Hackaday

Hackaday Podcast Episode 371: Space Computers, Spy Phones, and So Long CHU

2026-05-29T17:00:48+00:00

Elliot Williams is out where the deer and the antelope play for the next week, so it’s up to Tom Nardi and Al Williams to wrangle this episode of the Hackaday Podcast. They’ll start off by reading some listener messages before talking about the slow extinction of time broadcasts, Linux on cheap smartphones, microcontroller VPNs, and the computers of Spacelab.

You’ll also hear about using a video game’s “Photo Mode” to capture 3D imagery, strange red lights in deep space, and ASCII fish that you don’t need to feed. The episode wraps up with a discussion of WWII spy tech and the revelation that modern smartphones and powerful magnets don’t always mix.

Check out the links if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download in DRM-free MP3.

Episode 371 Show Notes:

Mailbag:

Interesting Hacks of the Week:

So Long, CHU, And Thanks For All The Time Signals

A Zinc Air Battery You Can Make Yourself
- Electric Vehicle 1900’s Style: New Leases On Old Tech

Linux On Android Provides Inexpensive, Powerful Computing

Quick Hacks:

Can’t-Miss Articles:

A Fume-Control Cabinet for Resin 3D Printing

2026-05-29T15:30:14+00:00

For a certain kind of intricate, highly-detailed manufacturing, there’s really no substitute for a resin 3D printer, and it’s therefore unfortunate that they require so many poisonous chemicals. The resin itself usually contains irritating acrylates and methacrylates, it can emit a wide spectrum of volatile organic compounds (VOCs) during printing, and even the isopropyl alcohol used in cleaning is moderately toxic. [Allie Katz] accordingly built this fume-control enclosure for resin printing and other ventilation-critical processes.

The biggest constraint was space: [Allie]’s workspace had a fairly limited volume available, and the enclosure needed to hold an SLA printer, an isopropyl alcohol washing station, a UV curing chamber, and miscellaneous supplies. Most of the enclosure was made out of IKEA cabinets, using some large cabinets at the base to hold the printer and curing station, a countertop over these to hold the washing station, and more cabinets above to hold supplies. An MDF backing panel and acrylic side panels enclose the workspace between the cabinets. There was no safe way to exhaust fumes, so the enclosure recycles its air: a fan pulls air in through an activated-carbon filter mounted above the work area and into the plenum behind the chamber, from which it passes through the printer’s cabinet back into the workspace enclosure. Panel filters surround the carbon filter to catch particulate matter.

The enclosure uses four ESP32-based boards for automation: one uses a touchscreen to display data, and three are paired with BME680 sensors, primarily to report VOC concentrations. One, which also has a particulate matter sensor, senses air quality in the main chamber and plenum, one monitors air quality in the rest of the shop, and the third detects clogging from within the filter enclosure. The first real test of the chamber was to 3D print and paint some handles for the cabinets. It worked as expected, detecting the increased VOCs and ramping up the fan to keep them in check.

We’ve seen a ventilated printer enclosure before, that time for an FDM printer. Although their hazards are less blatant, they too can produce dangerous fumes, which could possibly be carcinogenic.

Thanks to [Keith Olson] for the tip!

This Week in Security: Ubiquiti Fixes, and FreeBSD Joins the Club you Don’t Want to Join

2026-05-29T14:00:19+00:00

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale.

The vulnerabilities range from path traversal revealing configuration files (escaping from the web server by requesting a path like “../../../../../etc/passwd” for instance), to command injection (running arbitrary shell commands on the system), and actually changing device configurations. Some of the reported vulnerabilities require an account on the management server, but some only require network access .

Fortunately, all of the vulnerabilities require access to the network in the first place to exploit – but this could include access to open guest networks as well as trusted users. If you run Ubiquti or UniFi equipment, chances are the automatic update function has already integrated the fixes, but make sure to check the advisory to see if you’re impacted and update accordingly!

FreeBSD Root Exploit

FatGid lets FreeBSD join the fun of kernel exploits to gain root.

The FatGid vulnerability doesn’t require any manipulation of disk cache; instead it is a direct kernel stack overflow in a system call. The kernel miscalculates the size of a variable as 8 bytes instead of 4, which when used later interacting with a user buffer allows the stack overflow.

Like the recent spate of Linux local privilege escalation attacks, this requires the attacker to already have an account on the system or the ability to run arbitrary programs, but remember that any bug in network services which allows command execution gets you there, so if you run network exposed FreeBSD, it’s time to update!

Kali365 Phishing-as-a-Service

Phishing-as-a-service platforms have been gaining traction, allowing criminals to automate targeting users with crafted lures. The FBI has issued a warning about the Kali365 service in particular.

Kali365 targets credentials for Microsoft 365 accounts by directing users to the official Microsoft portal for linking additional devices to the account, attaching an attacker device directly to the user identity. Alternatively, the framework steals credentials by directing the user through a hostile service which presents a false login page which captures browser sessions along with authentication cookies and tokens once the user answers the fake multi-factor login prompts.

Automating the phishing process lowers the bar for the skill level needed to create authentic-looking lures and makes it simpler for criminal groups to attack large numbers of users; Phishing-as-a-service groups operate as companies offering customer support, tracking dashboards, and pre-made phishing templates.

Glassworm Botnet Takedown

CrowdStrike, Google, and the ShadowServer Foundation have done a coordinated takedown of the infrastructure used by the Glassworm supply-chain botnet.

