Yaydio, a Music Player For Kids
Music consumption has followed a trend over the last decade or more of abandoning physical media for online or streaming alternatives. This can present a problem for young children however, for whom a simpler physical interface may be an easier way to play those tunes. Maintaining a library of CDs is not entirely convenient either, so [JakesMD] has created the Yaydio. It’s a music player for kids, that plays music when a card is inserted in its slot.
As you might expect, the cards themselves do not contain the music. Instead they are NFC cards, and the player starts the corresponding album from its SD card when one is detected. The hardware is simple enough, an Arduino Nano with modules for MP3 playback, NFC reading, seven segment display, and rotary encoder. The whole thing lives in a kid-friendly 3D printed case.
Some thought has been given to easily adding albums and assigning cards to them, making it easy to keep up with the youngster’s tastes. This isn’t the first such kid-friendly music player we’ve seen, but it’s certainly pretty neat.
DIY Split Keyboard Made with a Saw
Split keyboards are becoming more popular, but because they’re still relatively niche, they can be rather expensive if you want to buy one. So why not make your own? Sure, you could assemble one from a kit, but why not take a cheap mechanical keyboard, slice it in half and just [em]waves hands[/em] connect the two halves back together? If this thought appeals to you, then [nomolk]’s literal hackjob video should not be ignored. Make sure to enable English subtitles for the Japanese-language video.
In it, the fancy (but cheap) mechanical keyboard with Full RGB
Naturally this will go wrong, so it’s important to take a (sushi) break and admire the sunset before hurling oneself at the tracing of faulty wiring. This process and the keyboard matrix is further detailed on the blog entry (in Japanese) for this process.
Although this was perhaps easier than the other split keyboard project involving a membrane keyboard, this tongue-in-cheek project demonstrates the limits of practicality with this approach even if it could be cleaned up more with fancier wiring.
We give it full points for going the whole way, however, and making the keyboard work again in the end.
youtube.com/embed/8VDWwFVJIfA?…
An ESP32 Pomdoro Timer
The Pomdoro technique of time management has moved on a little from the tomato-shaped kitchen timer which gave it a name, as [Rukenshia] shows us with this nifty ESP32 and e-paper design. It’s relatively simple in hardware terms, being a collection of off-the-shelf modules in a 3D printed case, but the software has a custom interface for the friend it was built for.
At its heart is a NodeMCU board and a Waveshare display module, with a rotary encoder and addressable LED as further interface components. A lot of attention has been paid to the different options for the interface, and to make the front end displayed on the screen as friendly and useful as possible. Power comes via USB-C, something that should be available in most working environments here in 2025.
We’ve tried a variant on this technique for a while now with varying success, maybe because a mobile phone doesn’t make for as good a timer as a dedicated piece of hardware such as this. Perhaps we should follow this example. If we did, the Hackaday timer couldn’t possibly use an ESP32.
Signal è abbastanza sicuro per la CIA e per il CISA. Lo è anche per te?
Quando Jeffrey Goldberg dell’Atlantic ha fatto trapelare accidentalmente un messaggio di gruppo privato di alti funzionari statunitensi su un possibile attacco contro gli Houthi nello Yemen, ha suscitato molto scherno sui social media.
Ma al di là dell’imbarazzo e del commento politico, l’incidente ha lanciato un messaggio importante: le agenzie di intelligence americane utilizzano Signal, una popolare app crittografata, e ritengono che sia sicura.
Sebbene siano regolarmente in corso dibattiti sulla sicurezza della crittografia nei servizi di messaggistica come Signal, Telegram e WhatsApp, il fatto che vengano utilizzati anche dagli ufficiali dei servizi segreti parla da sé. Soprattutto se si considera che alla recente chat a porte chiuse di Signal erano presenti il vicepresidente J.D. Vance, il direttore dell’intelligence Tulsi Gabbard, il segretario alla Difesa Pete Hegseth, il direttore della CIA John Ratcliffe, il consigliere per la sicurezza nazionale Mike Waltz e altri funzionari dell’amministrazione.
Come ha ammesso Waltz su Fox News, è stato lui stesso a creare il gruppo e ad aggiungervi inavvertitamente Goldberg, poiché il numero era salvato nei suoi contatti con un nome diverso, presumibilmente quello di un dipendente governativo.
Il problema non è Signal, ma il modo in cui le persone gestiscono i contatti. Come notato Secondo il professor Ryan Ellis della Northeastern University, nessuna protezione potrà mai salvarvi se qualcuno invia segreti al destinatario sbagliato.
Durante un’audizione al Senato del 25 marzo, il direttore della CIA Ratcliffe ha confermato che Signal era stato installato sul computer della sua azienda, come quello della maggior parte dei dipendenti, fin dall’inizio del suo mandato presso l’agenzia. L’applicazione è ufficialmente approvata per la corrispondenza interna e viene utilizzata non solo dalla CIA, ma anche da altre agenzie governative.
È stato addirittura raccomandato dalla Casa Bianca e dalla CISA, l’agenzia statunitense per la sicurezza informatica, per i funzionari che potrebbero essere presi di mira dalle agenzie di intelligence straniere.
Signal non è l’unico in questa lista. Professore Frederick Scholl della Quinnipiac University aggiunge , tra i messenger sicuri troviamo anche Briar, Session, SimpleX, Telegram, Threema, Viber, Wire e altri. Ed è in pieno svolgimento anche il passaggio di massa ai messaggi RCS criptati al posto dei normali SMS: ora anche Apple e Google supportano una protezione compatibile dei messaggi tra le loro piattaforme.
Tuttavia, la popolarità della crittografia suscita anche critiche. I giornalisti dell’Associated Press hanno scoperto che i servizi di messaggistica sicura sono utilizzati attivamente da funzionari a tutti i livelli, dai governatori ai senatori, fino ai consigli scolastici. Ciò solleva il timore che il processo decisionale si stia spostando nell’ombra, al di fuori dei canali ufficiali. Ma nonostante ciò, le agenzie governative continuano a insistere sul fatto che la sicurezza richiede la crittografia, soprattutto nell’era dello spionaggio digitale.
Nessuno può dare la garanzia assoluta che nessun messenger verrà hackerato. Una cosa è certa: se anche la CIA consiglia di utilizzare Signal, allora vale sicuramente la pena prenderlo in considerazione. La cosa principale è controllare attentamente chi aggiungi alla chat.
L'articolo Signal è abbastanza sicuro per la CIA e per il CISA. Lo è anche per te? proviene da il blog della sicurezza informatica.
AMSAT-OSCAR 7: the Ham Satellite That Refused to Die
When the AMSAT-OSCAR 7 (AO-7) amateur radio satellite was launched in 1974, its expected lifespan was about five years. The plucky little satellite made it to 1981 when a battery failure caused it to be written off as dead. Then, in 2002 it came back to life. The prevailing theory being that one of the cells in the satellites NiCd battery pack, in an extremely rare event, shorted open — thus allowing the satellite to run (intermittently) off its solar panels.
In a recent video by [Ben] on the AE4JC Amateur Radio YouTube channel goes over the construction of AO-7, its operation, death and subsequent revival are covered, as well as a recent QSO (direct contact).
The solar panels covering this satellite provided a grand total of 14 watts at maximum illumination, which later dropped to 10 watts, making for a pretty small power budget. The entire satellite was assembled in a ‘clean room’ consisting of a sectioned off part of a basement, with components produced by enthusiasts associated with AMSAT around the world. Onboard are two radio transponders: Mode A at 2 meters and Mode B at 10 meters, as well as four beacons, three of which are active due to an international treaty affecting the 13 cm beacon.
Positioned in a geocentric LEO (1,447 – 1,465 km) orbit, it’s quite amazing that after 50 years it’s still mostly operational. Most of this is due to how the satellite smartly uses the Earth’s magnetic field for alignment with magnets as well as the impact of photons to maintain its spin. This passive control combined with the relatively high altitude should allow AO-7 to function pretty much indefinitely while the PV panels keep producing enough power. All because a NiCd battery failed in a very unusual way.
youtube.com/embed/7wSEgHYWmMI?…
Open Source Framework Aims to Keep Tidbyt Afloat
We recently got a note in the tips line from [Tavis Gustafson], who is one of the developers of Tronbyt — a replacement firmware and self-hosted backend that breaks the Tidbyt smart display free from its cloud dependency. When they started the project, [Tavis] says the intent was simply to let privacy-minded users keep their data within the local network, which was itself a goal worthy enough to be featured on these pages.
But now that Tidbyt has been acquired by Modal and has announced they’ll no longer be producing new units, things have shifted slightly. While the press release says that the Tidbyt backend is going to stay up and running for existing customers, the writing is clearly on the wall. It’s now possible that the Tronbyt project will be able to keep these devices from ending up in landfills when the cloud service is inevitably switched off, especially if they can get the word out to existing users before then.
What’s that? You say you haven’t heard of Tidbyt? Well, truth be told, neither had we. So we did some digging, and this is where things get really interesting.
It turns out, Tidbyt started its life as a project on Hackaday.io by [Rohan Singh] back in 2020. The hardware consists of a 64×32 HUB75 LED panel and a small custom PCB holding an ESP32 inside of a wooden box, and while it doesn’t appear to have ever been an open source device per se, how it worked internally was hardly a secret. The software side of things however was released on GitHub, which likely made creating the custom firmware that much easier for [Travis] and co.
