2026-03-13 23:30:34
After the previous attempt of running a PC off AA cells got a lot of comments, [ScuffedBits] decided to do the scientifically responsible thing and re-ran the experiment with all the peer-reviewed commentary in mind. Although we noted with the previous experiment that only alkaline cells were used, [ScuffedBits] rectified this by stating that both carbon and alkaline AA cells were used the first time around.
For this second experiment a number of changes were made, though still both carbon and alkaline cells were put into the mix. To these a third string was added, consisting of NiMH cells, for a total of 64 cells with each of the three strings outputting around 25 VDC when fully charged. These fed a cheap buck regulator module to generate the 12 VDC for the DC-DC converter on the mainboard’s ATX connector.
Although it appears that the same thin Cat-5e-sourced wiring was used, with the higher voltage this meant a lower current, making it significantly less sketchy. Unlike with the first experiment, this time around the Core i3 530 based PC could run much longer and even boot off the DIY battery pack. After a quick game and pushing through a Cinebench run for 64 Watts maximum power usage, it turned out that there was still plenty of time for more fun activities, such as troubleshooting Minecraft and even playing it.
After a total runtime of 33 minutes and 19 seconds the voltage finally dropped too low to continue. A quick check of cells in each string, it turned out that the carbon cells were the most drained with significant terminal voltage drop. The alkaline cells had been pushed down to a level where they could still probably run a wall clock, but the NiMH cells showed a healthy 1.2 V, meaning that a fully NiMH battery pack could go a lot longer.
This probably isn’t too surprising when we look at the history of battery packs in laptops, where NiCd quickly got pushed out by NiMH-based packs for having significantly higher power density and none of the problems with recharging and disposal. Even today 1.5 V Li-ion-based AA cells do not have significantly more capacity than NiMH AA cells, making this chemistry still very relevant today. Even if you’re not trying to build your own battery pack for running a desktop PC off.
2026-03-13 22:00:18
When Friday the Thirteenth and Patch Tuesday happen on the same week, we’re surely in for a good time.
Anyone who maintains any sort of Microsoft ecosystem knows by now to brace for impact come Patch Tuesday; March brings the usual batch of “interesting” issues, including:
On the server and container side, this month includes a fairly typical collection of patches for SQL Server, and vulnerabilities in the Microsoft-hosted device pricing and payment orchestrator services, which have been automatically patched by Microsoft.
We all love getting every ounce of usability from our old gear, but sometimes enough is enough – at least with the stock firmware. The FBI has issued a warning about decommissioning end-of-life routers made by several large companies, with eleven Linksys and one Cisco branded routers being specifically called out for vulnerabilities under active exploitation.
A notice such as this that an exploit is under active exploitation means that a theoretical vulnerability has been commoditized into specific attacks, typically used against all devices accessible from the Internet. It’s generally safe to assume that at this point, if a vulnerable device is exposed to the Internet, it’s been compromised.
The FBI notice doesn’t call out the specific vulnerabilities used, however there’s a wide variety to pick from:
/proc/net/arp – unlikely to be used for a remote compromise, but still amusing.Once an attacker is inside your router, the possible havoc they might cause is extensive:
If you have a Linksys E1200, E2500, E1000, E4200, E1500, E3000, E3200, E1550, WRT320N, WRT160N, WRT310N, or a Cisco M10 router still in use, the time is now to finally upgrade it – or at least explore the options of third-party firmware like OpenWRT. Unfortunately, many of these devices are so old that even OpenWRT may have difficulty running well on them, but all the more reason to update to something a little newer!
In a pattern which should be familiar to anyone who had to deal with the leak of the Eternal Blue exploit as part of a dump of tools from the NSA which later evolved into the Wannacry and NotPetya global ransomware campaigns, another government-backed exploit toolkit has been captured and converted to a more generic criminal exploit.
Google Threat Intelligence documents the “Coruna” exploit kit, a rare public example of an attack against iPhones from iOS 13 to iOS 17.2.1. Often we see “advanced attack methods” or “targeted specific attacks” in release notes; rarely do we get further insight into the actual attacks!
