono al di fuori della tradizionale comunità Linux. Anche se molti sviluppatori esperti non tornano mai a lavorare sul kernel, le loro conoscenze e i loro approcci vengono tramandati in progetti come Managarm, Asterinas e Xous.
Sono in grado non solo di offrire soluzioni proprie, ma anche di rielaborare l’enorme bagaglio di strumenti accumulato attorno a Linux, mantenendo la continuità e aprendo nuove opportunità di sviluppo.
L'articolo Linux in crisi: Rust divide la community e i manutentori se ne vanno proviene da il blog della sicurezza informatica.
Buon Compleanno Super Mario Bros! 40 anni di un gioco che ha rivoluzionato il mondo
Ricorrono esattamente quattro decenni dall’uscita del leggendario gioco Super Mario Bros., un progetto che ha cambiato per sempre l’industria dei videogiochi ed è diventato il simbolo di un’intera epoca.
Super Mario Bros: i creatori e l’impatto
Fu il 13 settembre del 1985 che la casa giapponese Nintendo pubblicò il suo capolavoro per la console Famicom. All’epoca, pochi avrebbero potuto immaginare che la storia apparentemente semplice di un idraulico italiano che salva una principessa da un malvagio drago-tartaruga sarebbe diventata un fenomeno culturale di portata planetaria.
Super Mario Bros. arrivò in un momento di svolta per l’industria videoludica. Dopo il crollo del mercato videoludico americano nel 1983, molti pensavano che le console domestiche fossero solo una moda passeggera. Tuttavia, i creatori del gioco, Shigeru Miyamoto e il suo team, riuscirono a dimostrare il contrario, creando un titolo che combinava un gameplay impeccabile, musiche memorabili e un’atmosfera unica.
Il gioco ha rivoluzionato il design dei platform. Ogni livello è stato attentamente progettato per insegnare al giocatore nuove meccaniche in modo naturale, senza la necessità di leggere le istruzioni. Il primo livello è diventato un modello per introdurre correttamente il giocatore al mondo del gioco, dal primo Goomba che Mario incontra ai famosi tubi e blocchi con punti interrogativi.
Influenza e Impatto
In oltre quarant’anni, Super Mario Bros. ha venduto più di 40 milioni di copie e ha dato vita a un franchise che include decine di giochi, cartoni animati, film e innumerevoli gadget. Mario è diventato più di un semplice personaggio dei videogiochi: è diventato un’icona internazionale, riconoscibile anche da chi non ha mai tenuto in mano un gamepad.
L’influenza del gioco sull’industria moderna è difficile da sopravvalutare. Molti dei principi stabiliti in Super Mario Bros. sono ancora utilizzati dagli sviluppatori di tutto il mondo. Il concetto di difficoltà gradualmente crescente dei livelli, l’importanza di un controllo preciso dei personaggi e la creazione di una colonna sonora memorabile: tutti questi elementi sono diventati il punto di riferimento per i platform.
Per celebrare l’anniversario, Nintendo prevede di lanciare un’edizione speciale da collezione del gioco e di organizzare una serie di eventi per i fan di tutto il mondo. Quarant’anni dopo, Super Mario Bros. continua a ispirare nuove generazioni di giocatori e sviluppatori, dimostrando che i giochi davvero grandiosi non invecchiano mai.
L'articolo Buon Compleanno Super Mario Bros! 40 anni di un gioco che ha rivoluzionato il mondo proviene da il blog della sicurezza informatica.
From Paper to Pixels: A DIY Digital Barograph
A barograph is a device that graphs a barometer’s readings over time, revealing trends that can predict whether stormy weather is approaching or sunny skies are on the way. This DIY Digital Barograph, created by [mircmk], offers a modern twist on a classic technology.
[mircmk]’s DIY Digital Barograph ditches paper and aneroids for a sleek 128×64 LCD display that shows measurements from a BME280 pressure sensor. Powered by an ESP32 microcontroller — the code for which is available on the project page — the device checks the sensor upon boot and features external buttons to cycle through readings from the current moment, the last hour, or three hours ago. Unlike traditional barographs that only track pressure, the BME280 also measures temperature and humidity, which are displayed on the screen for a more complete environmental snapshot.
Head over to the project’s Hackaday.io page for more details and to start building your own. Thanks to [mircmk] for sharing this project! We’re excited to see what you come up with next. If you’re inspired, check out other weather display projects we’ve featured.
youtube.com/embed/VbmTXtBakw4?…
3D Modeling with Paper as an Alternative to 3D printing
Although these days it would seem that everyone and their pets are running 3D printers to churn out all the models and gadgets that their hearts desire, a more traditional approach to creating physical 3D models is in the form of paper models. These use designs printed on paper sheets that are cut out and assembled using basic glue, but creating these designs is much easier these days, as [Arvin Poddar] demonstrates in a recent article.
The cool part about making these paper models is that you create them from any regular 3D mesh, with any STL or similar file from your favorite 3D printer model site like Printables or Thingiverse being fair game, though [Arvin] notes that reducing mesh faces can be trickier than modelling from scratch. In this case he created the SR-71 model from scratch in Blender, featuring 732 triangles. What the right number of faces is depends on the target paper type and your assembly skills.
Following mesh modelling step is mesh unfolding into a 2D shape, which is where you have a few software options, like the paid-for-but-full-featured Pepakura Designer demonstrated, as well as the ‘Paper Model’ exporter for Blender.
Beyond the software used to create the SR-71 model in the article, the only tools you really need are a color printer, paper, scissor,s and suitable glue. Of course you are always free to use fancier tools than these to print and cut, but the bar here is pretty low for the assembly. Although making functional parts isn’t the goal here, there is a lot to be said for paper models for pure display pieces and to get children interested in 3D modelling.
Aussie Researchers Say They Can Bring The Iron Age to Mars
Every school child can tell you these days that Mars is red because it’s rusty. The silicate rock of the martian crust and regolith is very rich in iron oxide. Now Australian researchers at CSIRO and Swinburn University claim they know how to break that iron loose.
In-situ Resource Utilization (IRSU) is a big deal in space exploration, with good reason. Every kilogram of resources you get on site is one you don’t have to fight the tyranny of the rocket equation for. Iron might not be something you’d ever be able to haul from Earth to the next planet over, but when you can make it on site? You can build like a Victoria is still queen and it’s time to flex on the French.
The key to the process seems to be simple pyrolysis: they describe putting dirt that is geochemically analogous to martian regolith into a furnace, and heating to 1000 °C under Martian atmospheric conditions to get iron metal. At 1400 °C, they were getting iron-silicon alloys– likely the stuff steelmakers call ferrosilicon, which isn’t something you’d build a crystal palace with.
It’s not clear how economical piling red dust into a thousand-degree furnace would be on Mars– that’s certainly not going to cut it on Earth– but compared to launch costs from Earth, it’s not unimaginable that martian dirt could be considered ore.
How to Make a Simple MOSFET Tester
Over on YouTube our hacker [VIP Love Secretary] shows us how to make a simple MOSFET tester.
This is a really neat, useful, elegant, and simple hack, but the video is kind of terrible. We found that the voice-over constantly saying “right?” and “look!” seriously drove us to distraction. But this is a circuit which you should know about so maybe do what we did and watch the video with subtitles on and audio off.
To use this circuit you install the MOSFET you want to test and then press with your finger the spare leg of each of two diodes; in the final build there are some metal touch pads attached to the diodes to facilitate this. One diode will turn the MOSFET off, the other diode will turn the MOSFET on, and the LED will show you which is which.
Apparently this works through stray capacitance, an explanation which makes sense to us. We were so curious that we ran over to the bench to build our own version (pictured with the schematic above) just to see if it worked as advertised, and: it did!
We tested it with a faulty MOSFET and when the MOSFET under test is faulty then the LED won’t turn on and off like it should when the MOSFET works. Also, if you build one of these, you want to feed in a two or three volt supply (it will depend on the specs of the LED you use); it’s not mentioned in the video but two volts is what we used that worked best for us.