By March of 2021, Tidbyt was on Kickstarter, where it blew past its goal in 48 hours and ultimately brought in just shy of one million dollars. In October of 2023, they were back on Kickstarter with a second generation of Tidbyt hardware, and this time brought in even more money than the first time.
So what’s the takeaway from all of this? Well, first of all we can’t believe this whole thing was developed right under our noses without us even realizing it. This seems like a good time as any to remind folks to drop us a line if you’re working on something cool and you want to share it with the class. We would’ve loved to connect with [Rohan] as Tidbyt was on the rise.
But more importantly, it’s a great example of just how much better devices that were developed in the open can weather a storm than their proprietary counterparts. [Rohan] kept enough of Tidbyt open to the community that they were able to successfully create their own firmware and backend — a decision which now might end up being the only thing keeping some of these devices up and running in the future.
Oh yeah, and keep starting awesome projects on Hackaday.io and turning them into multi-million dollar ventures too. We like that also.
Contagious Ideas
We ran a story about a wall-mounted plotter bot this week, Mural. It’s a simple, but very well implemented, take on a theme that we’ve seen over and over again in various forms. Two lines, or in this case timing belts, hang the bot on a wall, and two motors drive it around. Maybe a servo pulls the pen in and out, but that’s about it. The rest is motor driving and code.
We were thinking about the first such bot we’ve ever seen, and couldn’t come up with anything earlier than Hektor, a spray-painting version of this idea by [Juerg Lehni]. And since then, it’s reappeared in numerous variations.
Some implementations mount the motors on the wall, some on the bot. There are various geometries and refinements to try to make the system behave more like a simple Cartesian one, but in the end, you always have to deal with a little bit of geometry, or just relish the not-quite-straight lines. (We have yet to see an implementation that maps out the nonlinearities using a webcam, for instance, but that would be cool.) If you’re feeling particularly reductionist, you can even do away with the pen-lifter entirely and simply draw everything as a connected line, Etch-a-Sketch style. Maslow CNC swaps out the pen for a router, and cuts wood.
What I love about this family of wall-plotter bots is that none of them are identical, but they all clearly share the same fundamental idea. You certainly wouldn’t call any one of them a “copy” of another, but they’re all related, like riffing off of the same piece of music, or painting the same haystack in different lighting conditions: robot jazz, or a study in various mechanical implementations of the same core concept. The collection of all wall bots is more than the sum of its parts, and you can learn something from each one. Have you made yours yet?
(Fantastic plotter-bot art by [Sarah Petkus] from her write-up ten years ago!)
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
Recreating the Analog Beauty of a Vintage Tektronix Oscillator
Tektronix must have been quite a place to work back in the 1980s. The company offered a bewildering selection of test equipment, and while the digital age was creeping in, much of their gear was still firmly rooted in the analog world. And some of the engineering tricks the Tek wizards pulled off are still the stuff of legend.
One such gem of analog design was the SG505, an ultra-low-distortion oscillator module that [Paul] is trying to replicate with modern parts. That’s a tall order since not only did the original specs on this oscillator call for less than 0.0008% total harmonic distortion over a frequency range of 20 Hz to 20 kHz, but a lot of the components it used are no longer manufactured. Tek also tended to use a lot of custom parts, especially mechanical ones like the barrel switch used to select attenuation levels in the SG505, leaving [Paul] no choice but to engineer his way around them.
So far, [Paul] has managed to track down most of the critical components or source suitable substitutes. One major win was locating the original J-FET Tek used in the oscillator’s AGC circuit. One part that’s proven more elusive is the potentiometer that Tek used to adjust the frequency; who knew that finding a dual-gang precision wirewound 10k single-turn pot with no physical stop would be such a chore?
[Paul] still seems to be very much in the planning stages of this project yet, and that’s probably for the best since projects such as these live and die on proper planning. We’re keen to see how this develops, and we’re very much looking forward to seeing the FFT results. We also imagine he’ll be busting out his custom curve tracer at some point in the build, too.
How to Make a 13 mm Hole With a 1/2″ Drill Bit
As everyone knows, no matter how many drill bits one owns, one inevitably needs a size that isn’t on hand. Well, if you ever find yourself needing to drill a hole that’s precisely 13 mm, here’s a trick from [AvE] to keep in mind for doing it with a 1/2″ bit. It’s a hack that only works in certain circumstances, but hey, it just may come in handy some day.
It’s much easier demonstrated than described, so watch it in action in the video around the 2:40 mark which will make it all very clear.
It’s not the most elegant nor the most accurate method (the hole in the video actually ends up closer to 13.4 mm) but it’s still something worth keeping in the mental toolbox. Just file it away along with laying your 3D printer on its side to deal with tricky overhangs.
youtube.com/embed/RJ6IapMp6R8?…
Pictures from a High Altitude Balloon
How do you get images downlinked from 30 km up? Hams might guess SSTV — slow scan TV — and that’s the approach [desafloinventor] took. If you haven’t seen it before (no pun intended), SSTV is a way to send images over radio at a low frame rate. Usually, you get about 30 seconds to 2 minutes per frame.
The setup uses regular, cheap walkie-talkies for the radio portion on a band that doesn’t require a license. The ESP32-CAM provides the processing and image acquisition. Normally, you don’t think of these radios as having a lot of range, but if the transmitter is high, the range will be very good. The project steals the board out of the radio to save weight. You only fly the PC board, not the entire radio.
If you are familiar with SSTV, the ESP-32 code encodes the image using Martin 1. This color format was developed by a ham named [Martin] (G3OQD). A 320×256 image takes nearly two minutes to send. The balloon system sends every 10 minutes, so that’s not a problem.
Of course, this technique will work anywhere you want to send images over a communication medium. Hams use these SSTV formats even on noisy shortwave frequencies, so the protocols are robust.
Hams used SSTV to trade memes way before the Internet. Need to receive SSTV? No problem.
Make DIY Conductive, Biodegradable String Right In Your Kitchen
[ombates] shares a step-by-step method for making a conductive bio-string from scratch, no fancy equipment required. She demonstrates using it to create a decorative top with touch-sensitive parts, controlling animations on an RGB LED pendant. To top it off, it’s even biodegradable!
There’s no details on what the actual resistance of a segment of this string can be expected to measure, but while it might not be suitable to use as wiring it is certainly conductive enough to act as a touch sensor in a manner similar to the banana synthesizer. It would similarly be compatible with a Makey Makey (the original and incredibly popular hardware board for turning household objects into touch sensors.)
What you see here is [ombates]’ wearable demonstration, using the white (non-conductive) string interwoven with dark (conductive) portions connected to an Adafruit Circuit Playground board mounted as an LED pendant, with the conductive parts used as touch sensors.
Alginate is sometimes used to make dental molds and while alginate molds lose their dimensional accuracy as they dry out, for this string that’s not really a concern. If you give it a try, visit our tip line to let us know how it turned out!
Math, Optimized: Sweden’s Maximal Multi-Divi
Back in the early 1900s, before calculators lived in our pockets, crunching numbers was painstaking work. Adding machines existed, but they weren’t exactly convenient nor cheap. Enter Vilin Vinson and his Maximal Multi-Divi, a massive multiplication and division table that turned math into an industrialized process. Originally published in Sweden in the 1910’s, and refined over decades, his book was more than a reference. It was a modular calculating instrument, optimized for speed and efficiency. In this video, [Chris Staeker] tells all about this fascinating relic.
What makes the Multi-Divi special isn’t just its sheer size – handling up to 9995 × 995 multiplications – but its clever design. Vinson formatted the book like a machine, with modular sections that could be swapped out for different models. If you needed an expanded range, you could just swap in an extra 200 pages. To sell it internationally, just replace the insert – no translation needed. The book itself contains zero words, only numbers. Even the marketing pushed this as a serious calculating device, rather than just another dusty math bible.
While pinwheel machines and comptometers were available at the time, they required training and upkeep. The Multi-Divi, in contrast, required zero learning curve – just look up the numbers for instant result. And it wasn’t just multiplication: the book also handled division in reverse, plus compound interest, square roots, and even amortizations. Vinson effectively created a pre-digital computing tool, a kind of pocket calculator on steroids (if pockets were the size of briefcases).
Of course, no self-respecting hacker would take claims of ‘the greatest invention ever’ at face value. Vinson’s marketing, while grandiose, wasn’t entirely wrong – the Multi-Divi outpaced mechanical calculators in speed tests. And if you’re feeling adventurous, [Chris Staeker] has scanned the entire book, so you can try it yourself. Take a look at the full video here and see how it stacks up against your favorite retro calculators!
youtube.com/embed/56AA1yxFoQs?…
An Artificial Sun In A Manageable Size
The sun is our planet’s source of natural illumination, and though we’ve mastered making artificial light sources, it remains extremely difficult to copy our nearby star. As if matching the intensity wasn’t enough, its spectral quality, collimation, and atmospheric scattering make it an special challenge. [Victor Poughon] has given it a go though, using a bank of LEDs and an interesting lens system.
We’re used to lenses being something that can be bought off-the-shelf, but this design eschews that convenience by having the lenses manufactured and polished as an array, by JLC. The scattering is taken care of by a sheet of inkjet printer film, and the LEDs are mounted on a set of custom PCBs.
