Nostr notes by Cybersecurity & cyberwarfare

Claude, 500mila righe di codice esposte per errore: i rischi per ...

2026-04-02T16:38:12Z

Claude, 500mila righe di codice esposte per errore: i rischi per la supply chain software

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
La pubblicazione accidentale da parte di Anthropic del codice sorgente di Claude Code a causa di un errore di packaging, in cui nessun dato è stato compromesso, fa emergere rischi concreti nella supply chain software e la fragilità dei processi di

Anything Can Be A Router, If You Try Hard Enough If you’re an ...

2026-04-02T15:30:55Z

Anything Can Be A Router, If You Try Hard Enough

If you’re an American and you use the Internet at home, it seems probable that routers are going to be in short supply. The US government recently mandated all such devices be home grown for security reasons, which would be fine were it not that the US has next-to-no consumer-grade router manufacturing industry.

So if you’re in the US and you need a router, what can you do? [Noah Bailey] is here from Canada to point out that almost anything (within reason) in computer terms can be made to perform as a router.

The piece is really a guide to setting up a Linux router, which he does on a small form factor PC and a hacked-together assembly of old laptop, PCI-express extender, and scrap network kit. In its most basic form a router doesn’t need the latest and greatest hardware, so there exists we’re guessing almost two decades of old PCs just waiting to be pressed into service. Perhaps it won’t help the non-technical Man In The Street much, but maybe it’ll inspire a few people to save themselves a hefty bill when they need to connect.

You can read our coverage of the ban here.

hackaday.com/2026/04/02/anythi…

Internet in Russia al rallentatore: fra restrizioni e ...

2026-04-02T14:47:19Z

Internet in Russia al rallentatore: fra restrizioni e aggiramenti, ecco il futuro della rete dello zar

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Parallelamente al filtraggio puntuale, le autorità hanno perfezionato la tecnica del throttling, per rendere praticamente inutilizzabili le piattaforme prese di mira. Ecco cosa succede a Internet in Russia,

Ask Hackaday: How Much Compute is Enough? Over the history of ...

2026-04-02T14:00:28Z

Ask Hackaday: How Much Compute is Enough?

Over the history of this business, a lot of people have foreseen limits that look rather silly in hindsight– in 1943, IBM President Thomas Watson declared that “I think there is a world market for maybe five computers.” That was more than a little wrong. Depending on the definition of computers– particularly if you include microcontrollers, there’s probably trillions of the things.

We might as well include microcontrollers, considering how often we see projects replicating retrocomputers on them. The RP2350 can do a Mac 128k, and the ESP32-P4 gets you into the Quadra era. Which, honestly, covers the majority of daily tasks most people use computers for.

The RP2350 and ESP32-P4 both have more than 640kB of RAM, so that famous Bill Gates quote obviously didn’t age any better than Thomas Watson’s prediction. As Yogi Berra once said: predictions are hard, especially about the future.

Still, there must be limits. We ran an article recently pointing out that new iPhones can perform three orders of magnitude faster than a Cray 2 supercomputer from the 80s. The Cray could barely manage 2 Gigaflops– that is, two billion floating point operations per second; the iPhone can handle more than two Teraflops. Even if you take the position that it’s apples and oranges if it isn’t on the same benchmark, the comparison probably isn’t off by more than an order of magnitude. Do we really need even 100x a Cray in our pockets, never mind 1000x?
It fits in your pocket now, but somehow, we were expecting warmer colours.
Image: ASCI Red by Sandia National Labs, public domain.
Going forward in time, the Teraflop Barrier was first broken in 1997 by Intel’s ASCI red, produced for the US Department of Energy for physics simulations. By 1999, it had bumped up to 3 Teraflops. I don’t know about you, but my phone doesn’t simulate nuclear detonations very often.

According to Steam’s latest hardware survey, NVidia’s RTX 5070 has become the single most common GPU, at around 9% total users. When it comes to 32-bit floating point operations, that card is good for 30.87 Teraflops. That’s close to NEC’s Earth Simulator, which was the fastest supercomputer from 2002 to 2004– NEC claimed 35.86 Teraflops there.

Is that enough? Is it ever enough? The fact is that software engineers will find a way to spend any amount of computing power you throw at them. The question is whether we’re really gaining much of anything.

At some point, you have to wonder when enough is enough. The fastest piece of hardware in this author’s house is a 2011 MacBook Pro. I don’t stress it out very much these days. For me, personally, it’s more than enough compute. If I wasn’t using YouTube I could probably drop back a couple generations to PPC days, if not all the way to the ESP32-P4 mentioned above.
Quite possibly my next workstation.
Image: ESP-32-P4 Dev Board, by Waveshare.
The 3D models for my projects really aren’t more complex than what I was rendering in the 90s. Routing circuit diagrams hasn’t gotten more complicated, either, even if KiCad uses a lot more resources. For what I’m working on these days, “enough compute” is very modest, and wouldn’t come close to taxing the 2 Teraflop iPhone. That’s probably why Apple was confident they could use its guts in a laptop.

How about you? The bleeding edge has always been driven by edge cases, and it’s left me behind. Are you surfing that edge? If so, what are you doing with it? Training LLMs? Simulating nuclear explosions? Playing AAA games? Inquiring minds want to know! Furthermore, for those of you who are still at that bleeding edge that’s left me so far behind– how far do you think it will keep going? If you’re using teraflops today, will you be using petaflops tomorrow? Are you brave enough to make a prediction?

I’ll start: 640 gigaflops ought to be enough for anybody.

hackaday.com/2026/04/02/ask-ha…

App-server Codex di OpenAI: configurazione insicura espone a ...

2026-04-02T12:55:50Z

App-server Codex di OpenAI: configurazione insicura espone a esecuzione di comandi remoti

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Il CERT-AgID ha segnalato un problema di sicurezza dell’app-server Codex di OpenAI: non prevedendo meccanismi di protezione e autenticazione, una sua esposizione in rete potrebbe consentire a soggetti non autorizzati di interagire

WhatsApp ha avvisato circa 200 utenti che sono stati indotti con ...

2026-04-02T11:32:18Z

WhatsApp ha avvisato circa 200 utenti che sono stati indotti con l'inganno a installare una falsa app che in realtà era uno spyware governativo.

L'azienda ha accusato la società italiana produttrice di spyware SIO di essere dietro l'app e ha annunciato l'intenzione di inviare alla società "una formale diffida legale per fermare qualsiasi attività dannosa di questo tipo".

L'articolo di Lorenzo Franceschi-Bicchierai (nprofile…98vs)

techcrunch.com/2026/04/01/what…

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
RE: infosec.exchange/users/lorenzo…

quoting
nevent1q…fxk9
NEW: WhatsApp alerted around 200 users that were tricked into installing a fake app that was actually government spyware.

The company accused Italian spyware maker SIO of being behind the app, and announced it plans to send the company "a formal legal demand to stop any such malicious activity."

http://techcrunch.com/2026/04/01/whatsapp-notifies-hundreds-of-users-who-installed-a-fake-app-that-was-actually-government-spyware/

Pixel Camera Puts Lo-Fi Images In The Palm Of Your Hand Some ...

2026-04-02T11:00:05Z

Pixel Camera Puts Lo-Fi Images In The Palm Of Your Hand

Some things have an undeniable appeal, and lo-fi, pixelated Game Boy-camera-like images are one of them. In service of this, [Raul Zanardo] created his handheld pixel camera that goes the extra mile. It implements slick real-time pixel art filters and a number of other useful features.
A live preview with real-time filters makes capturing just the right image easy.
For hardware, [Raul] uses a LilyGo T-Display S3 Pro which is an ESP32-based development board, camera, and color touchscreen display in a handheld form factor that vaguely resembles a chunky smartphone. The only change is swapping the stock camera for an OV3660-based camera module. It’s a drop-in replacement, but necessary because some of the features and settings his software uses are not available on the stock camera.

The camera captures 240 x 176 images, but the really neat part is the real-time filter pipeline. There are many configurable choices to play with, including pixelation, dithering, edge detection, CRT scanline effect, and color palette presets. Captures are saved to a local micro SD card and there’s all kinds of handy features like a photo gallery that takes full advantage of the color touchscreen. There’s also USB Mass Storage functionality, so downloading photos is as simple as plugging in a USB cable.

The Game Boy camera’s charming lo-fi imagery has inspired many pixel-camera projects, and this one makes great use of an inexpensive handheld development board and includes truly useful features.

Do you have your own pixel-art inspired camera project? Hit up our tips line and tell us all about it!

hackaday.com/2026/04/02/pixel-…

Post-Failure Autopsy and Analysis of an LFP Battery Recently ...

2026-04-02T08:00:10Z

Post-Failure Autopsy and Analysis of an LFP Battery

Recently [Kerry Wong] had one of his Cyclenbatt LiFePO4 batteries die after only a few dozen cycles, with a normal voltage still present on the terminals. One of the symptoms was that as soon as you try to charge it, the voltage goes up very rapidly to above 14 V due to what appears to be high internal resistance, and vice versa for discharging. In addition, the Bluetooth feature of the BMS appeared to have died as well, making non-invasive diagnostics somewhat tricky.
Close-up of the BMS. (Credit: Kerry Wong, YouTube)
After gently cutting open the plastic case, [Kerry] was greeted by the happily blinking blue LED of the Bluetooth module and deepening the mystery. Overall the build quality looks to be pretty good, with no loose cables as seen with certain other LFP batteries.

Cell voltages measured normal, with no significant imbalance. Next was measuring the internal resistance, which showed a clear issue. One of the cells was reading over 3 Ohms, whereas the others were in the milli-Ohm range. This would definitely explain the issues with charging and discharging, with a single bad cell causing most of the issues.

Of course, why the Bluetooth feature failed remains a mystery, and there’s still a lingering question on whether the BMS practiced proper balancing between the cells, as this can also cause issues over time.

youtube.com/embed/jPVTd8nui04?…

hackaday.com/2026/04/02/post-f…

DK 10x26 L'episodio di Pasqua Serve davveor multare Big Tech ...

2026-04-02T06:56:11Z

DK 10x26 L'episodio di Pasqua

Serve davveor multare Big Tech per cifre che considera costi del mercato? E a cosa servono allora Garanti e Tribunali? E poi due parole sulla Agenzia per la Cybersicurezza-con-la-y Nazionale e i suoi risultati. Buona Pasqua!

spreaker.com/episode/dk-10x26-…

https://api.spreaker.com/download/episode/71057242/dk10x26_episodiodipasqua.mp3

Every 3D Printable Film Camera, In One Place For those of us who ...

2026-04-02T05:00:03Z

Every 3D Printable Film Camera, In One Place

For those of us who hack old cameras, the 3D printer has undoubtedly been a boon. High precision, or at least consistent precision, lightproof enclosures can be easily made and reproduced for others. As a result there are quite a few printable cameras out there, and we’ve featured our share here. We didn’t realize just how many there are without the work of [Sebastian] though, as he’s gathered together every one he can find in a glorious catalog of homemade photographic construction.

As a snapshot of the world of home made cameras it’s refreshing to see such a wide range of designs. There are pinholes aplenty as well as cameras using lenses from scavanged point and shoots through 35mm SLR, medium format, and even one using a Micro Four Thirds compact digital camera lens. For film there’s 35mm and 120 as well as large format, but we’re pleased to see a few instant cameras in there. Some of the models in the list are paid-for designs but most of them are free, so you probably won’t need any encouragement to make yourself a camera!

Unless we missed something, we didn’t see any movie cameras in the list. With 35mm and 16mm models to be found, we hope some of them make it.

hackaday.com/2026/04/01/every-…

Watch an Electro-Permanent Magnet In Action Electro-permanent ...

2026-04-02T02:00:31Z

Watch an Electro-Permanent Magnet In Action

Electro-permanent magnets (EPMs) are pretty nifty concepts, and if you aren’t familiar with them, they are permanent magnets with the ability to be electrically switched on or off. Unlike an electromagnet — which maintains a magnetic field only while power is applied — an EPM can remain “on” even when power is removed. Want to see one work? There’s a video embedded below that shows one off, but if you’d like to know how they work, we have you covered.

Inside are two types of magnet, one of which is permanent and the other being a semi-hard magnet paired with an electromagnetic coil. A semi-hard magnet’s flux can be changed by exposing it to a strong enough magnetic field, and that’s the key to making it work.
Being able to electrically switch a permanent magnet on or off is a neat trick.
When both magnets work together, the EPM is “on” and acts like a permanent magnet. To turn the EPM off, the polarity of the semi-hard magnet is flipped with a short and powerful electromagnetic pulse, after which the two magnets oppose one another and more or less cancel each other out. So rather than generating a magnetic field, an EPM more accurately reconfigures it.

As intriguing as EPMs are, we haven’t really seen one properly in action until it was brought to our attention that [Dave Jones] of EEVblog tried one out last year. He received a Zubax FluxGrip EPM, which is intended for drone and robotic applications and can hold up to 25 kg. Watch [Dave] fire it up in the video (link is cued up to the 7:30 mark), it’s pretty interesting to see one of these actually work.

EPMs are not prohibitively expensive but they are not exactly cheap, either. But if a switchable magnet sounds up your alley and you can’t afford an EPM, consider an alternative “switchable” magnet design that works by momentarily canceling out a permanent magnet with a paired electromagnet. Unlike an EPM, it’s not a permanent switch but it would be enough to drop a payload.

youtube.com/embed/FqN77SZF5zU?…

hackaday.com/2026/04/01/watch-…

OldVersion is Back, and Better than Ever You know what they say ...

2026-04-01T23:00:53Z

OldVersion is Back, and Better than Ever

You know what they say — you can’t keep a good website down. OldVersion.com, the repository of outdated software that has been serving up old versions of tools you need for the last twenty-five years, is not going away as we reported last year. Not only is it sticking around, it’s gotten a retro facelift inspired by Windows 3.1 or OS/2. Mostly Windows, given the screensaver, but we’ll let you find that for yourself.

We’re thrilled to see that OldVersion has gotten the support they need to keep going after running into financial troubles. According to founder Alex Levine, some of that support came as a result of the Hackaday article reporting on the then-upcoming closure, so kudos to you guys for stepping up.

While we absolutely love the retro redesign of the new website, that’s one thing notably lacking — an obvious donation button. Well, that and old-school HTTP support so you can get on with your retromachines, but that, at least, is in the works according to the site roadmap. It’s a little weird that in this year of the common era 2026 you have to do extra work to give up on HTTPS functionality, but it is the way it is.

In the meantime, the site is fully usable as long as you have HTTPS capability, or go through a proxy. Perhaps you could use this ESP8266 code to get started making one, if you don’t want to embarrass your old computer by using something more powerful than it as a pass-through.

Speaking of proxies, if old versions of software aren’t enough for you, how about an old version of the internet? We heard you like old versions, so you can visit an old version of OldVersion!

Note that if you’re reading this after 01/04/2026, the look-and-feel of OldVersion.com may not match what’s depicted here.

hackaday.com/2026/04/01/oldver…

Following Artemis II’s Journey Around the Moon NASA is going ...

2026-04-01T22:38:48Z

Following Artemis II’s Journey Around the Moon

NASA is going back to the Moon! We’ll follow the crew of Artemis II every step of the way.Liftoff!

Watch the official NASA live stream here:

youtube.com/embed/Tf_UjBMIzNo?…

hackaday.com/2026/04/01/follow…

Battery Tester Outperforms Cheaper Options Batteries are ...

2026-04-01T20:00:11Z

Battery Tester Outperforms Cheaper Options

Batteries are notoriously difficult pieces of technology to deal with reliably. They often need specific temperatures, charge rates, can’t tolerate physical shocks or damage, and can fail catastrophically if all of their finicky needs aren’t met. And, adding insult to injury, for many chemistries, the voltage does not correlate to state of charge in meaningful ways. Battery testers take many efforts to mitigate these challenges, but often miss the mark for those who need high fidelity in their measurements. For that reason, [LiamTronix] built their own.

The main problem with the cheaper battery testers, at least for [LiamTronix]’s use cases, is that he has plenty of batteries that are too large to practically test on the low-current devices, or which have internal battery management systems (BMS) which can’t connect to these testers. The first circuit he built to help solve these issues is based on a shunt resistor, which lets a smaller IC chip monitor a much larger current by looking at voltage drop across a resistor with a small resistance value. The Pi uses a Python script which monitors the current draw over the course of the test and outputs the result on a handy graph.

This circuit worked well enough for smaller batteries, but for his larger batteries like the 72V one he built for his electric tractor, these methods could draw far too much power to be safe. So from there he built a much more robust circuit which uses four MOSFETs as part of four constant current sources to sink and measure the current from the battery. A Pi Zero monitors the voltage and current from the battery, and also turns on some fans pointed at the MOSFETs’ heat sink to keep them from overheating. The system can be configured to work for different batteries and different current draw rates, making it much more capable than anything off the shelf.

youtube.com/embed/2R3gytX24bs?…

hackaday.com/2026/04/01/batter…

Mercury Audio Cables, So Nobody Else Has To Do It We’ve seen ...

2026-04-01T18:30:32Z

Mercury Audio Cables, So Nobody Else Has To Do It

We’ve seen our fair share of audiophile tomfoolery here at Hackaday, and we’ve even poked fun at a few of them over the years. Perhaps one of the most outrageously over the top that we’ve so far seen comes from [Pierogi Engineering] who, we’ll grant you not in a spirit of audiophile expectation, has made a set of speaker interconnects using liquid mercury.

In terms of construction they’re transparent tubes filled with mercury and capped off with 4 mm plugs as you might expect. We hear them compared with copper cables and from where we’re sitting we can’t tell any difference, but as we’ve said in the past, the only metrics that matter in this field come from an audio analyzer.

But that’s not what we take away from the video below the break. Being honest for a minute, there was a discussion among Hackaday editors as to whether or not we should feature this story. He’s handling significant quantities of mercury, and it’s probably not over reacting to express concerns about his procedures. We wouldn’t handle mercury like that, and we’d suggest that unless you want to turn your home into a Superfund site, you shouldn’t either. But now someone has, so at lease there’s no need for anyone else to answer the question as to whether mercury makes a good interconnect.

youtube.com/embed/zgHnmy0zKWw?…

hackaday.com/2026/04/01/mercur…

Ask Hackaday: Using CoPilot? Are You Entertained? There’s a ...

2026-04-01T17:00:35Z

Ask Hackaday: Using CoPilot? Are You Entertained?

There’s a great debate these days about what the current crop of AI chatbots should and shouldn’t do for you. We aren’t wise enough to know the answer, but we were interested in hearing what is, apparently, Microsoft’s take on it. Looking at their terms of service for Copilot, we read in the original bold:
Copilot is for entertainment purposes only. It can make mistakes, and it may not work as intended. Don’t rely on Copilot for important advice. Use Copilot at your own risk.

While that’s good advice, we are pretty sure we’ve seen people use LLMs, including Copilot, for decidedly non-entertaining tasks. But, at least for now, if you are using Copilot for non-entertainment purposes, you are violating the terms of service.
Legal

While we know how it is when lawyers get involved in anything, we can’t help but think this is simply a hedge so that when Copilot gives you the wrong directions or a recipe for cake that uses bleach, they can say, “We told you not to use this for anything.”

It reminds us of the Prohibition-era product called a grape block. It featured a stern warning on the label that said: “Warning. Do not place product in one quart of water in a cool, dark place for more than two weeks, or else an illegal alcoholic beverage will result.” That doesn’t fool anyone.

We get it. They are just covering their… bases. When you do something stupid based on output from Copilot, they can say, “Oh, yeah, that was just for entertainment.” But they know what you are doing, and they even encourage it. Heck, they’re doing it themselves. Would it stand up in court? We don’t know.
Others

Now it is true that probably everyone will give you a similar warning. OpenAI, for example, has this to say:

Output may not always be accurate. You should not rely on Output from our Services as a sole source of truth or factual information, or as a substitute for professional advice.
You must evaluate Output for accuracy and appropriateness for your use case, including using human review as appropriate, before using or sharing Output from the Services.
You must not use any Output relating to a person for any purpose that could have a legal or material impact on that person, such as making credit, educational, employment, housing, insurance, legal, medical, or other important decisions about them.
Our Services may provide incomplete, incorrect, or offensive Output that does not represent OpenAI’s views. If Output references any third party products or services, it doesn’t mean the third party endorses or is affiliated with OpenAI.

Notice that it doesn’t pretend you are only using it for a chuckle. Anthropic has even more wording, but still stops short of pretending to be a party game. Copilot, on the other hand, is for fun.
Your Turn

How about you? Do you use any of the LLMs for anything other than “entertainment?” If you do, how do you validate the responses you get?

When things do go wrong, who should be liable? There have been court cases where LLM companies have been sued for everything, ranging from users committing suicide to defaming people. Are the companies behind these tools responsible? Should they be?

Let us know what you think in the comments.

hackaday.com/2026/04/01/ask-ha…

Siti WordPress a rischio: c’è la patch per la falla invisibile ...

2026-04-01T16:48:41Z

Siti WordPress a rischio: c’è la patch per la falla invisibile che espone i segreti dei server

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Non serve essere hacker esperti: basta un account “subscriber” per accedere a dati critici. Per il plugin Smart Slider 3, il problema non è la complessità del codice, quanto la mancanza di controlli adeguati. Ma è

WhatsApp falso made in Italy: il caso Asigint non è un incidente ...

2026-04-01T16:42:20Z

WhatsApp falso made in Italy: il caso Asigint non è un incidente isolato, è un sistema

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Meta ha denunciato l’italiana Asigint per aver sviluppato un clone di WhatsApp usato per spiare circa 200 persone, in gran parte in Italia. La vicenda si intreccia con lo spyware Spyrtacus e riaccende il dibattito sull'industria italiana

A Better Jogging Stroller Although the jogging stroller is a ...

2026-04-01T15:30:03Z

A Better Jogging Stroller

Although the jogging stroller is a fixture of suburban life, allowing parents the opportunity to get some exercise while letting their young children a chance for some fresh air, it would seem like the designers of these strollers have never actually gone for a jog. Requiring a runner to hold their hands at fixed positions can be incredibly uncomfortable and disrupts most people’s strides and cadence — so [John] attempted to solve the problem after finding one of these strollers on the secondhand market.

While there are some purpose-built strollers that attempt to address these issues, they can be pricey. Rather than shell out for a top-dollar model, [John] got to work with his 3D printer and created a prototype device that allows him to attach the stroller at his waist while leaving his hands free. There were a few problems to overcome here, the first of which would cause the device to buckle under certain loading situations. This was solved with some small pieces of rope which act as flexible bump stops, keeping the hinge mechanism from binding up. Another needed to be solved with practice, which was that it took some time to be able to steer the stroller without using one’s hands.