Thanks to [Danjovic] for writing in to let us know about this one. If you’re interested in MOSFETs maybe it’s time to learn the truth about them.
youtube.com/embed/RD3J5Y3Cih0?…
Send Images to Your Terminal With Rich Pixels
[darrenburns]’ Rich Pixels is a library for sending colorful images to a terminal. Give it an image, and it’ll dump it to your terminal in full color. While it also supports ASCII art, the cool part is how it makes it so easy to display an arbitrary image — a pixel-art rendition of it, anyway — in a terminal window.
How it does this is by cleverly representing two lines of pixels in the source image with a single terminal row of characters. Each vertical pixel pair is represented by a single Unicode ▄ (U+2584 “lower half block”) character. The trick is to set the background color of the half-block to the upper pixel’s RGB value, and the foreground color of the half-block to the lower pixel’s RGB. By doing this, a single half block character represents two vertically-stacked pixels. The only gotcha is that Rich Pixels doesn’t resize the source image; if one’s source image is 600 pixels wide, one’s terminal is going to receive 600 U+2584 characters per line to render the Rich Pixels version.
[Simon WIllison] took things a step further and made show_image.py, which works the same except it resizes the source image to fit one’s terminal first. This makes it much more flexible and intuitive.
The code is here on [Simon]’s tools GitHub, a repository for software tools he finds useful, like the Incomplete JSON Pretty Printer.
ESP32 Hosts Functional Minecraft Server
If you haven’t heard of Minecraft, well, we hope you enjoyed your rip-van-winkle nap this past decade or so. For everyone else, you probably at least know that this is a multiplayer, open world game, you may have heard that running a Minecraft server is a good job for maxing out a spare a Raspberry Pi. Which is why we’re hugely impressed that [PortalRunner] managed to squeeze an open world onto an ESP32-C3.
Of course, the trick here is that the MCU isn’t actually running the game — it’s running bareiron, [PortalRunner]’s own C-based Minecraft server implementation. Rewriting the server code in C allows it to be optimized for the ESP32’s hardware, but it also let [PortalRunner] strip his server down to the bare essentials, and tweak everything for performance. For example, instead of the multiple octaves of perlin noise for terrain generation, with every chunk going into RAM, he’s using the x and z of the corners as seeds for the psudorandom rand() function, and interpolating between them. Instead of caves being generated by a separate algorithm (and stored in memory), in bareiron the underground is just a mirror-image of the world above. Biomes are just tiled, and sit separately from one another.
So yes, what you get from bareiron is simpler than a traditional Minecraft world — items are simplified, crafting is simplified, everything is simplified, but it’s also running on an ESP32, so you’ve got to give it a pass. With 200 ms to load each chunk, it’s playable, but the World’s Smallest Minecraft Server is a bit like a dancing bear: it’s not about how well it dances, but that it dances at all.
This isn’t the first time we’ve seen Minecraft’s server code re-written: some masochist did it in COBOL, but at least that ran on an actual computer, not a microcontroller. Speaking of low performance, you can’t play Minecraft on an SNES, but you can hide the game inside a cartridge, which is almost as good.
Thanks to [CodeAsm] for the tip. Please refer any other dancing bears spotted in the wild to our tips line.
youtube.com/embed/p-k5MPhBSjk?…
Keep Reading, Keep Watching
I’ve been flying quadcopters a fair bit lately, and trying to learn some new tricks also means crashing them, which inevitably means repairing them. Last weekend, I was working on some wiring that had gotten caught and ripped a pad off of the controller PCB. It wasn’t so bad, because there was a large SMT capacitor nearby, and I could just piggyback on that, but the problem was how to re-route the wires to avoid this happening again.
By luck, I had just watched a video where someone else was building up a new quad, and had elegantly solved the exact same routing problem. I was just watching the video because I was curious about the frame in question, and I had absolutely no idea that it would contain the solution to a problem that I was just about to encounter, but because I was paying attention, it make it all a walk in the park.
I can’t count the number of times that I’ve had this experience: the blind luck of having just read or seen something that solves a problem I’m about to encounter. It’s a great feeling, and it’s one of the reasons that I’ve always read Hackaday – you never know when one hacker’s neat trick is going to be just the one you need next week. Indeed, that’s one of the reasons that we try to feature not just the gonzo hacks that drill down deep on a particular feat, but also the little ones too, that solve something in particular in a neat way. Because reading up on the hacks is free, and particularly cheap insurance against tomorrow’s unexpected dilemmas.
Read more Hackaday!
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
Turning a Milling Machine into a Lathe
If you’re planning to make a metalworking lathe out of a CNC milling machine, you probably don’t expect getting a position sensor to work to be your biggest challenge. Nevertheless, this was [Anthony Zhang]’s experience. Admittedly, the milling machine’s manufacturer sells a conversion kit, which greatly simplifies the more obviously difficult steps, but getting it to cut threads automatically took a few hacks.
The conversion started with a secondhand Taig MicroMill 2019DSL CNC mill, which was well-priced enough to be purchased specifically for conversion into a lathe. Taig’s conversion kit includes the spindle, tool posts, mounting hardware, and other necessary parts, and the modifications were simple enough to take only a few hours of disassembly and reassembly. The final lathe reuses the motors and control electronics from the CNC, and the milling motor drives the spindle through a set of pulleys. The Y-axis assembly isn’t used, but the X- and Z-axes hold the tool post in front of the spindle.
The biggest difficulty was in getting the spindle indexing sensor working, which was essential for cutting accurate threads. [Anthony] started with Taig’s sensor, but there was no guarantee that it would work with the mill’s motor controller, since it was designed for a lathe controller. Rather than plug it in and hope it worked, he ended up disassembling both the sensor and the controller to reverse-engineer the wiring.
He found that it was an inductive sensor which detected a steel insert in the spindle’s pulley, and that a slight modification to the controller would let the two work together. In the end, however, he decided against using it, since it would have taken up the controller’s entire I/O port. Instead, [Anthony] wired his own I/O connector, which interfaces with a commercial inductive sensor and the end-limit switches. A side benefit was that the new indexing sensor’s mounting didn’t block moving the pulley’s drive belt, as the original had.
The end result was a small, versatile CNC lathe with enough accuracy to cut useful threads with some care. If you aren’t lucky enough to get a Taig to convert, there are quite a few people who’ve built their own CNC lathes, ranging from relatively simple to the extremely advanced.
Algoritmo quantistico risolve problema matematico complesso
I ricercatori hanno utilizzato per la prima volta un algoritmo quantistico per risolvere un complesso problema matematico che per oltre un secolo è stato considerato insormontabile anche per i supercomputer più potenti. Il problema riguarda la fattorizzazione delle rappresentazioni di gruppo, un’operazione fondamentale utilizzata nella fisica delle particelle, nella scienza dei materiali e nella comunicazione dati.
Il lavoro è stato condotto dagli scienziati del Los Alamos National Laboratory Martin Larocca e dal ricercatore IBM Vojtech Havlicek. I risultati sono stati pubblicati sulla rivista Physical Review Letters .
Gli scienziati ricordano che Peter Shor dimostrò la possibilità di fattorizzare numeri interi su un computer quantistico. Ora è stato dimostrato che metodi simili sono applicabili alle simmetrie. In sostanza, stiamo parlando di scomporre strutture complesse nelle loro “rappresentazioni indecomponibili”, i mattoni fondamentali.
Per i computer classici, questo compito diventa proibitivo quando si ha a che fare con sistemi complessi. Identificare questi blocchi e calcolarne il numero (i cosiddetti “numeri moltiplicativi”) richiede enormi risorse computazionali.
Il nuovo algoritmo si basa sulla trasformata di Fourier quantistica, una famiglia di circuiti quantistici che consente l’implementazione efficiente di trasformazioni utilizzate nella matematica classica per analizzare i segnali. Maggiori dettagli sono forniti in un comunicato stampa del Los Alamos National Laboratory.