The result is certainly a very bright light, and one whose collimation delivers a sun-like effect of coming from a great distance. It may not be as bright as the real thing, but it’s certainly something close. If you’d like something to compare it to, it’s not the first such light we’ve featured.
Take A Little Bit Of Acorn To Work
When we think of 8-bit computers, it’s natural to start with home computers. That’s where they live on in the collective memory. But a Z80, a 6502, or similar was more likely to be found unseen in a piece of industrial machinery, doing the job for which we’d today reach for a microcontroller. Sometimes these two worlds intersected, and thus we come to the EuroBEEB, a derivative of Acorn’s BBC Micro on a Eurocard. [Steve Crozier] has performed extensive research into this system and even produced a recreated PCB, providing a fascinating window into embedded computing in the early 1980s.
The EuroBEEB was the work of Control Universal, a Cambridge-based company specialising in embedded computers. They produced systems based upon 6502 and 6809 processors, and joining their product line to the then-burgeoning BBC Micro ecosystem would have been an obvious step. The machine itself is a Eurocard with a simple 6502 system shipped with ACORN BBC Basic on ROM, and could be seen as a cut-down BBC Micro with plenty of digital I/O, accesible through a serial port. It didn’t stop there though, as not only could it export its graphics to a “real” BBC Micro, it had a range of expansion Eurocards that could carry the missing hardware such as analogue input, Teletext, or high-res graphics.
The reverse-engineered PCB comes from analysis of surviving schematics, and included a couple of gate array logic chips to replace address decoding ROMs in the original. If it seems overkill for anyone used to a modern microcontroller, it’s worth remembering that by the standards of the time this was a pretty simple system. Meanwhile if you only fancy trying BBC BASIC, there’s no need to find original hardware.
Hackaday Podcast Episode 314: It’s Pi, but Also PCBs in Living Color and Ultrasonic Everything
It might not be Pi Day anymore, but Elliot and Dan got together for the approximately 100*Pi-th episode of the Podcast to run through the week’s coolest hacks. Ultrasound seemed to be one of the themes, with a deep dive into finding bugs with sonar as well as using sound to cut the cheese — and cakes and pies, too.
The aesthetics of PCBs were much on our minds, too, from full-color graphics on demand to glow-in-the-dark silkscreens. Is automation really needed to embed fiber optics in concrete? Absolutely! How do you put plasma in a bottle? Apparently, with kombucha, Nichrome, and silicone. If you need to manage your M:TG cards, scribble on the walls, or build a mechanical chase light, we’ve got the details. And what exactly is a supercomputer? We can’t define it, but we know one when we see it.
html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Download the zero-calorie MP3.
Episode 314 Show Notes:
News:
- No news is good news!
What’s that Sound?
- Congrats to [IrishBoss] for guessing the angle grinder. And from Dan Maloney: “It was the ear protection, I swear!”
Interesting Hacks of the Week:
- 2024 Hackaday Supercon Talk: Killing Mosquitoes With Freaking Drones, And Sonar
- “Unnecessary” Automation Of A DIY Star Lamp Build
- Supercon 2024: A New World Of Full-Color PCBs
- Successful Experiments In Multicolor Circuit Boards
- The Way Of The PCB Artist: How To Make Truly Beautiful Circuit Boards
- Integrated BMS Makes Battery Packs Easy
- Mural: The Plotter That Draws On Walls
- Jürg Lehni & Uli Franke
- Pen Plotter Is About As Simple As It Can Get
- Stringent, the $15 Wall Plotter – Hackster.io
- Cable Bots, Arise! Domination Of The Universe Is At Hand
- [Homo Faciens] Builds A Winchbot
- Cheap Endoscopic Camera Helps Automate Pressure Advance Calibration
Quick Hacks:
- Elliot’s Picks
- Chase Light SAO Shouldn’t Have Used A 555, And Didn’t
- Turning A Kombucha Bottle Into A Plasma Tube
- LED Filaments Become Attractive Time Piece
- Glow In The Dark PCBs Are Pretty Cool
- Dan’s Picks:
- Aluminum Business Cards Make Viable PCB Stencils
- Booting A Desktop PDP-11
- 3D-Printed Scanner Automates Deck Management For Trading Card Gamers
- Aluminum Business Cards Make Viable PCB Stencils
Can’t-Miss Articles:
hackaday.com/2025/03/28/hackad…
Keep Tabs on Your Vehicle’s Needs with LubeLogger
It doesn’t matter if its a Vespa or a Peterbilt truck — if you ignore the maintenance needs of your vehicle, you do so at your own peril. But it can be difficult enough to keep track of basic oil changes, to say nothing of keeping records on what parts were changed when. Instead of cramming more receipts into your glove box, maybe give LubeLogger a try.
This free and open source software tool is designed to make it easy for individuals to keep track of both the routine maintenance needs of their vehicles, as well as keep track of any previous or upcoming repairs and upgrades. Released under the MIT license, LubeLogger is primarily distributed as a Docker image that makes it easy to self-host the tool should you wish to keep your data safe at home rather than on somebody’s server out in the Wild West of the modern Internet.
In perhaps the most basic example, LubeLogger allows the user to add their vehicle to a virtual garage and set up routine maintenance tasks (such as oil changes), and fire off reminders when tasks are due. But it can also do things like track your vehicle’s mileage and fuel efficiency over time, and break down its operating costs.
LubeLogger has been around for a little over a year now, and it seeing active development, with the last release dropping just a few weeks back. While not everyone is going to need such a powerful tool, we’re glad to see there’s a self-hosted open source option out there for those that do.
Thanks to [STR-Alorman] for the tip.
This Week in Security: IngressNightmare, NextJS, and Leaking DNA
This week, researchers from Wiz Research released a series of vulnerabilities in the Kubernetes Ingress NGINX Controller that, when chained together, allow an unauthorized attacker to completely take over the cluster. This attack chain is known as IngressNightmare, and it affected over 6500+ Kubernetes installs on the public Internet.
The background here is that web applications running on Kubernetes need some way for outside traffic to actually get routed into the cluster. One of the popular solutions for this is the Ingress NGINX Controller. When running properly, it takes incoming web requests and routes them to the correct place in the Kubernetes pod.
When a new configuration is requested by the Kubernetes API server, the Ingress Controller takes the Kubernetes Ingress objects, which is a standard way to define Kubernetes endpoints, and converts it to an NGINX config. Part of this process is the admission controller, which runs nginx -t on that NGINX config, to test it before actually deploying.
As you might have gathered, there are problems. The first is that the admission controller is just a web endpoint without authentication. It’s usually available from anywhere inside the Kubernetes cluster, and in the worst case scenario, is accessible directly from the open Internet. That’s already not great, but the Ingress Controller also had multiple vulnerabilities allowing raw NGINX config statements to be passed through into the config to be tested.
And then there’s nginx -t itself. The man page states, “Nginx checks the configuration for correct syntax, and then tries to open files referred in the configuration.” It’s the opening of files that gets us, as those files can include shared libraries. The ssl_engine fits the bill, as this config line can specify the library to use.
That’s not terribly useful in itself. However, NGINX saves memory by buffering large requests into temporary files. Through some trickery, including using the /proc/ ProcFS pseudo file system to actually access that temporary file, arbitrary files can be smuggled into the system using HTTP requests, and then loaded as shared libraries. Put malicious code in the _init() function, and it gets executed at library load time: easy remote code execution.
This issue was privately disclosed to Kubernetes, and fixed in Ingress NGINX Controller version 1.12.1 and 1.11.5, released in February. It’s not good in any Kubernetes install that uses the Ingress NGINX Controller, and disastrously bad if the admission controller is exposed to the public Internet.
Next.js
Another project, Next.js, has a middleware component that serves a similar function as an ingress controller. The Nixt.js middleware can do path rewriting, redirects, and authentication. It has an interesting behavior, in that it adds the x-middleware-subrequest HTTP header to recursive requests, to track when it’s talking to itself. And the thing about those headers is that they’re just some extra text in the request. And that’s the vulnerability: spoof a valid x-middleware-subrequest and the Next.js middleware layer just passes the request without any processing.
The only hard part is to figure out what a valid header is. And that’s changed throughout the last few versions of Next.js. The latest iteration of this technique is to use x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware or a minor variant, to trigger the middleware’s infinite recursion detection, and pass right through. In some use cases that’s no problem, but if the middleware is also doing user authentication, that’s a big problem. The issue can be mitigated by blocking x-middleware-subrequest requests from outside sources, and the 14.x and 15.x releases have been updated with fixes.
Linux’ No-op Security Function
The linux kernel uses various hardening techniques to make exploitation of bugs difficult. One technique is CONFIG_RANDOM_KMALLOC_CACHES, which makes multiple copies of memory allocation caches, and then randomizes which copy is actually used, to make memory corruption exploitation harder. Google researchers found a flaw in nftables, and wrote up the exploit, which includes the observation that this mitigation is completely non-functional when used from kvmalloc_node.
This happens as a result of how that randomization process is done. The function that calculates which of the copies to actually call actually uses its own return address as the seed value for the random value. That makes sense in some cases, but the calling function is an “exported symbol”, which among other things, means the return value is always the same, rendering the hardening attempt completely ineffective. Whoops. This was fixed in the Linux 6.15 merge window, and will be backported to the stable kernels series.
