Dark lab setup with scientific looking drink dispenser

Scared For A Drink?

October 31, 2025 by Heidi Ulrich No comments

Halloween is about tricks and treats, but who wouldn’t fancy a bit to drink with that? [John Sutley] decided to complete his Halloween party with a drink dispenser looking as though it was dumped by a backstreet laboratory. It’s not only an impressive looking separating funnel, it even runs on an Arduino. The setup combines lab glassware, servo motors, and an industrial control panel straight from a process plant.

The power management appeared the most challenging part. The three servos drew more current than one Arduino could handle. [John] overcame voltage sag, brownouts, and ghostly resets. A healthy 1000 µF capacitor across the 5-volt rail fixed it. With a bit of PWM control and some C++, [John] managed to finish up his interactive bar system where guests could seal their own doom by pressing simple buttons.

This combines the thrill of Halloween with ‘the ghost in the machine’. Going past the question whether you should ever drink from a test tube – what color would you pick? Lingonberry juice or aqua regia, who could tell? From this video, we wouldn’t trust the bartender on it – but build it yourself and see what it brings you!

Continue reading “Scared For A Drink?” →

2025 Component Abuse Challenge: An Input Is Now An Output

October 31, 2025 by Jenny List 3 Comments

Part of setting up a microcontroller when writing a piece of firmware usually involves configuring its connections to the outside world. You define a mapping of physical pins to intenral peripherals to decide which is an input, output, analogue, or whatever other are available. In some cases though that choice isn’t available, and when you’ve used all the available output pins you’re done. But wait – can you use an input as an output? With [SCART VADER]’s lateral thinking, you can.

The whole thing takes advantage of the internal pull-up resistor that a microcontroller has among its internal kit of parts. Driving a transistor from an output pin usually requires a base resistor, so would it be possible to use the pullup as a base resistor? If the microcontroller can enable or disable the resistor on an input pin then yes it can, a transistor can be turned off and on with nary an output to be seen. In this case the chip is from ATmega parts bin so we’re not sure if the trick is possible on other manufacturers’ devices.

As part of our 2025 Component Abuse Challenge, this one embodies the finest principles of using a part in a way it was never intended to be used, and we love it. You’ve still got a few days to make an entry yourself at the time of writing this, so bring out your own hacks!

Speech Synthesis On A 10 Cent Microcontroller

October 31, 2025 by Lewin Day 23 Comments

Speech synthesis has been around since roughly the middle of the 20th century. Once upon a time, it took remarkably advanced hardware just to even choke out a few words. But as [atomic14] shows with this project, these days it only takes some open source software and 10-cent microcontroller

The speech synth is implemented on a CH32V003 microcontroller, known for its remarkably low unit cost when ordered in quantity. It’s a speedy little RISC-V chip running at 48 MHz, albeit with the limitation of just 16 KB of Flash and 2 KB of SRAM on board.

The microcontroller is hooked up to a speaker via a simple single-transistor circuit, which allows for audio output. [atomic14] first demonstrates this by having the chip play back six seconds of low quality audio with some nifty space-saving techniques to squeeze it into the limited flash available. Then, [atomic14] shows how he implemented the Talkie library on the chip, which is a softwarehttps://www.youtube.com/watch?v=RZvX95aXSdM implementation of Texas Instruments’ LPC speech synthesis architecture—which you probably know from the famous Speak & Spell toys. It’s got a ton of built in vocabulary out of the box, and you can even encode your own words with some freely available tools.

We’ve seen [atomic14] tinker with these chips before, too.

Continue reading “Speech Synthesis On A 10 Cent Microcontroller” →

Learn What A Gaussian Splat Is, Then Make One

October 31, 2025 by Donald Papp 7 Comments

Gaussian Splats is a term you have likely come across, probably in relation to 3D scenery. But what are they, exactly? This blog post explains precisely that in no time at all, complete with great interactive examples and highlights of their strengths and relative weaknesses.

Gaussian splats excel at making colorful, organic subject matter look great.

Gaussian splats are a lot like point clouds, except the points are each differently-shaped “splats” of color, arranged in such a way that the resulting 3D scene looks fantastic — photorealistic, even — from any angle.

All of the real work is in the initial setup of the splats into the scene. Once that work is done, viewing is the easy part. Not only are the resulting file sizes of the scenes small, but rendering is computationally simple.

There are a few pros and cons to gaussian splats compared to 3D meshes, but in general they look stunning for any kind of colorful, organic scene. So how does one go about making or using them?

That’s where the second half of the post comes in handy. It turns out that making your own gaussian splats is simply a matter of combining high-quality photos with the right software. In that sense, it has a lot in common with photogrammetry.

Even early on, gaussian splats were notable for their high realism. And since this space has more than its share of lateral-thinkers, the novel concept of splats being neither pixels nor voxels has led some enterprising folks to try to apply the concept to 3D printing.