Gli scienziati sottolineano che questa è una dimostrazione del “vantaggio quantistico”, ovvero il momento in cui un computer quantistico può gestire un compito che le macchine tradizionali non sono in grado di svolgere. Secondo loro, sono esempi come questo a determinare il valore pratico delle tecnologie quantistiche.
L’articolo sottolinea che i ricercatori sono riusciti a identificare una classe di problemi nella teoria delle rappresentazioni che consentono algoritmi quantistici efficienti. Allo stesso tempo, viene descritto un regime parametrico in cui è possibile un reale aumento della produttività.
L’importanza pratica del lavoro è ampia. Nella fisica delle particelle, il metodo può essere utilizzato per calibrare i rivelatori. Nella scienza dei dati, può essere utilizzato per creare codici di correzione degli errori affidabili per l’archiviazione e la trasmissione di informazioni. Nella scienza dei materiali, aiuta a comprendere meglio le proprietà delle sostanze e a progettare nuovi materiali.
Pertanto, il lavoro di Larocca e Havlicek amplia la gamma di problemi in cui l’informatica quantistica apre davvero nuovi orizzonti. Come sottolineano gli autori, la sfida principale per la scienza oggi è semplice: è necessario determinare con precisione in che modo i computer quantistici possono apportare reali benefici e dimostrare vantaggi rispetto ai sistemi classici.
L'articolo Algoritmo quantistico risolve problema matematico complesso proviene da il blog della sicurezza informatica.
LockBit 5.0 compromesso di nuovo: XOXO from Prague torna a colpire
Un déjà-vu con nuove implicazioni. A maggio 2025 il collettivo ransomware LockBit aveva subito un duro colpo: il deface del pannello affiliati della versione 4.0 da parte di un attore ignoto che si firmava “XOXO from Prague”, accompagnato dal leak di un database SQL contenente chat, wallet e dati degli affiliati.
In quell’occasione, LockBitSupp aveva persino offerto una taglia per chiunque fornisse informazioni sull’autore. Nelle ultime 24 ore, la scena si è ripetuta, ma con una variante significativa: questa volta non un semplice deface pubblico, bensì una compromissione interna del pannello di build della versione 5.0.
Gli screenshot trapelati mostrano il builder Linux con diversi campi alterati da XOXO from Prague.
Un chiaro segnale di sabotaggio: non solo colpire l’immagine pubblica, ma dimostrare come anche l’infrastruttura operativa della nuova piattaforma RaaS resti vulnerabile.
Questa compromissione tecnica mina ulteriormente la credibilità di LockBit, che dopo il deface di maggio aveva promesso maggiore sicurezza con la versione 5.0. Per gli affiliati, l’episodio rappresenta un rischio diretto: il builder stesso, cuore dell’operatività, non è più affidabile.
XOXO from Prague: il sabotatore fantasma
L’attore rimane ignoto, ma ha ormai consolidato il proprio profilo come sabotatore seriale di LockBit. Dopo aver esposto il gruppo con un deface pubblico, ora ha dimostrato di saper manipolare la logica interna della piattaforma. È attesa a breve una reazione di LockBitSupp, forse con nuove minacce o un’ulteriore taglia.
Conclusione
LockBit si trova a fare i conti con una seconda ferita aperta in pochi mesi: dal deface di maggio alla compromissione di settembre, il marchio “XOXO from Prague” sta diventando sinonimo di instabilità e ridicolizzazione del gruppo ransomware.
Un colpo che non solo danneggia la reputazione, ma potrebbe minare la fiducia degli affiliati nell’intero ecosistema RaaS.
L'articolo LockBit 5.0 compromesso di nuovo: XOXO from Prague torna a colpire proviene da il blog della sicurezza informatica.
Musical Motors, BLDC Edition
This should count as a hack: making music from a thing that should not sing. In this case, [SIROJU] is tickling the ivories with a Brushless DC motor, or BLDC.
To listen to a performance, jump to 6:27 in the embedded video. This BLDC has a distinctly chip-tune like sound, not entirely unlike other projects that make music with stepper motors. Unlike most stepper-based instruments we’ve seen [SIROJU]’s BLDC isn’t turning as it sings. He’s just got it vibrating by manipulating the space vector modulation that drives the motor — he gets a response of about 10 kHz that way. Not CD-quality, no, but plenty for electronic music. He can even play chords of up to 7 notes at a time.
There’s no obvious reason he couldn’t embed the music into a proper motor-drive signal, and thus allow a drone to hum it’s own theme song as it hovers along. He’s certainly got the chops for it; if you haven’t seen [SIROJU]’s videos on BLDC drivers on YouTube, you should check out his channel. He’s got a lot of deep content about running these ubiquitous motors. Sure, we could have just linked to him showing you how to do FOC on an STM32, but “making it sing” is an expression for mastery in English, and a lot more fun besides.
There are other ways to make music with motors. If you know of any others, don’t hesitate to send us a tip.
youtube.com/embed/-aNXI6L4DLQ?…
What Is the Fourier Transform?
Over at Quanta Magazine [Shalma Wegsman] asks What Is the Fourier Transform?
[Shalma] begins by telling you a little about Joseph Fourier, the French mathematician with an interest in heat propagation who founded the field of harmonic analysis in the early 1800s.
Fourier’s basic insight was that you can represent everything as a sum of very basic oscillations, where the basic oscillations are sine or cosine functions with certain parameters. [Shalma] explains that the biology of our ear can do a similar thing by picking the various notes out from a tune which is heard, but mathematicians and programmers work without the benefit of evolved resonant hairs and bone, they work with math and code.
[Shalma] explains how frequency components can be discovered by trial and error, multiplying candidate frequencies with the original function to see if there are large peaks, indicating the frequency is a component, or if the variations average to zero, indicating the frequency is not a component. [Shalma] tells how even square waves can be modeled with an infinite set of frequencies known as the Fourier series.
Taking a look at higher-dimensional problems [Shalma] mentions how Fourier transforms can be used for graphical compression by dropping the high frequency detail which our eyes can barely perceive anyway. [Shalma] gives us a fascinating look at the 64 graphical building blocks which can be combined to create any possible 8×8 image.
[Shalma] then mentions James Cooley and John Tukey and the development of the Fast Fourier Transform in the 1960s. This mathematical tool has been employed to study the tides, to detect gravitational waves, to develop radar and magnetic resonance imaging, and to support signal processing and data compression. Even quantum mechanics finds use for harmonic analysis, and [Shalma] explains how it relates to the uncertainty principle. The Fourier transform has spread through pure mathematics and into number theory, too.
[Shalma] closes with a quote from Charles Fefferman: “If people didn’t know about the Fourier transform, I don’t know what percent of math would then disappear, but it would be a big percent.”
If you’re interested in the Fourier transform and want to dive deeper we would encourage you to read The Fastest Fourier Transform In The West and Even Faster Fourier Transforms On The Raspbery Pi Zero.
Header image: Joseph Fourier, Attributed to Pierre-Claude Gautherot, Public domain.
Running Code On a PAX Credit Card Payment Machine
These days Points of Sale (PoS) usually include a digital payment terminal of some description, some of which are positively small, such as the Mini PoS terminals that PAX sells. Of course, since it has a CPU and a screen it must be hacked to run something else, and maybe discover something fun about the hardware in the process. Thus [Lucas Tuske] set out to do exactly this with a PAX D177 PoS, starting with purchasing three units: one to tear apart, one to bypass tamper protections on and one to keep as intact reference.
As expected, there are a few tamper protections in place, starting with pads that detect when the back cover is removed and a PCB that’s densely covered in fine traces to prevent sneaky drilling. Although tripping the tamper protections does not seem to affect the contents of the Flash, the firmware is signed. Furthermore the secrets like keys that are stored in NVRAM are purged, rendering the device effectively useless to any attacker.
The SoC that forms the brains of the whole operations is the relatively obscure MH1903, which is made by MegaHunt and comes in a dizzying number of variants that are found in applications like these PoS terminals. Fortunately the same SoC is also found on a development board with the AIR105 MCU that turns out to feature the same MH1903 core. These are ARM Cortex-M3 cores, which makes targeting them somewhat easier.