Your DNA In Bankruptcy
I’ve always had conflicting feelings about the 23andMe service. On one hand, there is some appeal to those of us that may not have much insight to our own genetic heritage, to finally get some insight into that aspect of our own history. On the other hand, that means willingly giving DNA to a for-profit company, and just trusting them to act responsibly with it. That concern has been brought into sharp focus this week, as 23andMe has filed for Chapter 11 bankruptcy. This raises a thorny question, of what happens to that DNA data as the company is sold?
The answer seems to be that the data will be sold as well, leading to calls for 23andMe customers to log in and request their data be deleted. Chapter 11 bankruptcy does not prevent them from engaging in business activities, and laws like the GDPR continue to apply, so those requests should be honored. Regardless, it’s a stark reminder to be careful what data you’re willing to entrust to what business, especially something as personal as DNA. It’s unclear what the final fallout is going to be from the company going bankrupt, but it’s sure to be interesting.
Appsmith and a Series of Footguns
Rhino Security did a review of the Appsmith platform, and found a series of CVEs. On the less severe side, that includes a error handling problem that allows an unauthorized user to restart the system, and an easily brute-forced unique ID that allows read-only users to send arbitrary SQL queries to databases in their workspace. The more serious problem is a pseudo-unauthenticated RCE that is in some ways more of a default-enabled footgun than a vulnerability.
On a default Appsmith install, the default postgres database allows local connections to any user, on any database. Appsmith applications use that local socket connection. Also in the default configuration, Appsmith will allow new users to sign up and create new applications without needing permission. And because that new user created their own application on the server, the user has permissions to set up database access. And from there postgres will happily let the user run a FROM PROGRAM query that runs arbitrary bash code.
Bits and Bytes
There’s been a rumor for about a week that Oracle Cloud suffered a data breach, that Oracle has so far denied. It’s beginning to look like the breach is a real one, with Bleeping Computer confirming that the data samples are legitimate.
Google’s Project Zero has a blast from the past, with a full analysis of the BLASTPASS exploit. This was a 2003 NSO Group exploit used against iMessage on iOS devices, and allowed for zero-click exploitation. It’s a Huffman tree decompression vulnerability, where attempting to decompress the tree overwrites memory and triggers code execution. Complicated, but impressive work.
Resecurity researchers cracked the infrastructure of the BlackLock ransomware group via a vulnerability in the group’s Data Leak Site. Among the treasures from this action, we have the server’s history logs, email addresses, some passwords, and IP address records. While no arrests have been reported in connection with this action, it’s an impressive hack. Here’s hoping it leads to some justice for ransomware crooks.
And finally, Troy Hunt, master of pwned passwords, has finally been stung by a phishing attack. And had a bit of a meta-moment when receiving an automated notice from his own haveibeenpwned.com service. All that was lost was the contents of Troy’s Mailchimp mailing list, so if your email address was on that list, it’s available in one more breach on the Internet. It could have been worse, but it’s a reminder that it can happen to even the best of us. Be kind.
This is too many levels of meta for my head to grasppic.twitter.com/Pr0iFQGNlh
— Troy Hunt (@troyhunt) March 25, 2025
Dwingeloo to Venus: Report of a Successful Bounce
Radio waves travel fast, and they can bounce, too. If you are able to operate a 25-meter dish, a transmitter, a solid software-defined radio, and an atomic clock, the answer is: yes, they can go all the way to Venus and back. On March 22, 2025, the Dwingeloo telescope in the Netherlands successfully pulled off an Earth-Venus-Earth (EVE) bounce, making them the second group of amateurs ever to do so. The full breakdown of this feat is available in their write-up here.
Bouncing signals off planets isn’t new. NASA has been at it since the 1960s – but amateur radio astronomers have far fewer toys to play with. Before Dwingeloo’s success, AMSAT-DL achieved the only known amateur EVE bounce back in 2009. This time, the Dwingeloo team transmitted a 278-second tone at 1299.5 MHz, with the round trip to Venus taking about 280 seconds. Stockert’s radio telescope in Germany also picked up the returning echo, stronger than Dwingeloo’s own, due to its more sensitive receiving setup.
Post-processing wasn’t easy either. Doppler shift corrections had to be applied, and the received signal was split into 1 Hz frequency bins. The resulting detections clocked in at 5.4 sigma for Dwingeloo alone, 8.5 sigma for Stockert’s recording, and 9.2 sigma when combining both datasets. A clear signal, loud and proud, straight from Venus’ surface.
The experiment was cut short when Dwingeloo’s transmitter started failing after four successful bounces. More complex signal modulations will have to wait for the next Venus conjunction in October 2026. Until then, you can read our previously published article on achievements of the Dwingeloo telescope.
Scanning Film The Way It Was Meant To Be
Scanning a film negative is as simple as holding it up against a light source and photographing the result. But should you try such a straightforward method with color negatives it’s possible your results may leave a little to be desired. White LEDs have a spectrum which looks white to our eyes, but which doesn’t quite match that of the photographic emulsions.
[JackW01] is here with a negative scanning light that uses instead a trio of red, green, and blue LEDs whose wavelengths have been chosen for that crucial match. With it, it’s possible to make a good quality scan with far less post-processing.
We can immediately see the value here at Hackaday, because like many a photographer working with analogue and digital media, we’ve grappled with color matching ourselves.
This isn’t the first time we’ve considered film scanning but it may be the first project we’ve seen go into such detail with the light source. We have looked at the resolution of the film though.
Un Threat Actors rivendica un attacco al Festival di San Valentino: Database Trafugato?
Nel panorama della cybersecurity, le fughe di dati rappresentano una minaccia sempre più ricorrente, e il recente leak del database di “festivaldisanvalentino.com” ne è l’ennesima dimostrazione. Un utente di un noto forum underground ha infatti pubblicato un presunto archivio SQL contenente dati sottratti dal sito web, mettendo a rischio informazioni sensibili degli utenti.
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
I Dettagli del Leak
L’utente “lluigi”, registrato sulla piattaforma nel novembre 2023 e con un’attività limitata ma significativa, ha rilasciato il database in un post datato 22 febbraio 2025. Secondo la descrizione fornita, il dump SQL ha una dimensione di 6MB, che si espande fino a 94MB una volta decompresso.
Un’anteprima dei dati compromessi rivela indirizzi email, IP, e messaggi di comunicazione interna, suggerendo una violazione su larga scala che potrebbe esporre (qualora confermata) centinaia o migliaia di utenti a rischi di phishing, furto d’identità e altri attacchi informatici.
Alcuni esempi includono conversazioni in cui gli utenti richiedono conferme di invio di file e altre informazioni di carattere privato. La presenza di dettagli tecnici nei metadati (come user agent e versioni di browser) potrebbe inoltre fornire agli attaccanti ulteriori spunti per orchestrare attacchi mirati.
Chi c’è Dietro l’Attacco?
Non sono stati forniti dettagli sulle modalità di attacco utilizzate per ottenere il database da parte del criminale informatico, ma è plausibile che il sito sia stato vittima ad esempio di una vulnerabilità non patchata o di credenziali di accesso compromesse. “lluigi”, l’autore del post, non sembra essere direttamente l’autore della violazione, bensì un intermediario che ha ricevuto e pubblicato i dati.
Conseguenze e Contromisure
Le vittime di questa fuga di dati devono adottare misure di sicurezza come:
- Cambiare le password associate all’account del sito
- Utilizzare plugin per poter rendere anonima l’esposizione dei pannelli di amministrazione di accesso al sito (ad esempio wp-admin.php)
- Cambiare le stesse password correlate ad altri servizi
- Attivare l’autenticazione a due fattori (2FA)
- Diffidare di email sospette o tentativi di contatto non richiesti
Per il team di sicurezza del sito, è fondamentale analizzare il vettore il potenziale attacco e nel caso attivare specifiche misure di sicurezza, come ad esempio il patch management del sistema per evitare ulteriori potenziali problemi.
Conclusioni
Questo incidente dimostra ancora una volta quanto sia cruciale la sicurezza informatica per qualsiasi piattaforma che gestisca dati sensibili. La pubblicazione di database trafugati su forum underground è un fenomeno in crescita, e l’attenzione di aziende e utenti deve rimanere sempre alta e vigile per prevenire e mitigare i danni derivanti da questi attacchi.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’organizzazione qualora voglia darci degli aggiornamenti su questa vicenda e saremo lieti di pubblicarla con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono accedere utilizzare la mail crittografata del whistleblower.
Questo articolo è stato redatto attraverso l’utilizzo della piattaforma Recorded Future, partner strategico di Red Hot Cyber e leader nell’intelligence sulle minacce informatiche, che fornisce analisi avanzate per identificare e contrastare le attività malevole nel cyberspazio.
L'articolo Un Threat Actors rivendica un attacco al Festival di San Valentino: Database Trafugato? proviene da il blog della sicurezza informatica.
AqMood is an Air Quality Monitor with an Attitude
You take your air quality seriously, so shouldn’t your monitoring hardware? If you’re breathing in nasty VOCs or dust, surely a little blinking LED isn’t enough to express your displeasure with the current situation. Luckily, [Tobias Stanzel] has created the AqMood to provide us with some much-needed anthropomorphic environmental data collection.
To be fair, the AqMood still does have its fair share of LEDs. In fact, one might even say it has several device’s worth of them — the thirteen addressable LEDs that are run along the inside of the 3D printed diffuser will definitely get your attention. They’re sectioned off in such a way that each segment of the diffuser can indicate a different condition for detected levels of particulates, VOCs, and CO2.