As an added bonus, [John] also included a system that tracks the distance the stroller has traveled. Using a hall effect sensor and a magnet attached to the wheel, a small microcontroller is able to quickly calculate distance and display it on a tiny screen mounted near the handlebars. Although smartphones are handy, their GPS systems can be surprisingly inaccurate, so a system like this can be a better indicator since it’s being directly measured. All in all, not a bad few upgrades to a secondhand stroller.

youtube.com/embed/440xIHqaa6g?…

hackaday.com/2026/04/01/a-bett…

WheatForce: Learning From CPU Architecture Mistakes Nothing ever ...

2026-04-01T14:00:29Z

WheatForce: Learning From CPU Architecture Mistakes

Nothing ever made is truly perfect and indeed, CPU architectures like x86, RISC-V, ARM, and PowerPC all have their own upsides and downsides. Today, I aim to make an architecture that learns from all these mistakes and improves architecture design for everyone.

I’ve consulted with many people opinionated on the matter, both from a software perspective, and from a hardware perspective. I have taken all their feedback in mind while creating this initial draft of the WheatForce architecture (PDF). It is inspired by pieces from many architectures: segmentation inspired by x86, hash table-like paging from PowerPC, dynamic endianness control from RISC-V and PowerPC, and more. Let’s look into each feature in a little bit more detail.
Segmentation

x86′ segmentation scheme by [John] on WikipediaSegmentation is a powerful virtual-memory feature that is tragically underused today. I believe this is due to limited flexibility, so I have added an improvement above the model that x86 had used: every single register can now use its own segment selector. With this added flexibility, one can surely make better use of the address translation powers of segmentation with minimal extra overhead.
Hash Table-Like Paging

PowerPC’s hash table-like paging makes its paging vastly superior to the likes of x86, RISC-V and ARM by decreasing the number of required cache line fetches drastically. Much like a true hash table, the keys (or input addresses) are hashed and then used as an index into the table. From there, that row of the table is searched for a cell with a matching virtual address, which can be accelerated greatly due to superior cache locality of the entries in this row.
Dynamic Endianness Control

A diagram of PowerPC’s paging structures from the PowerPC manual
RISC-V and PowerPC both have some real potential for better compatibility with their dynamic endianness control. However, both these architectures can only change the endiannes from a privileged context. To make this more flexible, WheatForce can change the data endianness at any time with a simple instruction. Now, user software can directly interoperate between big-endian and little-endian data structures, eliminating the need for a costly byte-swap sequence that would need many instructions. Finally, you can have your cake and eat it to!
Conclusion

WheatForce has observed the mistakes of all architectures before it, and integrates parts of all its predecessors. You can read the full specification on GitHub. After you’ve read it, do let me know what you think of it.

hackaday.com/2026/04/01/wheatf…

Drawing Tablet Controls Laser In Real-Time Some projects need no ...

2026-04-01T11:00:38Z

Drawing Tablet Controls Laser In Real-Time

Some projects need no complicated use case to justify their development, and so it was with [Janne]’s BeamInk, which mashes a Wacom pen tablet with an xTool F1 laser engraver with the help of a little digital glue. For what purpose? So one can use a digital pen to draw with a laser in real time, of course!
Pen events from the drawing tablet get translated into a stream of G-code that controls laser state and power.
Here’s how it works: a Python script grabs events from a USB drawing tablet via evdev (the Linux kernel’s event device, which allows user programs to read raw device events), scales the tablet size to the laser’s working area, and turns pen events into a stream of laser power and movement G-code. The result? Draw on tablet, receive laser engraving.

It’s a playful project, but it also exists as a highly modular concept that can be adapted to different uses. If you’re looking at this and sensing a visit from the Good Ideas Fairy, check out the GitHub repository for more technical details plus tips for adapting it to other hardware.

We’re reminded of past projects like a laser cutter with Etch-a-Sketch controls as well as an attempt to turn pen marks into laser cuts, but something about using a drawing tablet for real-time laser control makes this stand on its own.

hackaday.com/2026/04/01/drawin…

Da ENISA un nuovo framework per capire (davvero) il mercato della ...

2026-04-01T10:32:39Z

Da ENISA un nuovo framework per capire (davvero) il mercato della cyber security europea

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
ENISA presenta ECSMAF 3.0, versione aggiornata del framework per l'analisi del mercato cyber europeo. Approccio più snello e data driven con sette step operativi, template riutilizzabili e monitoraggio continuo. Obiettivo: colmare

L’impero nascosto di Google mostra le debolezze ...

2026-04-01T09:36:21Z

L’impero nascosto di Google mostra le debolezze dell’antitrust

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
La sterminata rete di aziende controllate dal colosso di Mountain View sfugge alle regole sulla concorrenza ma influenza l’economia digitale globale, sostiene un’analisi.
L'articolo L’impero nascosto di Google mostra le debolezze dell’antitrust proviene da Guerre di Rete.

L'articolo proviene da

A Novel 555 Circuit In 2026 The humble NE555 has been around for ...

2026-04-01T08:00:53Z

A Novel 555 Circuit In 2026

The humble NE555 has been around for over five decades now, and while during that time we’ve seen a succession of better and faster versions of the original, the circuits which surround it are pretty well known. There can’t be anything new in the world of 555s, can there? [Stephen Woodward] claims he’s made a novel 555 circuit, with his 1 MHz linear voltage to frequency converter. Since he’s been in love with the 555 since 1974, we’re inclined to trust him on this part.

It’s visibly the 555 astable oscillator we’re all familiar with, given the addition of a current source in place of the normal charging resistor. This makes for a much more linear sawtooth waveform, but it still doesn’t fix the linearity of the voltage to frequency curve. The novel bit comes in adding an extra resistor between the threshold and discharge pins, with a value calculated for a time constant with the capacitor to match the 555’s own switching delay. This provides the necessary compensation, and gives the circuit its linearity.

This is so brilliantly simple that it’s almost a shock that it’s new, but it’s also a great example of the old-school electronic engineer’s art. We can’t think of an immediate need for a 555 voltage to frequency converter on the Hackaday bench at the moment, but you can bet we’ll come back to this one if we do.

We had someone pushing a newer 555 variant to its limit, when we ran our component abuse challenge.

hackaday.com/2026/04/01/a-nove…

A laughing RAT: CrystalX combines spyware, stealer, and prankware ...

2026-04-01T06:00:09Z

A laughing RAT: CrystalX combines spyware, stealer, and prankware featuresIntroduction

In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available. Most surprisingly, it also includes prankware capabilities: a large set of features designed to trick, annoy, and troll the user. Such a combination of capabilities makes it a rather unique Trojan in its category.

Kaspersky’s products detect this threat as Backdoor.Win64.CrystalX.*, Trojan.Win64.Agent.*, Trojan.Win32.Agentb.gen.
Technical detailsBackground

The new malware was first mentioned in January 2026 in a private Telegram chat for developers of RAT malware. The author actively promoted their creation, called Webcrystal RAT, by attaching screenshots of the web panel. Many users observed that the panel layout was identical to that of the previously known WebRAT (also called Salat Stealer), leading them to label this malware as a copy. Additional similarities included the fact that the RAT was written in Go, and the messages from the bot selling access keys to the control panel closely matched those of the WebRAT bots.

After some time, this malware was rebranded and received a new name, CrystalX RAT. Its promotion moved to a corresponding new channel, which is quite busy and features marketing tricks, such as access key draws and polls. Moreover, it expanded beyond Telegram: a special YouTube channel was created, aimed at marketing promotion and already containing a video review of the capabilities of this malware.

The builder and anti-debug features

By default, the malware control panel provides third parties with an auto‑builder featuring a wide range of configurations, such as selective geoblocking by country, anti‑analysis functions, an executable icon, and others. Each implant is compressed using zlib and then encrypted with ChaCha20 and a hard‑coded 32‑byte key with a 12‑byte nonce. The malware has basic anti‑debugging functionality combined with additional optional capabilities:

MITM Check: checking if a proxy is enabled by reading the registry value HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, blacklisting names of certain processes (Fiddler, Burp Suite, mitmproxy, etc.), and verifying the presence of installed certificates for the corresponding programs
VM detect: checking running processes, presence of guest tools, and hardware characteristics
Anti-attach loop: an infinite loop checking the debug flag, debug port, hardware breakpoints, and program execution timings
Stealth patches: patches for functions such as AmsiScanBuffer, EtwEventWrite, MiniDumpWriteDump

Stealer capabilities

When launched, the malware establishes a connection to its C2 using a hard‑coded URL over the WebSocket protocol. It performs an initial collection of system information, after which all data is sent in JSON format as plain text. Then the malware executes the stealer function, doing so either once or at predefined intervals depending on the build options. The stealer extracts the victim’s credentials for Steam, Discord, and Telegram from the system. It also gathers data from Chromium‑based browsers using the popular ChromeElevator utility. To do this, it decodes and decompresses the utility using base64 and gunzip and saves it to %TEMP%\svc[rndInt].exe, then creates a directory %TEMP%\co[rndInt], where the collected data is stored, and finally runs ChromeElevator with all available options.

The collected data is exfiltrated to the C2. For Yandex and Opera browsers, the stealer has a separate proprietary implementation with base decryption directly on the victim’s system. Notably, the builds created at the time the article was written lack the stealer functionality. OSINT results show that the author intentionally removed it with the aim to update the stealer arsenal before enabling it again.
Keylogger & clipper

Another option of the RAT is the keylogger. All user input is instantly transmitted via WebSocket to the C2, where it is assembled into a coherent text suitable for analysis. Additionally, the malware allows the attacker to read and modify the victim’s clipboard by issuing appropriate commands from the control panel. Moreover, it can inject a malicious clipper into the Chrome or Edge browser. This happens according to the following algorithm:

The special malware command clipper:set:[ADDR1,...] with the attackers’ crypto‑wallets addresses passed as arguments launches the clipper injection thread.
A %LOCALAPPDATA%\Microsoft\Edge\ExtSvc directory is created (regardless whether Edge or Chrome is the target of the injection), in which a malicious extension is stored, consisting of a manifest and a single JS script named content.js.
The content.js script is dynamically generated, containing regular expressions for crypto wallet addresses (such as Bitcoin, Litecoin, Monero, Avalanche, Doge, and others) and substitution values.
The generated script is activated via the Chrome DevTools (CDP) protocol using the command Page.addScriptToEvaluateOnNewDocument.

The final script looks as follows:

Remote access

The malware has a large set of commands for remote access to the victim’s system. The attacker can upload arbitrary files, execute any commands using cmd.exe, and also browse the file system, including all available drives. Moreover, the RAT includes its own VNC that allows the attacker to view the victim’s screen and control it remotely. Since both the attacker and the victim use the same session, the panel provides a number of buttons to block user input so that the attacker can perform necessary actions unhindered. The malware can also capture the audio stream from the microphone and the video stream from the camera in the background.

Prank commands

The finishing touch is a separate section of the panel named “Rofl” with commands whose functions consist of various pranks on the victim.

Setting a background: downloading an image from a specified URL and using it as the desktop background.
Display orientation: rotating the screen 90°, 180°, or 270°.
System shutdown: the panel has two different buttons “Voltage Drop” and “BSoD”, but malware analysis shows that both commands perform a regular shutdown using the appropriate utility.
Remapping mouse buttons: swapping left click with right click and the other way round.
Peripherals disruption: disconnecting the monitor and blocking the input from the mouse and keyboard.
Notifications: displaying a window with a custom title and message.
Cursor shake: a special command starts a loop in which the cursor position changes chaotically at short intervals.
Disabling components: hiding all file icons on the desktop, disabling the taskbar, task manager, and cmd.exe.

Moreover, the attacker can send a message to the victim, after which a dialog window will open in the system, allowing a bidirectional chat.

Conclusions

The sheer variety of available RATs has perpetuated demand, as actors prioritize flexibility of existing malware and its infrastructure. Thus, CrystalX RAT represents a highly functional MaaS platform that is not limited to espionage capabilities – spyware, keylogging and remote control – but includes unique stealer and prankware features. At the moment, the vector of the initial infection is not precisely known, but it affects dozens of victims. Although to date, we have only seen infection attempts in Russia, the MaaS itself has no regional restrictions meaning it may attack anywhere around the globe. Moreover, our telemetry has recorded new implant versions, which indicates that this malware is still being actively developed and maintained. Combined with the growing PR campaign for CrystalX RAT, it can be concluded that the number of victims can increase significantly in the near future.
Indicators of Compromise

# C2 infrastructure
webcrystal[.]lol
webcrystal[.]sbs
crystalxrat[.]top

# CrystalX RAT implants
47ACCB0ECFE8CCD466752DDE1864F3B0
2DBE6DE177241C144D06355C381B868C
49C74B302BFA32E45B7C1C5780DD0976
88C60DF2A1414CBF24430A74AE9836E0
E540E9797E3B814BFE0A82155DFE135D
1A68AE614FB2D8875CB0573E6A721B46

securelist.com/crystalx-rat-wi…

Running a Game on a PC with no System RAM As a clear sign of how ...

2026-04-01T05:00:43Z

Running a Game on a PC with no System RAM

As a clear sign of how desperate these RAMpocalypse times are becoming, we have [PortalRunner] over on YouTube contemplating how to run modern-day software on a PC that has no sticks of that most precious PC-related commodity that is not printer ink. What fallbacks do we have when purchasing some sticks of DDR5 is inconceivable due to budgetary limitations or chronic sticker shock symptoms? As it turns out, quite a few.

Of course, it should be noted up front that none of these options are particularly good or desirable. The video starts with simply trying to push Linux to see how little RAM it really needs using boot arguments. This unfortunately soft-bricks the system if not enough RAM is allocated for boot. Next is the idea of leaning heavily into swap, as today’s SSDs ought to be a lot faster than memory page swapping from a HDD. Only this turns out to be also too slow to be usable due to the sheer overhead that this adds.

Even more desperate is to try and use the video RAM on GPUs as a kind of system RAM, which sort-off works, but also with enormous overhead and an if possible worse experience than running a system off basically a pure swap file. Ultimately the most viable method is to lean into the CPU’s many megabytes of cache and modify a CoreBoot BIOS image to simply not initialize system RAM.

As long as you can squeeze your software into the BIOS image and available CPU cache memory, you can run amazing software like the Snake clone in the video. Of course this concept could be expanded upon, and maybe even made to work with UEFI BIOSes, but there will probably not be anyone running Linux from a 32 MB L3 cache any time soon.

youtube.com/embed/IHItbgHutVo?…

hackaday.com/2026/03/31/runnin…

A Nebula Straight from the Stars to Your Table Space may truly be ...

2026-04-01T02:00:57Z

A Nebula Straight from the Stars to Your Table

Space may truly be the final frontier, but maybe that frontier can be closer than you thought. Pictures of nebulae and planets bring the colorful sights of deep space right to your screen. You may even have models of some of the rockets used for those missions on a shelf. However, did you know that you could even have a model of those nebulae or planetary surfaces from [NASA]?

While we have covered some distributed models from [NASA] here before, the catalog has expanded far past what 2016 had in store. Additionally, the catalog has been sorted into a more user-friendly, filterable interface than a simple GitHub repository. Most models even have a description attached, giving some basic background information on what the Crab Nebula is, for example.

There could always be more; there don’t appear to be many models of the space shuttle or some other expected files, but what is there is incredible. Some non-3D model files can also be found from star maps to full planetary maps.

While this file repository is cool and all, it’s not all [NASA] does. When not sending rockets deep into space for cool pictures, [NASA] has to make sure the Moon doesn’t explode. Was that a possibility at some point? Of course it has been!

hackaday.com/2026/03/31/a-nebu…

LED Matrix Clock Proudly Shows Its Inner Wiring Some projects ...

2026-03-31T23:00:52Z

LED Matrix Clock Proudly Shows Its Inner Wiring

Some projects take great care to tuck away wire hookups, but not [Roberto Alsina]’s Reloj V2 clock. This desktop clock makes a point of exposing all components and wiring as part of its aesthetic. There are no hidden elements, everything that makes it work is open to view. Well, almost.

The exception is the four MAX7219 LED matrices whose faces are hidden behind a featureless red panel, and for good reason. As soon as the clock powers up, the LEDs shine through the thin red plastic in a clean glow that complements the rest of the clock nicely.

[Roberto]’s first version was a unit that worked similarly, but sealed everything away in a wedge-shaped enclosure that was just a little too sterile, featureless, and ugly for his liking. Hence this new version that takes the opposite approach. Clocks have long showcased their inner workings, and electronic clocks — like this circuit-sculpture design — are no exception.

The only components, besides the Raspberry Pi Zero W and the LED matrices, are the 3D-printed enclosure with a few hex screws and double-sided tape. Design files and code (including the FreeCAD project file) are available should you want to put your own spin on [Roberto]’s design.

hackaday.com/2026/03/31/led-ma…

How Small Can A Linux Executable Be? With ever increasing sizes ...

2026-03-31T20:00:26Z

How Small Can A Linux Executable Be?

With ever increasing sizes of various programs (video games being notorious for this), the question of size optimization comes up more and more often. [Nathan Otterness] shows us how it’s done by minifying a Linux “Hello, World!” program to the extreme.

A naive attempt at a minimal hello world in C might land you somewhere about 12-15Kb, but [Nathan] can do much better. He starts by writing everything in assembly, using Linux system calls. This initial version without optimization is 383 bytes. The first major thing to go is the section headers; they are not needed to actually run the program. Now he’s down to 173 bytes. And this is without any shenanigans!
The final tiny ELF file
The first shenanigans are extreme code size optimizations: by selecting instructions carefully (and in a way a C compiler never would), he shaves another 16 bytes off. But the real shenanigans begin when he starts looking for spaces in the ELF header that he can clobber while the program is still accepted by Linux: now he can move his already tiny x86_64 code into these “vacant” spaces in the ELF and program headers for a final tiny ELF file weighing in at just 120 bytes.

P.S.: We know it is possible to make this smaller, but leave this as an exercise to the viewer.

hackaday.com/2026/03/31/how-sm…

An Oscilloscope The Way They Used To Be It’s likely that ...

2026-03-31T18:30:04Z

An Oscilloscope The Way They Used To Be

It’s likely that Hackaday has a readership with the highest percentage of oscilloscope ownership among any in the world, and we’re guessing that most of you who fit in that bracket have a modern digital instrument on your bench. It’s a computer with a very fancy analogue front end, and the traces are displayed in software. Before those were a thing though, a ‘scope was an all-analogue affair, with a vacuum-tube CRT showing the waveform in real time. [Joshua Coleman] has made one of these CRT ‘scopes from scratch, and we rather like it.

Using a vintage two inch round tube, it includes all the relevant power supplies and input amplifiers for the deflection plates. It doesn’t include the triggers and timebase circuitry you’d expect from a desktop instrument though, so unless you add a sawtooth on its X input it’s only good for some Lissajous figures. But that’s not the point of a project like this one, because it’s likely even the cheapest of modern ‘scopes way exceeds any capabilities it would have even if it were fully formed. It’s a talking point and an attractive demonstration of a bit of early-20th-century physics, which probably many of us would appreciate if it were ours.

A video of the device is below the break, meanwhile we’ve taken a look in the past at the prehistory of the oscilloscope.

youtube.com/embed/sQTSOFO6ceU?…

hackaday.com/2026/03/31/an-osc…

Improving FDM Filament Drying With a Spot of Vacuum Keeping your ...

2026-03-31T17:00:01Z

Improving FDM Filament Drying With a Spot of Vacuum

Keeping your filament safely away from moisture exposure is one of the most crucial aspects of getting a good 3D print, with equipment like a filament dryer a standard piece of equipment to help drive accumulated moisture out of filament prior to printing or storage. Generally such filament dryers use hot air to accomplish this task over the course of a few hours, but this is not very efficient for a number of reasons. Increasing the vaporization rate of water without significantly more power use should namely be quite straightforward.

The key here is the vapor pressure of a liquid, specifically the point at which it begins to transition between its liquid and gaseous phases, also known as the boiling point. This point is defined by both temperature and atmospheric pressure, with either factor being adjustable. In a pressure cooker this principle is for example used to increase the boiling temperature of water, while for our drying purposes we can instead reduce the pressure in order to lower the boiling point.

Although a lower pressure is naturally more effective, we can investigate the best balance between convenience and effectiveness.Vapor Pressure Of Water

The main thing that determines whether or not a substance is in a liquid or gaseous state is pressure from the surrounding gas, specifically the surrounding air or equivalent. Although some of the liquid’s molecules will gradually make their way into these surroundings, at e.g. atmospheric pressure at sea level you do not expect to see water instantly boil-off, whereas nitrogen and oxygen are fortunately all in a gaseous state until either very high pressures, very low temperatures or both.

How easy it is for a liquid to transition to a gas depends on its volatility, which itself is related to the strength of its intermolecular interactions. If these are rather weak then a liquid will transition into a gaseous state relatively easily, meaning at lower temperatures and lower pressures. For water this transition point at sea level is at about 100°C, but for people who live a km or more above sea level, this boiling point starts dropping rapidly.

These principles are used in a variety of ways, with many kitchens featuring a pressure cooker: this is a special pressurized pan that increases the boiling point of water by increasing the pressure inside the vessel, thus speeding up cooking times.
Source: Wikimedia
Increasing pressure of a gas can also turn it back into a liquid, as is the case with for example liquefied petroleum gas (LPG) which is generally stored in pressurized containers. Similarly, in the case of liquefied natural gas (LNG), natural gas is gaseous at atmospheric pressure and room temperature, but is a liquid at -162°C, with some level of pressure above that atmospheric pressure also required. LNG superseded purely pressure-based storage methods in the form of CNG, which requires pressures over 200 bar (>20 MPa).

What we’re trying to do with heating up 3D printer filament and bags of forbidden candy is thus to increase the energy in the system, bringing it closer to the point where the trapped moisture can overcome the vapor pressure of the surrounding air and escape. Logically this means that if we can reduce the surrounding pressure by removing as much of the atmospheric gas as possible, this moisture can escape significantly easier.

Essentially what we need is a pressure cooker, just one that reduces pressure.
Inverted Pressure Cooker

The relation between pressure and temperature as far as the vapor pressure of water is concerned is well-documented. Intuitively at 0 Pa water will boil off practically instantaneously, as there is no vapor pressure from a surrounding atmosphere. The question for our purposes is however just how much we need to reduce the pressure to make a difference, i.e. how deep of a vacuum we need.
Credit: Engineering Toolbox
Looking at a relevant graph, such as this one from the Engineering Toolbox site, we can see that the relationship between pressure and temperature is fairly linear below atmospheric pressure at sea level at 100 kPa (1 bar). Rather than trying to hit some arbitrary point on this curve, we should instead look at what off-the-shelf options we have available that may work for us here.

Since there’s no need for us to hit some kind of ultra-high vacuum, it would be plenty to hit something below 1 kPa, which is absolutely achievable with even a consumer-grade roughing pump like a rotary vane pump. This type of pump is commonly used for silicone and resins in hobbyist applications, making it a solid first target. Theoretically these can vacuum dry filament and more at room temperature.