Rather than try to break the secure boot of the existing SoC, [Lucas] opted to replace the SoC package with a brand new one, which was its own adventure. Although one could say that this is cheating, it made getting a PoC of custom code running on one of these devices significantly easier. In a foll0w-up article [Lucas] expects to have Doom running on this device before long.
A Breadboard Computer in Three Chips
Building a computer on a breadboard is a seminal project for many builders, but it can become complicated quite quickly, not to mention that all the parts needed for a computer are being placed on a medium which often lends itself to loose wires and other hardware bugs. [3DSage] has a working breadboard computer that is as simple as it can possibly be, putting it together piece by piece to show exactly what’s needed to get a computer which can count, access memory, and even perform basic mathematical operations.
The first step for any computer is to build a clock, and in this case it’s being provided by a 555 timer which is configured to provide an adjustable time standard and which steps through the clock pulses when a button is pressed. The next piece is a four-bit counter and a memory chip, which lets the computer read and write data. A set of DIP switches allows a user to write data to memory, and by using the last three bits of the data as opcodes, the computer can reset, halt, and jump to various points in a simple program.
Although these three chips make it possible to perform basic programming, [3DSage] takes this a bit further in his video by demonstrating some other simple programs, such as one which can play music or behave as an alarm clock. He also shows how to use a fourth chip in the form of a binary adder to perform some basic math, and then packages it all into a retro-styled computer kit. Of course you can take these principles and build them out as far as they will go, like this full 8-bit computer built on a breadboard or even this breadboard computer that hosts a 486.
youtube.com/embed/8aiYJxvh4r0?…
Reify Your GitHub Commit History With Contrib Cal
Over on Instructables, [Logan Fouts] shows us the Contrib Cal GitHub desk gadget. This build will allow you to sport your recent GitHub commit activity on your wall or desk with an attractive diffuse light display backed by a 7×4 matrix of multicolor LEDs. Motivate yourself and impress your peers!
This humble project is at the same time multifaceted. You will build a case with 3D printing, make a diffuse screen by gluing and cutting, design a LED matrix PCB using KiCad, solder everything together, and then program it all with Python. The brains of the operation are a Raspberry Pi Zero W.
The Instructables article will run you through the required supplies, help you to print the case, explain how to solder the LEDs, tell how to install the heat-set inserts for high quality screw attachments, explain wiring and power, tell you about how to use the various screws, then tell you about where to get more info and the required software on GitHub: Contrib Cal v2.
Of course this diffuse LED matrix is only one way to display your GitHub progress, you can also Track Your GitHub Activity With This E-Ink Display.
L’Italia tra i grandi degli Spyware! Un grande terzo posto dopo Israele e USA
Non brilliamo molto nella sicurezza informatica, ma sugli Spyware siamo tra i primi della classe!
Secondo una ricerca dell’Atlantic Council, il settore dello spyware è in piena espansione, poiché gli investitori rivolgono sempre più la loro attenzione a questo settore eticamente discutibile ma altamente redditizio. La maggior parte del denaro è destinata ad aziende negli Stati Uniti e in Israele, ma al terzo posto troviamo l’Italia.
E gli investimenti americani nello spyware sono triplicati nell’ultimo anno.
L’Italia al terzo posto nella guerra degli spyware
Lo studio dell’Atlantic Council ha preso in esame 561 organizzazioni provenienti da 46 paesi dal 1992 al 2024. Nel farlo, gli esperti sono riusciti a identificare 34 nuovi investitori, portando il loro numero totale a 128 (rispetto ai 94 del 2024).
Si nota che il maggiore interesse per lo spyware è dimostrato dagli investitori americani: nel 2024 sono state identificate 20 nuove società investitrici negli Stati Uniti, per un totale di 31. Questa crescita ha superato di gran lunga quella di altri Paesi, tra cui Israele, Italia e Regno Unito.
Pertanto, il numero di investitori identificati nell’UE e in Svizzera è stato di 31, con l’Italia, considerata un hub chiave per lo spyware, che ha rappresentato la quota maggiore con 12 investitori. Il numero di investitori in Israele è stato di 26.
Tra gli investitori americani, gli analisti dell’Atlantic Council annoverano i grandi hedge fund DE Shaw & Co. e Millennium Management, la nota società commerciale Jane Street e la grande società finanziaria Ameriprise Financial.
Secondo il rapporto, tutti loro hanno inviato fondi al fornitore israeliano di spyware legale Cognyte. Si sottolinea che questa azienda è stata precedentemente collegata a violazioni dei diritti umani in Azerbaigian, Indonesia e altri paesi.
L’acquisto di Paragon Solution
Un altro esempio degno di nota degli investimenti americani nello spyware è la recente acquisizione del noto fornitore israeliano di spyware Paragon Solutions da parte di AE Industrial Partners, una società di private equity con sede in Florida specializzata in sicurezza nazionale.
Gli autori del rapporto sottolineano che, sebbene i politici americani abbiano sistematicamente combattuto la diffusione e l’abuso di spyware, talvolta con misure politiche severe, esiste una significativa discrepanza tra loro e gli investitori statunitensi, perché “i dollari statunitensi continuano a finanziare proprio le entità che i politici statunitensi stanno cercando di combattere”.
Un esempio citato è il fornitore di spyware Saito Tech (ex Candiru), presente nell’elenco delle sanzioni del Dipartimento del Commercio degli Stati Uniti dal 2021 e che ha ricevuto nuovi investimenti dalla società statunitense Integrity Partners nel 2024.
Oltre a concentrarsi sugli investimenti, l’Atlantic Council scrive che il mercato globale degli spyware è “in crescita ed evoluzione”, e ora include quattro nuovi fornitori, sette nuovi rivenditori o broker, 10 nuovi fornitori di servizi e 55 nuovi individui associati al settore.
Ad esempio, tra i fornitori recentemente identificati figurano l’israeliana Bindecy e l’italiana SIO. Tra i rivenditori figurano società di facciata associate ai prodotti del Gruppo NSO (come la panamense KBH e la messicana Comercializadora de Soluciones Integrales Mecale). Tra i nuovi fornitori di servizi figurano la britannica Coretech Security e la statunitense ZeroZenX.
youtube.com/embed/jkMy6OaFOyo?…
Broker e rivenditori, sono il cuore pulsante degli spyware
Il rapporto evidenzia il ruolo centrale svolto da tali rivenditori e broker, che rappresentano un “gruppo di attori poco studiato”.
“Queste organizzazioni agiscono da intermediari, oscurando i collegamenti tra venditori, fornitori e acquirenti. Spesso, gli intermediari mettono in contatto i fornitori con nuovi mercati regionali. Questo crea una catena di fornitura complessa e opaca per lo spyware, rendendo estremamente difficile comprendere le strutture aziendali, le manipolazioni giurisdizionali e le responsabilità“, hanno dichiarato gli autori dello studio a Wired .
Ma attenzione: realizzare spyware è solo fare un puzzle
Quasi sempre non si tratta di aziende che sviluppano internamente malware costruiti sfruttando vulnerabilità scoperte da loro stesse (0day): le società che commercializzano spyware spesso non cercano e non scoprono direttamente i bug. Al contrario, la filiera vede la presenza di broker di exploit 0day che fungono da intermediari: questi broker acquistano vulnerabilità da ricercatori o scopritori e le rivendono—talvolta tramite aste private—a operatori che poi le integrano in strumenti di sorveglianza.
Quindi non bisogna pensare che realizzare uno spyware richieda necessariamente capacità tecniche di scoperta di vulnerabilità; nella pratica commerciale descritta basta produrre il software che sfrutta gli exploit 0day ottenuti di ricercatori di sicurezza, che li hanno venduti a loro volta ai broker. Questo spiega perché il mercato dello spyware può funzionare anche separando nettamente il lavoro di ricerca delle vulnerabilità dalla loro applicazione operativa.
L'articolo L’Italia tra i grandi degli Spyware! Un grande terzo posto dopo Israele e USA proviene da il blog della sicurezza informatica.