[Tobias] has not only shared all the files that are necessary to build your own AqMood, he’s done a fantastic job of documenting each step of the build process. There’s even screenshots to help guide you along when it’s time to flash the firmware to the XIAO Seeed ESP32-S3 at the heart of the AqMood.
If you prefer your air quality monitoring devices be a little less ostentatious, IKEA offers up a few hackable models that might be more your speed.
Half The Reflow Oven You Expected
Toaster oven reflow projects are such a done deal that there should be nothing new in one here in 2025. Take a toaster oven, an Arduino, and a thermocouple, and bake those boards! But [Paul J R] has found a new take on an old project, and better still, he’s found the most diminutive of toaster ovens from the Australian version of Kmart. We love the project for the tiny oven alone.
The brains of the operation is an ESP32, in the form of either a TTGO TTDisplay board or an S3-Zero board on a custom carrier PCB, with a thermistor rather than a thermocouple for the temperature sensing, and a solid state relay to control mains power for the heater. All the resources are in a GitHub repository, but you may have to make do with a more conventionally-sized table top toaster oven if you’re not an Aussie.
If you’re interested, but want a better controller board, we’ve got you covered.
An Inexpensive Way to Break Down Plastic
Plastic has been a revolutionary material over the past century, with an uncountable number of uses and an incredibly low price to boot. Unfortunately, this low cost has led to its use in many places where other materials might be better suited, and when this huge amount of material breaks down in the environment it can be incredibly persistent and harmful. This has led to many attempts to recycle it, and one of the more promising efforts recently came out of a lab at Northwestern University.
Plastics exist as polymers, long chains of monomers that have been joined together chemically. The holy grail of plastic recycling would be to convert the polymers back to monomers and then use them to re-make the plastics from scratch. This method uses a catalyst to break down polyethylene terephthalate (PET), one of the more common plastics. Once broken down, the PET is exposed to moist air which converts it into its constituent monomers which can then be used to make more PET for other uses.
Of course, the other thing that any “holy grail” of plastic recycling needs is to actually be cheaper and easier than making new plastic from crude oil, and since this method is still confined to the lab it remains to be seen if it will one day achieve this milestone as well. In the meantime, PET can also be recycled fairly easily by anyone who happens to have a 3D printer around.
Inside a Fake WiFi Repeater
Over the years we have seen a lot of fake electronics, ranging from fake power saving devices that you plug into an outlet, to fake car ECU optimizers that you stick into the OBD port. These are all similar in that they fake functionality while happily lighting up a LED or two to indicate that they’re doing ‘something’. Less expected here was that we’d be seeing fake WiFi repeaters, but recently [Big Clive] got his hands on one and undertook the arduous task of reverse-engineering it.
The simple cardboard box which it comes in claims that it’s a 2.4 GHz unit that operates at 300 Mbps, which would be quite expected for the price. [Clive] obtained a real working WiFi repeater previously that did boast similar specifications and did indeed work. The dead giveaway that it is a fake are the clearly fake antennae, along with the fact that once you plug it in, no new WiFi network pops up or anything else.
Inside the case – which looks very similar to the genuine repeater – there is just a small PCB attached to the USB connector. On the PCB are a 20 Ohm resistor and a blue LED, which means that the LED is being completely overdriven as well and is likely to die quite rapidly. Considering that a WiFi repeater is supposed to require a setup procedure, it’s possible that these fake repeaters target an audience which does not quite understand what these devices are supposed to do, but they can also catch more informed buyers unaware who thought they were buying some of the cheap real ones. Caveat emptor, indeed.
youtube.com/embed/BiZZP4YXw9U?…
Your Badminton Racket Needs Restringing? There’s a DIY Machine for That
We don’t often get our badminton rackets restrung, but if we did, [kuokuo702]’s PicoBETH project would be where we’d turn. This is a neat machine build for a very niche application, but it’s also a nicely elaborated project with motors, load cells, and even a sweet knobby-patterned faceplate that is certainly worth a look even if you’re not doing your own restringing.
We’ll admit that everything we know about restringing rackets we learned by watching [kuokuo]’s demo video, but the basic procedure goes like this: you zigzag the string through the holes in the racket, controlling the tension at each stage along the way. A professional racket frame and clamp hold the tension constant while you fiddle the string through the next hole, but getting the tension just right in the first place is the job of [kuokuo]’s machine. It does this with a load cell, stepper motor, and ball screw, all under microcontroller control. Pull the string through, let the machine tension it, clamp it down, and then move on to the next row.
Automating the tension head allows [kuokuo] to do some fancy tricks, like pre-stretching the strings and even logging the tension in the string at each step along the way. The firmware has an extensive self-calibration procedure, and in all seems to be very professional. But it’s not simply functional; it also has a fun LEGO-compatible collection of bumps integrated into the 3D-printed dust cover. That way, your minifigs can watch you at work? Why not!
Automating random chores is a great excuse to build fun little machines, and in that vein, we salute [kuokuo]’s endeavor. Once you start, you’ll find stepper motors sprouting all around like crocuses in a spring field. And speaking of spring, Easter is just around the corner. So if you don’t play badminton, maybe it’s time to build yourself an eggbot.
youtube.com/embed/3ESbAJstZl4?…
Supercon 2024: Yes, You Can Use the Controller Area Network Outside of Cars
Ah, the CAN bus. It’s become a communication standard in the automotive world, found in a huge swathe of cars built from the mid-1990s onwards. You’ll also find it in aircraft, ships, and the vast majority of modern tractors and associated farm machines, too.
As far as [Randy Glenn] is concerned, though, the CAN bus doesn’t have to be limited to these contexts. It can be useful far beyond its traditional applications with just about any hardware platform you care to use! He came down to tell us all about it at the 2024 Hackaday Supercon.
youtube.com/embed/Uci5aiDWjFI?…
[Randy]’s talk was titled “Yes, You CAN: Use The Controller Area Network Outside Of Cars.” We have to assume the pun was intended. In any case, the CAN bus came to us from Bosch, which began developing the standard in 1983. The company officially released it at the Society of Automotive Engineers conference in 1986, with compatible chips first hitting the market a year later. It took a little while longer for the standard to find traction, with Mercedes-Benz being the first to implement it in a production vehicle in 1991. It soon caught on with the wider industry as a robust and reliable way to let a vehicle’s various control units communicate with all the important sensors that were proliferating on modern automobiles. CAN got its big break when it was mandated as part of the OBD-II standard in North America, which defacto put it into virtually every car sold in that market from 1996 onwards.
Since then, CAN has proliferated well beyond the automotive space, into marine and aerospace contexts as well. As [Randy] explains, beyond transportation, you’ll also find it in everything from robots to pinball machines and even elevators. Basically, wherever it’s important to have robust local communication between distributed embedded systems, CAN is a great candidate for the job.
Since it’s so widespread, it’s easy to find hardware and software that’s CAN-ready out of the box. The vast majority of microcontroller manufacturers include some sort of CAN compatibility; for example, Espressif’s ESP32 has the “Two Wire Automotive Interface” which is built for this purpose. Linux is more than happy to talk CAN, too, and most programming languages have some sort of library available, too. Whether you’re working with Arduino, MicroPython, or CircuitPython, you can certainly find what you need. Even if you have a device without CAN built in—like a Raspberry Pi—SPI-ready CAN controllers can be had for cheap from vendors like Microchip.
There are specific reasons why you might consider CAN for your embedded communication needs. It uses a differential bus, which gives it an inherent ability to resist disruption from electrical noise. Addressing, error-checking, and retransmission functionality are also baked in to CAN controllers, so you don’t have to handle it yourself. You can also find tons of CAN compatible hardware on the market to do whatever you’re trying to do, and a lot of it is pretty cheap because manufacturers are churning it out by the millions.
Of course, there are some limits. Traditionally, you’re stuck with only 32 devices on a bus, though there are some ways to work around it at lower data rates. Peak data rate is 1 megabit per second on a traditional CAN bus operating at the high data rate; this limits you to a total bus length of 25 meters. You can up this to 250 meters if you drop to 250 kbit/s instead. Packets are also limited to 8 bytes in size.
Beyond the basic performance specs, [Randy] also explains how you might go about typical implementations with different hardware. For example, if you’ve got a microcontroller with no CAN capability baked in, you might hook it up with a CAN controller and transceiver over SPI. Alternatively, you might choose to work with a more advanced microcontroller that has all the CAN communication hardware built into the chip, simplifying your build. For parts like the ESP32 and some STM32s, you might find you’ve got a CAN controller on board, but you’re lacking the hardware to do the fancy differential signalling—in that case, you just need to hook up a CAN transceiver to get your hardware on the bus. [Randy] also highlights the usual conventions, such as terminology and wire colors, while explaining that these aren’t always rigidly adhered to in the field.
On the communication level, the CAN bus standard mandates that nodes transmit frames, with each each frame containing up to 8 bytes of data. [Randy] explains how messages are formatted and addressed to ensure the right nodes get the right data they’re looking for. There are standard message frames, as well as Remote Transmission Request (RTR) frames—where one node requests data from another. A typical example is a controller asking a sensor to report a value. There are also special Error and Control Frames, which [Randy] notes are complicated and beyond the scope of his Supercon talk. However, he recommends resources that exist to explain them in great detail.