Glassworm has been mentioned previously; it is one of several major worms infecting the open source package supply chain repositories like NPM and PyPi or the Visual Studio extension repository. Once a victim installs a compromised package or extension, the Glassworm trojan steals any saved authentication tokens for package repositories, GitHub accounts, AI services, and any SSH keys found, and begins the stage two infection. Using the stolen credentials, the worm infects any GitHub workflows, packages, and extensions the user has access to, and installs a remote-access trojan which waits for further commands.

Glassworm used a complex control server structure including blockchain memos, BitTorrent files, and public Google Calendar entries, but the coalition of companies was able to interrupt all control channels simultaneously. Hard-coded aspects of the worm will continue to function, but all behavior which requires downloading payloads from the control servers has been disrupted.

This isn’t the first time multiple Internet companies have coordinated to take down malware, but it’s always good to see action against threats which have been decimating the package repository infrastructure lately.

TechCrunch Spyware Avoidance

On the positive side of things, TechCrunch has an article about modern features to protect users against spyware. If this isn’t news to you, there’s still almost certainly someone in your life who will benefit from a user-friendly write up of best practices!

Both major commercial mobile platforms (iOS and Android) offer advanced protection features which are minimally invasive. For users who are likely to be higher targets of spyware like journalists, lawyers, and human rights activists, or simply those who are worried, these features offer real protection.

The features explained in the article include Apple’s Lockdown mode, Androids Advanced protection mode, and WhatsApp specific application settings, all of which work to reduce common attack surfaces for devices. The advanced security modes typically have minor impacts on performance and battery life due to disabling optimization features which introduce additional complexity and attack surfaces (such as just-in-time compilation of JavaScript code into native instructions.). When situations call for an abundance of caution, a few percent of battery life daily is a reasonable compromise.

Go check out the full write up!

Microsoft Bans NightmareEclipse

An exploit researcher known only as “NightmareEclipse” has been featured here several times in the past months already. Showing intense frustration with their experience with the administrators of the Microsoft security bug bounty program, they have taken to releasing zero-day exploits against Windows, often coinciding with Patch Tuesday (clearly no accident; by releasing a new exploit on the same day as the Microsoft patch set, it’s unlikely to be fixed before the next months Patch Tuesday at the earliest). Previous exploits released by NightmareEclipse include BlueSun and RedHammer (local user to Windows SYSTEM privilege escalation), UnDefend to disable Windows Defender, and YellowKey which unlocks BitLocker drives using a collection of nothing more than magically named files.

Toms Hardware reports that Microsoft has disabled the researchers GitHub accounts (GitHub being owned by Microsoft has long been a point of concern for security researchers who find vulnerabilities in Microsoft products), as well as the actual Microsoft account used by the researcher.

While it’s certainly within the terms of service of Microsoft and GitHub that accounts may be terminated, the optics are particularly poor in this case, given the confusion around the initial interactions which led the researchers original anger. NightmareEclipse has moved their example code repositories to GitLab in the mean time, and promises Microsoft that “I will make sure your bones are shattered on July 14”, implying there will be additional releases (on, you guessed it, what looks like another Patch Tuesday).

Further clouding the issue, an official Microsoft statement indicates they are attempting to bring criminal (not just civil) charges against researchers who do not cooperate with the Microsoft disclosure policies, a stance which will certainly in no way exacerbate the situation.

Fingerprinting Devices by SSD

Dan Goodin at Ars Technica highlights a new paper on fingerprinting users via SSD disk performance, using just standard JavaScript.

The modern web is a hellscape of user tracking, and this attack, dubbed FROST, highlights another technique for identifying unique devices and user patterns based entirely on hardware behavior. By generating a large file using local browser storage via OPFS (origin private file system, an API for JavaScript to create raw files inside the browser storage area) and continually reading and writing data while monitoring the performance, a web page is able to monitor the disk access performance of the device.

Using a neural network trained on timing data, researchers say they are able to determine what apps may be running on the computer alongside the browser – and sometimes even what other websites are being viewed, based solely on the delays in disk IO caused by other applications and websites accessing the SSD. The paper will be presented in July, with researchers saying that the neural network can be trained to recognize “any system which reliably generates SSD accesses”.

Likely, browser developers can mitigate FROST by decreasing the performance of file operations in the OPFS API so that the performance data lacks the fidelity needed to derive user behavior.

FROST is a “side channel attack”; by monitoring one set of characteristics, side channel attacks are able to infer other system behaviors. Side channel attacks can be incredibly subtle and difficult to predict: Another side channel attack method has been to use extremely fine-grained monitoring of the power consumption of a device to derive encryption keys, predicting the CPU instructions and values based on the amount of power used to set the internal registers.

Improving Memory Safety in C#

Programming languages have been moving towards stronger default memory models, making programs more secure by default by eliminating behaviors which are commonly exploitable. Using a memory-safe language does not prevent logic errors or other security issues, but can still help by eliminating common mistakes.

Microsoft has posted an extensive article about new enhancements for C# in .NET 11. Borrowing in many ways (that’s a programming joke) from the Rust memory model, C# 16 will add additional memory enforcement and object lifetime, detecting when memory is no longer available and preventing invalid memory accesses on expired objects, with the goal of eliminating use-after-free memory corruption and attacks.