Another option we have are diaphragm pumps, which come in piston- and eccentric variants. These have the advantage of not requiring oil, and do not produce vaporized oil on their output that has to be captured or vented. They do not hit quite the same vacuum levels as rotary vane pumps, but they can be quite easily staged to improve the final vacuum.
Hot Or Not

Even with most of the gases evacuated around the material that we’re trying to extract moisture from, we still have the option to add thermal energy to hurry the water molecules along. If, for example, we can only hit a pressure of around 100 mbar, we would still need to raise the temperature significantly above room temperature to get the intended effect.

Even with the same PTC-type heater as used in off-the-shelf filament dryers, we could still save significant power and time as now the boiling temperature of the trapped water is less than 50°C. Whether or not this is a very significant difference is something which can be ascertained experimentally after we first get a baseline on what difference just changing the environmental pressure makes.

Thus, all that remains is obtaining some data by firing up a gaggle of vacuum pumps and writing down the results.
Running Experiments

A typical cheap single-stage rotary vane pump kit. (Credit: Maya Posch)
The most straightforward experiment involves the use of a budget rotary vane pump and associated vacuum chamber. Here I picked up a Vevor 3.5 CFM single-stage rotary vane pump (model KQ-1K) rated for 150 Watt along with an 11 L vacuum chamber. Unfortunately the first pump that I received was defective and sounded like someone had lost a bag of spanners inside it while running, while only hitting a sad final vacuum of ~400 mbar.

Fortunately the replacement unit seemed to work a lot better and hit -1 bar on the chamber’s vacuum gauge along with a happy burst of nebulized oil from the pump’s air-oil separator. It was finally time to load up the chamber with some wet things.
Samples prior to loading into vacuum chamber. (Credit: Maya Posch)
As testing the moisture content in a spool of filament is tricky at best, I instead opted for two much easier indicators of vacuum drying chops: a bag of color-changing (cobalt(ii) chloride-containing) silica desiccant and juicy pieces of fruit (apple and banana). The latter items being mostly because it’s a fun experiment and dried fruit is tasty, plus it’s another way to judge drying capacity.

After loading in the samples, the chamber had a vacuum pulled, with the pump managing 10-20 mbar. This is approximately one light-year away from the advertised 5 Pa, but then nobody trusts marketing on non-laboratory equipment. Other than there being clear bubbling/boiling of fluids being visible on the apple piece as the vacuum formed there was little to observe.

After letting it rest for approximately 24 hours the chamber was checked and confirmed to have retained its vacuum level. Ignoring physical changes, the samples’ weight were compared to their pre-vacuum exposure. This gave the following results:

Apple: originally 53.23 grams, final weight 51.76 grams. Decreased 1.76 grams.
Banana: from 41.64 grams to 40.58 grams. Decreased 1.06 grams.
Desiccant: from 3.12 grams to 3.78 grams. Gained 0.66 grams.

This shows that the fruit definitely lost some moisture, while the silica desiccant wasn’t saturated yet and kept doing its thing. As for the effect on the fruit, the apple looked fresh and other than a slightly dryer outer layer was still moist and tasty. The piece of banana had however turned gooey and was not very appetizing any more.

As an aside, the Vevor pump also got rather hot after a few minutes, with cloudy oil in the reservoir, so the best way forward here might be to invest in a second-hand twin-stage lab-level pump instead.
Diaphragm Time

Two diaphragm vacuum pump setups with high-tech jam jar vacuum vessel. (Credit: Maya Posch)
With those results in hand, we still got two more vacuum setups: the two types of diaphragm pumps. Both are readily available via any online shopping platform, with the micropumps available for about $5 a pop, as they’re commonly used in e.g. vacuum packaging devices. The larger eccentric pumps are also found everywhere, but come in significantly pricier, even if they can pump a much larger volume per minute.
Weighing the forbidden candy before some vacuum time. (Credit: Maya Posch)
Here the micropumps are connected in a four-stage configuration, while the eccentric pumps feature a two-stage configuration. Both use the same vacuum chamber, being a repurposed glass jam container. Not only is jam rather tasty, their glass jars are also designed to maintain a vacuum for extended periods of time as part of the preservation process, making them excellent small vacuum chambers.

We run the same experiment as before, but only with the silica desiccant. This shows a rather similar outcome, just with these pumps not hitting quite the same final vacuum. For the twin-stage eccentric pump setup the final vacuum was about 100 mbar, and the quad-stage micropump system hit 60 mbar.

Much like with the rotary vane pump experiment, there was no clearly visible color change to the desiccant. The weight remained unchanged from an initial 3.26 grams, taking into account the variability of those cheap ‘precision’ scales, even after calibration.
Discussion

These filament dryers would look better with some vacuum. (Credit: Maya Posch)
What these experiments make clear is that merely having a low vapor pressure isn’t a silver bullet when you want to remove moisture from silica desiccant or unsuspecting pieces of fruit. It also shows why vacuum packing foodstuffs is a good way to keep them fresh for longer, as leaving a piece of apple lying around on a kitchen counter for a day would result in a far less tasty result.

The application of thermal energy is thus apparently not just a good idea, but might be the best way to make moisture hurry up in evacuating from a sample, especially when water is bound to e.g. a desiccant. For the next stage of this vacuum drying adventure we’ll thus be looking at putting vacuum chambers into some kind of thermal chamber, like a confused mixture of an autoclave and pressure cooker. Here the main question is the selection of the optimal heating solution, which is where again there are many choices.

This should reveal whether the <100 mbar of the cheaper, 12 VDC-powered diaphragm pump setup is enough to make it a competitor to the mains-powered rotary vane pump for this purpose. Beyond this there is also the question in how far existing filament dryers could be retrofitted to support some level of vacuum, as well as potential vacuum storage.

Any thoughts, notes, references and more on this topic are most welcome.

hackaday.com/2026/03/31/improv…

HEGSETH L’OSSESSO @nprofile…fwcg Il 26 marzo scorso, nel ...

2026-03-31T16:49:17Z

HEGSETH L’OSSESSO

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)

Il 26 marzo scorso, nel corso della prima, dopo l’inizio della guerra in Iran, delle riunioni di culto mensili da lui istituite e ospitate dal Pentagono, ha recitato, in diretta streaming, una preghiera che ha detto era stata condivisa da un cappellano militare con le truppe coinvolte nella missione che ha portato alla cattura del venezuelano Presidente Nicolás Maduro...

Qualcuno ha dirottato uno strumento di sviluppo software open ...

2026-03-31T16:33:15Z

Qualcuno ha dirottato uno strumento di sviluppo software open source per diffondere malware a milioni di persone.

L'attacco alla catena di approvvigionamento è stato bloccato in meno di tre ore, ma non è ancora chiaro quante persone siano state colpite.

techcrunch.com/2026/03/31/hack…

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
RE: infosec.exchange/users/lorenzo…

quoting
nevent1q…zxqx
NEW: Someone hijacked an open-source software development tool to push malware to millions of people.

The supply chain attack was stopped in less than three hours, but it's still unclear how many people got hacked.

https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/

Reverse-Engineering The Holy Stone H120D Drone There are plenty ...

2026-03-31T15:30:39Z

Reverse-Engineering The Holy Stone H120D Drone

There are plenty of drones (and other gadgets) you can buy online that use proprietary control protocols. Of course, reverse-engineering one of these protocols is a hacker community classic. Today, [Zac Turner] shows us how this GPS drone can be autonomously controlled by a simple Arduino program or Python script.

What started as [Zac] sniffing some UDP packets quickly evolved into him decompiling the Android app to figure out what’s going on inside. He talks about how the launch command needs accurate GPS, how there’s several hidden features not used by the Android app, et cetera. And it’s not like it’s just another Linux SoC in there, either. No, there’s a proper Real-Time Operating System (RTOS) running, with a shell and a telnet interface. The list of small curiosities goes on.

After he finished reverse-engineering the protocol, he built some Python scripts, through which you can see the camera feed and control the drone remotely. He also went on to make an Arduino program that can do the latter using an Arduino Nano 33 IoT.

hackaday.com/2026/03/31/revers…

Solar Balconies Take Europe By Storm Solar power has been around ...

2026-03-31T14:00:09Z

Solar Balconies Take Europe By Storm

Solar power has been around for a long time now. Once upon a time, it was mostly the preserve of research projects and large-scale municipal installations. Eventually, as the technology grew ever cheaper, rooftop solar came along, and cashed-up homeowners rushed to throw panels on their homes to slash their power bills and even make money in some cases.

Those in apartments or rented accommodations had largely been left out of the solar revolution. That was, until the advent of balcony solar. Popular in Germany, but little known in the rest of the world, the concept has brought home power generation to a larger market than ever.Pop One On

Photovoltaic solar panels were very expensive to manufacture, a long time ago. This made it difficult for solar power to compete with traditional energy sources like fossil fuels. High install costs and limited power output made the business case difficult, even if the energy from the sun itself was effectively free. However, as the desire for cleaner sources of energy ramped up over the years, solar panel production ramped up in turn. Economies of scale did their thing, and panels grew cheap enough for individuals to consider installing them on their own homes. This led to the widespread uptake of rooftop solar, with installations commonly in the 5 kW to 10 kW range with inverter hardware to allow feeding energy back into the grid in a safe and controlled manner.
The common term is “balkonkraftwerk” in German, which translates to “balcony power plant.” However, there’s no real need for a balcony. Anywhere you can hang them outside a building will work if you can find a way to route the wires to a power point. Credit: RobbieIanMorrison, CC BY 4.0
The problem with rooftop solar is that not everybody owns their roof. A great many people around the world live in apartments, or rent, and are not in a position to make permanent adjustments to their home. These groups were largely left out of the solar revolution. That was, until solar panels grew so cheap and power bills grew high enough that even small-scale installs started to make financial sense.

In Germany in particular, small solar installs have become quite popular, and the country has become a hotbed for so-called “balcony” solar installations. These involve simple setups of one or two solar panels which are designed to be easily mounted on a balcony or other outdoor area of a home, rather than permanently installed on a rooftop.

They come with small inverters to convert the DC output of the solar panels into AC power, which plug straight into an existing home power socket. This do-it-yourself install method eliminates the need for hiring an electrician, further improving the affordability of the system. The inverters used with these systems include anti-islanding protection so that the solar system does not power any circuits if the grid has been deenergized for service or repair.

Balcony solar does have some limitations compared to rooftop installs. Often, installation angles are imperfect for making the most of the sun available. There are also limitations to how much power you can get out of such a system. Germany’s initial regulations for “balkonkraftwerk” systems stated that feed in power had to be limited to 600 watts to avoid potential issues with household wiring and sockets that were never designed for feed-in solar power.

Updated regulations allow up to 800 watts of feed-in, with an additional regulation that the installed panels do not exceed a level of 2000 watts peak output. It might sound like a mismatch, but it’s possible to use the excess power from the panels to charge a battery when the output exceeds the 800-watt limit. Having larger panels with higher peak output is useful, too, for when the sun isn’t shining so bright. A 2000 watt peak panel setup will be outputting 800 watts or more far more often than a set of panels that only delivers 800 watts in peak conditions.
The panels are generally installed in ad-hoc fashion. Credit: Nikolai Twin, CC BY 4.0
Despite the limitations, or perhaps because of them, it’s a cinch to get yourself going with solar in Germany. Just head to your local big box store, purchase a kit, and hang it off the side of your house. Once you plug it in to the wall, you’re pretty much done. Most kits come with some sort of app for monitoring the system so you can keep an eye on how much your panels are generating. The ease of access has led to an explosion in installs, with over 1 million balcony solar setups already operating in the country.

Thus far, balcony solar has been largely a German thing. However, other parts of the world are catching on. Other European nations like Spain, France, and Belgium have all got on board the train already. In the United States, the state of Utah has already approved a framework for balcony solar installs, and Virginia is following close behind. The key has been carving out special measures to allow easy, cheap DIY installs for small solar systems.

Typically, setting up rooftop solar in most states requires signing an agreement with the local utility regarding power feed-in to the grid, as well as hiring professional contractors for the installation. This adds a huge amount of cost which a small solar system would never recoup in a reasonable amount of time. By eliminating these hurdles for small-scale plug-in setups, they become viable and far more accessible to more of the community.
Balcony solar kits are readily available at stores across Germany. An 800-watt kit can be had for as little as a few hundred Euros. Credit: Lidl via screenshot

Balcony solar is unlikely to be an instant gamechanger that drastically shakes up the power grid. Most installs are low power. Their juice is mostly sucked up to run a fridge and a TV or two, and few make major feed-in contributions to the broader grid. However, their popularity in Europe shows that there is a serious eagerness amongst the broader community to get on board the solar train any which way or how. At the very least, balcony solar is a grand business opportunity and one that is bringing sustainability to more corners of the urban and suburban landscape than ever before.

Featured image: “Sogenanntes Balkonkraftwerk” by [Triplec85]

hackaday.com/2026/03/31/solar-…

Refill UV Printer Ink Cartridges Like It’s The Late 90s The ...

2026-03-31T11:00:39Z

Refill UV Printer Ink Cartridges Like It’s The Late 90s

The Eufymake E1 is a recently-released prosumer UV printer that can print high-resolution color images onto pretty much anything. It also uses proprietary ink cartridges (which integrate a magnetic stirrer, nice) which are far more expensive than UV ink in bulk. So [charliex] set out to figure out how to refill the ink cartridges, including the cleaning cartridge.
If one doesn’t mind a bit of fiddling, cartridges can be refilled without having to add any new holes.
UV printing in general is a bit of a maintenance hog, which has helped keep it from hobbyist use. UV ink doesn’t really like sitting idle in a machine, but the E1 automates cleaning and flushing of the print head as well as having swappable cartridges for each ink. This makes it a lot more user-friendly than UV printing has historically been.

The cartridge hardware can have a longer serviceable life than the ink inside, so it makes sense to try to refill them. There are more reasons to do this than just limiting costs. What if one wishes to print and the parent company is sold out of cartridges? What if they shut down? Refilling cartridges, and emptying waste from the cleaning cartridge, would become imperatives — lest an expensive prosumer UV printer turn into a paperweight. Thankfully software DRM control of the cartridges seems limited, at least so far.

Refilling cartridges can be carefully done with syringes combined with manual bypass of spring-loaded valve mechanisms. Emptying the cleaning cartridge can similarly be done by syringe, and it even has a hidden refill port under some plastic at its top.

[charliex] approaches all of this from a reverse-engineering perspective, indeed, he has a whole separate blog post about the software for the printer. So his solution is much more informed and elegant than, for example, just melting a new refill hole in the side of the things. It’s an interesting read, so check it out.

Our own Tom Nardi took a close, hands-on look at the E1 printer last year and came away pretty impressed with its capabilities. The cartridges are a big part of the user-friendliness of the system, but we hope there remains a viable option for manual refill for those of us who want to control costs or don’t wish to be locked in, and don’t mind violating a warranty or two in the process.

hackaday.com/2026/03/31/refill…

Per Google il Q-Day arriverà nel 2029 @nprofile…fwcg Google ha ...

2026-03-31T10:59:59Z

Per Google il Q-Day arriverà nel 2029

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Google ha aggiornato il Q-Day, il momento in cui i computer quantistici potrebbero spezzare la crittografia attuale. Migrare verso la crittografia post-quantistica è sempre meno un’opzione
L'articolo Per Google il Q-Day arriverà nel 2029 proviene da Cyber Security 360.

#Cybersecurity360 è la cybersecurity360.it/news/googl…

Guerre di Rete - Sovranità stellare @nprofile…fwcg Il ...

2026-03-31T09:27:31Z

Guerre di Rete - Sovranità stellare

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Il riepilogo delle ultime settimane di quanto uscito su Guerre di Rete.

#GuerreDiRete è la newsletter curata da Carola Frediani (nprofile…4yny)
guerredirete.substack.com/p/gu…

Intesa Sanpaolo, mega sanzione privacy per accessi abusivi: una ...

2026-03-31T09:26:15Z

Intesa Sanpaolo, mega sanzione privacy per accessi abusivi: una lezione per CISO e DPO

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Il provvedimento del Garante privacy non è solo una sanzione record per il settore bancario italiano: 31, 8 milioni di euro. È una lezione sistemica su insider threat, accountability e gestione delle violazioni. Ecco cosa devono imparare

The D in DNS Stands for DOOM As literally everything ought to be ...

2026-03-31T08:00:10Z

The D in DNS Stands for DOOM

As literally everything ought to be able to play DOOM in some fashion, [Adam Rice] recently set out to make the venerable DNS finally play the game after far too many decades of being DOOM-less. You may be wondering how video games and a boring domain records database relate to each other. This is where DNS TXT records come into play, which are essentially fields for arbitrary data with no requirements or limitations on this payload, other than a 2,000 character limit.

Add to this the concept of DNS zones which can contain thousands of records and the inkling of a plan begins to form. Essentially the entire game (in C#) is fetched from TXT records, loaded into memory and run from there. This is in some ways a benign form of how DNS TXT records can be abused by people with less harmless intentions, though [Adam] admits to using the Claude chatbot to help with the code, so YMMV.

The engine and WAD file with the game’s resources are compressed to fit into 1.7 MB along with a 1.2 MB DLL bundle, requiring 1,966 TXT records in Base64 encoding on a Cloudflare Pro DNS zone. With a free Cloudflare account you’d need to split it across multiple zones. With the TXT records synced across the globe, every DNS server in the world now has a copy of DOOM on it, for better or worse.

You can find the project source on GitHub if you want to give this a shake yourself.

Thanks to [MrRTFM] for the tip.

hackaday.com/2026/03/31/the-d-…

World Backup Day 2026, il dato fa parte della nostra identità ...

2026-03-31T07:33:15Z

World Backup Day 2026, il dato fa parte della nostra identità digitale: come proteggerlo

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
La giornata internazionale dedicata al backup dei dati è un'occasione per effettuare la verifica delle proprie strategie di protezione dati in uno scenario di assedio cyber. Ecco i consigli pratici per le aziende che

PDP-11 Lives in Literal Computer Desk Once More When you think of ...

2026-03-31T05:00:37Z

PDP-11 Lives in Literal Computer Desk Once More

When you think of iconic parings, your brain probably goes more to “cookies and milk” than “DEC and Ikea” but after watching [Dave]’s latest on Usagi Electric where he puts a PDP-11 into an Ikea desk, you may rethink that.

The PDP-11 is vintage hardware that actually lived inside of a different desk, once upon a time, serving as the control unit for an FTIR spectrometer. While the lab equipment has thankfully survived the decades, the desk did not and when [Dave] got the unit it was as a pile of parts. He revived it, of course– it’s kind of what he does– but it didn’t get a new desk for years, until his latest shop re-organization.

The one concession to modernity– and missing parts– is using switching power supplies rather than the bulky linear PSU that would have originally powered the unit. It’s a good thing, too, or we have trouble picturing how everything would fit! This particular PDP-11 comes with the high performance vector processing unit in order to crunch those spectrographs, and apparently those chips idle at about 60C, so the desk-case got some decent-sized 120V fans to keep everything cool and running for years to come.

This isn’t the most aesthetic or fanciest case-mod we’ve seen, mostly being made of surplus plywood and scrap metal fittings, but it certainly gets the job done. Given that the PDP-11 has been crammed into every form-factor known to man, from a system-on-a-chip (before anybody really talked about SOCs) to desktop workstations, and of course the hulking cabinets with their iconic blinkenlights-– it’s hard to say that this installation isn’t reasonably authentic, even if it isn’t the original desk.

youtube.com/embed/mG3XGbbvWH8?…

hackaday.com/2026/03/30/pdp-11…

See The Computers That Powered The Voyager Space Program Have you ...

2026-03-31T02:00:38Z

See The Computers That Powered The Voyager Space Program

Have you ever wanted to see the computers behind the first (and for now only) man-made objects to leave the heliosphere? [Gary Friedman] shows us, with an archived tour of JPL building 230 in the ’80s.

A NASA employee picks up a camcorder and decides to record a tour of the place “before they replace it all with mainframes”. They show us computers that would seem prehistoric compared to anything modern; early Univac and IBM machines whose power is outmatched today by even an ESP32, yet made the Voyager program possible all the way back in 1977. There are countless peripherals to see, from punch card writers to Univac debug panels where you can see the registers, and from impressive cabinets full of computing hardware to the zip-tied hacks “attaching” a small box they call the “NIU”, dangling off the inner wall of the cabinet. And don’t forget the tape drives that are as tall as a refrigerator!

We could go on ad nauseum, nerding out about the computing history, but why don’t you see it for yourself in the video after the break?

youtube.com/embed/T_bqc76_3xU?…

Thanks to [Michael] for the tip!

hackaday.com/2026/03/30/see-th…

This Front Panel Makes Its Own Clean-Edged Drill Guides We ...

2026-03-30T23:00:54Z

This Front Panel Makes Its Own Clean-Edged Drill Guides

We haven’t seen an instrument panel quite like [bluesyann]’s, which was made by curing UV resin directly onto plywood with the help of a 3D printer and a bit of software work. The result is faintly-raised linework that also makes hand drilling holes both cleaner and more accurate.

The process begins by designing the 2D layout in Inkscape, which has the advantage of letting one work in 1:1 dimensions. A 10 mm diameter circle will print as 10 mm; a nice advantage when designing for physical components. After making the layout one uses OpenSCAD to import the .svg and turn it into a 3D model that’s 0.5 mm tall. That 3D model gets loaded into the resin printer, and the goal is to put it directly onto a sheet of plywood.
A little donut shape makes a drill centering feature, and the surrounding ring keeps the edges of the hole clean.
To do that, [bluesyann] sticks the plywood directly onto the 3D printer’s build platform with double-sided tape. With the plywood taking the place of the usual build surface, the printer can cure resin directly onto its surface. Cleanup still involves washing uncured resin off the board, but it’s nothing a soak in isopropyl alcohol and an old toothbrush can’t take care of.

[bluesyann] has a few tips for getting the best results, and one of our favorites is a way to make drilling holes easier and cleaner. Marking the center of a drill hit with a small donut-shaped feature makes a fantastic centering guide, making hand drilling much more accurate. And adding a thick ring around the drill hole ensures clean edges with no stray wood fibers, so no post-drilling cleanup required. Don’t want the ring to stick around after drilling? Just peel it off. There’s a load of other tips too, so be sure to check it out.

A nice front panel really does make a project better, and we’ve seen many different approaches over the years. One can stick laminated artwork onto an enclosure, or one can perform toner transfer onto 3D printed surfaces by putting the design on top of the 3D printer’s build surface, and letting the heat of molten plastic do the work of transferring the toner. And if one should like the idea of a plywood front panel but balk at resin printing onto it, old-fashioned toner transfer works great on wood.

hackaday.com/2026/03/30/this-f…

Intesa Sanpaolo, multa da 31,8 milioni per un data breach durato ...