Much of [Randy’s] talk explains how CAN works. But, as promised, he also takes the time to explain possible non-automotive applications for this technology. He steps through an amusing Halloween build, where a CAN bus is used to trigger scary lightning and sound effects when people press a doorbell.
If you’ve ever wanted a good CAN primer, [Randy]’s talk is just what you need. As far as robust embedded communication standards go, it’s one of the most popular and long-lived out there. It might just pay dividends to put the CAN bus in your own toolbox for future use!
Custom Slimline CD Player Hides Out Under Speaker
In the era of digital streaming, the market is full of wireless speakers that will play content from your smartphone or pull it down from the Internet directly over WiFi. But if you’re feeling a bit nostalgic and want to throw on one of your old CDs, well, you might have a problem. That’s the situation [Chad Boughton] recently found himself in, so he decided to build a compact CD player that could discreetly connect up to his fancy Klipsch speaker.
The optical drive itself was the easy part, as [Chad] already had a laptop-style drive in an external enclosure that he could liberate. But of course, the speaker wouldn’t know what to do with an external disc drive, so there needed to be an intermediary. Enter the Raspberry Pi.
When plugged into the Raspberry Pi, the Klipsch speaker shows up as a USB audio device, so the software side of things was relatively simple. [Chad] installed VLC to handle CD playback, but he still needed a way to control everything. To that end, a IR receiver hooked up to the Pi’s GPIO pins means the Pi can detect the signals coming from the speaker’s original remote and pass the appropriate command on to VLC. The whole thing is very well integrated, and you could be forgiven for thinking it might be some kind of stock upgrade module at first glance.
Despite recently celebrating its 40th birthday, the CD is unlikely to completely disappear from our lives anytime soon. Manufacturers can turn their back on the standard if they want, but so long as folks still want to play them, they’ll keep coming up with inventive ways to make it happen.
youtube.com/embed/X92FkGoavSA?…
General Fusion Claims Success with Magnetized Target Fusion
It’s rarely appreciated just how much more complicated nuclear fusion is than nuclear fission. Whereas the latter involves a process that happens all around us without any human involvement, and where the main challenge is to keep the nuclear chain reaction within safe bounds, nuclear fusion means making atoms do something that goes against their very nature, outside of a star’s interior.
Fusing helium isotopes can be done on Earth fairly readily these days, but doing it in a way that’s repeatable — bombs don’t count — and in a way that makes economical sense is trickier. As covered previously, plasma stability is a problem with the popular approach of tokamak-based magnetic confinement fusion (MCF). Although this core problem has now been largely addressed, and stellarators are mostly unbothered by this particular problem, a Canadian start-up figures that they can do even better, in the form of a nuclear fusion reactors based around the principle of magnetized target fusion (MTF).
Although General Fusion’s piston-based fusion reactor has people mostly very confused, MTF is based on real physics and with GF’s current LM26 prototype having recently achieved first plasma, this seems like an excellent time to ask the question of what MTF is, and whether it can truly compete billion-dollar tokamak-based projects.
Squishing Plasma Toroids
In general, to achieve nuclear fusion, the target atoms have to be pushed past the Coulomb barrier, which is an electrostatic interaction that normally prevents atoms from approaching each other and even spontaneously fusing. In stars, the process of nucleosynthesis is enabled by the intense pressures due to the star’s mass, which overcomes this electrostatic force.
Replicating the nuclear fusion process requires a similar way to overcome the Coulomb barrier, but in lieu of even a small-sized star like our Sun, we need alternate means such as much higher temperatures, alternative ways to provide pressure and longer confinement times. The efficiency of each approach was originally captured in the Lawson criterion, which was developed by John D. Lawson in a (then classified) 1955 paper (PDF on Archive.org).
In order to achieve a self-sustaining fusion reaction, the energy losses should be less than the energy produced by the reaction. The break-even point here is expressed as having a Q (energy gain factor) of 1, where the added energy and losses within the fusion process are in balance. For sustained fusion with excess energy generation, the Q value should be higher than 1, typically around 5 for contemporary fuels and fusion technology.
In the slow march towards ignition, we have seen many reports in the popular media that turn out to be rather meaningless, such as the horrendous inefficiency demonstrated by the laser-based inertial confinement fusion (ICF) at the National Ignition Facility (NIF). This makes it rather fascinating that what General Fusion is attempting is closer to ICF, just without the lasers and artisan Hohlraum-based fuel pellets.
Instead they use a plasma injector, a type of plasma railgun called a Marshall gun, that produces hydrogen isotope plasma, which is subsequently contained in a magnetic field as a self-stable compact toroid. This toroid is then squished by a mechanical system in a matter of milliseconds, with the resulting compression induces fusion. Creating this toroid is the feat that was recently demonstrated in the current Lawson Machine 26 (LM26) prototype reactor with its first plasma in the target chamber.
Magneto-Inertial Fusion
Whereas magnetic confinement fusion does effectively what it says on the tin, magnetic target fusion is pretty much a hybrid of magnetic confinement fusion and the laser-based intertial confinement fusion. Because the magnetic containment is only there to essentially keep the plasma in a nice stable toroid, it doesn’t have nearly the same requirements as in a tokamak or stellarator. Yet rather than using complex and power-hungry lasers, MCF applies mechanical energy using an impulse driver — the liner — that rapidly compresses the low-density plasma toroid.
The juiciest parts of General Fusion’s experimental setup can be found in the Research Library on the GF website. The above graphic was copied from the LM26 poster (PDF), which provides a lot of in-depth information on the components of the device and its operation, as well as the experiments that informed its construction.
The next step will be to test the ring compressor that is designed to collapse the lithium liner around the plasma toroid, compressing it and achieving fusion.
Long Road Ahead
As promising this may sound, there is still a lot of work to do before MTF can be considered a viable option for commercial fusion. As summarized on the Wikipedia entry for General Fusion, the goal is to have a liquid liner rather than the solid lithium liner of LM26. This liquid lithium liner will both breed new tritium fuel from neutron exposure, as well as provide the liner that compresses the deuterium-tritium fuel.
This liquid liner would also provide cooling, linked with a heat exchanger or steam generator to generate electricity. Because the liquid liner would be infinitely renewable, it should allow for about 1 cycle per second. To keep the liquid liner in place on the inside of the sphere, it would need to be constantly spun, further complicating the design.
Although getting plasma in the reaction chamber where it can be squished by the ring compressor’s lithium liner is a major step, the real challenge will be in moving from a one-cycle-a-day MTF prototype to something that can integrate not only the aforementioned features, but also run one cycle per second, while being more economical to run than tokamaks, stellarators, or even regular nuclear fission plants, especially Gen IV fast neutron reactors.
That said, there is a strong argument to be made that MTF is significantly more practical for commercial power generation than ICF. And regardless, it is just really cool science and engineering.
Top image: General Fusion’s Lawson Machine 26. (Credit: General Fusion)
DeepSeek o DeepScam? Quando Google ti fa scaricare un virus con un click!
La rapida crescita della popolarità di DeepSeek, in mezzo alle controversie sulla privacy, ha attirato l’attenzione non solo degli utenti, ma anche dei criminali informatici. Sono comparsi online falsi annunci pubblicitari camuffati da risultati di ricerca ufficiali di Google nel tentativo di diffondere malware. Gli aggressori prendevano di mira coloro che digitavano query in un motore di ricerca e cliccavano distrattamente sui primi link.
Secondo la ricerca degli specialisti di Malwarebytes, Google Ads ospita attivamente annunci falsi che si spacciano per DeepSeek. A prima vista, le differenze rispetto al risultato reale sono difficili da rilevare, soprattutto per un utente inesperto. Basta cliccare su un link del genere per arrivare a un sito falso, creato con particolare attenzione all’autenticità visiva.
Uno di questi siti copia completamente l’aspetto del DeepSeek ufficiale, ma in realtà porta al download di un Trojan scritto in MSIL (Microsoft Intermediate Language). Il codice dannoso viene attivato quando si tenta di scaricare il “motore di ricerca” e viene avviato sul sistema della vittima.
Sito web falso DeepSeek (Malwarebytes)
I criminali contano sulla credibilità dei risultati sponsorizzati su Google. Il sistema consente a tali annunci di occupare le prime posizioni, superando persino i siti web ufficiali dei marchi. Ciò rende la pubblicità falsa particolarmente pericolosa. I truffatori pagano somme considerevoli per il piazzamento, il che dimostra l’elevata efficacia dell’inganno.
Uno dei siti falsi è stato creato a nome di un inserzionista il cui nome è scritto in ebraico: תמיר כץ. Questo è un altro campanello d’allarme: tali dettagli sono difficili da notare in fretta, soprattutto se l’utente non sa come dovrebbe apparire un vero annuncio DeepSeek.
Informazioni sull’inserzionista di malware (Malwarebytes)
Per prevenire il contagio, gli esperti consigliano di evitare completamente di cliccare sui link sponsorizzati. Inoltre, si consiglia di cliccare sui tre puntini accanto all’URL nei risultati di ricerca: in questo modo è possibile scoprire chi è il proprietario dell’annuncio. Se hai dubbi sul nome dell’inserzionista, è meglio tornare ai risultati di ricerca normali.