C# 16 will also increase the meaning of the “unsafe” keyword, a mechanism introduced in C# 1.0 and since heavily adopted by newer languages such as Rust and Swift. Code marked as unsafe in C# 16 is able to bypass the stricter memory model, but all code referencing it must also be marked as unsafe. Making unsafe code more difficult to use increases the overall friction of doing things the dangerous way, while clearly marking code which is higher risk.

There are few magic bullets for secure programming, but reducing the ways a programmer can make simple mistakes can be a big win.

When is an Apple Laptop Not a Macbook? When it’s an Apple II

2026-05-29T11:00:57+00:00

Do you remember, some years ago, when that brand-new 8086-based laptop hit the shelves? Great for PC lovers, but not so fun for those on the fruitier side of the street. Well, the same Chinese firm that brought us the Book8086 are back, this time with an ‘Apple’ Laptop that is decidedly not a MacBook– the Book II is a dual-processor Apple II clone in a laptop form factor.

… but just look at all those DIPs on the inside. Authentically retro!

Dual processor? On an Apple II? It wasn’t that uncommon, back in the day — that’s what the Z80 softcard was, after all: a second processor that let you run CP/M and associated business applications, and this one has it built-in. It also has the 80-column video card, a second floppy controller, a printer interface, and a 16 kB ROM card for languages. That leaves two of the Apple’s expansion slots available, one of which is broken out externally on the back of the laptop, along with the printer and floppy ports.

Useful? Probably no more so than the NEC V20-based PC version. Still, those did find buyers and we have no doubt that this new laptop will, too. Especially since with the right expansion card, you might get this machine running DOS as well. Of course if you don’t feel like shelling out the quid or running an emulator, you can always roll your own Apple II on an FPGA.

Thanks to [Stephen Walters] for the tip! We usually steer clear of product announcements like this, but [Stephen] figured we’d be interested in this one since we covered the then-new retro PC versions way back in 2023.

Medication Reminder Uses Only One Button

2026-05-29T08:00:59+00:00

As anyone who takes medicines regularly will attest to, the days have a tendency to blur together, making it hard to remember if you did something like take that day’s dose or not. There are plenty of products available to help keep track of medication reminders but many are overly complicated, so [Jeroen] built this one which keeps simplicity and usability as its core design principle.

[Jeroen] calls it the MedMinder, and it’s a small, compact, rectangular device with a four-character display meant to sit on a countertop. When it’s time to take a medicine, the display will show that medicine’s four-letter code until the user pushes the single button under the display, signalling that they’ve taken their dose. If many different medications have to be taken at the same time, it displays the first priority until the button is pushed, and then displays whichever one is next after that.

Programming is a little less straightforward, as the medications need to be added to the source code and uploaded to the Arduino that sits at the center of this build, but with the source code available this isn’t too difficult for someone with minimal experience with microcontrollers.

In an idealized world, technology should make our lives simpler or easier, and this small device goes a long way towards helping with that goal. Especially for an important but mundane task that can be surprisingly easy to lose track of. Although we glossed over the accuracy of this device’s clock in this article, we do have a comprehensive guide for selecting the right real-time clock for microcontrollers like this.

An Atic Atac Minimap For The ZX Spectrum

2026-05-29T05:00:26+00:00

The use of modern microcontrollers as add-on peripherals for 1980s home computers has delivered significant benefits and capabilities unimaginable in the days when those machines were new. A great example come from [Happy Little Diodes], who’s using a Pi Pico based peripheral for a Sinclair ZX Spectrum to provide something that looks far more modern, a hardware minimap for the iconic Spectrum game, Atic Atac.

The ZX expansion port provides all the bus signals from the Z80 microprocessor, and the peripheral uses a latch to capture Spectrum memory writes. Because the game’s operation is well known it can easily watch out for updates to the in-memory variable that contains the game room ID. It’s then a case of drawing the map with the player centered on the room the are in, for a much more 21st century game interface component.

Having been around when both the ZX and this game were new, we like this add-on, a lot. We can imagine it could relatively easily support other games, too.

Haven’t got a Spectrum? Never fear, you can make yourself one!

How to Let Everyone Keep a Secret

2026-05-29T02:00:42+00:00

Someone calls you at work and says, “Don’t tell anyone, but…” If you are like most people, there are one or two people you will pass it along to with the same admonishment. In fact, they are probably repeating it from someone else, and you are on their list of two people. So for really big secrets, you need a way to spread the secret out so that no one has any real information about the secret, but a certain number of people together can decode it. As [neeaj] explains in a recent post about Shamir’s Secret Sharing, [Adi Shamir] (the S in RSA encryption) devised a way to do this very well in 1979, and the core concept is very easy to understand.

The explanation works with geometry. The equation for a line is y=mx+b, where m is the slope and b is the y-intercept (that is, where the line touches the y-axis when X is 0. An infinite number of lines cross the Y axis at, for example, 10. The line y=3x+10 does, and so does the line y=-1.41x+10. You can’t guess the b value from just the slope, because any slope will satisfy the equation.

So suppose the secret number is 10. I can pick a random slope and generate points on it. Like the y-intercept, any number of equations might satisfy that point. Let’s pick a random slope of 2 just to make the math easy. Our real equation is y=2x+10. Let’s pick a random X of 100 and tell one person their part of the secret is (100,210). That matches our equation, of course, but it also matches y=4x-190 and y=x+110, along with an infinite number of other lines.