2026-03-30T20:20:46Z

Intesa Sanpaolo, multa da 31,8 milioni per un data breach durato oltre due anni

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Un data breach protratto per più di due anni, migliaia di accessi indebiti e sistemi di controllo ritenuti inadeguati. Con queste motivazioni il Garante per la protezione dei dati personali ha sanzionato Intesa Sanpaolo con una multa da 31,8 milioni di euro,

Retro Open Source Camera Straight from the ’90s In our modern ...

2026-03-30T20:00:05Z

Retro Open Source Camera Straight from the ’90s

In our modern society, we have started to take the humble camera for granted. Perhaps because of this, trendy standalone cameras have started to take off. Unfortunately, most of the time these cameras are expensive and not any better than those in our everyday smartphones. If only there were some open-source solution where you could build and customize your own standalone device? [Yutani] has done just that with the SATURNIX.

Simple microcontrollers and cameras meant for Raspberry Pis are a dime a dozen these days. Because of this, it’s no surprise to hear that the SATURNIX is based on recognizable hardware, a Raspberry Pi Zero 2W and an Arducam 16MP sensor. The Pi Zero powers both the sensors’ capture abilities and the interactive LCD display.

Some sample filtered shots from the SATURNIX
With a simple visual design, the device could certainly fit into the same market we see so many other standalone cameras. Pictures from the camera look great without or with the included filter options if you want a more retro look. While currently there do appear to be some speed improvements needed, the best part of open source is that you yourself can help out!

We always love ambitious open source projects that look to build a true base for others to work on, and this seems like no exception! If you want similarly impressive feats of optical trickery, look no further than using scotch tape as a camera lens!

hackaday.com/2026/03/30/retro-…

Come trasformare qualsiasi cosa in un routerNon mi piace molto ...

2026-03-30T19:32:40Z

Come trasformare qualsiasi cosa in un routerNon mi piace molto coprire “gli eventi attuali”, ma il governo americano ha appena rivelato una politica davvero sconcertante che vieta di fatto l'importazione di nuovi modelli di router consumer. Questo è ridicolo per molte ragioni, ma se ciò dovesse effettivamente accadere potrebbe essere utile imparare a “produrre in casa” un router.

Fortunatamente, è possibile realizzare un router utilizzando praticamente qualsiasi cosa assomigli a un computer.

nbailey.ca/post/router/

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)

L’identità digitale è il bersaglio: l’attacco che segna un ...

2026-03-30T18:24:16Z

L’identità digitale è il bersaglio: l’attacco che segna un cambio di paradigma

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
È stata identificata una campagna di attacco particolarmente sofisticata e strutturata basata su phishing il cui vero obiettivo strategico sono i token di accesso alle piattaforme Microsoft 365 di oltre 340 organizzazioni in tutto il mondo. Ecco tutti i

Recreating One of the First Hackintoshes Apple’s Intel era was ...

2026-03-30T18:00:36Z

Recreating One of the First Hackintoshes

Apple’s Intel era was a boon for many, especially for software developers who were able to bring their software to the platform much more easily than in the PowerPC era. Macs at the time were even able to run Windows fairly easily, which was unheard of. A niche benefit to few was that it made it much easier to build Hackintosh-style computers, which were built from hardware not explicitly sanctioned by Apple but could be tricked into running OSX nonetheless. Although the Hackintosh scene exploded during this era, it actually goes back much farther and [This Does Not Compute] has put together one of the earliest examples going all the way back to the 1980s.

The build began with a Macintosh SE which had the original motherboard swapped out for one with a CPU accelerator card installed. This left the original motherboard free, and rather than accumulate spare parts [This Does Not Compute] decided to use it to investigate the Hackintosh scene of the late 80s. There were a few publications put out at the time that documented how to get this done, so following those as guides he got to work. The only original Apple part needed for this era was a motherboard, which at the time could be found used for a bargain price. The rest of the parts could be made from PC components, which can also be found for lower prices than most Mac hardware. The cases at the time would be literally hacked together as well, but in the end a working Mac would come out of the process at a very reasonable cost.

[This Does Not Compute]’s case isn’t scrounged from 80s parts bins, though. He’s using a special beige filament to print a case with the appropriate color aesthetic for a computer of this era. There are also some modern parts that make this style computer a little easier to use in today’s world like a card that lets the Mac output a VGA signal, an SD card reader, and a much less clunky power supply than the original would have had. He’s using an original floppy disk drive though, so not everything needs to be modernized. But, with these classic Macintosh computers, modernization can go to whatever extreme suits your needs.

Thanks to [Stephen] for the tip!

youtube.com/embed/RUUVNi_X8w8?…

hackaday.com/2026/03/30/recrea…

EPIDEMIE IN TRINCEA: SOLDATI RUSSI IN TRAPPOLA @nprofile…fwcg ...

2026-03-30T17:27:22Z

EPIDEMIE IN TRINCEA: SOLDATI RUSSI IN TRAPPOLA

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)

Il brusio soffuso delle conversazioni e il tintinnio di posate d'argento riempivano l'aria del Circolo Militare Centrale di Mosca.
L'articolo EPIDEMIE IN TRINCEA: SOLDATI RUSSI IN TRAPPOLA proviene da GIANO NEWS.
#DIFESA

Medieval Alhambra’s Pulser Pump and Other Aquatic Marvels ...

2026-03-30T17:00:54Z

Medieval Alhambra’s Pulser Pump and Other Aquatic Marvels

Recently the Practical Engineering YouTube channel featured a functional recreation of a pump design that is presumed by some to have been used to pump water up to the medieval Alhambra palace and its fortress, located in what is today Spain. This so-called pulser pump design is notable for not featuring any moving parts, but the water pump was just one of many fascinating engineering achievements that made the Alhambra a truly unique place before the ravages of time had their way with it.

Although the engineering works were said to still have been functional in the 18th century, this pumping system and many other elements that existed at the peak of its existence had already vanished by the 19th century for a number of reasons. During this century a Spanish engineering professor, Cáceres, tried to reconstruct the mechanism as best as he could based on the left-over descriptions, but sadly we’ll likely never know for certain that it is what existed there.

Similarly, the speculated time-based fountain in the Court of the Lions and other elements are now forever lost to time, but we have plenty of theories on how all of this worked in a pre-industrial era.Alhambra

Evening panorama of Alhambra from Mirador de San Nicolás, Granada, Spain. (Credit: Slaunger, Wikimedia)
A UNESCO World Heritage Site since 1984, the Alhambra saw its first construction in 1238 CE by Muhammad I, the first Nasrid emir. The Nasrid dynasty would last from 1238 to 1491 CE when the Muslim state of al-Andalus fell during the Christian Reconquista.

Even after the end of the Nasrid dynasty would the Alhambra see further construction by Charles V in the 16th century. This made the Alhambra a rather unique amalgamation of Islamic and Renaissance-era architecture and engineering. Sadly by the 18th century the structure had been abandoned for centuries, invaded by squatters, and partially destroyed by the troops of Napoleon in 1812.

Only after these troubled times did an appreciation for such cultural heritage begin to flourish, with European and American tourists alike frequenting the area. One of them – US author Washington Irving – was so inspired by his visit in 1828 that he’d end up writing Tales of the Alhambra, containing many myths, stories, sketches, and essays pertaining to the site. This book in particular was instrumental in making an international audience aware of this site and its legacy.

This renewed attention resulted in the site becoming recognized first as a Spanish Cultural Heritage monument in 1870 and subsequently by UNESCO more than a century later.
Water Features

Most fortresses of the era relied primarily on water cisterns that collected rainwater, as well as access to local rivers in some form, usually requiring human or animal labor to transport the latter. This was also how the Alhambra started in its initial fortress form, called the Alcazaba, meaning ‘citadel’ in Spanish, from Arabic al-qaṣabah. The water from this cistern didn’t just supply drinking water, but also for the bathhouse (hammam) and water elements like a pool or fountain for houses in the interior urban area. These houses additionally featured latrines that were flushed using this cistern water.

As the Alhambra expanded, with many palaces and related structures added, its water requirements increased correspondingly. Rather than some small decorative water features for a dozen houses and a communal bath, there were now reflective pools, fountains and a much larger population. This necessitated finding more efficient ways to get more water up the hill on which the Alhambra was constructed.
Aqueduct of the Alhambra as it enters the wall. (Credit: Sharon Mollerus, Wikimedia)
In addition to the aforementioned pump, there was also an aqueduct (the Acequia Real) that carried water from the Darro River. At a distance of 6.1 km from the fortress the river is at a sufficiently high elevation to provide water using just gravity. This aqueduct additionally provided water via additional branches to gardens and settlements beyond the Alhambra’s walls.

Many details can be found in this 2019 summary of applied hydraulic techniques at al-Andalus fortresses by Luis José García-Pulido and Sara Peñalver Martín.

As noted in that overview article, the reason for the Alhambra being significantly more advanced than other fortresses in the al-Andalus region was that it was the seat of the Nasrid dynasty, ergo it was only natural that it’d not only get all the palaces and comforts, but also the most advanced technologies for supplying water.

Unfortunately the unique pumping device that was used to supply the Alcazaba with water from the aqueduct was replaced in the 18th century with a more basic syphon system and the original device was removed. Up till that point the previous device had continued to work, despite the new owners of the Alhambra not understanding its operating principles. This left 19th century researchers like Cáceres to essentially fully rely on notes made during the previous century.

That said, there are also hints that the Alcazaba of the Antequera fortress used a similar device to pump water uphill, featuring ceramic pipes and other features that are described in by Sancho de Toledo in 1545. Unfortunately these accounts were all written by people who lacked the engineering know-how of the original Nasrid engineers – or any engineering knowledge at all – and thus had no understanding of the workings of these pumps.

This means that we will unfortunately never know exactly what this device looked like or how it worked, but we can still look at some mechanisms which we are familiar with today that could have been used. The concept of the hydraulic ram or pulser pump would seem to come closest compared to what little we do know.
Self-Powered Pumps

1) Inlet – drive pipe; 2) Free flow at waste valve; 3) Outlet – delivery pipe; 4) Waste valve; 5) Delivery check valve; 6) Pressure vessel (Source: Wikimedia)
Unlike a water pump that uses e.g. an impeller to impart kinetic energy and thus move the liquid, a self-powered pump uses physical phenomena like the water hammer effect or the fact that gas in a liquid will rise in order to effect a pumping effect. The hydraulic ram, for example, uses the water hammer effect and relies only on the kinetic energy of the incoming water.

The basic hydraulic ram functional sequence involves the water current pushing the normally open waste valve close, at which point the water hammer effect from the sudden current cessation forces the delivery valve open and pushing water into the delivery pipe.

This process will reverse again after a short while, sending a pressure wave upstream and eventually leading to the waste valve reopening. The downstream flow will then resume again, restarting the whole process.

In terms of technological complexity this is a very straightforward design, with the most complex parts being the valves and the pressure vessel that cushions the system against pressure shocks. This is however a design that would have been technologically quite feasible to manufacture and operate.
Basic pulser pump design. (Credit: Belbury, Wikimedia)
Another, similar type of pump is the gas lift pump. A very small variant of this is commonly used in devices like coffee percolators, with the pulser pump being in effect a very large implementation of the same general principle. Rather than applying heat to the water reservoir in order to create gas (i.e. steam), the pulser pump uses an air compressing effect that’s also used with water-powered trompe air compressors.

As water falls down a pipe it drags air bubbles along with it, which eventually arrive at the bottom where said air is trapped in a cavity while the water flows on to a lower elevation.

The thinner pipe through which water ultimately is pumped is inserted into this air chamber in such a way that it’ll alternately ingest water and air as the level of the latter varies over time. This way pockets of water become trapped between pockets of air, with a resulting pulsing output of water at the end of this pipe.

Whether the original device at the Alhambra or Antequera exactly matches either pump design will likely remain forever a mystery, but neither were beyond the technological means of the time, with the pulser pump arguably even more straightforward due to a lack of need for any valves and pressure vessels.
Time Or Reflective Fountain

Although the Practical Engineering video focuses on this pump design, its author – Grady – was inspired by a Primal Space video that’s basically just history slop content, not citing any proper sources and propagating myths and misinformation as fact. The worst offender is probably the myth that the fountain that is found in the Court of the Lions was time-activated, with the only evidence for it being a clock being that there are twelve lion statues and there are two times twelve hours in a day.
Court of the Lions and its fountain in 2021. (Credit: Sean Adams, Wikimedia)
When we consider the archaeological evidence that exists so far, as well as the findings during the recent restorations, it seems clear that the marble block with its many holes through which the water entered the bowl was intended to diffuse the flow. Around the bowl we can see a corresponding poem of twelve verses by the vizier and poet Ibn Zamrak.

In verses 3 through 7 it specifically refers to “[..] which runs to that which is still, that we know not which of them is flowing”. This quite strongly suggests that the theme was similar to that of the many reflective pools that were so popular around the Alhambra and elsewhere. The idea of it being a time-controlled mechanism would thus seem to be a purely Western interpretation, barring some hitherto unknown evidence appearing.
Lossy History

Perhaps the most cruel aspect of history is that, much like time itself, it has no concern for those of us who live in the present. Throughout the eons as empires rise and crumble back into dust, wondrous inventions are made and soon again forgotten, leaving behind only echoes of deeds and wonder.

If we’re lucky some of it is recorded in a form as durable as Sumerian clay tablets buried underneath desert sands, but if not then what once was shall never be again. This impermanence is the eternal curse of the past, and also the reason why it’s always so important to make multiple copies of your important data.

Due to the passage of time history is mostly just ruins, pot shards and bones buried in mud and sand. Some will try to spruce things up with one’s imagination resulting in faux romanticism, but this naturally bears little connection to the past. That today the Alhambra has been largely restored is testament to how much more respectful we now approach the past, but the parts that were erased after the demise of the Nasrid dynasty are sadly likely to be lost forever.

Featured image: Reflective pool of the Court of the Myrtles, looking north towards the Comares Tower. (Credit: Tuxyso, Wikimedia)

hackaday.com/2026/03/30/mediev…

Tame the Tape: Open-Source Dotterboard for Bulk SMT Parts One of ...

2026-03-30T15:30:15Z

Tame the Tape: Open-Source Dotterboard for Bulk SMT Parts

One of the great things about building electronics today is how affordable SMT components have become — sometimes just fractions of a cent each. That low price often means ordering far more than you need so you’ll have spares on hand the next time a project calls for them. Keeping track of exactly how many of each part you actually have, though, is rarely easy. To solve that problem, [John] built the Dotterboard, an open-source SMT tape counter.

While working on some of his other projects, [John] found himself managing thousands of tiny SMT parts and decided it was time to automate the counting. The Dotterboard takes inspiration from the BeanCounter — a compact, portable SMT tape counter — but expands the design to handle larger components beyond the 8 mm tapes the BeanCounter targets.

The Dotterboard is mostly 3D-printed and uses just a few common hardware parts such as springs and ball bearings. An OLED displays the current count, which comes from an encoder tracking movement and multiplying by the number of components per hole. At the heart sits an RP2040 Zero that needs nothing more than a single USB-C cable for power, unlike the bulky industrial SMT counters that demand AC outlets and desk space.

Be sure to check out all the details of the build on [John]’s website, and grab the files from his GitHub if you want to make your own. Let us know what are some projects you’ve done to save you the headache of doing the same task by hand for hours on end.

youtube.com/embed/WIFQgdVEmkg?…

hackaday.com/2026/03/30/tame-t…

AI Act, la semplificazione che complica: meno regole, più ...

2026-03-30T14:38:20Z

AI Act, la semplificazione che complica: meno regole, più incoerenza?

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
L’adozione da parte del Parlamento UE della propria posizione sul cosiddetto digital omnibus, il settimo pacchetto di semplificazione che interviene, tra gli altri, sull’AI Act, non è una semplice calibrazione dei tempi di applicazione o razionalizzazione degli obblighi, ma

Spy Tech: Conflicts Bring a New Number Station If you know much ...

2026-03-30T14:00:27Z

Spy Tech: Conflicts Bring a New Number Station

If you know much about radios and espionage, you’ve probably encountered number stations. These are mysterious stations that read out groups of numbers or otherwise encoded messages to… well… someone. Most of the time, we don’t know who is receiving the messages. You’d be excused for thinking that this is an old technology. After all, satellite phones, the Internet, and a plethora of options now exist to allow the home base to send spies secret instructions. However, the current-day global conflict has seen at least one new number station appear, apparently associated with the United States and, presumably, targeting some recipients in Iran, according to priyom.org.

As you might expect, these stations don’t identify themselves, but the Enigma Control List names this one as V32. It broadcasts two two-hour blocks a day at 0200 UTC and a repeat at 1800 UTC. Each message starts with the Farsi word for “attention” followed by what is assumed to be some header information as two 5-digit groups. Then there is a set of 181 five-digit groups. Each message is padded out to take 20 minutes, and there are six messages in each transmission.How Do You Know?

While this could, in theory, be from (and to) anywhere, direction finding has traced the signal to a US base near Stuttgart, Germany. In addition to using Farsi, Iran has repeatedly attempted to jam the signal, causing V32 to change frequencies a few times. There’s also a more recent, so far unidentified, jammer trying to block the signal.

In addition to direction finding, there is a surprising amount of information you can glean from the audio. The first few days of broadcasts had specific beeps in the background, which appear to be warning tones from a specific type of American military transmitter that warns the operator when encryption is not engaged. At first, a human read the numbers. Eventually, the station switched to using automated numbers.
Oops

In addition, there have been a few times when Windows 10 system sounds have leaked into the transmission. Other oddities are several cases where a word was read out in the middle of the numbers. We aren’t cryptographers, but that suggests the numbers refer to words in some sort of codebook, and that book doesn’t contain the proper words.

If you want to try your hand at decoding, you can hear the station on USB just under 8 MHz, or just listen to the recordings made by others (like the ones below or this one). You might like to read what other people say about it, too.

youtube.com/embed/3-eg3i9XYt4?…

youtube.com/embed/r6CzkwAXltk?…

We are fascinated by spy stations. Even when they aren’t really number stations.

hackaday.com/2026/03/30/spy-te…

Platform governance goes to court PRESENTED BY IT'S MONDAY, ...

2026-03-30T12:00:39Z

Platform governance goes to court

PRESENTED BY

IT'S MONDAY, AND THIS IS DIGITAL POLITICS. I'm Mark Scott, and as the war in the Middle East enters its second month, here's a map that explains we are all in for major energy price hikes (or shortages) in April.

— American and European courts are doing more for social media oversight than the growing list of online safety regimes worldwide.

— Middle Powers are now testbeds for different forms of AI, competition and platform governance regulation. Some will work, others will not.

— Two-thirds of people polled worldwide say they have used AI, in some form, over the last 12 months.

Let's get started:LITIGATION VERSUS LEGISLATION?

ONE OF THE HALLMARKS OF DIGITAL policymaking over the last five years is the drive toward national or regional online safety rules. The likes of Australia's Online Safety Act; the European Union's Digital Services Act; and the United Kingdom's Online Safety Act epitomize lawmakers' efforts to create greater accountability and transparency for social media giants. That, in turn, has led to a pushback from some of these companies and the United States (at least within the federal government), which criticized these rules as either being overly cumbersome or an illegitimate attack on people's free speech rights.

My day job means I'm pretty clued up on most of these (Western) online safety regimes. If you want a wonky policy discussion about mandatory data access requirements or the inner workings of companies' annual risk assessments and external audits, then I'm your man. Yet we need to be honest about the current state of play of these online safety regimes. They are often too cumbersome, under-resourced and overly-politicized to meaningfully improve people's experiences online — at least in the short term.

In contrast, four recent court decisions — two in the US, two in the EU — demonstrate how judges and juries now have had a more significant impact on platform governance compared to the growing number of national/regional online safety rulebooks. For countries similarly seeking to create greater transparency and oversight for the likes of TikTok and YouTube, this "litigation over legislation" strategy may be worth pursuing. That's especially true given how the current White House is embedding provisions to ward off future digital regulation in its trade negotiations with third-party countries.

**A message from Meta** Following the Brussels AI Symposium, hosted by Meta with eco and EssilorLuxottica as supporting partners, the message from leaders was clear: the world needs a strong Europe at the table in this ongoing technological revolution. Read eco’s white paper here.

Before we get to the court cases and their implications, let's lay out two caveats.

First, it's not a question of litigation or legislation. These policy levers do different things. For officials, it's more about potentially front-running lawsuits, based on existing statutory oversight, before more long-term online safety regulation can navigate countries' often labyrinthine democratic processes. Second, litigation often builds on existing regulatory playbooks, providing individual citizens the ability to fill in gaps where slow-moving — and often untested — legislation has yet to take hold.

OK, caveats covered. Now, to the cases. I'll keep these brief, given how much coverage there has been, especially related to the American lawsuits.

In a one-two punch, two US courts — one in California, another in New Mexico, respectively — took swings at Meta and Google and, separately, Meta. On March 25, a jury in Los Angeles awarded $6 million in damages to a plaintiff who had accused YouTube and Instagram of deliberate design choices that had made her become addicted to both platforms. In response, both Meta and Google rejected those assertions and said they would appeal.

Thanks for reading the free monthly edition Digital Politics. Subscribers receive at least four newsletters a month.

If you've been forwarded this newsletter (and like what you've read), please sign up here. For those already subscribed, reach out on digitalpolitics@protonmail.com

In New Mexico, a separate jury on March 24 found that Meta had violated state consumer protection laws and ordered the tech giant to pay $375 million in damages. The case revolved around accusations from the state's attorney general that the social media company's services were designed to maximize engagement for children without embedding the appropriate safety measures to protect minors. In response, Meta said it kept people safe on its platforms and would similarly appeal.

In Europe, a regional court in southern Germany upheld a complaint on March 11, initially filed by a local consumer protection agency. It required YouTube to stop online influencers from posting sponsored content if the underlying advertiser was not disclosed and clearly stated. The court decision is not yet final. But the preliminary ruling may force YouTube to place a "sponsored post" label across all such videos, as well as require content creators to make public who is paying for such ads. It's a clarification to the EU's Digital Services Act (Article 26) related to how online platforms handle transparency issues related to online advertising.

Finally, a Dutch court on March 26 forcedElon Musk's xAI to stop generating and distributing sexually-explicit images of people without their consent in the Netherlands — or face daily fines of around $115,000. The case had been brought by Offlimits, a local advocacy group. It followed global outrage — and regulatory investigations — into how xAI's Grok artificial intelligence tool and X, which hosted it, had been used to create realistic deepfake explicit images of women and children. xAI's lawyers had said it was impossible to remove all such abuse from the social media platform. The company also stopped Grok from creating such images in early 2026, though the Dutch judge believed there was still reasonable doubt that xAI's attempts would be effective.