Hackaday Podcast Episode 337: Homebrew Inductors, Teletypes in the Bedroom, and Action!
Fresh hacks here! Get your fresh hot hacks right here! Elliot and Dan teamed up this week to go through every story published on our pages to find the best of the best, the cream of the crop, and serve them up hot and fresh for you. The news this week was all from space, with the ISS getting its latest push from Dragon, plus <<checks notes>> oh yeah, life on Mars. Well, maybe, but it’s looking more and more like we are not alone, or at least not a few million years ago.
But even if we are, plenty is still going on down here to keep you interested. Like homebrewing? Good, because we looked at DIY inductors, wire nuts, and even a dope — but nope — ultralight helicopter. Into retro? We’ve got you covered with a loving look at IRC, a 60s bedside computer guaranteed to end your marriage, and a look at the best 8-bit language you never heard of.
We looked at a rescued fume hood, sensors galore on your phone, a rug that should have — and did, kind of — use a 555, and raytracing for the rest of your natural life. As for “Can’t Miss Articles,” Elliot could barely contain himself with the bounty of projects written up by our Hackaday writers, not to mention Arya’s deep dive into putting GPS modules to work in your builds.
html5-player.libsyn.com/embed/…
Download this MP3, full of twisty little podcasts, all alike. Plugh!
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 337 Show Notes:
News:
- Dragon Is The Latest, And Final, Craft To Reboost ISS
- NASA Presser Reveals New Clues About Ancient Life on Planet Mars – YouTube
What’s that Sound?
- Have a listen, guess where the music is from, and enter your guess right here!
Interesting Hacks of the Week:
- Give Your Twist Connections Some Strength
- Tips For Homebrewing Inductors
- Was Action! The Best 8-Bit Language?
- Retrotechtacular: The Noisy Home Computer From 1967
- A Love Letter To Internet Relay Chat
- Making An Ultralight Helicopter
Quick Hacks:
- Elliot’s Picks
- Old Phone Upcycled Into Pico Projector, ASMR
- Reverse Engineering A Robot Mower’s Fence
- The 555 As You’ve Never Seen It: In Textile!
- A Look At Not An Android Emulator
- No Plans For The Weekend? Learn Raytracing!
- Dan’s Picks:
- Restoring A Cheap Fume Hood
- Smartphone Sensors Unlocked: Turn Your Phone Into A Physics Lab
- Heart Rate Monitoring Via WiFi
Can’t-Miss Articles:
- FreeCAD Foray: From Brick To Shell
- Bootstrapping Android Development: A Survival Guide
- The Android Linux Commander
- GPS And Its Little Modules
hackaday.com/2025/09/12/hackad…
Windows 11: Microsoft Rinnova Esplora file introducendo l’intelligenza artificiale
Microsoft ha iniziato a testare nuove funzionalità basate sull’intelligenza artificiale in Esplora file di Windows 11. Queste funzionalità consentiranno agli utenti di interagire con immagini e documenti direttamente da Esplora file, senza dover aprire i file in app separate.
La nuova funzionalità si chiama “Azioni AI” e attualmente funziona con immagini JPG, JPEG e PNG, consentendo di effettuare le seguenti operazioni:
- Rimuovi sfondo in Paint: ritaglia rapidamente lo sfondo di un’immagine, lasciando solo il soggetto;
- Rimuovi oggetti con l’app Foto: consente di rimuovere elementi indesiderati dalle foto utilizzando l’intelligenza artificiale generativa;
- Sfoca lo sfondo utilizzando l’app Foto: mette a fuoco il soggetto sfocando lo sfondo;
- Ricerca immagini con Bing Visual Search : la ricerca visiva con Bing trova immagini, oggetti, punti di riferimento e altro simili sul Web.
“Le azioni AI” in Esplora file semplificano e velocizzano il lavoro con i file: basta fare clic con il pulsante destro del mouse, ad esempio, per modificare un’immagine o ottenere un riepilogo di un documento”, affermano i rappresentanti Microsoft Amanda Langowski e Brandon LeBlanc.
Queste nuove funzionalità sono disponibili in Windows 11 Insider Preview Build 27938. Insieme a queste, è stata introdotta un’altra utile funzionalità: in Impostazioni > Privacy e sicurezza > Generazione di testo e immagini, viene ora visualizzato un elenco delle app di terze parti che hanno utilizzato di recente modelli di intelligenza artificiale generativa locale di Windows.
L’utente può visualizzare questa attività e gestire l’accesso di queste app alle funzionalità di intelligenza artificiale.
A inizio maggio, Microsoft ha anche introdotto gli agenti di intelligenza artificiale , assistenti intelligenti in grado di modificare le impostazioni di Windows con un comando vocale o di testo. Queste funzionalità sono ora disponibili sui PC Copilot+ e sui processori Snapdragon.
L'articolo Windows 11: Microsoft Rinnova Esplora file introducendo l’intelligenza artificiale proviene da il blog della sicurezza informatica.
This Week in Security: NPM, Kerbroasting, and The Rest of the Story
Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this week. Ninety-nine percent of the cloud depends on one of the packages, and one-in-ten cloud environments actually included malicious code as a result of the hack. Take a moment to ponder that. In a rough estimate, ten percent of the Internet was pwned by a single attack.
What extremely sophisticated technique was used to pull off such an attack? A convincing-looking phishing email sent from the newly registered npmjs.help domain. [qix] is the single developer of many of these packages, and in the midst of a stressful week, fell for the scam. We could refer to the obligatory XKCD 2347 here. It’s a significant problem with the NPM model that a single developer falling for a phishing email can expose the entire Internet to such risk.
And once that account was compromised, it didn’t take long for the mystery attacker to push malicious code. Within an hour, cryptocurrency stealing code was added to two dozen packages. Within a couple hours, the compromise was discovered and the cleanup effort began.
BREAKINGLARGEST SUPPLY CHAIN ATTACK IN HISTORY PULLS OFF MASSIVE CRYPTO HEIST
ATTACKS STEAL $20.05 OF ETH. ENTIRE WORLD CRUMBLING
— vx-underground (@vxunderground) September 8, 2025
While the attack was staggering in its breadth, in the end only a few hundred dollars worth of cryptocurrency was actually stolen as a result. Why was such a successful attack, when measured by deployment, so minimal in actual theft? Two reasons: First, the malware was only live for two hours before takedowns began. And a related second reason, the malicious code was specifically aimed at developer and end-user machines, while the majority of the installs were on servers and cloud deployments, where cryptocurrency transactions weren’t happening.
It brings to mind the question, what could have happened? Instead of looking for cryptocurrency to steal, if the malicious code was tailored to servers and stealth, how long would it have taken to detect? And is there malicious code on NPM and in other places that we just haven’t discovered yet?
SAP ERP CVEs
Let’s break down this Alphabet soup. SAP is an acronym for “Systems, Applications and Products in Data Processing”, a German company providing business software. ERP is their Enterprise Resource Planning software, and of course a CVE is a Common Vulnerabilities and Exposure. So to translate the acronyms, SAP’s accounting software has vulnerabilities. And in this case, CVE-2025-42944 is a ten out of ten on the CVSS severity scale.
In fact, there are four vulnerabilities altogether, all CVSS of nine or higher, and all in the underlying NetWeaver platform. SAP owned up to the problems, commenting that they operated as a backdoor, allowing unauthorized access. Patches are available for all of these issues, but some of them have been found in use in the wild.
Kerbroasting
You know it’s bad when a sitting US Senator can tell that your security has problems. Though before I read the article, I had a feeling it would be [Ron Wyden].
The issue here is Microsoft’s support for RC4 encryption in Active Directory. RC4, also known as ARC4, is a pseudorandom number generator developed at RSA in 1987. This continuing support leads to an attack known as kerberoasting.
Kerberos is one of the protocols that powers Active Directory. It works through a sort of ticket signing system. The server doing the signing takes a hash of a password and uses that hash as an encryption key to encrypt the Kerberos ticket. There are two possible problems. First, that password may be a human generated password, and therefore a weak password. And second, the legacy combination of RC4 and original NT hashing makes for extremely fast offline password guessing.