To know the actual equation, you need at least two points. So let’s pick x=25 and tell another person that their part of the secret is (25,60). Now, if those two people compare notes, you can find the secret number by solving the two equations:

210=100m+b and 60=25m+b

The second equation is the same as 240=100m+4b, and you can subtract the first one from that:

30=3b
10=b

You can hand out any number of points to any number of people. Any two of them can recover the secret number. If you need to require more people to unlock the secret, you just go up in order. A parabola equation, for example, requires three points. A cubic takes four, and so on.

In reality, practical implementations take a polynomial, not a graph. But the elegant idea is the same. Not the first time we’ve heard of this algorithm. Reminds us of how a nuclear launch requires multiple keys.

Recycling Two XBox One Consoles into a 10 GB USB Flash Drive

2026-05-28T23:00:31+00:00

Amidst the ongoing RAM & storage apocalypses, Mad Max-esque scenes are unsurprisingly developing, with the eMMC recycling project by [Chase Fournier] from a pair of XBox One S (‘XBone’) mainboards being just one more example. These mainboards come equipped with a 5 GB eMMC chip installed, alongside 8 GB of DDR3.

Removing the eMMC chips isn’t that complicated and after some reballing fun the chips were both installed on a carrier board with a Norelsys NS1081 controller IC. This provides a USB 3.0 interface and can connect to up to four SD or eMMC memories, with here just two channels used.

Although the eMMC testing device didn’t seem too happy with either chip, after mounting them on the PCB the controller could be programmed and saw both eMMC packages for a grand total of 10 GB storage.

Sequential read performance in CrystalDiskMark was about 140 MB/s while write performance was about 64 MB/s, which is zippy enough for smaller files. Not that you can store more than 10 GB on this USB drive anyway.

Turning the DDR3 ICs on the mainboard into proper DIMM or SODIMM sticks would also be an idea, as even such older memory tech keeps ramping up in demand. As for the XBone X variant with its 12 of GDDR5, that’s probably a harder proposition to repurpose, but recycling old consoles suddenly has become a lot more exciting.

Camping on Unconventional Watercraft

2026-05-28T20:00:07+00:00

The fjords of Norway are world famous for their beauty, but even though the word itself is Norwegian, there are fjords all over the world in areas that used to be covered in glaciers. One of these areas is the Pacific Northwest of North America, we herit’s actually possible to travel by boat from the Seattle area all the way into Alaska without going to the Pacific Ocean, and although plenty of people make this journey by boat, [Matt] is planning on doing this journey on a jet ski with a custom camper on the back.

Normally a jet ski wouldn’t be the ideal platform for a multi-day on-boat adventure because of their size, but [Matt] found perhaps the largest jet ski ever made and he got a deal on it since it had previously been wrecked. Once he repaired the hull damage, he cut a sheet of plywood in half and put a hinge in the middle so it can unfold over the top of the jet ski but fold it away when he’s traveling. With the basic concept in place he took it right out on the water to a campsite before finalizing the construction of the rest of the tent, including the installation of a door, a window, and some interior lighting.

During that first night, a storm cropped up and pushed the craft out to shore while [Matt] was sleeping, so after realizing, waking up, and motoring back to shore, he made sure to tie the craft to a rock to avoid similar situations before going back to sleep. But besides some motion sickness which prevented him from cooking inside his camper, the rest of the adventure went off without a hitch. Before taking it on the Inside Passage he has been thinking of a few improvements like outriggers to keep it from rocking while he sleeps. [Matt] is no stranger to unusual camper builds, though, we recently featured his other camper which is an electric car converted to explore abandoned railroads.

Attack of the Atomic Oxygen

2026-05-28T18:30:21+00:00

While designing anything for operation in space has its challenges, there is at least one thing that is more of a problem for objects in Earth orbit than for deep-space probes: atomic oxygen. We like oxygen because we need it to live, but it is also highly reactive as a single atom. Luckily, on Earth, most of what we breathe is O₂. [Space Daily] talks about the challenges of the International Space Station dealing with the “space weather” of atomic oxygen in low Earth orbit.

Part of the problem is that even when we know better, we tend to think of the atmosphere coming to an abrupt end and space being a hard vacuum. But in reality, the atmosphere gradually dissipates, and at “only” 400 km above the Earth, the Space Station is really flying through a very thin atmosphere.

To compound the problem, this is above the ozone layer, so the Sun’s UV light rips O₂ into single oxygen atoms. Over time, these free oxygen atoms can affect many parts of a spacecraft exposed to them. Engineers first noticed that materials recovered from spacecraft had more damage and changes to material properties on the pieces facing the direction of travel. NASA has spent years testing different materials by mounting trays of different material samples outside the ISS.

Carbon-based polymers take a big hit from atomic oxygen exposure. Polymide film is frequently used, but it erodes with exposure. Carbon composites also lose mass. Other materials change in other ways. For example, an optical surface may roughen with exposure.

The usual answer is to over-design for mission objectives or to cover certain polymers with coatings like silicon dioxide or aluminum oxide, which are not as reactive to free oxygen. For a long-duration mission like the ISS, you may have to pay special attention to the materials in use. Very low satellites also need special care, as there is more oxygen in lower orbits.

There are other effects, too, such as extreme thermal cycles, debris strikes, and other indignities that space-traveling materials must withstand. But in deep space, atomic oxygen is a rare issue. Until, at least, we go somewhere else that has a lot of oxygen.

The Frikkin Lasers Contest Starts Now

2026-05-28T17:00:04+00:00

We don’t need to tell you: lasers are awesome. Those tiny red beams aren’t just for frustrating cats, but can do real work, be a source of infinite beauty, or constitute a science project in its own right — and you can win a $150 DigiKey gift certificate simply by writing your project up on Hackaday.io. The contest runs until July 23rd.