Four legal cases, four slightly different legal issues. More lawsuits are pending, and the current cases may still be overturned on appeal.

Yet what is striking are the similarities between these lawsuits — and what they do compared to slow-moving online safety regulation.

Two central criticisms aimed at legislation whichtarget social media are that 1) These platforms have significant liability carve-outs for what people post online and 2) The likes of Australia and the UK's Online Safety Acts represent illegal attacks on free speech rights. The four separate cases, outlined above, mostly circumvent these issues by focusing on the design of these platforms, not on how they moderate individual social media posts.

This is a significant distinction and one, to be fair, also baked into national/regional online safety rules. The point of these lawsuits was not to dictate what could be posted online. Instead, they took aim at the intrinsic design choices that the likes of xAI, YouTube and Instagram had made that, at least in the views of the American juries and European judges, failed to live up to these companies' obligations under existing legislation. It's hard to accuse these decisions of undermining free speech rights when they focus exclusively on the wonkiness of how content recommender systems operate or the transparency requirements related to influencers' sponsored posts.

The Censorship Industrial Complex, it is not.

The second meaningful difference between these lawsuits and the ongoing conveyor belt of online safety regulation is how much more personal such litigation makes the potential harms associated with social media.

I can count, on one hand, the number of experts who have read the EU's most recent risk assessments and external audits related to how so-called Very Large Online Platforms and Search Engines combat alleged systemic risks under the bloc's Digital Services Act. I joke. But only just. These documents run into the hundreds of pages; are inherently legalistic in both tone and nature; and — after two years of these reports being published — have not provided meaningful transparency for the average EU citizen.

In contrast, the often personal (and routinely tragic) stories at the heart of such lawsuits, as well as the spectacle of high-profile tech executives taking the stand to defend their platforms, cuts through to the average social media user more effectively than decades worth of dense policy documents. They demonstrate the potential real world harms resulting from poor design choices that is just not possible via online safety regulation which, inherently, takes a systemic view of such problems.

Inherently, platform governance litigation does something different than online safety legislation. It is not one over the other. But at a time when regulatory headwinds are gathering against countries' attempts to pass such regulation, a shift toward national courts — as a means to boost transparency and accountability for some of the world's largest companies by centering these debates in the lived experiences of individuals — is a much-needed step.Chart of the day

THE US LIKES TO THINK IT'S THE CENTER of the AI revolution. And at least when it comes to where these systems are built, that certainly is true.

But Americans remain behind the curve in the use of artificial intelligence tools and applications compared to their peers across both the West and the Global Majority, based on a worldwide survey conducted between Sept - Oct, 2025.

On average, 66 percent of those polled said they had used such services over the last 12 months. At 88 percent, Nigeria was the most AI-savvy country compared with Japan where only 45 percent of people said they had used AI over the last year.
Source: Google / IpsosMIDDLE POWERS: LABORATORIES OF DIGITAL POLICYMAKING

IN THE EARLY 1930s, THE US SUPREME COURT justice Louis Brandeis referred to US states as so-called "laboratories of democracy." By this, he meant smaller jurisdictions, with the Union, could try different social and economic models without these experiments unduly harming all 50 states. I can't help but think of that expression as I look over the similar digital policymaking crucible underway in so-called Middle Powers countries, or states like Brazil, Japan and the UK that sit slightly outside the trifecta of global digital policymaking powers of the US, EU and China, respectively.

Taken together, three ongoing experiments in each of these jurisdictions demonstrate how national lawmakers and officials are meeting local needs in an increasingly globalized digital world. They offer potential alternatives for other Middle Power countries that do not necessarily want to be rule-takers from global powers when it comes to digital competition, artificial intelligence and data protection.

First, to London. I remain skeptical the UK government (of all political flavors) has the will to implement a serious digital policymaking agenda. Other, that is, than one that prioritizes foreign direct investment over all other demands. Yet the country's Competition and Markets Authority (CMA) is slowly implementing the so-called the Digital Markets, Competition and Consumers, or updated digital antitrust rulebook, that offers an alternative to the more bureaucratic approach under the EU's Digital Markets Act.

A quick snapshot about how these competition rules operate. Under the UK's regime, regulators first determine if a company has so-called "Strategic Market Status," and then create specific rules to ensure its dominance doesn't skew the market. Under the EU's rulebook, companies are designated as "gatekeepers," and then — collectively — European regulators determine if these firms' activities infringe on smaller players.

Before I get angry emails, yes, Doug Gurr — a former senior Amazon executive – was appointed as chairman of the British competition agency in February. That has raised concerns the CMA will pull back on its digital enforcement work. But since early 2026, the regulator has issued two statements — one linked to how people/business interact with Google's search product; another aimed at leveling the playing field in both Google and Apple's App Stores — that are worth tracking.

Both are designed to loosen these services' control of what are now viewed as dominant parts of the online economy. Critics will say they don't go far enough to hobble these services. But the UK's revamped digital antitrust regime is designed to create bespoke interventions, based on individual companies' services, that may prove more nimble than the one-size-fit-all approach outlined within the EU's Digital Markets Act.

What's worth paying attention to, for other Middle Powers, is whether the proposed changes in both Google search and the app stores gives greater breathing space for competitors, as well as allowing users to more easily swap to rival search products. If that does start to happen in the UK (and it's still an 'if,') then London's digital antitrust approach may be worth adopting.

Shifting gears — both geographically and thematically — takes us to Japan where the country's AI regulation is now more than six months old. Unlike the top-down legislation outlined by the likes of South Korea and Europe, Japan has instead implemented mostly voluntary guidelines, backed up with expanded enforcement powers for existing regulatory agencies, to create a flexible approach to AI oversight. At least, that is what Tokyo would like you to believe.

**A message from Meta** On 24 March, The Brussels AI Symposium hosted by Meta with eco, and EssilorLuxottica as supporting partners, convened political leaders including European Parliament President Roberta Metsola and US Ambassador Andrew Puzder, Italian Vice Minister Valentino Valentini, and leaders across industry. The speakers struck the same chord: the world needs a strong Europe at the table in this ongoing technological revolution.

Regulatory simplification to enable innovation and competitiveness is a necessity. Implementation must match the ambition. To learn more, read eco’s white paper here.

The legislation also includes a public commitment to invest $6.3 billion, over five years, in AI-linked emerging technology, as well as other high-tech industries like drones and quantum computing. The idea is to combine a co-regulatory approach to AI governance — again, supported by stricter enforcement from the likes of the country's privacy regulator — with direct investment in local firms competing on the globe stage.

Japan's approach stands somewhere between that of the 'regulate-first' EU and the 'don't-regulate' US, albeit via an AI governance framework that relies heavily on voluntary corporate compliance. Still, it may represent a potential third way for other countries both concerned about how AI is rolled out nationally and wanting to support local industries in this global technology race.

Finally, to Brazil. Latin America's most populous country enacted its so-called ECA Digital law earlier this month, specifically aimed at protecting children online. The regulation gained widespread traction after local YouTube channels were found to be profiting off sexualized videos of children.

Key provisions include: age verification requirements for platforms that host potentially inappropriate content for minors; such age-gating must take place when an account is created; providers of digital services must prevent addictive design practices like infinite social media scrolling; companies must remove child-related criminal content and notify authorities; a new law enforcement center was created to coordinate potential violations.Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

What's different from other online safety regimes is that it puts a significant onus on companies, not the government, to enforce individual provisions. That will inevitably create higher regulatory burdens for companies operating in Brazil — and some firms will likely pull out because of that.

But for other countries, which don't have the financial resources to implement a UK-style Online Safety Act, the outsourcing of such requirements to digital services where much of the potential harm is housed may offer a way forward in adopting online safety regulation without similarly incurring hefty increases in public money to support such oversight.What I'm reading

— The Reuters Institute at the University of Oxford delve into the online media/news habits of Generation Alpha. It's more social media, less websites. More here.

— The DSA Observatory explains what lessons it learned when its application for data access to privately-held social media data was rejected under the EU's Digital Services Act. More here.

— The Oversight Board published recommendations for how Meta should implement its community notes instrument across its global platforms. More here.

— New York University's Center on Tech Policy produced a comparison of the 60 bills, across nearly 30 US states, aimed at regulating companion AI chatbots. More here.

— Almost 70 countries within the World Trade Organization agreed to an interim pathway toward global rules for digital trade, even though a final deal is unlikely in the short term. More here.

digitalpolitics.co/newsletter0…

https://www.digitalpolitics.co/content/images/2026/03/Meta_lockup_positive-primary_RGB-3.svg

Platform governance goes to court SUPPORTED BY IT'S MONDAY, ...

2026-03-30T11:00:57Z

Platform governance goes to court

SUPPORTED BY

IT'S MONDAY, AND THIS IS DIGITAL POLITICS. I'm Mark Scott, and as the war in the Middle East enters its second month, here's a map that explains we are all in for major energy price hikes (or shortages) in April.

— American and European courts are doing more for social media oversight than the growing list of online safety regimes worldwide.

— Middle Powers are now testbeds for different forms of AI, competition and platform governance regulation. Some will work, others will not.

— Two-thirds of people polled worldwide say they have used AI, in some form, over the last 12 months.

Let's get started:

digitalpolitics.co/newsletter0…

https://www.digitalpolitics.co/content/images/2026/03/Meta_lockup_positive-primary_RGB.svg

Using a Scientific Satellite for Passive Radar The basic ...

2026-03-30T11:00:34Z

Using a Scientific Satellite for Passive Radar

The basic principle of radar systems is simple enough: send a radio signal out, and measure the time it takes for a reflection to return. Given the abundant sources of RF signals – television signals, radio stations, cellular carriers, even Wi-Fi – that surround most of us, it’s not even necessary to transmit your own signal. This is the premise of passive radar, which uses passive RF illumination to form an image. The RF signal doesn’t even need to come from a terrestrial source, as [Jean Michel Friedt] demonstrated with a passive radar illuminated by the NISAR radar-imaging satellite (pre-print paper).

NISAR is a synthetic-aperture radar satellite jointly built by NASA and ISRO, and it completes a pass over the world every twelve days. It uses an L-band chirp radar signal, which can be picked up with GNSS antennas. One antenna points up towards the satellite, and has a ground plane blocking the signal from directly reaching the second antenna, which picks up reflections from the landscape under observation. Since the satellite would illuminate the scene for less than a minute, [Jean-Michel] had to predict the moment of peak intensity, and achieved an accuracy of about three seconds.

The signals themselves were recorded with an SDR and a Raspberry Pi. High-end, high-resolution SDRs such as the Ettus B210 gave the best results, but an inexpensive homebuilt MAX2771-based SDR also produced recognizable images. This setup won’t be providing any particularly detailed images, but it did accurately show the contours of the local geography – quite a good result for such a simple setup.

If you’re more interested in tracking aircraft than surveying landscapes, check out this ADS-B-synchronized passive radar system. Although passive radar doesn’t require a transmitter license, that doesn’t mean it’s free from legal issues, as the KrakenSDR team can testify.

hackaday.com/2026/03/30/using-…

The Hazards of Charging USB-C Equipped Cells In-Situ Can you ...

2026-03-30T08:00:03Z

The Hazards of Charging USB-C Equipped Cells In-Situ

Can you charge those Li-ion based cells with USB-C charging ports without taking them out of the device? While this would seem to be answered with an unequivocal ‘yes’, recently [Colin] found out that this could easily have destroyed the device they were to be installed in.

After being tasked with finding a better way to keep the electronics of some exercise bikes powered than simply swapping the C cells all the time, [Colin] was led to consider using these Li-ion cells in such a manner. Fortunately, rather than just sticking the whole thing together and calling it a day, he decided to take some measurements to satisfy some burning safety questions.

As it turns out, at least the cells that he tested – with a twin USB-C connector on a single USB-A – have all the negative terminals and USB-C grounds connected. Since the cells are installed in a typical series configuration in the device, this would have made for an interesting outcome. Although you can of course use separate USB-C leads and chargers per cell, it’s still somewhat disconcerting to run it without any kind of electrical isolation.

In this regard the suggestion by some commentators to use NiMHs and trickle-charge these in-situ similar to those garden PV lights might be one of the least crazy solutions.

youtube.com/embed/sOCF46_d0Sk?…

hackaday.com/2026/03/30/the-ha…

Writing an Open-World Engine for the Nintendo 64 Anyone who has ...

2026-03-30T05:00:32Z

Writing an Open-World Engine for the Nintendo 64

Anyone who has ever played Nintendo 64 games is probably familiar with the ways that large worlds in these games got split up, with many loading zones. Another noticeable aspect is that of the limited drawing distance, which is why even a large open area such as in Ocarina of Time‘s Hyrule Field has many features that limit how far you can actually see, such as hills and a big farming homestead in the center. Yet as [James Lambert] demonstrates in a recent video, it’s actually possible to create an open world on the N64, including large drawing distances.

As explained in the video, the drawing distance is something that the developer controls, and thus may want to restrict to hit certain performance goals. In effect he developer sets where the far clipping plane is set, beyond which items are no longer rendered. Of course, there are issues with just ramping up the distance to the far clipping plane, as the N64 only has a 15-bit Z-buffer, after which you get ‘Z fighting’, where render order becomes an issue as it’s no longer clear what is in front of what.

One fix is to push the near clipping plane further away from the player, but this comes with its own share of issues. Ergo [James] fixed it by doing two render passes: first all the far-away objects with Z-buffer disabled, and then all the nearby objects. These far-away objects can be rendered back-to-front with low level-of-detail (LoD), so this is relatively fast and also saves a lot of RAM, as the N64 is scraping by in this department at the best of times.

In the video the full details of this rendering approach, as well as a new fog rendering method, are explained, with the code and such available on GitHub for those who wish to tinker with it themselves. [James] and friends intend to develop a full game using this engine as well, so that’s definitely something to look forward to.

youtube.com/embed/lXxmIw9axWw?…

hackaday.com/2026/03/29/writin…

Training a Transformer with 1970s-era Technology Although ...

2026-03-30T02:00:41Z

Training a Transformer with 1970s-era Technology

Although generative language models have found little widespread, profitable adoption outside of putting artists out of work and giving tech companies an easy scapegoat for cutting staff, their their underlying technology remains a fascinating area of study. Stepping back to the more innocent time of the late 2010s, before the cultural backlash, we could examine these models in their early stages. Or, we could see how even older technology processes these types of machine learning algorithms in order to understand more about their fundamentals. [Damien] has put a 60s-era IBM as well as a PDP-11 to work training a transformer algorithm in order to take a closer look at it.

For such old hardware, the task [Damien] is training his transformer to do is to reverse a list of digits. This is a trivial problem for something like a Python program but much more difficult for a transformer. The model relies solely on self-attention and a residual connection. To fit within the 32KB memory limit of the PDP-11, it employs fixed-point arithmetic and lookup tables to replace computationally expensive functions. Training is optimized with hand-tuned learning rates and stochastic gradient descent, achieving 100% accuracy in 350 steps. In the real world, this means that he was able to get the training time down from hours or days to around five minutes.

Not only does a project like this help understand these tools, but it also goes a long way towards demonstrating that not every task needs a gigawatt datacenter to be useful. In fact, we’ve seen plenty of large language models and other generative AI running on computers no more powerful than an ESP32 or, if you need slightly more computing power, on consumer-grade PCs with or without GPUs.

hackaday.com/2026/03/29/traini…

Hackaday Links: March 29, 2026 Whether it’s a new couch or a ...

2026-03-29T23:00:36Z

Hackaday Links: March 29, 2026

Whether it’s a new couch or a rare piece of hardware picked up on eBay, we all know what it feels like to eagerly await a delivery truck. But the CERN researchers involved in a delivery earlier this week weren’t transporting anyone’s Amazon Prime packages, they were hauling antimatter.

Moving antimatter, specifically antiprotons, via trucks might seem a bit ridiculous. But ultimately CERN wants to transfer samples between various European laboratories, and that means they need a practical and reliable way of getting the temperamental stuff from point A to B. To demonstrate this capability, the researchers loaded a truck with 92 antiprotons and drove it around for 30 minutes. Of course, you can’t just put antiprotons in a cardboard box, the experiment utilized a cryogenically cooled magnetic containment unit that they hope will eventually be able to keep antimatter from rudely annihilating itself on trips lasting as long as 8 hours.

Speaking of deliveries, anyone building a new computer should be careful when ordering components. Shady companies are looking to capitalize on the currently sky high prices of solid-state drives by counterfeiting popular models, and according to the Japanese site AKIBA PC Hotline, there are some examples in the wild that would fool all but the most advanced users. They examine a bootleg drive that’s a nearly identical replica of the Samsung 990 PRO — the unit and its packaging are basically a mirror image of the real deal, the stated capacity appears valid, and it even exhibits similar performance when put through a basic benchmark test.

But while the drive’s sequential read and write speeds are within striking distance of the official numbers from Samsung, things start to fall apart when doing random speed tests or performing real-world operations. It took the fake drive over 25 minutes to write a 370 GB file, while the authentic one ripped through the same file in less than 4: giving a true write speed of 261 MB/s and 1,861 MB/s, respectively.

Luckily you don’t have to time how long it takes to dump 100+ GB of data on the drive just to see if it’s legitimate, Samsung offers a tool that can communicate with the drive and determine if it’s an original or not. If they don’t already, we imagine other manufacturers will roll out similar capabilities in an effort to combat these sophisticated clones.

Of course, computers aren’t the only things in our modern world that are impacted by the rising prices of memory and flash storage. On Friday, Sony announced that they would be implementing higher prices across their PlayStation line starting this week to compensate for what they call “pressures in the global economic landscape.”

Starting April 2nd (presumably they didn’t want consumers to think this was a joke), the base model PS5 will be bumped up to $649.99 in the US and €649.99 in Europe, while the PS5 Pro will be set at an eye-watering 899.99 in both currencies. Admittedly we’ve done absolutely no research to support this, but surely that must make the latter system the most expensive home game console in history by a considerable margin. In comparison, Microsoft’s top of the line Xbox Series X is currently priced at $799, though the model with the smaller 1 TB drive is still available for $649.

One might think that the skyrocketing cost of memory would force developers to take a lesson from the early days of computing, and usher in a new era of highly optimized code that manages to do more with less. That would be nice. Instead, we have now have DOOM rendered in the browser using CSS.

As Niels Leenheer explains in the write-up, the original goal was to have the entire game running in CSS. But he quickly ran into issues trying to implement the game logic. So he settled for letting Claude port the open source C code for the base game over to JavaScript, which freed him up to work on doing the graphics in CSS.
NASA Astronaut Mike Fincke
If you’re interested in web development it’s a fascinating look at how far the modern browser can be pushed, and even if you don’t, it’s a surprisingly smooth way to play the classic shooter without having to install anything.

Lastly, the public is finally getting some information about the health scare aboard the International Space Station that triggered the first-ever medical evacuation from the orbiting laboratory back in January. As we predicted in our previous coverage, NASA was unwilling to put personal information about one of their astronauts on the public record, and have remained tight-lipped about the situation. So it was Crew-11 Pilot Mike Fincke himself that decided to not only come forward as the individual who experienced the issue, but to detail what he went through in an interview with the Associated Press.

So what happened? Well, nobody is quite sure yet. Fincke says he was eating dinner the night before he was scheduled to go on a spacewalk outside the Station, and suddenly realized he couldn’t speak. His crewmates realized he was in distress, and contacted medical personnel at Mission Control on his behalf. Testing performed both on the Station and back on Earth has yet to provide any explanation for the episode. It lasted approximately 20 minutes, and he’s experienced no issues since. Space is kinda crazy like that sometimes.

See something interesting that you think would be a good fit for our weekly Links column? Drop us a line, we’d love to hear about it.

hackaday.com/2026/03/29/hackad…

Laser Ranging Makes GPS Satellites More Accurate Although GNSS ...

2026-03-29T20:00:22Z

Laser Ranging Makes GPS Satellites More Accurate

Although GNSS systems like GPS have made pin-pointing locations on Earth’s sphere-approximating surface significantly easier and more precise, it’s always possible to go a bit further. The latest innovation involves strapping laser retroreflector arrays (LRAs) to newly launched GPS satellites, enabling ground-based lasers to accurately determine the distance to these satellites.

Similar to the retroreflector array that was left on the Moon during the Apollo missions, these LRAs will be most helpful with scientific pursuits, such as geodesy. This is the science of studying Earth’s shape, gravity and rotation over time, which is information that is also incredibly useful for Earth-observing satellites.

Laser ranging is also essential for determining the geocentric orbit of a satellite, which enables precise calibration of altimeters and increasing the accuracy of long-term measurements. Now that the newly launched GPS III SV-09 satellite is operational this means more information for NASA’s geodesy project, and increased accuracy for GPS measurements as more of its still to be launched satellites are equipped with LRAs.

hackaday.com/2026/03/29/laser-…

Clean Enclosures, No Printing Necessary Unless you’re into ...

2026-03-29T17:00:20Z

Clean Enclosures, No Printing Necessary

Unless you’re into circuit sculptures, generally speaking, a working circuit isn’t the end-point of a lot of electronics projects. To protect your new creation from grabby hands, curious paws, and the ravages of nature, you’ll probably want some kind of enclosure. These days a lot of us would probably run it off on the 3D printer, but some people would rather stay electronics hobbiests without getting into the 3D printing hobby. For those people, [mircemk] shares how he creates professonal-looking enclosures with handtools.

The name [mircemk] will seem familiar to longtime readers– we’ve featured many of his projects, and they’ve always stood out for the simple but elegant enclosures he uses. The secret, it turns out, is thin PVC sheeting from a sign shop. At thicknesses upto and including 5 mm, the material can be bent by hand and cut with hobby knives. It’s obviously also amenable to drilling and cutting with woodworking tools as well. Drilling is especially useful to make holes for indicator LEDs. [mircemk] recommends cyanoacrylate ‘crazy’ glue to hold pieces together. For holding down the PCB, the suggestion of double-sided tape will work for components that won’t get too hot.

Rather than paint, the bold contrasting colours we’ve become used to are applied using peel-and-stick wallpaper, which is a great idea. It’s quick, zero mess, and the colour is guaranteed to be evenly applied. It might even help hold the PVC enclosure together ever so slightly. You can watch him do it in the video embedded below.

We hate to say it, but for a one-off project, this technique probably does beat a 3D printed box for professional looks, assuming you have [mircemk]’s motorskills. If you don’t have said motor skills, check out this parametric project box generator. If you’d rather avoid PVC while making a square box to hold a PCB, have you considered using PCBs?

Thanks to [mircemk] for the tip! If you have a tip or technique you want to share, please box it up and send it to the tipsline

youtube.com/embed/t9KfsZ-eU5M?…

hackaday.com/2026/03/29/clean-…

Self-healing CMOS Imager to Withstand Jupiter’s Radiation Belt ...