So here’s the kerberoasting attack: Take any account in the Active Directory, and request a Kerberos ticket, specifying the legacy RC4 encryption. Take this offline ticket to a modern CPU/GPU, and use Hashcat to crack that password, at a guess rate measured in the billions per second. Once that password is discovered, arbitrary Kerberos tickets can be signed, providing access to basically any account on the AD system.
This was part of the 2024 ransomware attack on Ascension health, and why the US senate is taking notice. What’s strange is how resistant Microsoft has been to fixing this issue. Microsoft states that RC4 only makes up .1% of traffic, which is nonsense, since the attack doesn’t rely on traffic. Finally in 2026, new installs of Windows server 2025 will disable RC4 by default.
Reverse Engineering and TLS Hacking
We get a great primer from [f0rw4rd] on how to defeat TLS certificates, in a very specific scenario. That scenario is reverse engineering an embedded or industrial Linux system. One of the tools you might want to use is to intercept traffic from the embedded system to some web server, but if that system uses HTTPS, it will fail to verify that certificate. What is a researcher to do?
One possible solution is to abuse LD_PRELOAD to poison the application. This approach uses dynamic library loading to insert a “malicious” library before program execution. tls-preloader is a tool to do exactly this, and supports multiple SSL/TLS libraries, allowing sniffing all that useful TLS data.
The Rest of the Story
Just recently we mentioned several 0-day vulnerabilities that were being used for in-the-wild attacks. This week we have updates on a couple of those. First is the iOS and macOS vulnerability in DNG image file processing. The basic issue is that this file type has a TIFF header that includes a SamplesPerPixel metadata, and a SOF3 section with a component count. A properly formatted file will have consistency between these two elements, and the Apple file processing didn’t handle such an inconsistency correctly, leading to memory corruption and potentially Remote Code Execution (RCE).
The other recent 0-day is a FreePBX flaw that was discovered through the presence of a clean.sh script on multiple FreePBX installs. The flaw was an automatic class loader that allowed an unauthenticated user to include module files when calling the ajax.php endpoint. One way to turn this into an exploit is SQL injection in one of the modules. This is what has been patched, meaning there are likely more exploits to find using this php injection quirk.
Bits and Bytes
The Apple CarPlay SDK had a buffer overflow that was reachable by a device connecting to the vulnerable head unit. Researchers from oligo discovered this flaw, and presented it at Def Con this year. The end result is root-level RCE, and while Apple has already published an SDK update, most cars are still vulnerable to this one.
And finally, enjoy [LaurieWired] taking a look at this year’s International Obfuscated C Code Contest (IOCCC) winners. This contest is all about pushing the limits in how terrifying C code can be, while still compiling and doing something interesting. And these entries don’t disappoint.
youtube.com/embed/by53T03Eeds?…
Everything You Ever Wanted to Know about the Manhattan Project (But Were Afraid to Ask)
There have been plenty of books and movies about how the Manhattan Project brought together scientists and engineers to create the nuclear bomb. Most of them don’t have a lot of technical substance, though. You know — military finds genius, genius recruits other geniuses, bomb! But if you want to hear the story of the engineering, [Brian Potter] tells it all. We mean, like, all of it.
If you’re looking for a quick three-minute read, you’ll want to give this a pass. Save it for a rainy afternoon when you can settle in. Even then, he skips past a lot of what is well known. Instead, he spends quite a bit of time discussing how the project addressed the technical challenges, like separating out U235.
Four methods were considered for that task. Creating sufficient amounts of plutonium was also a problem. Producing a pound of plutonium took 4,000 pounds of uranium. When you had enough material, there was the added problem of getting it together fast enough to explode instead of just having a radioactive fizzle.
There are some fascinating tidbits in the write-up. For example, building what would become the Oak Ridge facility required conductors for electromagnets. Copper, however, was in short supply. It was wartime, after all. So the program borrowed another good conductor, silver, from the Treasury Department. Presumably, they eventually returned it, but [Brian] doesn’t say.
There’s the old story that they weren’t entirely sure they wouldn’t ignite the entire atmosphere but, of course, they didn’t. Not that the nuclear program didn’t have its share of bad luck.
How Strong of a Redbull Can You Make?
Energy drinks are a staple of those who want to get awake and energetic in a hurry. But what if said energy is not in enough of a hurry for your taste? After coming across a thrice concentrated energy drink, [Nile Blue] decided to make a 100 times concentrated Redbull.
Energy drinks largely consist of water with caffeine, flavoring and sugar dissolved inside. Because a solution can only be so strong, so instead of normal Redbull, a sugar free variant was used. All 100 cans were gathered into a bucket to dry the mixture, but first, it had to be de-carbonated. By attaching a water agitator to a drill, all the carbon dioxide diffused in the water fell out of solution. A little was lost after the Redbull was lost, but the process worked extremely well.
From there, the Redbull was moved to a fancy vortex drying machine. While simply evaporating the water in a food dehydrator is an option, it takes a very long time and does not preserve the flavor. The solution to patience is expensive machines from China. This particular machine works by shooting in a mist of liquid into a vortex of hot air. This causes the solids to fall out of solution and separate into a powder which is collected. Much of the powder got caked in the vortex funnel and with much effort, a portion of it was removed by a chisel, and washing with water. Of course, the portion washed with water had to be dried in a food dehydrator, which took ten days. Unfortunately, the machine did not work perfectly and about 33.5 cans worth of Redbull powder where lost along the way.
To math the volume of a standard can of Redbull, all 250 grams of powder would need to be dissolved in a mere 250ml of water, a theoretical 67 times concentrated Redbull. While it did mostly dissolve into a somewhat grainy thick sludge, the powder added so much volume it ended up being equivalent to a 37 times concentration. A mere 7ml of this concoction amounts to a single Redbull, likely the strongest concentration of Redbull possible. Of course, for the full Redbull experience, the sludge was carbonated and finally packaged in an appropriate jar.
If you like strange and potentially dangerous chemistry hacks, make sure to check out this gold nonparticipant fabrication project next!
youtube.com/embed/7arjH-sGWFM?…
Presunta violazione al Comune di Firenze: accesso e dati in vendita nel Dark Web
Un nuovo annuncio comparso in un forum underground solleva preoccupazioni sulla sicurezza dei dati dei cittadini italiani. L’utente con nickname krektti ha messo in vendita quello che descrive come l’accesso e i database del Comune di Firenze, per la cifra di 1.500 dollari.
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
I dettagli del post
Nel messaggio pubblicato poche ore fa, il venditore specifica:
- Target: Comune di Firenze (comune.fi.it)
- Prezzo richiesto: 1.500 dollari
- Contatto: messaggi privati o session key
- Contenuto presunto: campioni di dati strutturati che richiamerebbero un archivio anagrafico, con campi come idVia, idResidente, codice fiscale, nome, cognome, data di nascita, numero civico e codice famiglia.
Se i dati fossero autentici, sarebbero altamente sensibili e appetibili per attività criminali come frodi, furti d’identità o attacchi di social engineering mirati.
La reputazione del threat actor
Nel contesto dei forum underground, la reputazione è un elemento fondamentale che determina la credibilità e l’affidabilità di un venditore. L’utente krektti, autore del post, risulta avere un livello di reputazione elevato all’interno della piattaforma (81 punti) e lo status di “GOD”, segno che ha già effettuato numerose interazioni con successo nella community.
Questo non certifica automaticamente l’autenticità dei dati messi in vendita, ma rappresenta un segnale importante: in ambienti cybercriminali, una buona reputazione riduce il rischio per gli acquirenti di cadere in truffe e rende più probabile che l’autore sia realmente in possesso del materiale offerto. Di conseguenza, gli annunci di krektti vengono percepiti con maggiore serietà rispetto a quelli di venditori alle prime armi o con scarsa affidabilità.