Of course, red lasers are only the beginning. If you have enough energy to move electrons into higher orbitals, you can make nearly anything lase. RGB setups can be breathtaking. Powerful IR and UV lasers are real tools. And the DIY side of lasering combines physics and electronics, with a spicy side of danger that needs to be contained.

We love laser builds of all sorts, and we’d like to see yours! Create a new Hackaday.io project that features what you’re working on, and we’ll pick our three favorites for a $150 gift certificate courtesy of this contest’s sponsor, DigiKey.

Honorable Mention Categories:

Lightshow: A laser on its own makes a beam, but there’s so much more to a laser show than just a dot on the wall. If you’ve made your own projector, an RGB setup, or even something super simple with a spinning mirror, show it off here. We’re looking to see laser light beauty, and the machines that make it possible.

DIY: This category is for the laser DIYers out there. If you made your own laser or laser support equipment, be it a TEA laser from scratch, or just a constant current driver to run a diode you salvaged from a projector, we want to see it. Have you resurrected an esoteric old device? Mixed up your own dyes? This category is all about the laser.

With Remaining Eye: Lasers are not all fun and games; they can also do real work. If you’ve built a power laser project, or any functional device that relies on a laser to get the job done, it’s eligible here. Laser cutters, safety setups, data transfer over the light beam? Any laser project that’s not about just looking good fits in here.

If you like to play with the coherent beams, head on over to Hackaday.io and detail your project — and don’t forget to enter it into the contest via the pulldown menu on the left side. If you win, you’ll have $150 to spend on more lasers. (We see you, with our remaining eye.)

Bring Back Your Bose with an ESP32

2026-05-28T15:30:46+00:00

It’s become a familiar theme over the last couple of decades — hardware is rendered useless when its manufacturer pulls the cloud service on which it depends. This is particularly annoying when the device is something which shouldn’t need a cloud service to run in the first place, and several manufacturers have found themselves in hot water because of this.

Somewhere in between is the Bose SoundTouch speaker system, which includes a set of six internet radio preset buttons. In early May the service behind them was shuttered, and now here’s [Tostmann] with an ESP32 firmware to bring them back.

As you might imagine, it’s a device that emulates just enough of the now-defunct Bose cloud service to keep the speaker happy, but it has a clever trick up its sleeve. Normally these hacks rely on DNS redirects at the router, but this one avoids that thanks to a diagnostic interface on the Bose unit that allows the rewriting of the server address. The ESP32 does this with its own address, and the speaker is none the wiser.

We like this hack, because of its ingenuity, and because it saves yet another orphaned cloud product from becoming e-waste. This isn’t the first time we’ve seen a manufacturer on the naughty step for these practices.

Header image: TAKA@P.P.R.S, CC BY-SA 2.0.

Linux Fu: Fake Webcams Have Many Uses

2026-05-28T14:00:30+00:00

Dealing with text streams is a fundamental skill for the Linux power user. You can sort, merge, and search text files easily from the command line. What if you could do the same thing with video? Well, you can. Maybe you want to add a logo to a webcam feed before sending it to a conference app. Maybe you want to blur, color-correct, or annotate video in real time. Or perhaps you want to inject prerecorded video into Zoom while pretending it is a live camera. Linux can do all of this, and the key ingredient is usually the same: a loopback video device.

The basic idea is simple. Instead of an application reading directly from /dev/video0, you create a fake camera device using the v4l2loopback kernel module. Your software pipeline writes processed video into the fake camera, and applications read from it as if it were a normal webcam. The result is surprisingly powerful.

Loopback Cameras

The first step is to install the loopback driver. On many distributions, this is packaged already. On Debian or Ubuntu, you’d install the v4l2loopback-dkms package. On OpenSUSE it’s probably v4l2loopback-kmp-default if you’re using the usual kernel.

Unless your distro automatically loads the module, you’ll do it yourself and tell the driver how many fake cameras to make. You’ll also need to tell it where to put them. Here, I’m asking for a single camera at /dev/video10 named VirtualCam:

sudo modprobe v4l2loopback devices=1 video_nr=10 card_label="VirtualCam"

After you’ve done this, you can verify it:

v4l2-ctl --list-devices

Applications can now see the fake camera, but there’s nothing coming out of it yet.

Basic Pipeline

Suppose you have a USB webcam at /dev/video0. You can read from it and send the stream directly into the loopback device with FFmpeg:

ffmpeg -f v4l2 -i /dev/video0 -vf format=yuv420p -f v4l2 /dev/video10

Now applications can use /dev/video10 as a webcam source. This alone is useful because it decouples applications from the physical camera. For example, I had an old Intel Lifecam that would randomly throw an error when used with a browser video conference app, but ffmpeg had no problems with it. A similar pipeline lets me videoconference with this camera. But the real fun starts when you insert filters. A fun test site is webcamtoy.com.

Adding a Watermark

FFmpeg’s filter graph system is quite flexible. A watermark is just another video source composited over the main image. Suppose you have a PNG file named wrencher.png with transparency. This command overlays it in the lower-right corner:

ffmpeg -f v4l2 -i /dev/video0 -i wrencher.png -filter_complex "overlay=W-w-20:H-h-20,format=yuv420p" -f v4l2 /dev/video10

Or, you could be more explicit:

ffmpeg -f v4l2 -video_size 1024x720 -framerate 15 -i /dev/video0 -i wrencher.png -filter_complex "overlay=x=main_w-overlay_w-20:y=main_h-overlay_h-20,format=yuv420p" -f v4l2 /dev/video10

Now the logo appears 20 pixels from the bottom-right edge. However, note that if your software “mirrors” your image for local display, the watermark will go to the other side in your view. That makes sense.