Annunci falsi (in alto) e veri DeepSeek (in basso) (Malwarebytes)
Per bloccare completamente i link sponsorizzati, puoi installare un adblocker. In questo modo si eliminerà il rischio di visitare accidentalmente un sito dannoso. In una situazione in cui Google non può garantire la sicurezza degli annunci pubblicitari, tali misure diventano particolarmente rilevanti.
L'articolo DeepSeek o DeepScam? Quando Google ti fa scaricare un virus con un click! proviene da il blog della sicurezza informatica.
Chase Light SAO Shouldn’t Have Used a 555, and Didn’t
Around these parts, projects needlessly using a microcontroller where a simpler design would do are often derided with the catch-all “Should have used a 555,” even if the venerable timer chip wouldn’t have been the ideal solution. But the sentiment stands that a solution more complicated than it needs to be is probably one that needs rethinking, as this completely mechanical chaser light badge Simple Add-On (SAO) aptly demonstrates.
Two thin plates with notches around the edge are sandwiched together inside the 3D printed case of the SAO, between the face and the light source. A small motor and a series of gears rotate the two masks 180° out of phase with each other, which creates the illusion that the light is moving.
It’s pretty convincing; when we first saw the video below, we were sure it was a row of tiny LEDs around the edge of the badge.
Hats off to [Johannes] for coming up with such a clever mechanism and getting it working just in time for Hackaday Europe. If you need to catch up on the talks, we’ve got a playlist ready for you.
youtube.com/embed/bpqRJ9gQvO8?…
Pi Pico Turns Atari 2600 into a Lo-fi Photo Frame
The cartridge based game consoles of decades ago had a relatively simple modus operandi — they would run a program stored in a ROM in the cartridge, and on the screen would be the game for the enjoyment of the owner. This made them simple in hardware terms, but for hackers in the 2020s, somewhat inflexible. The Atari 2600 is particularly troublesome in this respect, with its clever use of limited hardware making it not the easiest to program at the best of times. This makes [Nick Bild]’s Atari 2600 photo frame project particularly impressive.
In the case of this cartridge the ROM is replaced by a Raspberry Pi Pico, which does the job of both supplying the small Atari 2600 program to display the images, and feeding the image data in a form pre-processed for the Atari.
The result is very 8-bit in its aesthetic and barely what you might refer to as photos at all, but on the other hand making the Atari do this at all is something of a feat. Everything can be found in a GitHub repository.
If new hardware making an old console perform unexpected tricks is your bag, we definitely have more for you.
youtube.com/embed/uxBHm1ROvYI?…
DK 9x24 - 23AndMe
23AndMe, il servizio di mappatura genetica ricreativa, dichiara bancarotta. Il Procuratore Generale della California pubblica un appello a tutti i californiani perché, ai sensi della loro legge sulla privacy, chiedano a 23AndMe la cancellazione dei propri dati. Come mai? Dove sta il problema?
spreaker.com/episode/dk-9x24-2…
Il Giallo dell’attacco ad Oracle Cloud continua tra CVE, handle sull’Internet Archive e Meme
La scorsa settimana, un threat actors di nome ‘rose87168’ ha affermato di aver violato i server Oracle Cloud e di aver iniziato a vendere i presunti dati di autenticazione e le password crittografate di 6 milioni di utenti.
L’autore della minaccia ha anche affermato che le password SSO e LDAP rubate potevano essere decriptate utilizzando le informazioni nei file rubati e si è offerto di condividere alcuni dei dati con chiunque potesse aiutarli a recuperarli. La posizione di Oracle è stata quella di negare la violazione dei suoi server di accesso SSO federati Oracle Cloud e il furto dei dati degli account di 6 milioni di persone.
Molte aziende hanno confermato che i campioni di dati condivisi dall’autore della minaccia erano validi. Oracle ha dichiarato: “Non c’è stata alcuna violazione di Oracle Cloud. Le credenziali pubblicate non sono per Oracle Cloud. Nessun cliente Oracle Cloud ha subito una violazione o ha perso dati”.
126.687 domini colpiti dalla presunta violazione
Le aziende hanno dichiarato che i nomi visualizzati LDAP associati, gli indirizzi e-mail, i nomi propri e altre informazioni identificative erano tutti corretti e appartenevano a loro. L’attore della minaccia ha rilasciato più file di testo costituiti da un database, dati LDAP e un elenco di 140.621 domini di aziende che sarebbero state colpite dalla violazione (126.687 effettuando una group by). Va notato che alcuni dei domini aziendali sembrano di test e ci sono più domini per azienda. Per quanto riguarda le aziende italiane, abbiamo ben 1938 record all’interno dei domini colpite dalla presunta violazione (1806 effettuando un raggruppamento).
Inoltre l’autore della minaccia sostiene di aver avuto uno scambio di email con Oracle per segnalare di aver hackerato i server. “Ho esaminato attentamente l’infrastruttura della dashboard cloud e ho trovato un’enorme vulnerabilità che mi ha consentito di accedere in modo completo alle informazioni di 6 milioni di utenti”, si legge nell’e-mail che è stata visionata da BleepingComputer.
Cloudsek, come abbiamo visto nel precedente articolo, ha anche trovato un URL di Archive.org che mostra che il server “login.us2.oraclecloud.com” eseguiva Oracle Fusion Middleware 11g a partire dal 17 febbraio 2025. Da allora Oracle ha disattivato questo server dopo che è stata segnalata la notizia della presunta violazione.
Questa versione del software è stata interessata da una vulnerabilità tracciata come CVE-2021-35587 che sembrerebbe aver consentito di compromettere Oracle Access Manager. L’autore della minaccia ha affermato che questa vulnerabilità è stata utilizzata nella presunta violazione dei server Oracle.
Il file x.txt registrato nell’Internet Archive
La vulnerabilità utilizzata per questa presunta violazione sembra essere il CVE-2021-35587 che ha consentito la compromissione del server login[.]us2[.]oraclecloud[.]com. Oracle dopo aver negato l’attacco ha rapidamente disconnesso il server da Internet.
L’aggressore sostiene inoltre di aver lasciato un file con un nome handle, “x.txt”, scritto al suo interno quando ha violato il server “login.us2.oraclecloud[.]com” e che questo è stato scansionato e registrato nell’Internet Archive il 1° marzo 2025.
Questa vicenda, ancora avvolta nel mistero, non ha una chiara spiegazione. È certo che un gigante come Oracle stia ancora analizzando i fatti e presto pubblicherà un report ufficiale per fare luce sull’accaduto. Nel frattempo, c’è chi affronta la situazione con ironia, diffondendo meme che, almeno dagli elementi in nostro possesso, sembrano essere condivisibili.
rose87168 is shopping around for interest owners wanting to validate the @Oracle Cloud breach. It’s all about to finalize soon…Oracle: pic.twitter.com/Smx05YP2yt
— Ido Naor 🇮🇱 (@IdoNaor1) March 25, 2025
L'articolo Il Giallo dell’attacco ad Oracle Cloud continua tra CVE, handle sull’Internet Archive e Meme proviene da il blog della sicurezza informatica.
Una configurazione errata di AWS S3, porta alla divulgazione di 86.000 operatori sanitari in 29 stati degli Stati Uniti
Di recente, si è verificata una grave perdita di dati presso ESHYFT, un’azienda di tecnologia sanitaria nel New Jersey, USA.
Le informazioni sensibili di oltre 86.000 operatori sanitari sono state esposte pubblicamente a causa di un bucket di archiviazione AWS S3 configurato in modo errato. Il ricercatore di sicurezza informatica Jeremiah Fowler ha scoperto che circa 108,8 GB di dati nel bucket non erano protetti da password o crittografati, lasciando le informazioni personali di un gran numero di operatori sanitari accessibili al pubblico.
Le informazioni sensibili trapelate includono informazioni di identificazione personale (PII), come foto del volto, orari di lavoro, certificati professionali, documenti medici, ecc., alcune delle quali potrebbero essere protette dall’Health Insurance Portability and Accountability Act (HIPAA) degli Stati Uniti. I dati riguardano personale sanitario di 29 stati, tra cui infermieri, assistenti infermieristici, ecc., il che comporta enormi rischi per la privacy del personale interessato.
Durante l’indagine, Fowler ha scoperto che una cartella denominata “App” nel bucket S3 archiviava 86.341 record, tra cui immagini facciali degli utenti, registri mensili della programmazione dei lavori in formato CSV, contratti di lavoro, curriculum, ecc.
Un foglio di calcolo conteneva più di 800.000 voci che dettagliavano gli ID interni degli infermieri, i luoghi di lavoro, le date e gli orari dei turni e gli orari di lavoro, fornendo un quadro completo delle attività degli operatori sanitari.
Ancora più grave è che nel contenitore di archiviazione ci sono anche alcuni documenti medici utilizzati per dimostrare l’assenza o il congedo per malattia. Questi documenti contengono informazioni su diagnosi, prescrizione e trattamento, che potrebbero includere contenuti protetti da HIPAA.
Dopo aver scoperto il bucket S3 esposto, Fowler ha immediatamente inviato una notifica di divulgazione responsabile a ESHYFT, seguendo il protocollo standard dei ricercatori di sicurezza. Tuttavia, nonostante l’estrema delicatezza dei dati, l’accesso pubblico al database è stato limitato più di un mese dopo la notifica iniziale.