2026-03-29T14:00:58Z

Self-healing CMOS Imager to Withstand Jupiter’s Radiation Belt

Ionizing radiation damage from electrons, protons and gamma rays will over time damage a CMOS circuit, through e.g. degrading the oxide layer and damaging the lattice structure. For a space-based camera that’s inside a probe orbiting a planet like Jupiter it’s thus a bit of a bummer if this will massively shorted useful observation time before the sensor has been fully degraded. A potential workaround here is by using thermal energy to anneal the damaged part of a CMOS imager.

The first step is to detect damaged pixels by performing a read-out while the sensor is not exposed to light. If a pixel still carries significant current it’s marked as damaged and a high current is passed through it to significantly raise its temperature. For the digital logic part of the circuit a similar approach is used, where the detection of logic errors is cause for a high voltage pulse that should also result in annealing of any damage.

During testing the chip was exposed to the same level of radiation to what it would experience during thirty days in orbit around Jupiter, which rendered the sensor basically unusable with a massive increase in leakage current. After four rounds of annealing the image was almost restored to full health, showing that it is a viable approach.

Naturally, this self-healing method is only intended as another line of defense against ionizing radiation, with radiation shielding and radiation-resistant semiconductor technologies serving as the primary defenses.

hackaday.com/2026/03/29/self-h…

Multicolor 5-Axis 3D Printing Usually, when we see non-planar 3D ...

2026-03-29T11:00:36Z

Multicolor 5-Axis 3D Printing

Usually, when we see non-planar 3D printers, they’re rather rudimentary prototypes, intended more as development frames than as workhorse machines. [multipoleguy]’s Archer five-axis printer, on the other hand, breaks this trend with automatic four-hotend toolchanging, a CoreXY motion system, and print results as good-looking as any Voron’s.

The print bed rests on three ball joints, two on one side and one in the center of the opposite side. Each joint can be raised and lowered on an independent rail, which allows the bed to be tilted on two axes. The dimensions of the extruders their motion system limit how much the bed can be angled when the extruder is close to the bed, but it can reach sharp angles further out.

The biggest difficulty with non-planar printing is developing a slicer; [multipoleguy] is working on a slicer (MaxiSlicer), but it’s still in development. It looks as though it’s already working rather well, to the point that [multipoleguy] has been optimizing purge settings for tool changes. It seems that when a toolhead is docked, the temperature inside the melt chamber rises above the normal temperature in use, which causes stringing. To compensate for this, the firmware runs a more extensive purge when a hotend’s been sitting for a longer time. The results for themselves: a full three-color double helix, involving 830 tool changes, could be printed with as little as six grams of purge waste.

As three-axis 3D printers become consumer products, hackers have kept looking for further improvements to make, which perhaps explains the number of non-planar printing projects appearing recently, including a few five-axis machines. Alternatively, some have experimented with non-planar print ironing.

youtube.com/embed/Y44QV1gQqq0?…

hackaday.com/2026/03/29/multic…

Soviet CDs And CD Players Existed, And They Were Strange Until ...

2026-03-29T08:00:36Z

Soviet CDs And CD Players Existed, And They Were Strange

Until the fall of the Soviet Union around 1990 you’d be forgiven as a proud Soviet citizen for thinking that the USSR’s technology was on par with the decadent West. After the Iron Curtain lifted it became however quite clear how outdated especially consumer electronics were in the USSR, with technologies like digital audio CDs and their players being one good point of comparison. In a recent video by a railways/retro tech YouTube channel we get a look at one of the earliest Soviet CD players.

A good overall summary of how CD technology slowly developed in the Soviet Union despite limitations can be found in this 2025 article by [Artur Netsvetaev]. Soviet technology was characterized mostly by glossy announcements and promises of ‘imminent’ serial production prior to a slow fading into obscurity. Soviet engineers had come up with the Luch-001 digital audio player in 1979, using glass discs. More prototypes followed, but with no means for mass-production and Soviet bureaucracy getting in the way, these efforts died during the 1980s.

During the 1980s CD players were produced in Soviet Estonia in small batches, using Philips internals to create the Estonia LP-010. Eventually sanctions on the USSR would strangle these efforts, however. Thus it wouldn’t be until 1991 that the Vega PKD-122 would become the first mass-produced CD player, with one example featured in this video.

The video helpfully includes a teardown of the player after a rundown of its controls and playback demonstration, so that we can ogle its internals. This system uses mostly localized components, with imported components like the VF display and processors gradually getting replaced over time. The DAC and optical-mechanical assembly would still be imported from Japan until 1995 when the factory went bankrupt.
Insides of the Vega 122S CD player. (Credit: Railways | Retro Tech | DIY, YouTube)
This difference between the imported and localized part is captured succinctly in the video with the comparison to Berlin in 1999, in that you can clearly see the difference between East and West. The CD mechanism is produced by Sanyo, with a Sanyo DAC IC on the mainboard. The power supply, display and logic board (using Soviet TTL ICs) are all Soviet-produced. A sticker inside the case identifies this unit as having been produced in 1994.

Amusingly, the front buttons are directly coupled into the mainboard without ESD protection, which means that in a Siberian winter with practically zero relative humidity inside you’d often fry the mainboard by merely using these buttons.

After this exploration the video goes on to explain how Soviet CD production began in the 1989, using imported technology and know-how. This factory was set up in Moscow, using outdated West-German CD pressing equipment and makes for a whole fascinating topic by itself.

Finally, the video explores the CD player’s manual and how to program the player, as well as how to obtain your own Soviet CD player. Interestingly, a former employee of the old factory has taken over the warehouse and set up a web shop selling new old stock as well as repaired units and replacement parts.

youtube.com/embed/utcfnmQtGxA?…

hackaday.com/2026/03/29/soviet…

Play a .WAV Instead of Typing Line After Line Into Vintage ...

2026-03-29T05:00:56Z

Play a .WAV Instead of Typing Line After Line Into Vintage Microcomputer

[Casey Bralla] got his hands on a Rockwell AIM 65 microcomputer, a fantastic example of vintage computing from the late 70s. It sports a full QWERTY keyboard, and a twenty character wide display complemented by a small thermal printer. The keyboard is remarkably comfortable, but doing software development on a one-line, twenty-character display is just not anyone’s idea of a good time. [Casey] made his own tools to let him write programs on his main PC, and transfer them easily to the AIM 65 instead.
A one-line, twenty-character wide display was a fantastic feature, but certainly lacking for development work.
Moving data wasn’t as straightforward in 1978 as it is today. While the Rockwell AIM 65 is a great machine, it has no disk drive and no filesystem. Programs can be written in assembler or BASIC (which had ROM support) but getting them into running memory where they could execute is not as simple as it is on modern machines. One can type a program in by hand, but no one wants to do that twice.

Fortunately the AIM 65 had a tape interface (two, actually) and could read and store data in an audio-encoded format. Rather than typing a program by hand, one could play an audio tape instead.

This is the angle [Casey]’s tools take, in the form of two Python programs: one for encoding into audio, and one for decoding. He can write a program on his main desktop, and encode it into a .wav file. To load the program, he sets up the AIM 65 then hits play on that same .wav file, sending the audio to the AIM 65 and essentially automating the process of typing it in. We’ve seen people emulate vintage tape drive hardware, but the approach of simply encoding text to and from .wav files is much more fitting in this case.

The audio encoding format Rockwell used for the AIM is very well-documented but no tools existed that [Casey] could find, so he made his own with the help of Anthropic’s Claude AI. The results were great, as Claude was able to read the documentation and, with [Casey]’s direction, generate working encoding and decoding tools that implemented the spec perfectly. It went so swimmingly he even went on to also make a two-pass assembler and source code formatter for the AIM, as well. With them, development is far friendlier.

Watch a demonstration in the video [Casey] made (embedded under the page break) that shows the encoded data being transferred at a screaming 300 baud, before being run on the AIM 65.

youtube.com/embed/C5hO1vE4pxM?…

hackaday.com/2026/03/28/play-a…

Watch Electricity Slosh: Visualizing Impedance Matching It’s ...

2026-03-29T02:00:50Z

Watch Electricity Slosh: Visualizing Impedance Matching

It’s one thing to learn about transmission lines in theory, and quite another to watch a voltage pulse bounce off an open connector. [Alpha Phoenix] bridges the gap between knowledge and understanding in the excellent videos after the break. With a simple circuit, he uses an oscilloscope to visualize the propagation of electricity, showing us exactly how signals travel, reflect, and interfere.

The experiment relies on a twisted-pair Y-harness, where one leg is left open and the other is terminated by a resistor. By stitching together oscilloscope traces captured at regular intervals along the wire, [Alpha Phoenix] constructs a visualization of the voltage pulse propagating. To make this intuitive, [Alpha Phoenix] built a water model of the same circuit with acrylic channels, and the visual result is almost identical to the electrical traces.

For those who dabble in the dark art of RF and radio, the real payoff is the demonstration of impedance matching in the second video. He swaps resistors on the terminated leg to show how energy “sloshes” back when the resistance is too high or too low. However, when the resistor matches the line’s characteristic impedance, the reflection vanishes entirely—the energy is perfectly dissipated. It really makes it click how a well-matched, low SWR antenna is crucial for performance and protecting your radio.

[Alpha Phoenix] is a genius at making physics visible. He even managed “film” a laser beam traveling at light speed.

youtube.com/embed/2AXv49dDQJw?…

youtube.com/embed/RkAF3X6cJa4?…

hackaday.com/2026/03/28/watch-…

Playful ‘Space Dice’ Kit Shows Off Clever Design [Tommy] at ...

2026-03-28T23:00:53Z

Playful ‘Space Dice’ Kit Shows Off Clever Design

[Tommy] at Oskitone has been making hardware synth kits for years, and his designs are always worth checking out. His newest offering Space Dice is an educational kit that is a combination vintage sci-fi space laser sound generator, and six-sided die roller. What’s more, as a kit it represents an effort to be genuinely educational, rather than just using it as a meaningless marketing term.

There are several elements we find pretty interesting in Space Dice. One is the fact that, like most of [Tommy]’s designs, there isn’t a microcontroller in sight. Synthesizers based mostly on CMOS logic chips have been a mainstay of DIY electronics for years, as have “electronic dice” circuits. This device mashes both together in an accessible way that uses a minimum of components.

There are only three chips inside: a CD4093 quad NAND with Schmitt-trigger inputs used as a relaxation oscillator, a CD4040 binary counter used as a prescaler, and a CD4017 decade counter responsible for spinning a signal around six LEDs while sound is generated, to represent an electronic die. Sound emerges from a speaker on the backside of the PCB, which we’re delighted to see is driven not by a separate amplifier chip, but by unused gates on the CD4093 acting as a simple but effective square wave booster.

In addition, [Tommy] puts effort into minimizing part count and complexity, ensuring that physical assembly does not depend on separate fasteners or adhesives. We also like the way he uses a lever assembly to make the big activation button — mounted squarely above the 9 V battery — interface with a button on the PCB that is physically off to the side. The result is an enclosure that is compact and tidy.

We recommend checking out [Tommy]’s concise writeup on the design details of Space Dice for some great design insights, and take a look at the assembly guide to see for yourself the attention paid to making the process an educational one. We love the concept of presenting an evolving schematic diagram, which changes and fills out as each assembly step is performed and tested.

Watch it in action in a demo video, embedded just below. Space Dice is available for purchase but if you prefer to roll your own, all the design files and documentation are available online from the project’s GitHub repository.

player.vimeo.com/video/1172325…

hackaday.com/2026/03/28/playfu…

Apple’s Most Repairable Laptop is Thanks to Right-to-Repair The ...

2026-03-28T20:00:37Z

Apple’s Most Repairable Laptop is Thanks to Right-to-Repair

The common narrative around device design is that you can have repairability or a low price, but that they are inversely proportional to each other. Apple’s new budget MacBook Neo seems to attempt a bit of both.

Brittle snap-fit enclosures or glue can make a device pop together quickly during manufacture, but are a headache when it comes time to repair or hack it. Our friends at iFixit tore down the Neo and found it to be the most repairable MacBook since the 2012 unibody model. A screwed in battery, and modules for many of the individual components including the USB ports and headphone jack make it fairly simple to replace individual components. Most of those components are even accessible as soon as you pop the bottom cover instead of requiring major surgery.

As someone who has done a keyboard replacement on a 2010 MacBook, the 41 screws holding the keyboard in brought back (bad) memories. While this is a great improvement over Apple’s notoriously painful repair processes, we’re still only looking at an overall 6/10 score from iFixit versus a 10/10 from Framework or Lenovo.

The real story here is that these improvements from Apple were spurred by Right-to-Repair developments, particularly in the EU, that were the result of pressure from hackers like you.

If you want to push a Neo even further, how about water cooling it? If you’d rather have user-upgradeable RAM and storage too in a Mac, you’ve got to go a bit older.

youtube.com/embed/PbPCGqoBB4Y?…

hackaday.com/2026/03/28/apples…

Attacchi cyber a Commissione Ue e Fbi: che sta succedendo? ...

2026-03-28T18:30:16Z

Attacchi cyber a Commissione Ue e Fbi: che sta succedendo?

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Due episodi molto diversi mostrano quanto la minaccia cyber resti alta anche su profili istituzionali altissimi. Il caso della mail del direttore Fbi Patel violata da hacker iraniani sembra legato a dati personali datati mentre la violazione del cloud della Commissione europea

Hack iraniano al capo dell’FBI: ecco le ricadute ...

2026-03-28T18:30:13Z

Hack iraniano al capo dell’FBI: ecco le ricadute

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
La violazione dell’account mail personale di Kash Patel mostra quanto un profilo privato possa diventare un obiettivo strategico. Anche senza dati classificati, il materiale sottratto può alimentare intelligence, propaganda e futuri attacchi di spear phishing
L'articolo Hack iraniano al capo dell’FBI:

Turning Tesla Model 3’s Computer Into a Desktop PC Like many ...

2026-03-28T17:00:31Z

Turning Tesla Model 3’s Computer Into a Desktop PC

Like many high-tech companies Tesla runs a bug bounty program. But in the case of a car manufacturer, this means that you either already have one of their cars, are interested in buying one, or can gain access to its software-bits in another legal manner. Being a Tesla-less individual, yet with an interest in hunting bugs [David Schütz] thus decided to pursue the option of obtaining the required parts from crashed Tesla cars.

Specifically [David] was interested in the Tesla Model 3 and its combined Media Control Unit (MCU) and Autopilot computer (AAP) assembly. In addition to the main unit, it also requires – obviously – a power supply, and the proprietary display. These were all obtained fairly easily, but unfortunately the devices all had their cables cut off, leaving just a sad little stump of wiring with the still plugged-in connectors.

After trying his luck with an incompatible BMW LVDS cable from one of their headunit infotainment systems, he then proceeded to try and use the cable stumps with some creative patching. This briefly worked, but some debris fell onto the MCU board and blew a power rail IC.

Ultimately this IC got swapped after [David] had already purchased a whole new Model 3 computer, leaving him with two units and the easy way out of buying the Dashboard Wiring Harness cable loom that contained the Rosenberger connectors he needed to connect the display to the main unit.

hackaday.com/2026/03/28/turnin…

For Art’s Sake Hackers can be a strange folk. Our idea of ...

2026-03-28T14:00:32Z

For Art’s Sake

Hackers can be a strange folk. Our idea of beauty, for instance, can be rather odd. This week, Hackaday saw a few projects that were not just functional – the aesthetics were the goal. I don’t think we’ll be taking over the fine art world any time soon, but I’m absolutely convinced that the same muse that guides the hand that holds the paintbrush sometimes also guides the hand holding the soldering iron.

Take “circuit sculpture”, for instance. Heck, we even give it an art-inspired name that classifies it correctly. This week’s project that got me thinking about the aesthetics of hand-bent wire circuits was this marvelous clock build, but the works of Mohit Bhoite or Kelly Heaton are also absolute must-sees in this category.

Outside of the Hackaday orbit, one of my all-time favorite artists in this genre was Peter Vogel, who made complex audience-reactive sound sculptures that looked as good as they sound.

Is a wireframe animated moving jellyfish art? It was certainly intended to be beautiful, and I personally find it so. Watch some of the video clips attached to the project to get a better sense of it.

In the sculpture world, there is a sub-genre of kinetic art pieces where the work itself is secondary to the beauty of the motions that the pieces pull off. Think ballet, but mechanical. Perhaps my absolute favorite of these artists is Arthur Ganson. If you haven’t seen his work before, check out “Thinking Chair” for the beauty of movement, but don’t miss “Machine with Concrete” if you’re feeling more conceptual.

If you’re willing to buy an insane geartrain as art, what about these 3D printed wire strippers? Is this “art”? It’s clear that they were designed with real intent and attention to the aesthetics of the final form, and am I wrong for finding the way they move literally beautiful?

What’s your favorite offbeat hacker artform?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

hackaday.com/2026/03/28/for-ar…

Attacco a Ita Airways, allarme per utenti Volare @nprofile…fwcg ...

2026-03-28T12:54:53Z

Attacco a Ita Airways, allarme per utenti Volare

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Ita Airways ha avvisato gli iscritti Volare di un accesso non autorizzato ai dati personali. Non risultano coinvolte password o carte, ma il rischio di phishing cresce mentre il programma chiude e il passaggio a Miles & More entra nella fase finale
L'articolo Attacco a Ita Airways, allarme per utenti

Magic-less 8 Ball Finds New Life With Pi Pico Inside There’s an ...

2026-03-28T11:00:13Z

Magic-less 8 Ball Finds New Life With Pi Pico Inside

There’s an old saying that goes: when life gives you lemons, make lemonade. [lds133] must have heard that saying, because when life took the magic liquid out of his Magic 8 Ball, [lds133] made not eight-ball-aide, but an electronic replacement with a Raspberry Pi Pico and a round TFT display.

In case the Magic 8 Ball is unknown in some corners of the globe, it is a toy that consists of a twenty-sided die with a set of oracular messages engraved on it, enclosed in a magical blue liquid — and by magical, we mean isopropyl alcohol and dye. The traditional use is to ask a question, shake the eight-ball, and then ignore its advice and do whatever you wanted to do anyway.

[lds133]’s version replicates the original behavior exactly by using the accelerometer to detect the shaking, the round display to show an icon of the die, and a Raspberry Pi Pico to do the hard work. There’s also the obligatory lithium pouch cell for power, which is managed by one of the usual TP4056 breakout boards. One very nice detail is that instead of a distracting battery indicator, the virtual die changes color as the battery wears out.

We’ve seen digital 8 Balls before, like this one that used an STM32, or another that used a Raspberry Pi to display reaction GIFs. Some projects are just perennial.

hackaday.com/2026/03/28/magic-…

Making a Nichrome Wirewound Power Resistor Although not really a ...

2026-03-28T08:00:17Z

Making a Nichrome Wirewound Power Resistor

Although not really a cost-effective or a required skill unless you have some very specific needs not met by off-the-shelf power resistor options, making your own own wirewound power resistor is definitely educational, as well as a fascinating look at a common part that few people spare a thought on. Cue [TheElectronBench]’s video tutorial on how to make one of these components from scratch.

The resistance value is determined by the length of nichrome wire, which is an alloy of nickel and chromium (NiCr) with a resistivity of around 1.12 µΩ/m. It’s also extremely durable when heated, as it forms a protective outer layer of chromium oxide. This makes it suitable for very high power levels, but also requires the rest of the power resistor assembly to be able to take a similar punishment.

For the inner tube of this DIY power resistor a tube of alumina ceramic was used, around which the nichrome wire is wound. This resistor targets 15 Ohm at a maximum load of 50 Watt, this means a current of about 1.83 A is expected at 27.4 V. The used nichrome wire has a measured resistance of 10.4 Ohm, ergo 1.44 meter has to be cut and wound.

This entire assembly is then embedded in refractory cement (fireproof cement), as this will keep the wire in place, while also able to take the intense temperature cycling during operation. As a bonus this will prevent toasting the surrounding environment too much, never mind lighting things on fire as the nichrome wire heats up.

As explained in the video, this is hardly the only way to create such a power resistor, with multiple types of alternative alloys available, different cores to wind around and various options to embed the assembly. The demonstrated method is however one that should give solid results and be well within the capabilities and budget of a hobbyist.

An important point with nichrome is that you cannot really solder to it, so you’ll need something along the lines of a mechanical (crimping) connection. There are also different winding methods that can affect the inductance of the resistor, since this type of resistor is by its design also a coil. This is however not covered in the video as for most applications it’s not an issue.

Overall, this video tutorial would seem to be a solid introduction to nichrome power resistors, including coverage of many issues you may encounter along the way. Feel free to sound off in the comment section with your own experiences with power resistors, especially if you made them as well.

hackaday.com/2026/03/28/making…

SEGA Music to MODfile, (Semi)Automatically One thing SEGA’s ...

2026-03-28T05:00:26Z

SEGA Music to MODfile, (Semi)Automatically

One thing SEGA’s MegaDrive/Genisis and the Commodore Amiga had in common was–aside from the Motorola 68000 processor– being known for excellent music in games. As [reassembler] continues his quest to de-assemble Sonic: The Hedgehog and re-assemble the code to run on Amiga, getting the music right is a key challenge. Rather than pull MIDI info or recreate the sound by ear, [reassembler] has written a program called Sonic2MOD to automatically take the assembly file music from the MegaDrive catridge and turn it into an Amiga-style MODfile. He’s also made a video about it that you’ll find embedded below.

Of course how music gets made differs widly on the two systems. Amiga, famously has Paula, a custom ASIC designed for sampling, allowing you to play four eight-bit voices. The Sega, of course, has that glorious FM-synthesis chip from Yamaha synthesizing five channels of CD-quality sound and one channel of sample. It’s not as well known, but the Sega also has a bonus TI-compatible programmable sound chip (PSG) that can handle 3 square-wave tone channels and one noise channel. That’s ten total channels to the Amiga’s four, and CD-quality to 8-bit voices. Knowing all that, we were very curious how close to SEGA’s original music [reassembler] could get on the Amiga.

Before he could show us, [reassembler] needed to decode the SMPS files used on Sonic: The Hedgehog and many other MegaDrive games. Presumably he could have gotten a MIDI file online somewhere– there are oodles– but the goal was to reverse engineer Sonic from its cartridge for the Amiga, not download a lot of resources from the web. SMPS is a sort of programing language for sound, telling the Yamaha and PSG chips what to do.

In some ways, it’s not unlike the Amiga’s MOD format, which programmatically specifies how to play the sampled voices also stored in the file. Translating from one to another is a matter of reading the SMPS files, extracting the timing, volume, vibrato, et cetera, and translate that into a form the MOD file can use. Then [reassembler] needed to generate samples, which was an added hiccup because the Amiga can only handle 3 octaves vs the seven of the SEGA’s FM synthesizer. He’s able to solve this simply by generating multiple samples to span the Yamaha chip’s range, though, again, at only 8-bit fidelity. It doesn’t sound half bad.