Evolving from a government-backed tool to a financial crimeware exploit deployed widely to steal cryptocurrencies is interesting on its own, but perhaps the most fascinating aspect is the insight into how difficult modern exploits can be. Coruna combines 23 exploits into 5 chained attacks to be able to actually execute code from a web page. The final payload of the exposed version doesn’t deliver a spy payload, but instead focuses on cryptocurrency: searching for QR codes on disk to discover wallet addresses and saved recovery keys, wallet recovery phrases, and mentions of bank accounts, and leveraging those to steal cryptocurrency.
In true Google fashion, they’ve published indicators of compromise (IOCs) to inspect if a device has been attacked and a map of the control domains. Additional work deobfuscating the attacks and payloads can be found on GitHub here.
The US Government Cyber Defense Agency (CISA) has added additional warnings to the Known Exploited Vulnerabilities database (KEV) database. The KEV attempts to distill the torrent of security issues assigned a CVE into the most actionable vulnerabilities which have been observed being used in the wild. CISA advises not only federal and government agencies, but offers guidance for businesses of all sizes.
Many vulnerabilities on the KEV already have fixes. Paradoxically, this can sometimes make a vulnerability higher risk. Attackers have two advantages: a patch to reverse engineer to discover the exact mechanisms to trigger the flaw, and a motivation to use any exploits on a massive scale, knowing that the window of opportunity is about to close. Most of these vulnerabilities will likely be of interest mostly to readers who are in the enterprise space, but the first one regarding Android is a good reminder to everyone that the KEV isn’t just for giant companies.
As for the latest known exploited issues:
The venerable Phrack has an open call for papers to be contributed to the summer issue. Released since 1985, Phrack has been a font of telecom and computer security hackery, including the critical “Smashing the Stack for Fun and Profit”, one of the first explanations of the now-ubiquitous buffer overflow and stack smashing attack.
If you think you’ve got something to contribute, or just want to check out their awesome retro demo scene loading page and some back issues, head over to the Phrack website.
2026-03-13 19:00:23
ArcaOS is an operating system you might not have heard of, but you will recognize it when we tell you that it’s the direct descendant of IBM’s OS/2. It’s just received a major update, and delivers this persuasive argument for its uptake:
“How about a commercial operating system which doesn’t spy on you, does not report your online activity to anyone, and gives you complete freedom to choose the applications you want to use, however you want to use them?”
We’re guessing that a higher-than-average number of Hackaday readers use open-source operating systems, but in a world in which the commercial OS everyone loves to hate is ever more turning the Play button into the Pay button, we have to admit that’s attractive if you pay for your software.
This update, version 5.1.2, brings support for the very latest UEFI systems to the table, keeping the platform alive in a manner we’d never have guessed would happen back in the 1990s. It’s true it’s a 32-bit system rather than 64-bit, and you’d be unlikely to buy it for your high-end gaming machine, but we remember OS/2 Warp back in the day as being very nice indeed and particularly stable. We’re interested enough to have put in a cheeky request for a review ISO, so should that come off we’d love to give it the Jenny’s Daily Drivers treatment.
ArcaOS has been mentioned here before. Do any of our readers encounter it in your daily lives? We’d love to hear in the comments.
2026-03-13 16:00:59
Fruit bowls have an unavoidable annoyance– not flies and rotten fruit, those would be avoidable if your diet was better. No, it’s that the bowl is never the right size. Either your fruit is sad and lonely in a too-large bowl, or it’s falling out. It’s the kind of existential nightmare that can only be properly illustrated by a late-night infomercial. [Simone Giertz] has a solution to the problem: a shape-changing fruit bowl.
See, it was one thing to make a bowl that could change shape. That was easy, [Simone] had multiple working prototypes. There are probably many ways to do it, but we like [Simone]’s use of an iris mechanism in a flat base to allow radial expansion of the walls. The problem was that [Simone] has that whole designer thing going on, and needs the bowl to be not only functional, but aesthetically pleasing. Oh, and it would be nice if expanding the bowl didn’t create escape routes for smaller fruits, but that got solved many prototypes before it got pretty.