Dopo aver ricevuto la notifica, ESHYFT ha risposto solo con una breve dichiarazione: “Grazie! Stiamo indagando attivamente e cercando una soluzione.” Non è chiaro se il bucket S3 sia stato gestito direttamente da ESHYFT o tramite un appaltatore terzo.
Non ci sono inoltre informazioni su quanto a lungo i dati siano stati esposti prima di essere scoperti, o se vi sia stato un accesso non autorizzato da parte di terzi durante il periodo di esposizione.
L'articolo Una configurazione errata di AWS S3, porta alla divulgazione di 86.000 operatori sanitari in 29 stati degli Stati Uniti proviene da il blog della sicurezza informatica.
Why are Micro Center Flash Drives so Slow?
Every year, USB flash drives get cheaper and hold more data. Unfortunately, they don’t always get faster. The reality is, many USB 3.0 flash drives aren’t noticeably faster than their USB 2.0 cousins, as [Chase Fournier] found with the ultra-cheap specimens purchased over at his local Micro Center store.
Although these all have USB 3.0 interfaces, they transfer at less than 30 MB/s, but why exactly? After popping open a few of these drives the answer appears to be that they use the old-style Phison controller (PS2251-09-V) and NAND flash packages that you’d expect to find in a USB 2.0 drive.
Across the 32, 64, and 256 GB variants the same Phison controller is used, but the PCB has provisions for both twin TSOP packages or one BGA package. The latter package turned out to be identical to those found in the iPhone 8. Also interesting was that the two 256 GB drives [Chase] bought had different Phison chips, as in one being BGA and the other QFP. Meanwhile some flash drives use eMMC chips, which are significantly faster, as demonstrated in the video.
It would seem that you really do get what you pay for, with $3 “USB 3.0” flash drives providing the advertised storage, but you really need to budget in the extra time that you’ll be waiting for transfers.
youtube.com/embed/4avbFmmMFs8?…
Fitting a Spell Checker into 64 kB
By some estimates, the English language contains over a million unique words. This is perhaps overly generous, but even conservative estimates generally put the number at over a hundred thousand. Regardless of where the exact number falls between those two extremes, it’s certainly many more words than could fit in the 64 kB of memory allocated to the spell checking program on some of the first Unix machines. This article by [Abhinav Upadhyay] takes a deep dive on how the early Unix engineers accomplished the feat despite the extreme limitations of the computers they were working with.
Perhaps the most obvious way to build a spell checker is by simply looking up each word in a dictionary. With modern hardware this wouldn’t be too hard, but disks in the ’70s were extremely slow and expensive. To move the dictionary into memory it was first whittled down to around 25,000 words by various methods, including using an algorithm to remove all affixes, and then using a Bloom filter to perform the lookups. The team found that this wasn’t a big enough dictionary size, and had to change strategies to expand the number of words the spell checker could check. Hash compression was used at first, followed by hash differences and then a special compression method which achieved an almost theoretically perfect compression.
Although most computers that run spell checkers today have much more memory as well as disks which are orders of magnitude larger and faster, a lot of the innovation made by this early Unix team is still relevant for showing how various compression algorithms can be used on data in general. Large language models, for one example, are proving to be the new frontier for text-based data compression.
Integrated BMS Makes Battery Packs Easy
Lithium technology has ushered in a new era of batteries with exceptionally high energy density for a reasonably low cost. This has made a lot possible that would have been unheard of even 20 years ago such as electric cars, or laptops that can run all day on a single charge. But like anything there are tradeoffs to using these batteries. They are much more complex to use than something like a lead acid battery, generally requiring a battery management system (BMS) to keep the cells in tip-top shape. Generally these are standalone systems but [CallMeC] integrated this one into the buswork for a battery pack instead.
The BMS is generally intended to make sure that slight chemical imbalances in the battery cells don’t cause the pack to wear out prematurely. They do this by maintaining an electrical connection to each cell in the battery so they can charge them individually when needed, making sure that they are all balanced with each other. This BMS has all of these connections printed onto a PCB, but also included with the PCB is the high-power bus that would normally be taken care of by bus bar or nickel strips. This reduces the complexity of assembling the battery and ensures that any time it’s hooked up to a number of cells, the BMS is instantly ready to go.
Although this specific build is meant for fairly large lithium iron phosphate batteries, this type of design could go a long way towards making quick battery packs out of cells of any type of battery chemistry that typically need a BMS system, from larger 18650 packs or perhaps even larger cells like those out of a Nissan Leaf.
3D-Printed Scanner Automates Deck Management for Trading Card Gamers
Those who indulge in trading card games know that building the best deck is the key to victory. What exactly that entails is a mystery to us muggles, but keeping track of your cards is a vital part of the process, one that this DIY card scanner (original German; English translation) seeks to automate.
At its heart, [Fraens]’ card scanner is all about paper handling, which is always an engineering task fraught with peril. Cards like those for Magic: The Gathering and other TCGs are meant to be handled by human hands, and automating the task of flipping through them presents some challenges. [Fraens] uses a pair of motorized 3D-printed rollers with O-rings to form a conveyor belt that can pull one card at a time off the bottom of a deck. An adjustable retaining roller made from the most adorable linear bearing we’ve ever seen ensures that only one card at a time is pulled from the hopper onto an imaging platen. An adjustable mount holds a smartphone to take a picture of the card, which is fed into an app that extracts all the details and categorizes the cards in the deck.
Aside from the card handling mechanism, there are some pretty slick details to this build. The first is that [Fraens] noticed that the glossy finish on some cards interfered with scanning, leading him to add a diffused LED ringlight to the rig. If an image isn’t scannable, the light goes through a process of dimming and switching colors until a good scan is achieved. Also, to avoid the need to modify the existing TCG deck management app, [Fraens] added a microphone to the control side of the scanner that listens for the sounds the app makes when it scans cards. And if Magic isn’t your thing, the basic mechanism could easily be modified to scan everything from business cards to old family photos.
youtube.com/embed/dl2RyKrg4pI?…
FLOSS Weekly Episode 826: Fedora 42 and KDE
This week, Jonathan Bennett chats with Neal Gompa about Fedora 42 and KDE! What’s new, what’s coming, and why is flagship status such a big deal?
- Website: neal.gompa.dev/
- GitHub Sponsors: github.com/sponsors/Conan-Kudo
- Neal’s business (Velocity Limitless): velocitylimitless.com/
- Neal’s podcast (Sudo Show): tuxdigital.com/sudoshow
youtube.com/embed/xwgqPwsjd0g?…
Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
hackaday.com/2025/03/26/floss-…
Supercon 2024: A New World of Full-Color PCBs
Printed circuit boards were once so simple. One or two layers of copper etched on a rectangular fiberglass substrate, with a few holes drilled in key locations so components could be soldered into place. They were functional objects, nothing more—built only for the sake of the circuit itself.
Fast forward to today, and so much has changed. Boards sprout so many layers, often more than 10, and all kinds of fancy geometric features for purposes both practical and pretty. But what catches they eye more than that, other than rich, saturated color? [Joseph Long] came to the 2024 Hackaday Supercon to educate us on the new world of full color PCBs.
youtube.com/embed/LOSMH_EV6pQ?…
[Joseph] begins his talk with an explanation of terminology. We often look at a PCB and cite its color—say, green for example. As [Joseph] explains, the color comes from the solder mask layer—so called for its job in ensuring solder can only go where it’s supposed to go. The solder mask sits atop the copper layer, but beneath the silk screen which has all the component outlines and part labels.
Solder mask was traditionally green, and this is still the most common color you’ll find in the majority of electronics. However, in recent decades, the available gamut of colors has increased. Now, you can routinely order yellow, blue, purple, and red solder masks quite easily, as well as black or white if you’re so inclined. As some creative makers have found, when designing a board, it’s possible to get several colors into a design even if you’re just using one color of solder mask. That’s because the solder mask appears in slightly different shades when it’s laid over the bare fiberglass of the PCB, versus being laid over copper, for example. Add in white silkscreen and you’ve got quite a lot to work with.
PCB Color Palette
byu/Half_Slab_Conspiracy inPrintedCircuitBoard
Different colors are achievable on a PCB even just by using a single soldermask color.
But what if you want more? What if you want real color? [Joseph] realized this could be possible when he found out that PCB board houses were already using inkjet-like printers to lay down silkscreen layers on small-run boards. Since there was already a printer involved in the board production process, wouldn’t it be simple to start printing on circuit boards in full color?
As it turns out, this was very practical. Two big Shenzhen board houses—JLCPCB and PCBWay—both started delivering color printed boards in 2024. The method involved using a white solder mask layer, with a full-color “silkscreen” layer printed on top using UV-cured ink. Using this ink was a particular key to unlocking full color PCBs. The UV-cured inks are more robust under the tough conditions PCBs face, such as the high temperatures during reflow or hand soldering.
Color printing PCBs might sound trivial and only relevant for cosmetic purposes, but [Joseph] points out it has lots of practical applications too. You can easily color code pinouts and traces right on the the board, a feature that has obvious engineering value. You can even use photorealistic footprints to indicate where other board-level modules should be soldered in, too, making assembly more intuitive. Plus, full color boards are fun—don’t discount that!
As a bonus, we even get to see some of Joseph’s awesome color boards. The graphics are stunning—they really show the potential of full-color PCBs and how they can elevate a project or a fun badge design. If you’re eager to try this out, go ahead and watch [Joseph]’s primer and dive in for yourself!