The most exciting search engine 68k can handle.

There’s Nothing Boring About Web Search On Retro Amigas

October 31, 2025 by Tyler August 20 Comments

Do you have a classic Amiga computer? Do you want to search the web with iBrowse, but keep running into all that pesky modern HTML5 and HTTPS? In that case, [Nihirash] created BoingSearch.com just for you!

BoingSearch was explicitly inspired by [ActionRetro]’s FrogFind search portal, and works similarly in practice. From an end-user perspective, they’re quite similar: both serve as search engines and strip down the websites listed by the search to pure HTML so old browsers can handle it.

Boring search in its natural habitat, iBrowse on Amiga.

The biggest difference we can see betwixt the two is that FrogFind will link to images while BoingSearch either loads them inline or strips them out entirely, depending on the browser you test with and how the page was formatted to begin with. (Ironically, modern Firefox doesn’t get images from BoingSearch’s page simplifier.) BoingSearch also gives you the option of searching with DuckDuckGo or Google via the SerpAPI, though note that poor [Nihirash] is paying out-of-pocket for google searches.

BoingSearch is explicitly aimed at the iBrowse browser for late-stage Amigas, but should work equally well with any modern browser. Apparently this project only exists because FrogFind went down for a week, and without the distraction of retrocomptuer websurfing, [Nihirash] was able to bash out his own version from scratch in Rust. If you want to self-host or see how they did it, [Nihirash] put the code on GitHub under a donationware license.

If you’re scratching your head why on earth people are still going on about Amiga in 2025, here’s one take on it.

Hacking Together An Expensive-Sounding Microphone At Home

October 30, 2025 by Lewin Day 8 Comments

When it comes to microphones, [Roan] has expensive tastes. He fancies the famous Telefunken U-47, but doesn’t quite have the five-figure budget to afford a real one. Thus, he set about getting as close as he possibly could with a build of his own.

[Roan] was inspired by [Jim Lill], who is notable for demonstrating that the capsule used in a mic has probably the greatest effect on its sound overall compared to trivialities like the housing or the grille. Thus, [Roan’s] build is based around a 3U Audio M7 capsule. It’s a large diaphragm condenser capsule that is well regarded for its beautiful sound, and can be had for just a few hundred dollars. [Roan] then purchased a big metal lookalike mic housing that would hold the capsule and all the necessary electronics to make it work. The electronics itself would be harvested from an old ADK microphone, with some challenges faced due to its sturdy construction. When the tube-based amplifier circuit was zip-tied into its new housing along with the fancy mic capsule, everything worked! Things worked even better when [Roan] realized an error in wiring and got the backplate voltage going where it was supposed to go. Some further tweaks to the tube and capacitors further helped dial in the sound.

If you’ve got an old mic you can scrap for parts and a new capsule you’re dying to use, you might pursue a build like [Roan’s]. Or, you could go wilder and try building your own ribbon mic with a gum wrapper. Video after the break.

Continue reading “Hacking Together An Expensive-Sounding Microphone At Home” →

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

October 30, 2025 by Maya Posch 11 Comments

An example of RDD in a package's dependencies list. It's not even counted as a 'real' dependency. (Credit: Koi.ai) — An example of RDD in a package’s dependencies list. It’s not even counted as a ‘real’ dependency. (Credit: Koi.ai)

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, but this newly discovered one is among the more refined. It exploits not only the remote dynamic dependencies (RDD) ‘feature’ in NPM, but also uses the increased occurrence of LLM-generated non-existent package names to its advantage. Called ‘slopsquatting’, it’s only the first step in this attack that the researchers over at [Koi] stumbled over by accident.

Calling it the PhantomRaven attack for that cool vibe, they found that it had started in August of 2025, with some malicious packages detected and removed by NPM, but eighty subsequent packages evaded detection. A property of these packages is that in their dependencies list they use RDD to download malicious code from a HTTP URL. It was this traffic to the same HTTP domain that tipped off the researchers.

For some incomprehensible reason, allowing these HTTP URLs as package dependency is an integral part of the RDD feature. Since the malicious URL is not found in the code itself, it will slip by security scanners, nor is the download cached, giving the attackers significantly more control. This fake dependency is run automatically, without user interaction or notification that it has now begun to scan the filesystem for credentials and anything else of use.

The names of the fake packages were also chosen specifically to match incomplete package names that an LLM might spit out, such as unused-import instead of the full package name of eslint-plugin-unused-imports as example. This serves to highlight why you should not only strictly validate direct dependencies, but also their dependencies. As for why RDD is even a thing, this is something that NPM will hopefully explain soon.

Top image: North American Common Raven (Corvus corax principalis) in flight at Muir Beach in Northern California (Credit: Copetersen, Wikimedia)