What about the four-channel limit? That’s where a bit of artistry comes in; the automated tool produces MOD files with more voices, which MOD trackers can handle at increased computational load. Computational load you don’t need when trying to play a game. Scaling down the soundtrack to the Amiga’s limits is something [reassembler] already has practice with from his famous OutRun port, though, so we’re sure he’ll get it done.

All of this effort just to match the Mega Drive makes us appreciate what a capable little computer the Sega console was; why, you can even check your stocks with it! We’ve already featured [reassembler]’s Sonic port once before, but this music tool was interesting enough we couldn’t help ourselves coming back to it. The ability to play MOD files were pretty impressive when the Amiga came out, but nowadays all you need is a ten-cent microcontroller.

youtube.com/embed/E4dZzJFroAY?…

hackaday.com/2026/03/27/sega-m…

Using FireWire on a Raspberry Pi Before Linux Drops Support Once ...

2026-03-28T02:00:09Z

Using FireWire on a Raspberry Pi Before Linux Drops Support

Once the premium option for data transfers and remote control for high-end audiovisual and other devices, FireWire (IEEE 1394) has been dying a slow death ever since Apple and Sony switched over to USB. Recently Apple correspondingly dropped support for it in MacOS 26, and Linux will follow in 2029. The bright side of this when you’re someone like [Jeff Geerling] is that this means three more years of Linux support for one’s FireWire gear, including on the Raspberry Pi with prosumer gear from 1999.

If you’re not concerned about running the latest and greatest – and supported – software, then using an old or modern Mac or PC is of course an option, but with Linux support still available [Jeff] really wanted to get it working on Linux. Particularly on a Raspberry Pi in order to stay on brand.

Adding a FireWire port to a Raspberry Pi SBC is easy enough with an RPi 5 board as you can put a Mini PCIe HAT on it into which you slot a mini PCIe to Firewire adapter. At this point lspci shows the new device, but to use it you need to recompile the Linux kernel with Firewire support. On the Raspberry Pi you then also need to enable it in the device tree overlay, as shown in the article.

With this you now have FireWire 400 support right off the bat, but to use the FireWire 800 port you need to also connect external power to the adapter, which [Jeff]’s Canon GL1 video camera with its FW400 port does not require, so he didn’t bother with that.

Capturing the video from the GL1 via FW400 was done using the DVgrab utility, with a subsequent capture attempt successful. This means that at least until 2029 [Jeff] will be happily using his GL1 camera this way.

Meanwhile over on the Dark Side, you can still happily install FireWire drivers made for older Windows versions on Windows 10 and 11, which is great news for e.g. people who have expensive DAW gear kicking around. Perhaps the demise of FireWire is still a long while off as long as you’re not too picky about the OS you’re running.

youtube.com/embed/BuKeW45OL-g?…

hackaday.com/2026/03/27/using-…

Water Cooling the MacBook Neo Laptop to Double Gaming Performance ...

2026-03-27T23:00:02Z

Water Cooling the MacBook Neo Laptop to Double Gaming Performance

Recently [ETA Prime] felt a bit underwhelmed by the raw performance of his MacBook Neo when it came to running for extended periods under full load, such as when gaming. Thus the obvious solution is to mildly over-engineer a cooling solution that takes care of issues like thermal throttling.

The Apple MacBook Neo with its repurposed iPhone 16 SoC seems to have leaned hard into answering the question whether a smartphone can be a good general purpose personal computer. Ignoring the lack of I/O, it’s overall not a bad SoC for a laptop, but like when you try to push the CPU and GPU on a smartphone, they do get pretty toasty. Due to the minimalistic cooling solution in the MacBook Neo it’ll easily hit the 105°C thermal throttle limit.

Technically the ‘heatsink’ for this laptop is the aluminium case, as the SoC is coupled via a thermal pad to the case. This doesn’t leave a lot of space and the case will heat soak pretty fast, while also making retrofitting a cooling solution a challenge.

Amusingly, replacing the existing thermal pad with a thin copper plate already massively reduced the thermal throttling of the A18 Pro SoC by about 20 degrees. In Geekbench 6 this bumped multi-core scores up by 9.7% and single-core by 15.2%. Definitely a promising glimpse at how much performance could still be extracted from this SoC.

For the next step a thermo-electric cooler (TEC) with built-in water cooling loop was used, which happened to be one of those overkill smartphone cooling systems that you’d stick to the back of the phone. Here the cooler was attached similarly, directly to the bottom aluminium of the case.

With this solution in place Geekbench 6 results mostly showed a solid bump for single-core results, while multi-core results showed diminishing returns. For Cinebench results this gave a 19% increase over stock cooling in multi-core and 23.5% for single-core.

Perhaps most interesting of all was that playing a video game for a while without thermal throttling meant framerates of over 80 FPS instead of hitting that thermal wall with 30 FPS. This shows just how much performance is left on the table due to the cooling choices for the system, even with this still rather inefficient cooling solution.

That said, this probably isn’t some kind of nefarious scheme by Apple, but rather the result of designing the thermal solution to not heat the case up to temperatures that are deemed to be unsafe or uncomfortable for the user. After all, if the case if the heatsink, then you don’t want to feel like you’re literally handling one. This is sadly the compromise when venting out hot air is deemed to be an unacceptable solution.

youtube.com/embed/lswbpVtAhrc?…

hackaday.com/2026/03/27/water-…

Laser Welding Helps YouTuber Get Ahead with Aluminum Sheet Laser ...

2026-03-27T20:00:10Z

Laser Welding Helps YouTuber Get Ahead with Aluminum Sheet

Laser Welding is apparently the new hotness, in part because these sci-fi rayguns masquerading as tools are really cool. They cut! They weld! They Julienne Fry! Well, maybe not that last one. In any case, perhaps feeling the need to cancel out that coolness as quickly as he possibly could, YouTuber [Wesley Treat] decided to make a giant version of his own head.

[Wesely] had previously been 3D scanned as part of the maker scans project, which you can find over on Printables. Those of you who really hate YouTubers, take note: finally you have something to take your frustrations out on. [Wesely] takes that model into Blender to decimate and decapitate– fans of the band Tyr may wonder if the model questioned his sword–before feeding that head through an online papercraft tool called PaperMaker to generate cut files for his CNC. There are also a lot of welding montages interspersed there as he practices with the new tool. [Wesely] did first try out his new raygun on steel in a previous video, but even knowing that, he makes the learning curve on these lasers look quite scalable.

While we’re not likely to follow in [Wesely]’s footsteps and create our own low-poly Zardoz– Zardozes? Zardii?– using a papercraft toolchain and CNC equipment with sheet aluminum is absolutely a great idea worth stealing. It’s very similar to what another hacker did with PCBs— though that project was perhaps more reasonable in scale and ego.

We are no strangers to papercrafts that use actual paper here, either, having featured everything from model retrocomputers to fully-mobile strandbeasts.

youtube.com/embed/eKwoDYrec4U?…

hackaday.com/2026/03/27/laser-…

Use a Gap-Cap to Embed Hardware In Your Next 3D Print Embedding ...

2026-03-27T18:30:23Z

Use a Gap-Cap to Embed Hardware In Your Next 3D Print

Embedding fasteners or other hardware into 3D prints is a useful technique, but it can bring challenges when applied to large or non-flat objects. The solution? Use a gap-cap.

The gap-cap technique is essentially a 3D printed lid. One pauses a print, inserts hardware, then covers it with a lid before resuming the print. The lid — or gap-cap — does three things. It seals in the part, it fills in empty space left above the component, and it provides a nice flat surface for subsequent layers which makes the whole process much cleaner and more reliable.

This whole technique is a bit reminiscent of the idea of manual supports, except that the inserted piece is intended to be sealed into the print along with the embedded hardware under it.

If you have never inserted anything larger than a nut or small magnet into a 3D print, you may wonder why one needs to bother with a gap-cap at all. The short version is that what works for printing over small bits doesn’t reliably carry over to big, odd-shaped bits.

For one thing, filament generally doesn’t like to stick to embedded hardware. As the size of the inserted object increases, especially if it isn’t flat, it increasingly complicates the printer’s ability to seal it in cleanly. Because most nuts are small, even if the printer gets a little messy it probably doesn’t matter much. But what works for small nuts won’t work for something like an LED strip mounted on its side, as shown here.
Cross-section of a print with an embedded LED strip. The print pauses (A), LED strip is inserted and capped with a gap-cap (B, C), then printing resumes and completes (D).
In cases like these a gap-cap is ideal. By pre-printing a form-fitting cap that covers the inserted hardware, one provides a smooth and flat surface that both seals the component in snugly while providing an ideal surface upon which to resume printing.

If needed, a bit of glue can help ensure a gap-cap doesn’t shift and cause trouble when printing resumes, but we can’t help but recall the pause-and-attach technique of embedding printed elements with the help of a LEGO-like connection. Perhaps a gap-cap designed in such a way would avoid needing any kind of adhesive at all.

hackaday.com/2026/03/27/use-a-…

Hackaday Podcast Episode 363: The History of PLA, Laser DIY PCBs, ...

2026-03-27T18:00:21Z

Hackaday Podcast Episode 363: The History of PLA, Laser DIY PCBs, and Corporate Craziness

What did Elliot Williams and Al Williams read on Hackaday last week? Tune in and find out. After a bit of news, [Vik Oliver] chimes in with some deep PLA knowledge. Then the topic changed to pressure advance measurements, SDRs, making super-resolution PCBs with a fiber laser, and more.

Want to 3D print wire strippers? A robot arm? Or just make your own Z-80? Those hacks are in there, too.

For the long articles, we talked about old tech, including the :CueCat and the Iomega Zip Drive. Let us know if you had either one in the comments.

What do you think? Leave us a comment or record something and send it to our mailbag.

html5-player.libsyn.com/embed/…

Download a copy of the podcast with no corporate trackers in the clean MP3.

Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:

iTunes
Spotify
Stitcher
RSS YouTube
Check out our Libsyn landing page

News:

Google Unveils New Process For Installing Unverified Android Apps
TICKETS TO HOPE 26 — 2600 Magazine
Get Your Green Power On!

Mailbag

History of PLA from Vik Oliver

The Latest From RepRapMicron – Nail Gel, First Objects, And More

Got something to share for the Mailbag? Drop us a line.

What’s that Sound?

Think you know that sound? Fill out the form for a chance to win!

Interesting Hacks of the Week:

Direct Pressure Advance Measurement For Fast Calibration

BambuLab eddy sensor
Why strain gauge?

Building A $50 SDR With 20 MHz Bandwidth
Using A Fiber Laser To Etch 0.1 Mm PCB Traces

Laser Etching Printed Circuit Boards
Why Are You Still Making PCBs?
Supercon 2024: Quick High-Feature Boards With The Circuit Graver

Build This Open-Source Graphics Calculator

Build This Open-Source Graphics Calculator

The Most Intricate Of Freeform Digital Clocks

Bend It Like Bhoite: Circuit Sculptures Shatter The Bounds Of Flatland

PicoZ80 Is A Drop-in Replacement For Everyone’s Favorite Zilog CPU

770 Zilog Z80 :: Quicker, easier and cheaper to make your own chip!
Retrocomputing For $4 With A Z80

Quick Hacks:

Elliot’s Picks:

3D Printed Wire Stripper Uses PLA Blades

Hot Wire Strippers

Electric Motorcycles Don’t Have To Be Security Nightmares, But This One Was
Demonstrating Gray Codes With Industrial Display
3D Printed Robot Arm Built For Learning Purposes

Al’s Picks:

Arduino Code on My 8051: It’s More Likely Than You Think
Analog Video From An 8-Bit Microcontroller
A Candle-Powered Game Boy For Post-Apocalyptic Tetris

Can’t-Miss Articles:

Retail Fail: The :CueCat Disaster
From Zip To Nought: The Rise And Fall Of Iomega

Storage Media Forgotten

hackaday.com/2026/03/27/hackad…

https://traffic.libsyn.com/secure/hackaday/Hackaday_Podcast-Ep363.mp3

Luthier Crafts Guitar from Cardboard The people at Signal ...

2026-03-27T15:30:33Z

Luthier Crafts Guitar from Cardboard

The people at Signal Snowboards are well known not only for producing quality snowboards, but doing one-off builds out of unusual and perhaps questionable materials just to see what’s possible. From pennies to glass, if it can go on their press (and sometimes even if it can’t) they’ll build a snowboard out of it. At some point, they were challenged to build different types of boards from paper products which resulted in a few interesting final products, but this pushed them to see what else they could build from paper and are now here with an acoustic guitar fashioned almost entirely from cardboard.

For this build, the luthiers are modeling the cardboard guitar on a 50s-era archtop jazz guitar called a Benedetto. The parts can’t all just be CNC machined out of stacks of glued-up cardboard, though. Not only because of the forces involved in their construction, but because the parts are crucial to a guitar’s sound. The top and back are pressed using custom molds to get exactly the right shape needed for a working soundboard, and the sides have another set of molds. The neck, which has the added duty of supporting the tension of the strings, gets special attention here as well. Each piece is filled with resin before being pressed in a manner surprisingly similar to producing snowboards. From there, the parts go to the luthier in Detroit.

At this point all of the parts are treated similarly to how a wood guitar might be built. The parts are trimmed down on a table saw, glued together, and then finished with a router before getting some other finishing treatments. From there the bridge, tuning pegs, pickups, and strings are added before finally getting finished up. The result is impressive, and without looking closely or being told it’s made from cardboard, it’s not obvious that it was the featured material here.

Some of the snowboards that Signal produced during their Every Third Thursday series had similar results as well, and we actually featured a few of their more tech-oriented builds around a decade ago like their LED snowboard and another one which changes music based on how the snowboard is being ridden.

youtube.com/embed/u1u_Z0yjq5g?…

hackaday.com/2026/03/27/luthie…

This Week in Security: Second Verse, Worse Than the First Isn’t ...

2026-03-27T14:00:09Z

This Week in Security: Second Verse, Worse Than the First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the wild, dubbed Darksword.

Like Coruna, Darksword appears to have followed the path of government security contractors, to different government actors, to crypto stealer. It appears to focus on exploits already fixed in modern iOS releases, with most affecting iOS 18 and all patched by iOS 26.3.

Going from almost no public examples of modern iOS exploits to two in as many weeks is wild, so if mobile device security is of interest, be sure to check out the Google write-up.
Another FBI Router Warning

The second too early to be retro – but too important to ignore – repeat security item is a second alert by the FBI cautioning about end-of-life consumer network hardware under active exploitation, with the FBI tracking almost 400,000 device infections so far.

Like the warning two weeks ago, the FBI calls out a handful of consumer routers – but this time they’re devices that may actually still be service in some of our homes (or our less cutting edge friends and family), calling out devices from Netgear, TP-Link, D-Link, and Zyxel:

Netgear DGN2200v4 and AC1900 R700
TP-Link Archer C20, TL-WR840N, TL-WR849N, and WR841N
D-Link DIR-818LW, 850L, and 860L
Zyxel EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K

While many of these devices are over ten years old, they still support modern networking – some of them even supporting 802.11ac (also called Wi-Fi 5). Unfortunately, since support has been ended by the manufacturers, publicly disclosed vulnerabilities have not been patched (and now never will be, officially)

Once infected, the routers are enrolled in the AVRecon malware network, which includes the now-typical suite of behavior of remote control, remote VPN access to the internal and external networks, DNS hijacking, and DDoS (distributed denial of service) attacks. This sort of network malware is used by attackers to exploit internal systems like un-patched Windows or IOT devices on the local network, and as a launching point to hide behavior as coming from a certain country or state by using the public Internet connection as a VPN. It’s also often monetized by unscrupulous apps selling cheap VPN service.

The worst type of vulnerability affecting home routers is one which can be triggered remotely from the Internet without user interaction – for instance CVE-2024-12988 which allows arbitrary code execution remotely on Netgear devices, but even vulnerabilities which are only accessible from the local network can be combined with cross-site vulnerabilities or vulnerabilities in other devices to exploit home routers. A malware infection on a Windows system can be leveraged to install additional, permanent malware installs on routers and IOT devices, and malware on a router can be used to redirect the user to install more malware on an internal PC via manipulating the network, or allow direct attack of internal systems via a proxy.

A slight upside is that this batch of vulnerable hardware is often modern enough to run OpenWRT or other replacement firmware. OpenWRT supports thousands of routers and access points – and often forms the basis of the commercial firmware the device was shipped with, before the manufacturer abandoned it. Converting a device to OpenWRT may be intimidating for some, but for anyone with one of the listed devices, the time to try is now! It’s cheaper than buying a new device, and worst case scenario, you’d have to replace that router anyway!

You can use the OpenWRT Table of Hardware to see if there is a version for your device.

Unfortunately, vulnerabilities in home routers don’t offer many lessons: there’s rarely a need to log into them to see if there is a pending update, and almost nothing the typical home user can do except buy a new device when the manufacturer stops supplying security fixes.
Trivy Compromised

The Trivy security scanner suffered a breach themselves, leading to a cascading series of breaches of other tools. Trivy is an automatic vulnerability scanner for finding vulnerabilities is the dependencies of Docker and other container images, package repositories, and language packages in Go, PHP, Python, Node, and many other popular languages. Trivy is often integrated into the CI/CD (continual integration and continual deployment) process of other open and closed source projects and internal company processes.

According to the timeline published by Aqua, in late February 2026 a misconfigured GitHub workflow allowed the theft of authentication tokens for the Trivy project. While the attack was detected and the credentials removed, not all credentials were properly removed, which allowed the attackers to complete the attack on March 19, 2026.

Once compromised, all but one release of the Trivy GitHub actions were replaced with trojaned malicious copies, spreading the compromise to any project which used the Trivy GitHub actions, spreading the malware payload to many projects using the Trivy scanner actions.

GitHub actions are part of GitHub which allows scripts when repository actions like a pull request or merge are performed. Actions can be used to check that a change compiles properly, scan for security issues, generate documentation, or generate release binaries, and typically are allowed to make changes to the repository itself. GitHub workflows can include actions from other repositories via the Action Marketplace. By replacing the Trivy actions, the attackers essentially gained access to every repository using Trivy to scan for vulnerabilities in their own codebases.

The hijacked Trivy actions collected and exfiltrated access tokens for Docker, Google Cloud, Azure, and AWS, Git credentials, SSH keys, and any other secrets from projects using the Trivy actions. With these keys, the controllers of the original malware are able to attack those projects directly, such as the immensely popular LiteLLM Python interface to AI LLM models from multiple companies.

The compromise of LiteLLM also stole credentials to cloud services, SSH, git, Docker, and Kubernetes on any system that ran the trojaned setup scripts, as well as infecting any connected Kubernetes systems found in the configurations.

There are also reports that the malware actors are also infecting NPM node packages with malware which automatically updates itself from a block-chain based control system and steals NPM authentication tokens to inject itself into any NPM packages the victim may have authored.

Supply-chain attacks happening for years with varying levels of success. But the Trivy attack may be the most successful in spreading compromised packages into multiple package repositories. It’s difficult to avoid supply chain attacks, especially when the vulnerability scanner itself is the source of the problem. GitHub has introduced immutable releases – tagged build versions which can not be updated once released, and the immutable release of Trivy was the only version not compromised by the attackers. As more packages shift to immutable versions it may become harder to insert malware into the supply, but we’re nowhere near a tipping point of projects using immutable releases yet.

hackaday.com/2026/03/27/this-w…

Sovranità tecnologica e autonomia strategica Arturo Di Corinto ...

2026-03-27T12:42:13Z

Sovranità tecnologica e autonomia strategica

Arturo Di Corinto al Festival di Geopolitica, Demarcazioni

Mi ha fatto veramente molto piacere partecipare a Demarcazioni, il primo Festival di Geopolitica appena concluso ad Ascoli Piceno.

Venerdì 20 aprile 2026, nella mia sessione, “I corridoi del potere”, a cui hanno partecipato anche il Ministro Francesco Lollobrigida e il presidente delle marche, Francesco Acquaroli, abbiamo parlato di Sovranità digitale e tecnologica insieme a Giulia Pastorella, Franco Spicciariello e altri relatori moderati dalla collega di Porta a Porta Paola Ferazzoli.

Dal canto mio ho ribadito come oggi la sovranità digitale si declini come autonomia strategica, cioé di come essa comporti l’istituzione e il mantenimento attivo di collaborazioni internazionali dinamiche e mirate, per affrontare proattivamente le minacce alla sovranità stessa (copyright Roberto Baldoni) e che la sovranità non si esercita solo nel controllo sui dati generati dai cittadini dalle imprese e dalla PA contando sull’uso di tecnologie sicure e affidabili.

Sovranità e autonomia si garantiscono anche infatti attraverso il controllo politico e normativo. Perciò non c’è sovranità senza Europa.
Certo, per sfuggire al paradosso della sovranità senza tecnologie, l’Europa deve fare fare di più e sviluppare meglio la sua capacità di innovare e produrre tecnologie utili e affidabili.

L’Italia ci sta provando, attraverso Agenzia per la Cybersicurezza Nazionale e in collaborazione con molti soggetti come l’European Cybersecurity Competence Centre (ECCC).

Perciò grazie agli organizzatori per questo bell’incontro.

DEMARCAZIONI Festival Geopolitica 2026 Ascoli Piceno

dicorinto.it/formazione/sovran…

Understand Your Printer Better With The Interactive Inkjet ...

2026-03-27T11:00:21Z

Understand Your Printer Better With The Interactive Inkjet Simulator

Love them or hate them, inkjets are still a very popular technology for putting text and images on paper, and with good reason. They work and are inexpensive, or would be, if not for the cartridge racket. There’s a bit of mystery about exactly what’s going on inside the humble inkjet that can be difficult to describe in words, though, which is why [Dennis Kuppens] recently released his Interactive Printing Simulator.

[Dennis] would likely object to that introduction, however, as the simulator targets functional inkjet printing, not graphical. Think traces of conductive ink, or light masks where even a single droplet out-of-place can lead to a non-functional result. If you’re just playing with this simulator to get an idea of what the different parameters are, and the effects of changing them, you might not care. There are some things you can get away with in graphics printing you really cannot with functional printing, however, so this simulator may seem a bit limited in its options to those coming from the artistic side of things.

You can edit parameters of the nozzle head manually, or select a number of industrial printers that come pre-configured. Likewise there are pre-prepared patterns, or you can try and draw the Jolly Wrencher as the author clearly failed to do. Then hit ‘start printing’ and watch the dots get laid down.

[Dennis] has released it under an AGPL-3.0 license, but notes that he doesn’t plan on developing the project further. If anyone else wants to run with this, they are apparently more than welcome to, and the license enables that.

Did you know that there’s an inkjet in space? Hopefully NASA got a deal on cartridges. If not, maybe they could try hacking the printer for continuous ink flow. Of course that’s all graphics stuff; functional printing is more like this inkjet 3D printer.

hackaday.com/2026/03/27/unders…

Sovranità satellitare @nprofile…fwcg Dalla geolocalizzazione ...