Nessuna conferma ufficiale, ma un precedente
Al momento, non esistono comunicati stampa o note ufficiali da parte del Comune di Firenze o delle autorità competenti. Non è quindi possibile stabilire se si tratti di una reale violazione, di una frode (con dati falsi o riciclati da altre fonti) o di un tentativo di trarre profitto sfruttando l’effetto annuncio.
È interessante notare che lo stesso utente, solo nella giornata di ieri, aveva pubblicato un altro annuncio relativo al Comune di Canegrate, in provincia di Milano. Anche in quel caso sosteneva di aver ottenuto accesso ai sistemi e ai dati anagrafici. Questa sequenza di post fa sorgere spontanee alcune domande: perché concentrare l’attenzione sull’Italia?
Initial Access Broker e dinamiche criminali
Il comportamento osservato richiama quello degli Initial Access Broker (IAB): attori che si specializzano nel penetrare reti e sistemi, per poi rivendere l’accesso o i dati a gruppi più organizzati, ad esempio operatori di ransomware.
In questo caso, krektti potrebbe non avere alcun interesse diretto a sfruttare i dati, ma solo a monetizzare la compromissione vendendo il “pass” a qualcun altro.
La presunta violazione al Comune di Firenze, insieme al precedente annuncio riguardante Canegrate, rafforza l’idea che l’Italia sia sempre più attenzionata nei mercati cybercriminali. Anche se non ci sono conferme ufficiali, la sola pubblicazione di questi annunci dovrebbe spingere enti locali e istituzioni a rafforzare i propri sistemi di difesa e ad avviare monitoraggi preventivi.
L'articolo Presunta violazione al Comune di Firenze: accesso e dati in vendita nel Dark Web proviene da il blog della sicurezza informatica.
How the TI-99/4A Home Computer Worked
Over on YouTube [The 8-Bit Guy] shows us how the TI-99/4A home computer worked.
[The 8-Bit Guy] runs us through this odd 16-bit home computer from back in the 1980s, starting with a mention of the mysterious extra “space” key on its antiquated keyboard. The port on the side is for two joysticks which share a bus, but you can find boards for compatibility with “newer” hardware, particularly the Atari-style joysticks which are easier to find. The AV port on the back is an old 5-pin DIN such as was typical from Commodore and Atari at the time (also there is a headphone port on the front). The other DB9 port on the back of the device is the port for the cassette interface.
The main cartridge interface is on the front right of the machine, and there’s a smaller expansion socket on the right hand side. The front interface is for loading software (on cartridges) and the side interface is for peripherals. The system boots to a now famous “press any key” prompt. (We know what you’re thinking: “where’s the any key!?” Thanks Homer.)
One curiosity is that when the system is waiting for a command the screen background color is a light blue, and when it’s running a command the background color changes to a light green. [The 8-bit Guy] demos some equation calculator software which has support for variables and expressions. In addition to the equation calculator the same cartridge has a version of BASIC (called TI BASIC) and a version of Space Invaders (called TI INVADERS). (Yes, the interface is all uppercase.)
When they were designing the system the TI-99/4A engineers had been considering an 8-bit CPU but they settled on the 16-bit TMS9900 instead. However, much of the board had already been designed for an 8-bit CPU, which lead it to being a bit of a weird hybrid. The CPU only has 15 address lines but it makes up for it by addressing two bytes at a time, allowing it to read up to 64K.
[The 8-Bit Guy] goes on to discuss the computer architecture, the Graphic Programming Language (GPL), and its various BASIC implementations. Also the internals of the cartridges are explored along with the Video Display Processor (VDP) which supported rudimentary graphics mode (32×24 characters with 15 colors and 32 sprites) in addition to a text mode (40×24 characters). The 4-voice sound generator chip was the SN76489, this chip proved to be useful in many other products as well.
[The 8-Bit Guy] finishes his video with a look at the expansion capabilities, which basically just daisy chain off the right hand side. Each of the peripheral devices demands its own power supply too!
If you’re interested in the TI-99/4A check out Persistence Pays In TI-99/4A Cassette Tape Data Recovery and Don’t Mess With Texas – The TI-99/4A Megademo.
youtube.com/embed/-0Jtv8hvau4?…
Analog Optical Computer for Inference and Combinatorial Optimization
Although computers are overwhelmingly digital today, there’s a good point to be made that analog computers are the more efficient approach for specific applications. The authors behind a recent paper in Nature are arguing that inference – essential for LLMs – can be done significantly more efficiently using an analog optical computer (AOC).
As the authors describe it, the function of this AOC is to perform a fixed-point search using only optical and analog electronic components. The optics handle the matrix-vector multiplications, while the analog components handle the non-linear operations, subtractions and annealing. This is performed in 20 ns cycles until noise has been reduced to an acceptable level, considering the analog nature of the computer. A big advantage here is that no analog-digital conversions are required as with other (digital) hybrid systems.
So far a small-scale AOC has been constructed for tasks like image classification and non-linear regression tasks, with the authors claiming the AOC being over a hundred times more efficient than current GPU-derived vector processors.
6502 Puts on an SDR Hat
The legendary 6502 microprocessor recently turned 50 years old, and to celebrate this venerable chip which brought affordable computing and video gaming to the masses [AndersBNielsen] decided to put one to work doing something well outside its comfort zone. Called the PhaseLoom, this project uses a few other components to bring the world of software-defined radio (SDR) to this antique platform.
The PhaseLoom is built around an Si5351 clock generator chip, which is configurable over I2C. This chip is what creates the phase-locked loop (PLL) for the radio. The rest of the components, including antenna connectors and various filters, are in an Arduino-compatible form factor that let it work as a shield or hat for the 65uino platform, an Arduino-form-factor 6502 board. The current version [Anders] has been working on is dialed in to the 40-meter ham band, with some buttons on the PCB that allow the user to tune around within that band. He reports that it’s a little bit rough around the edges and somewhat noisy, but the fact that the 6502 is working as an SDR at all is impressive on its own.
For those looking to build their own, all of the schematics and code are available on the project’s GitHub page. [Anders] has some future improvements in the pipe for this project as well, noting that with slightly better filters and improved software even more SDR goodness can be squeezed out of this microprocessor. If you’re looking to experiment with SDR using something a little bit more modern, though, this 10-band multi-mode SDR based on the Teensy microcontroller gets a lot done without breaking the bank.
Multi-Use Roof Eliminates Roof
One of the biggest downsides of installing solar panels on a rooftop is that maintenance of the actual roof structure becomes much more difficult with solar panels in the way. But for many people who don’t have huge tracts of land, a roof is wasted space where something useful could otherwise go. [Mihai] had the idea of simply eliminating traditional roofing materials altogether and made half of this roof out of solar panels directly, with the other half being put to use as a garden.
Normally solar panels are installed on top of a roof, whether it’s metal or asphalt shingles or some other material, allowing the roof to perform its normal job of keeping weather out of the house while the solar panels can focus on energy generation. In this roof [Mihai] skips this step, having the solar panels pull double duty as roof material and energy generation. In a way this simplifies things; there’s less to maintain and presumably any problems with the roof can be solved by swapping out panels. But we would also presume that waterproofing it might be marginally more difficult.
On the antisolar side of the roof, however, [Mihai] foregoes the solar panels in favor of a system that can hold soil for small garden plants. Putting solar panels on this side of the roof wouldn’t generate as much energy but the area can still be useful as a garden. Of course we’d advise caution when working on a garden at height, but at least for the solar panels you can save some trips up a ladder for maintenance by using something like this robotic solar panel scrubber.
youtube.com/embed/yZRalp4EQG4?…
Round and Round with a Tape Delay Synth
Over the years we’ve been entertained by an array of musical projects from [Look Mum No Computer], and his latest is no exception. It’s a tape delay, loop generator, and synth all in one. Confused? That’s what you get if you position a load of tape heads around a rotating disk with magnetic tape on its perimeter.