If your video fails, or it looks like color garbage or a green screen, you may have to pick a different video conversion other than yuv420p.

Perhaps a bit large for a watermark, but you get the idea.

Injecting Video

You are not limited to webcams. You can inject a prerecorded video:

ffmpeg -re -stream_loop -1 -i intro.mp4 -vf format=yuv420p -f v4l2 /dev/video10

The -re flag tells FFmpeg to play in real time instead of as fast as possible. The -stream_loop -1 repeats forever.

This is useful for demonstrations, test feeds, signage, appearing awake in meetings, or foiling security cameras in low-budget action movies.

Multiple Filters

Once you understand the filter graph concept, you can stack effects endlessly.

For example:

-filter_complex "eq=contrast=1.2:brightness=0.05, hue=s=0, overlay=W-w-20:H-h-20, format=yuv420p"

This:

Adjusts contrast
Brightens slightly
Converts to grayscale
Adds the watermark

FFmpeg contains hundreds of filters, including blur, sharpen, edge detection, chroma keying, denoise, LUTs, stabilization, and even AI-assisted processing if built with the right libraries.

At some point, though, you may want a more modular architecture. That is where GStreamer becomes interesting.

Enter GStreamer

FFmpeg excels at direct command-line media processing, but GStreamer is more like a traditional Unix/Linux pipeline. You construct a pipeline out of interconnected processing blocks. The learning curve is steeper, but it enables extremely sophisticated workflows.

Adding text to live video in WebCamFun.

A simple camera-to-loopback pipeline looks like this:

gst-launch-1.0 v4l2src device=/dev/video0 ! videoconvert ! v4l2sink device=dev/video10

That simply duplicates the webcam into the virtual device.

Suppose you want to add text:

gst-launch-1.0 v4l2src device=/dev/video0 ! videoconvert ! textoverlay text="Hackaday!" valignment=bottom halignment=right ! v4l2sink device=/dev/video10

Inspecting GStreamer

One thing that intimidates new GStreamer users is how enormous the framework feels. Fortunately, there’s a tool specifically designed to explore what is available: gst-inspect-1.0

Run without arguments, it dumps every installed plugin and element on your system. The list can be surprisingly long. Using grep on the output can help.

More useful is inspecting a specific element:

gst-inspect-1.0 v4l2src

This shows:

Supported capabilities
Accepted formats
Properties
Pad types
Configuration options

For example, inspecting textoverlay reveals options for font selection, alignment, shading, and transparency. Inspecting videobalance shows controls for brightness, hue, saturation, and contrast.

This becomes essential because GStreamer pipelines are often constructed experimentally. You discover an element, inspect its capabilities, then wire it into the pipeline.

Using Images in GStreamer

Overlaying an image is slightly more involved because GStreamer separates streams explicitly. One common approach uses gdkpixbufoverlay (here, placing a logo at the lower right):

gst-launch-1.0 v4l2src device=/dev/video0 ! videoconvert ! gdkpixbufoverlay location=logo.png offset-x=20 offset-y=20 ! videoconvert ! v4l2sink device=/dev/video10

You can keep adding modules until you get what you want. A more elaborate pipeline might:

Read a webcam
Add a logo
Blur the background
Encode H.264
Stream over RTSP
Simultaneously feed a loopback webcam

GStreamer can also integrate with many hardware codecs for hardware encoding and decoding.

Practical Considerations

There are several things that tend to trip people up.

Video applications can be extremely picky about formats. MJPEG, YUYV, RGB, and YUV420 all appear frequently. If things fail mysteriously, format conversion is often the culprit.

Tools like v4l2-ctl can help:

v4l2-ctl --list-formats-ext

Another issue is that many applications reject unusual sizes. Sticking with standard resolutions like 1280×720 or 1920×1080 avoids many headaches.

Real-time video processing can consume substantial CPU resources. Hardware acceleration helps, but some filters force software processing anyway. Similarly, virtual camera pipelines can accumulate delay. Low-latency flags and queue tuning sometimes become necessary for interactive use.

Beyond Watermarks

Once you have a loopback pipeline running, you can get creative. You could create a retro CRT simulation, a fake thermal camera, or detect motion. Maybe insert a timestamp or a live video feed from your oscilloscope or 3D printer. Because the output looks like a normal webcam, almost any Linux application can use it. They simply see another camera.

There are many more advanced techniques possible with GStreamer pipelines, including branching streams with tee, synchronizing multiple sources, GPU-accelerated effects, network streaming, and live compositing. If you want a deeper dive into practical virtual-camera workflows, this video provides an excellent starting point:

Another tip: if you write shell scripts, using things like /dev/video0 will get you in trouble unless your configuration never changes. Instead, use the stable symlinks:

ls -l /dev/v4l/by-id/

You’ll see things like:

usb-046d_HD_Pro_Webcam_C920-video-index0

Then use that path directly in FFmpeg or GStreamer.

Cleaning Up

When you are finished with the virtual camera, remember that the loopback device persists until the kernel module is unloaded. Stop any applications using the fake camera first, then remove the module:

sudo modprobe -r v4l2loopback

That tears down the virtual camera devices and removes them. If you created multiple fake cameras, unloading the module removes them all at once.