It’s neat to see her design process. Using 3D printing and CNC machining for prototyping is very familiar to Hackaday, but lets be honest — for our own projects, it’s pretty common to stop at “functional”. Watching [Simone] struggle to balance aesthetics with design-for-manufacturing makes for an interesting 15 minutes, if nothing else. Plus she gives us our inspirational quote of the day: “As much as I feel like I’m walking in circles, I know that product development is a spiral”. Something to keep in mind next time it seems like you’re going around the drain in your own projects. Just be warned, she does have a bit of a potty mouth.
We’ve featured [Simone]’s design decisions here, if you’re interested in seeing how she goes the rest of the way from project to product. We’re pretty sure her face-slapping-alarm clock never made it into the SkyMall catalog, though.
2026-03-13 13:00:47
America knew it as the Nintendo Entertainment System, but in Japan, it was the Family Computer (Famicom). It was more than just a home console—it was intended to actually do a whole lot more. All you had to do was plug in the keyboard and chuck in the right Family BASIC cartridge, and you had a computer hooked up to your TV! [Lucas Leadbetter] came across an old Family BASIC keyboard recently, and set about making it more useful in our modern age with a simple USB upgrade.
[Lucas] started with research, and soon found plenty of schematics and details on the keyboard on the NESdev wiki page. Hunting further turned up a video from [Circuit Rewind], who demonstrated how to hook up the keyboard to a Raspberry Pi Pico, including how to interface with the onboard chips to scan the keys. These resources told [Lucas] enough to get going—and that it should be as simple as wiring some custom hardware up to the internal keyboard matrix connector to get it speaking to USB.
[Lucas] went a slightly different path to [Circuit Rewind], implementing the popular QMK firmware to suit the Family Basic keyboard on an Adafruit KB2040. The Adafruit part is basically an RP2040 microcontroller slapped onto a tiny PCB in a form factor that’s ideal for making custom keyboards. [Lucas] was able to reimplement the scanning logic that [Circuit Rewind] had reverse engineered previously, and had the keyboard up and running in short order with all the usability benefits of the QMK firmware. Files are on Github for those eager to recreate the work.
As far as usability goes, [Lucas] notes that the Family BASIC keyboard is more of a conversation piece than a daily driver, thanks to its rather poor feel. Duly noted. We’ve explored how software development is done in Family BASIC before, too. Video after the break.
2026-03-13 10:00:17
Last year, we brought you a story about the BhangmeterV2, an internet-of-things nuclear war monitor. With a cold-war-era HSN-1000 nuclear event detector at its heart, it had one job: announce to everything else on the network than an EMP was inbound, hopefully with enough time to shut down electronics. We were shocked to find out that the HSN-1000 detector was still available at the time, but that time has now passed. Fortunately [Bigcrimping] has stepped up to replicate the now-unobtainable component at the heart of his build with his BHG-2000 Nuclear Event Detector — but he needs your help to finish the job.
The HSN-1000, as reported previously, worked by listening for the characteristic prompt gamma ray pulse that is the first sign of a nuclear blast. The Vela Satellites that discovered Gamma Ray Bursts were watching for the same thing, though almost certainly not with that specific component. With the HSN-1000 unavailable, [Bigcrimping] decided he might as well make his own gamma ray detector, using four BPW34S PIN diodes coated with black paint. The paint blocks all visible light that might trigger photocurrent inside diode, but not Gamma Rays, while using four acts increases the area and may inadvertently act as a sort of coincident detector. You wouldn’t want your homemade Dead Hand to be triggered by a cosmic ray, would you?
That tiny photocurrent is then amplified by a transimpedance amplifier based on the LTC6244 op-amp, which then goes into a second-stage based on a LT1797 op amp that drives a LOW pulse to indicate an event has occurred. [Bigcrimping] fit all of this onto a four-layer PCB that is a pin-compatible replacement for the HSN-1000L event detector called for in his BhangmeterV2.
There’s only one problem: without exposing this thing to gamma rays, we really don’t know if it will work. [Bigcrimping] is looking for anyone in Europe with a Cs-137 or Co-60 source willing to help out with that. His contact info is on the GitHub page where the entire project is open sourced. Presumably a nuclear detonation would work for calibration, too, but we at Hackaday are taking the bold and perhaps controversial editorial stance that nuclear explosions are best avoided. If the Bhangmeter– which we wrote up here, if you missed it–or some equivalent does warn you of a blast, do you know where to duck and cover?