Taking a circular piece of inch-thick Perspex, he wraps a length of one inch tape round its perimeter. This is placed as though it were a turntable on a stepper motor with variable speed, and the tape heads are positioned around its edge. Each read head feeds its own preamp which in turn drives a mixer array, and there’s also a record head and an erase head. If you’ve ever played with tape loops you’ll immediately understand the potential for feedback and sequence generation to make interesting sounds. There’s a lot of nuance to the build, in designing the mount for the motor to stop the enclosure flexing, in using a gearbox for increased torque, and in balancing the disk.
The result is as much an effect as it is an instrument in its own right, particularly in its prototype phase when the read head was movable. We’re treated to a demo/performance, and we look forward to perhaps seeing this in person at some point. There’s a future video promised in which a fix should come for a click caused by the erase circuitry, and he’ll male a more compact enclosure for it.
youtube.com/embed/0QbylUT7fos?…
Dragon is the Latest, and Final, Craft to Reboost ISS
The International Space Station has been in orbit around the Earth, at least in some form, since November of 1998 — but not without help. In the vacuum of space, an object in orbit can generally be counted on to remain zipping around more or less forever, but the Station is low enough to experience a bit of atmospheric drag. It isn’t much, but it saps enough velocity from the Station that without regular “reboosts” to speed it back up , the orbiting complex would eventually come crashing down.
Naturally, the United States and Russia were aware of this when they set out to assemble the Station. That’s why early core modules such as Zarya and Zvezda came equipped with thrusters that could be used to not only rotate the complex about all axes, but accelerate it to counteract the impact of drag. Eventually the thrusters on Zarya were disabled, and its propellant tanks were plumbed into Zvezda’s fuel system to provide additional capacity.
Visiting spacecraft attached to the Russian side of the ISS can transfer propellant into these combined tanks, and they’ve been topped off regularly over the years. In fact, the NASA paper A Review of In-Space Propellant Transfer Capabilities and Challenges for Missions Involving Propellant Resupply, notes this as one of the most significant examples of practical propellant transfer between orbital vehicles, with more than 40,000 kgs of propellants pumped into the ISS as of 2019.
But while the thrusters on Zvezda are still available for use, it turns out there’s an easier way to accelerate the Station; visiting spacecraft can literally push the orbital complex with their own maneuvering thrusters. Of course this is somewhat easier said than done, and not all vehicles have been able to accomplish the feat, but over the decades several craft have taken on the burden of lifting the ISS into a higher orbit.
Earlier this month, a specially modified SpaceX Cargo Dragon became the newest addition to the list of spacecraft that can perform a reboost. The craft will boost the Station several times over the rest of the year, which will provide valuable data for when it comes time to reverse the process and de-orbit the ISS in the future.
Reboosting the Russian Way
By far the easiest way for a visiting spacecraft to reboost the ISS is to dock with the rear of the Zvezda module. This not only places the docked spacecraft at what would be considered the “rear” of the Station given its normal flight orientation, but puts the craft as close as possible to the Station’s own thrusters. This makes it relatively easy to compute the necessary parameters for the thruster burn.
Historically, reboosts from this position have been performed by the Russian Progress spacecraft. Introduced in 1978, Progress is essentially an uncrewed version of the Soyuz spacecraft, and like most of Russia’s space hardware, has received various upgrades and changes over the decades. Progress vehicles are designed specifically for serving long-duration space stations, and were used to bring food, water, propellants, and cargo to the Salyut and Mir stations long before the ISS was even on the drawing board.
Reboosts could also be performed by the Automated Transfer Vehicle (ATV). Built by the European Space Agency (ESA), the ATV was essentially the European counterpart to Progress, and flew similar resupply missions. The ATV had considerably greater cargo capacity, with the ability to bring approximately 7,500 kg of materials to the ISS compared to 2,400 kg for Progress.
Only five ATVs were flown, from 2008 to 2014. There were several proposals to build more ATVs, including modified versions that could potentially even carry crew. None of these versions ever materialized, although it should be noted that the design of the Orion spacecraft’s Service Module is based on the ATV.
American Muscle
Reboosting the ISS from the American side of the Station is possible, but involves a bit more work. For one thing, the entire Station needs to flip over, as the complex’s normal orientation would have the American docking ports facing fowards. Of course, there’s really no such thing as up or down in space, so this maneuver doesn’t impact the astronauts’ work. There are however various experiments and devices aboard the Station that are designed to point down towards Earth, so this reorientation can still be disruptive.
As described in the “AUTO REBOOST” section of the STS-129 Orbit Operations Checklist, the Shuttle’s computer would actually be given control of the maneuvering systems of the ISS so the entire linked structure can be rotated into the correct position. A diagram in the Checklist even shows the approximate angle the vehicle’s should be at for the Shuttle’s maneuvering thrusters to line up properly.
With the retirement of the Space Shuttle in 2011, maintaining the Station’s orbit became the sole domain of the Russians until 2018, when the Cygnus became the first commercial spacecraft to perform a reboost. The cargo spacecraft had a swiveling engine which helped get the direction of thrust aligned, but the Station did still need to rotate to get into the proper position.
After performing a second reboost in 2022, the Cygnus spacecraft was retired. It’s replacement, the upgraded Cygnus XL — is currently scheduled to launch its first mission to the ISS no earlier than September 14th.
Preparing for the Final Push
That brings us to the present day, and the Cargo Dragon. SpaceX had never designed the spacecraft to perform a reboost, and indeed, it would at first seem uniquely unsuited for the task as its “Draco” maneuvering thrusters are actually located on the front and sides of the capsule. When docked, the primary thrusters used for raising and lowering the Dragon’s own orbit are essentially pressed up against the structure of the ISS, and obviously can’t be activated.
To make reboosting with the Dragon possible, SpaceX added additional propellant tanks and a pair of rear-firing Draco thrusters within the spacecraft’s un-pressurized “trunk” module. This hollow structure is usually empty, but occasionally will hold large or bulky cargo that can’t fit inside the spacecraft itself. It’s also occasionally been used to deliver components destined to be mounted to the outside of the ISS, such as the for the outside of the ISS, such as the International Docking Adapter (IDA) and the roll-out solar panels.
While the ability to have the Dragon raise the orbit of the International Space Station obviously has value to NASA, the implications of this experiment go a bit farther.
SpaceX has already been awarded the contract to develop and operate the “Deorbit Vehicle” which will ultimately be used to slow down the ISS and put it on a targeted reentry trajectory sometime after 2030. Now that the company has demonstrated the ability to add additional thrusters and propellant to a standard Dragon spacecraft via a module installed in the trunk, it’s likely that the Deorbit Vehicle will take a similar form.
So while the development of this new capability is exciting from an operational standpoint, especially given deteriorating relations with Russia, it’s also a reminder that the orbiting laboratory is entering its final days.
4-bit Single Board Computer Based on the Intel 4004 Microprocessor
[Scott Baker] is at it again and this time he has built a 4-bit single board computer based on the Intel 4004 microprocessor.
In the board design [Scott] covers the CPU (both the Intel 4004 and 4040 are supported), and its support chips: the 4201A clock-generator, its crystal, and the 4289 Standard Memory Interface. The 4289 irons out the 4-bit interface for use with 8-bit ROMs. Included is a ATF22V10 PLD for miscellaneous logic, a 74HCT138 for chip-select, and a bunch of inverters for TTL compatibility (the 4004 itself uses 15 V logic with +5 V Vss and -10 V Vdd).
[Scott] goes on to discuss the power supply, ROM and page mapper, the serial interface, the RC2014 bus interface, RAM, and the multimodule interface. Then comes the implementation, a very tidy custom PCB populated with a bunch of integrated circuits, some passive components, a handful of LEDs, and a few I/O ports. [Scott] credits Jim Loo’s Intel 4004 SBC project as the genesis of his own build.
If you’re interested in seeing this board put to work check out the video embedded below. If you’d like to know more about the 4004 be sure to check out Supersize Your Intel 4004 By Over 10 Times, The 4004 Upgrade You’ve Been Waiting For, and Calculating Pi On The 4004 CPU, Intel’s First Microprocessor.
youtube.com/embed/ylq7cijFTRA?…