We’ve used Gstrteamer before for remote driving.

Virtual Museum Hosts Every OS You Haven’t Heard Of

2026-05-28T11:00:54+00:00

OK, every operating system is a bit of a stretch — Windows Vista notably didn’t make the cut — but [Andrew]’s Virtual OS museum has a good claim to being the most comprehensive archive of operating systems yet assembled.

[Andrew] has a blog post describing the project, as well as a YouTube video that we’ve embedded below. But the real fun is in the downloading and spinning up one of 570+ operating systems for more than 250 platforms on pre-configured virtual machines that have been packaged up for us.

This isn’t just the usual retrocomputer nostalgia-fest of Macintosh System and DOSBox. There’s everything from IBM Big Iron and VAXen to Texas Instrument graphing calculators emulated in the museum, with software to run on them, too. If you’ve ever wondered what you could do with the Manchester Baby, well, all known software for that machine is included with its ‘operating system’.

Admission is free, but like any good museum you’ll be waiting in line a while to get in, so expect the full 128 GB download to take some time. If you’re into computer history, though, it’s going to very much be worth the wait. If you try it and like it, you could help others by seeding the torrent.

The actual museum launches in a VM as a modern Linux system — perhaps that can be considered an exhibit itself — with a launcher to select any of the other system/OS combos, including various other, older Linuxes hosted on their own VMs. There are more to come, too, as [Andrew] continues the long debugging process of making sure everything works as expected.

Purists may decry this virtual emulation as not being quite the real thing, which is true. But while MiSTer supports a lot of cores via FPGA, you probably won’t find everything here on that platform. We have, however, seen an FPGA recreation of the Manchester Baby. More than once, even.

Testing LFP Battery Failure Modes With Overcharging

2026-05-28T08:00:57+00:00

As great as batteries are, it’s essential to understand their risks and how to keep them from going spicy. Recently there has been a bit of a fuss about the dangers of LiFePO₄ (LFP) batteries after someone’s dedicated LFP battery shed got shredded into matchsticks by a hydrogen explosion, following said LFP batteries having a thermal event. The thing about the LFP chemistry is that if it suffers such a thermal event, it generates hydrogen gas, which is one of the most explosion-happy gases known to man. This is demonstrated in a recent video by [Will Prowse].

To kick things off, a single prismatic LFP cell is overcharged for half an hour after it was already at 100% state of charge. This ultimately pops the vent as the cell begins to release hydrogen gas into the aquarium that the cell was placed in. Using a spark generator it’s then attempted to ignite the gas, which initially takes a bit as enough hydrogen has to collect first.

Once there’s ignition, however, it happily keeps burning as more and more hydrogen pours out of the by now bulging cell’s vent. If any other LFP cells had been nearby these too would be at risk of suffering thermal runaway, showing how just one bad LFP cell is enough to potentially set an LFP battery bank ablaze.

In a commercial setting you will have precautions such as hydrogen sensors, ventilation and spark generators to deal with any generated hydrogen gas, as well as blow-out panels in case things end up going squirrely in a hurry.

While a benefit of LFP chemistry is that it does not generate its own oxygen as with other lithium-ion chemistries, hydrogen gas is a major problem due to how incredibly volatile it is. It’s not just a headache with battery storage, but also in the nuclear power sector, where zirconium fuel rod cladding can very efficiently turn steam into hydrogen and oxygen. This was the reason why some of Fukushima Daiichi’s buildings suffered detonations, with the nuclear plant operator opting to not install recommended hydrogen gas mitigation systems.

Decoding the Tianwen-2 Sample Return Mission’s Telemetry Signal

2026-05-28T05:00:47+00:00

China’s Tianwen-2 asteroid sample return mission launched on 28 May of 2025 and is scheduled to arrive at its target – near-Earth asteroid 469219 Kamo’oalewa – in June 2026. This gives folk back on Earth plenty of time to listen in on the probe’s communication with its home base, such as [Daniel Estévez] who recently had a poke at this telemetry as captured by the Dwingeloo radio telescope in the Netherlands.

With not a lot of public information on its trajectory it’s a hard probe to track, but now that it’s nearing its destination there’s an obvious part of the sky to aim for. This is X-band telemetry, broadcast at 8428.19 MHz, with the same basic modulation as its predecessor Tianwen-1.

Where it differs is in the coding, with Tianwen-2 also using concatenated coding, but having a frame length that’s better suited to submitting full Reed-Solomon codewords and does not require omitting bytes to make things awkwardly fit.

After analyzing the telemetry data itself, there doesn’t seem to be anything exciting contained within this capture. This does seem to be as expected considering that the probe is still in its coast phase where it doesn’t have to do much and likely is in a low-power state most of the time. Once its orbital insertion burn begins is when this knowledge can likely be used to track the mission in fine-grained detail, which is an event that we’re definitely looking forward to.

Linux Distributions and Who is Responsible For the Software

2026-05-28T02:00:27+00:00

The topic of downstream and upstream is an important one in the Linux ecosystem, where from one base distribution you can go many layers of distros deep before even looking at all the other base distributions. Within that veritable jungle you get questions about who is responsible for packaging software, where to report bugs found with a specific application, as well as what ‘LTS’ truly means in a consumer context. These and other points are raised in a recent video by [Brodie Robertson], with many examples of things going tragically wrong.