2026-03-27T10:49:15Z

Sovranità satellitare

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Dalla geolocalizzazione alle comunicazioni: come l'Europa punta a costruire un'infrastruttura spaziale indipendente
L'articolo Sovranità satellitare proviene da Guerre di Rete.

L'articolo proviene da #GuerreDiRete di Carola Frediani (nprofile…4yny)
guerredirete.it/sovranita-sate…

Ransomware a Esprinet, compromessi 1,2 TB di dati: cosa sappiamo ...

2026-03-27T10:23:17Z

Ransomware a Esprinet, compromessi 1,2 TB di dati: cosa sappiamo

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Il gruppo ALP-001 ha rivendicato un attacco di tipo ransomware a Esprinet sostenendo di averne esfiltrato una importante quantità di dati interni. Ecco una breve analisi di quello che sappiamo finora
L'articolo Ransomware a Esprinet, compromessi 1,2 TB di dati: cosa sappiamo

La cyber sicurezza del settore sanitario in Italia: cosa sapere e ...

2026-03-27T09:17:29Z

La cyber sicurezza del settore sanitario in Italia: cosa sapere e su cosa riflettere

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Il recente attacco al settore sanitario francese spinge a chiedersi quali rischi ci sono che scenari simili si verifichino anche in Italia, Paese già preso di mira dal criminal hacking. Il parere dell’esperto
L'articolo La cyber sicurezza del settore sanitario in Italia: cosa sapere e su

ACN: a febbraio 2026 bisogna sommare il contesto geopolitico al ...

2026-03-27T09:12:16Z

ACN: a febbraio 2026 bisogna sommare il contesto geopolitico al combinato NIS2–Olimpiadi

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
L'operational summary dell'Acn a febbraio si focalizza su DDoS a basso impatto e sull’allargamento della platea di soggetti NIS2 notificanti. Ma, in realtà, secondo i nostri esperti, il rischio cyber sta peggiorando, guardando al contesto geopolitico della guerra in Iran e ai

This Flow Battery Operates With No Pump Required Flow batteries ...

2026-03-27T08:00:27Z

This Flow Battery Operates With No Pump Required

Flow batteries are rather unique. They generate electricity by the combination of two fluids flowing on either side of a membrane. Typically, this involves the use of some kind of pump to get everything moving. However, [Dusan Caf] has demonstrated another way to make a flow battery operate.

[Dusan]’s build is a zinc-iodide flow battery. It uses two 3D printed reservoirs, each holding a ZnI2 solution and a graphite electrode. Unlike traditional flow batteries, there is no mechanism included to mechanically push the fluid around. Instead, fluid motion is generated by the magnetohydrodynamic effect, which you may know from that Japanese boat that didn’t work very well.

When charging the liquid-based cell, current flows through the conductive electrolyte that sits between both electrodes. This sees zinc electroplated onto the graphite anode, while iodide ions are oxidized at the cathode. There’s also a permanent magnet installed beneath the electrodes, which provides a stable magnetic field. This field, combined with the current flowing through the electrolyte, sees the Lorentz force pushing the electrolyte along, allowing the flow battery to operate. When the cell is being discharged, the reactions happen in reverse, with the flow through the electrodes changing direction in turn. Neatly, as current draw or supply increases, the flow rate increases in turn, naturally regulating the system.

[Dusan] notes this isn’t feasible for large batteries, due to the limited flow rate, but it’s fine for small-scale demos regarding the operation of a flow battery. We’ve featured some more typical flow battery designs in the past, too.

youtube.com/embed/p2LaPcJia7U?…

youtube.com/embed/i3Abqr1r-mk?…

hackaday.com/2026/03/27/this-f…

Improving Soda by Turning It Into Mead Test tasting soda mead. ...

2026-03-27T05:00:55Z

Improving Soda by Turning It Into Mead

Test tasting soda mead. (Credit: Golden Hive Mead, YouTube)
You can certainly just chug down that bottle of soda you purchased, but if you accept the premise that the preparation of food and drink is just a subset of chemistry, and that chemistry is fun, then it naturally follows that using soda as the basis for brewing up some mead makes perfect sense. Thus the [Golden Hive Mead] blokes over on YouTube decided to create some Coca Cola flavored mead.

Mead is essentially just water mixed with honey that is left to ferment after adding yeast, resulting in what is also called ‘honey wine’, with an ethanol content of usually between 3.5% and 20%. Since soda is mostly water and comes with its own supply of sugar for yeast to feast on, this isn’t such a crazy choice in that respect. Just make sure to remove the carbonation, as the CO2 makes the soda too acidic for the yeast to be happy.

Instead of straight honey, caramelized honey was used for extra flavor after which the brew was left to ferment for a while. For extra flavor notes aged oak, vanilla and cinnamon were added as well, to ensure that the fermentation didn’t erase those core notes of the coke. The result was apparently rather flavorful, with about a 10.5% ethanol content, receiving the full approval of both tame test tasters.

youtube.com/embed/eLYPGYn7WYA?…

hackaday.com/2026/03/26/improv…

Momentus Clock Aims To Find Meaning A lot of the time, we must ...

2026-03-27T02:00:31Z

Momentus Clock Aims To Find Meaning

A lot of the time, we must assign our own meaning to the numbers on the clock. 8:30 AM is work kicking off, 12 PM is lunch, and 5PM is when the corporate chains release us to what’s left of the day. If you’d rather the clock tell you what’s special about the current time, though, you might like this project from [Andy Isaacson].

It’s called Momentous—”a clock to make every minute meaningful” in [Andy’s] own words. The concept is simple—for each minute, the clock digs up some random mathematical fact relevant to the current time. For example, you might think of 3:14 as Pi o’clock, but Momentous also notes that the sequence “314” shows up at the 856th decimal of e. Useful? Probably not. Fun? If you like numbers, then very!

[Andy] wrote Momentous in Typescript with React Native and Expo. Baked into the app is a computed list of fun number facts for every conceivable time from 00:00 to 23:59. All these timely numbers were processed through a “fact generation” algorithm to dig up mathly tidbits. Do they contain primes? Do the numbers show up in a famous irrational number sequence? Are they palindromic, or can some neat facts be gleaned from Wikipedia? Maybe the current time shows up in your best friend’s phone number! Momentous uses all these and more to make every minute of the day a little bit more interesting.

You can check out the clock for yourself in your web browser. Alternatively, you can install it on your iPhone if you so desire. We feature all kinds of fun clocks here, from the wordy to the absurdy. If you’re cooking up your own timely hacks, we always love to to hear about them on the tipsline!

hackaday.com/2026/03/26/moment…

Comparing the Power Usage of 12 VDC and 240 VAC Kettles If you ...

2026-03-26T23:00:09Z

Comparing the Power Usage of 12 VDC and 240 VAC Kettles

If you have a 12 VDC power system, like the battery of a PV solar system or car, would it be more efficient to boil water for that cup of tea with that 12V straight from the battery, or use a 240 VAC mains kettle via a ~90% efficient inverter instead? That’s the question that [Cahn] decided to answer experimentally, using a bulky 3 kW inverter and a collection of electric kettles.

Although the used amount of 500 mL of water is boiled much faster in the 2,200 Watt mains kettle than in the 150 and 350 Watt low-voltage kettles, this obvious difference is somewhat irrelevant if you’re only concerned with efficiency. To measure the power used a Victron smart shunt was used with each run, keeping in mind that a perfect efficiency for heating 500 mL from room temperature to boiling is around 43-44 Wh.

With two runs per kettle, the 240 VAC kettle used 65-70 Wh. The first ‘150 Watt’ kettle pulled nearly 200 Watt to boil the water after about 20 minutes, using 62-64 Wh. The second ‘150 Watt’ kettle pulled around 180 Watt, took 23-25 minutes and used 68-74 Wh. Finally, the ‘350 Watt’ kettle drew over 420 Watt and used 50-56 Wh in just over 8 minutes.

When you look at the final results, it’s interesting to note that the low-voltage kettles got both first and last place in this contest, even when factoring in the inverter losses for the 2.2 kW kettle. This makes it quite obvious that the issue at hand is less about DC vs AC or mains vs low-voltage.

The 350 Watt kettle is clearly better designed, featuring a level of insulation that the cheap 12V kettles lack, while pumping more energy into the water at a much faster pace due to the higher current.

Of course, this also shows the whole headache of using 12 VDC appliances like this, as you can only pull so much current from a cigarette lighter socket, while connecting directly to the battery and its juicy 100 A or more poses its own logistical problems. Taking the inverter losses as the price to pay for convenience is thus another totally valid option whenever you’re out camping or at that off-grid cabin.

youtube.com/embed/D3xOxzk9oS0?…

hackaday.com/2026/03/26/compar…

Looking at a bike built for the apocalypse So-called bug out cars ...

2026-03-26T20:00:56Z

Looking at a bike built for the apocalypse

So-called bug out cars are a rather silly venture that serve little purpose more than snagging your jumper. The odds of a car working well through a nuclear winter are rather minimal. But what about a bicycle? On paper it’s a better choice, with extreme efficiency, reliability, and runs off whatever sustenance you can find in the barren landscape of a collapsed society. But [Seth] over at Berm Peak proved an apocalypse bike is at least as silly as a bug out car.

While a utilitarian bike fit for a cross-country trek across a nuclear wasteland can certainly be a reasonable venture, this particular bicycle is not that. This three wheeled monstrosity of a bicycle (is it still a bicycle if it has three wheels?) was built by [TOMO] for the Bespoked bike show’s apocalypse buildoff. It placed second among a number of strange bikes with features ranging from pedal driven circular saws to beer keg grills. But this particular example of apocalypse bike is easily the strangest example of the lot.

The features on this custom build are rather extensive, but the star of the show is the trailing link two wheel drive rear end. The third wheel was thrown on last minute with a random shock providing some measure of compliance to the rather unwieldy system. But while adding unnecessary complexity, the third wheel does offer the benefit of bringing along a number of spare parts on the last bikepacking trip of a lifetime. Moreover, it can be easily removed to get something resembling bicycle.

The aforementioned front of the bike while being an actual bike, is likewise a rather strange build. It’s best described as a fat-tired long nosed tall cargo bike. The removable cargo rack is quite effective in storing heavy loads by keeping the center of gravity near or below the axles, it can remain rideable with quite heavy loads. But, if ground clearance is needed, then simply remove the cargo rack, and the bike becomes a bike capable of navigating the nuclear wasteland it was made for.

While this is a silly and questionable bike, it’s certainly not the first strange bike we have seen.

youtube.com/embed/BlP_RAKlTAk?…

hackaday.com/2026/03/26/lookin…

Reconstructed SC62015 Opcode Reference For Sharp Pocket Computers ...

2026-03-26T18:30:30Z

Reconstructed SC62015 Opcode Reference For Sharp Pocket Computers

Pocket computers like Sharp’s 8-bit computing marvels were a big part of the 1980s, providing super-portable processing power to anyone who wanted a bit more than what something like a scientific calculator could provide at the time. These days they are mostly just a collector’s item for retrocomputing enthusiasts, which also means that a lot of the knowledge about how to program the CPUs in them is at risk of being lost.

This is why [gikonekos] decided to combine as much knowledge they can glean from official documentation into a reference project on GitHub for the SC62015 equipped Sharp pocket computers like the PC-E550.

Generally you’d program in Sharp’s dialect of BASIC on these computers, such as the ‘PLAY3’ program that [gikonekos] recently unearthed from a November 1993 copy of ‘Pocket Computer Journal’ using which you can create polyphonic tunes. This only unlocks a small part of what the hardware can do, of course, so having a full opcode reference like this is important.

While still a work in progress, it’ll eventually contain the full opcode and register tables, addressing modes, instruction summaries and of course a full accounting of how all of this was reconstructed. As the original Sharp documentation wasn’t released to the public, providing these scans is also not a goal, especially not under any kind of free license.

A cursory search reveals an instruction table for the PC-E500 from 1995 by [Andrew Woods], so documenting this is not a new thing, although at the time these Sharp pocket PCs didn’t count as ‘retro systems’ yet.

hackaday.com/2026/03/26/recons…

Gemini sul Dark Web: strumento di difesa o nuova frontiera del ...

2026-03-26T18:29:26Z

Gemini sul Dark Web: strumento di difesa o nuova frontiera del controllo?

nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvje76wq7e5kh9x2c0cggcmymz5408yw8lxxhtpy6v0cdwfu2c9asanfwcg (nprofile…fwcg)
Google ha integrato Gemini in Google Threat Intelligence per monitorare automaticamente il Dark Web: fino a 10 milioni di post al giorno analizzati con una precisione dichiarata del 98%. Un salto tecnologico reale che pone domande scomode su cosa significhi

3D Print Becomes Cast Iron Wrench Via Microwave Consumer-grade 3D ...

2026-03-26T14:00:34Z

3D Print Becomes Cast Iron Wrench Via Microwave

Consumer-grade 3D printing is good for prototyping and making relatively soft plastic stuff. If you wanna make tough things, though, it’s really hard to beat the strength of metal. [Shake the Future] has produced a guide on using 3D printing in a process to produce solid parts out of actual cast iron.

The concept is simple. [Shake the Future] uses silicon carbide crucibles, which can heat up by absorbing microwave energy. Put one in an insulated container, dump some metal in, and throw it in a microwave, and soon enough you have a pot of molten metal you can use to cast stuff.

Let’s say you want to make an adjustable wrench, which is how [Shake the Future] demonstrates this technique. The first step is to print the wrench parts in plastic, such as PLA. These parts are then packed into fine sand to create casting molds. The PLA is burned out of the mold, leaving a negative imprint of the geometry. Molten cast iron can then be poured into the mold to create the part in solid metal.

It’s a messy technique that requires a lot of manual labor, but it does work quite well. There are some tricks to learn, though, particularly when it comes to successfully casting parts with holes or fine geometric features.

And before you think that you’re going to put the hardware store out of business, it should also be noted that it failed on first encounter with a real-world nut. The thinnest part by the screw just wasn’t strong enough.

Still, it’s a great demo, and if you’ve ever wanted to make a bespoke cast iron part of your own, this work may be very relevant to you. Alternatively, consider learning about DIY aluminium casting—just consider the pitfalls involved.

youtube.com/embed/FyhaeVi05io?…

hackaday.com/2026/03/26/3d-pri…

An AI gateway designed to steal your data A significant ...

2026-03-26T11:01:38Z

An AI gateway designed to steal your data

A significant proportion of cyber incidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen a wide variety of methods used in such attacks, ranging from creation of malicious but seemingly legitimate open-source libraries or delayed attacks in such seemingly legitimate libraries, to the simplest yet most effective method – compromising the accounts of popular library owners to subsequently release malicious versions of their libraries. Such libraries are used by developers everywhere and are included in many solutions and services. The consequences of an attack can vary widely, ranging from delivering malware to a developer’s device to compromising an entire infrastructure if the malicious library has made its way into the code of a service or product.

This is exactly what happened in March 2026, when attackers injected malicious code into the popular Python library LiteLLM, which serves as a multifunctional gateway for a large set of AI agents. The attackers released two trojanized versions of LiteLLM that delivered malicious scripts to the victim’s system. Both versions made their way into the PyPI repository for Python. A technical analysis revealed that the attackers’ primary targets were servers storing confidential data related to AWS, Kubernetes, NPM, etc., as well as various databases (MySQL, PostgreSQL, MongoDB, etc.). In the latter case, the attackers were primarily interested in database configurations. In addition, the malware’s logic included functionality for stealing confidential data from crypto wallets and techniques for establishing a foothold in the Kubernetes cluster.
Repository compromise

The compromise affected the package distribution channel via PyPI: on March 24, 2026, malicious LiteLLM versions litellm==1.82.7 and litellm==1.82.8 were uploaded to the registry. It was specifically the package’s distribution contents that were compromised: in the version 1.82.7, the malicious code was embedded in proxy_server.py, and in 1.82.8, the file litellm_init.pth was added.
Technical analysis

Both versions of the library contained the same malicious code, but its execution was implemented differently. In the version 1.82.7, it was executed only when the proxy functionality was imported, while in 1.82.8, a .pth file was added that was able to execute the code every time the interpreter started.

Example of the malicious code in proxy_server.py

The malicious code in the proxy_server.py and litellm_init.pth files contained Python code encoded in Base64. After execution, the infected script saved this code alongside itself as a p.py file and immediately executed it.

The p.py script launched the main payload – another script, also encoded in Base64 – without saving it to disk. At the same time, it wrote the output of this payload to a file in the directory from which it was launched. Before being written, the output was encrypted using the AES-256-CBC algorithm with a random key generated in the code, which was saved to the session.key file. The key file was also encrypted – using a pre-initialized public RSA key.

The encrypted key and the output were combined into a tpcp.tar.gz archive and sent to the attackers’ remote server.

What exactly happened within the malicious payload, whose output was sent to the C2 server? After it was launched, a recursive scan of the working directories on the victim’s system (/root, /app/, /var/www, etc.) began. In each directory, the script scanned the contents of files, which it output to the stdout buffer, from where it was then saved to the aforementioned file as the result. Next, the script collected system information and also saved it to a file. After that, it proceeded to search for sensitive data. It was interested in the following data located on servers and within the infrastructures of various services:

SSH keys
GIT accounts
.env files
AWS, Kubernetes, email service, database, and WireGuard configurations
files related to Helm, Terraform, and CI
TLS keys and certificates

A notable feature of this malware is that it does not limit itself to stealing files and configurations from the disk, but also attempts to extract runtime secrets from the cloud infrastructure.

The code above uses the addresses 169.254.169.254 and 169.254.170.2. The first corresponds to the AWS Instance Metadata Service (IMDS), through which an EC2 instance (a virtual server in AWS, a machine running in the cloud) can retrieve metadata and temporary IAM role credentials (an AWS account with a set of permissions that a service or application can use to obtain temporary credentials for calls to the AWS API). The second is used in Amazon ECS to issue temporary credentials to a container during execution. Thus, the malicious script targets not only static secrets but also those issued by the cloud that can grant direct access to AWS resources at the moment of infection.

Additionally, the script searches for crypto wallet configurations, as well as webhooks associated with Slack and Discord messengers. The latter indicate that attackers are interested not only in infrastructure secrets and accounts, but also in communication channels within the development team.

In the next stage, the malware moves from data collection to establishing a foothold in the Kubernetes cluster infrastructure: if it has enough access, it configures a privileged pod (the smallest execution unit in Kubernetes, containing one or more containers) by enabling the securityContext.privileged=true option and mounts the node’s root filesystem via hostPath. This allows it to escape the container and perform actions at the node level.

Next, the malware executes another stage of infection – it saves a base64-encoded script disguised as a legitimate system component to the Kubernetes node’s disk at the path /root/.config/sysmon/sysmon.py, and registers it via systemd. After launching, the script waits for an initial delay of 300 seconds, then begins periodically contacting the C2 node checkmarx[.]zone/raw, retrieving a link to the next payload from there. If the received value differs from the state previously saved in /tmp/.pg_state, the script downloads a new file to /tmp/pglog, makes it executable, and runs it in the background. At this stage, the attackers gain a foothold in the system and is capable of regularly delivering updated payloads without the need for re-injection. Since the malicious payload is written not to the container’s temporary file directory but directly to the Kubernetes cluster node, the attackers will retain access to the infrastructure even after the container has terminated.

A similar scenario is used for local persistence: in the absence of Kubernetes, the sysmon.py script is deployed in the user’s directory at ~/.config/sysmon/sysmon.py and is also registered as a service via systemd.
OpenVSX version of the malware

While analyzing files communicating with the C2 server, we discovered malicious versions of two common Checkmarx software extensions: ast-results 2.53.0 and cx-dev-assist 1.7.0. Checkmarx is used for application security assessment. These trojanized extensions contained malicious code that delivered the NodeJS version of the malware described above.

This version is downloaded from checkmarx[.]zone/static/checkmarx-util-1.0.4.tgz using NodeJS package installation utilities and is named checkmarx-util. Its key difference from the Python version is that it does not attempt to elevate privileges to the Kubernetes node level and does not create a privileged pod for persistence. Instead, it implements local persistence within the current environment. This means that the NodeJS variant persists only where it is already running.

Additionally, the list of folders to search for and steal secrets from is significantly smaller in this version than in the Python variant.

Checkmarx extensions are used to scan code and infrastructure configurations, so their compromise is quite dangerous: an attacker gains access not only to project files but also to a significant portion of the development environment, tokens, and local configurations.
Victimology

While assessing the attack’s impact, we saw victims all over the world. Most infection attempts occurred in Russia, China, Brazil, Netherlands and UAE.
Conclusion

As the technical analysis shows, the malicious scripts found in the LiteLLM versions are dangerous not only because they steal files containing sensitive data, but also because they target multiple critical infrastructure components simultaneously: the local system, cloud runtime secrets, the Kubernetes cluster, and even cryptographic keys. Such a broad scope of data collection allows an attacker to quickly move from compromising a single system and Python environment to seizing service accounts, secrets, and entire infrastructures.
Prevention and protection

To protect against infections of this kind, we recommend using a specialized solution for monitoring open-source components. Kaspersky provides real-time data feeds on compromised packages and libraries, which can be used to secure the supply chain and protect development projects from such threats.

Home security solutions, such as Kaspersky Premium, help ensure the security of personal devices by providing multi-layered protection that prevents and neutralizes infection threats. Additionally, our solution can restore a device’s functionality in the event of a malware infection.

To protect corporate devices, we recommend using a complex solution such as Kaspersky NEXT, which allows you to build a flexible and effective security system. The products in this line provide threat visibility and real-time protection, as well as EDR and XDR capabilities for threat investigation and response.

At the time of writing, the compromised versions of LiteLLM have already been removed from PyPI and OpenVSX. If you have used them, and as a proactive response to the threat, we recommend taking the following measures on your systems and infrastructure:

Perform a full system scan using a reliable security solution.
Rotate all potentially compromised credentials – API keys, environment variables, SSH keys, Kubernetes service account tokens, and other secrets.
Check hosts and clusters for signs of compromise – the presence of ~/.config/sysmon/sysmon.py files, suspicious pods in Kubernetes.
Clear the cache and conduct an inventory of PyPI modules: check for malicious ones and roll back to clean versions.
Check for indicators of compromise (files on the system or network signs).

Indicators of Compromise:

URLs
models[.]litellm[.]cloud
checkmarx[.]zone

Infected packages
85ED77A21B88CAE721F369FA6B7BBBA3
2E3A4412A7A487B32C5715167C755D08
0FCCC8E3A03896F45726203074AE225D

Scripts
F5560871F6002982A6A2CC0B3EE739F7
CDE4951BEE7E28AC8A29D33D34A41AE5
05BACBE163EF0393C2416CBD05E45E74

securelist.com/litellm-supply-…