There’s a good argument to be made that ultimately it is the distro that is responsible for the software that they provide via their repositories. As [Brodie] shows in the video, there are a few cases where an ‘LTS’ distro uses an old version of some software that contains a bug that has been fixed a while ago, so reporting it to the developer is rather pointless, while the distro maintainers should fix it with backporting of patches or updating the version.

From an end user experience this also makes the most sense, as in the end they just want to have the Windows experience of downloading a proverbial installer, clicking through whatever dialogs pop and have working software. If the software is provided via the distro, it is their responsibility, the same way that you contact the developer if you get a DEB or RPM from a GitHub project page and it doesn’t work.

This current Linux Chaos Vortex can be called a major issue when e.g. FreeBSD has no such upstream/downstream issues, with cross-platform installers being basically impossible on Linux ever since the Linux Standard Base effort died.

Perhaps Linux will get a distroless future, however, which may finally herald that Year of the Linux Desktop.

Autopsy of a Failed Vintage Carbon Resistor

2026-05-27T23:00:57+00:00

Detail of the lead connecting to the inner carbon-filled tube. (Credit: CuriousMarc)

Although resistors are hardly among the most exciting components, they are arguably one of the most important ones, as anyone who has done any amount of circuit design and debugging can attest to. So too with a single carbon resistor in a vintage Metrix oscilloscope that [CuriousMarc] recently repaired. After recapping the board there was still a major issue that got traced down to said resistor. After replacing it with a fresh resistor obviously this meant doing an autopsy to see why the old resistor had failed.

The 20 kOhm-rated resistor looked fine on the outside, with no obvious damage or discoloration, but it measured around 0.843 MOhm. To get to the insides [CuriousMarc] asked his friend [TubeTime] on how to proceed. The answer here was sandpaper and a lot of patience, and thus the experiment to see how much sanding it takes to get to the core of a fairly big resistor commenced.

Ultimately the insides were revealed, and they turned out to be rather interesting, with what looked like a glass tube filled with what would be the carbon-laden material between the two lead terminals. From poking around a bit at these insides it would appear that the failure mode was a degraded contact between these terminals and the carbon material. Considering that this resistor is many decades old and has gone through many thermal cycles and potentially various kinetic events some fractures are probably to be expected.

Perhaps most fascinating is the construction of this carbon resistor that looks to be a step above that of the average carbon resistor that [TubeTime] has taken apart over the years.

A Clock Inspired by Failed Cognitive Tests

2026-05-27T20:00:47+00:00

One simple screening tool for cognitive impairment is the clock-drawing test (CDT): the patient is provided with a printed circle and asked to draw a clock face with the hands pointing to a certain time. Depending on how the clock is drawn, this could indicate a variety of different disorders, particularly dementia, with a particular deformity in the drawing sometimes pointing to a specific issue. These failed tests inspired [John Silvia] to create a clock with a unique, disordered face.

The numerals in this clock face are placed exclusively along the right half of the clock (in the test, this can be a sign of damage to the right parietal lobe, or of executive dysfunction caused by dementia), and out of order. The hour hand is controlled by a servo motor, and the minute hand is mounted on a separate, commercially-purchased clock mechanism on the left-hand side of the face.

The frame for the clock and the face are 3D-printed, and the servo motor is controlled by an ESP32-C3 with an RTC module. To minimize power draw, a MOSFET disconnects the servo motor from power except for the once-per-hour position update. Once per month, the ESP32 connects to Wi-Fi to synchronize to NTP time, otherwise remaining in a low-power state – even its indicator LEDs are disconnected to save power. These efforts paid off: when the servo isn’t active, it draws only about 160 µA, and a set of three AA NiMH cells lasts about a year.

Since the servo motor draws most of the power budget, it wouldn’t make much difference, but the ESP32’s co-processor can also be used for ultra-low-power projects. For a happier take on a drawing-related clock, check out one of these projects.

Inside Dyson’s Over-Engineered ₤1000 Hand Dryer

2026-05-27T18:30:41+00:00

It seems fair to say that Dyson sits at the intersection of impressive engineering and borderline ridiculous products. The Dyson Airblade 9KJ hand dryer that [ElectrArc240] recently took to bits would definitely seem to fall under the latter, combining an incredible amount of engineering all for the simple task of drying wet hands.

These hand dryers are rated for a cool 900 Watts, with an 0.5 W standby power consumption, though you can also switch it to a 650 W ‘eco mode’ when installing it. The air that gets sucked into the dryer first passes through a HEPA filter before it hits the heating element and then gets blown out of the handles onto one’s hands.

Both of these handles come with a presence sensor in the form of an ST VL53L3CX time-of-flight sensor, along with a path for the heated air towards the thin slits. Returning to the section just past the HEPA filter is the compressor, with a rather fancy airflow path that involves various stacked meshes. As can be seen in the video, where you’d expect basically a simple blower motor or so, there is a truly astounding amount of parts as the teardown progresses.

The motor disassembly is the first part where some desoldering and breaking of glue bonds is really necessary, but it gives full access to the driver board. The circuit used here is your typical IGBT-based gate driver, though with a mystery PIC MCU to do things. Following this the tear-down turns fully destructive, giving access to the motor internals.

Following an analysis of these internals we marvel at the carbon-fiber rotor that keeps the single magnet in one piece. This is another engineering choice that serves to justify the 1,000 quid price tag. All so that rest room visitors do not have to suffer the humility of using paper towels.