Month: October 2025

The most exciting search engine 68k can handle.

There’s Nothing Boring About Web Search On Retro Amigas

October 31, 2025 by 20 Comments

Do you have a classic Amiga computer? Do you want to search the web with iBrowse, but keep running into all that pesky modern HTML5 and HTTPS? In that case, [Nihirash] created BoingSearch.com just for you!

BoingSearch was explicitly inspired by [ActionRetro]’s FrogFind search portal, and works similarly in practice. From an end-user perspective, they’re quite similar: both serve as search engines and strip down the websites listed by the search to pure HTML so old browsers can handle it.

Boing search in its natural habitat, iBrowse on Amiga.

The biggest difference we can see betwixt the two is that FrogFind will link to images while BoingSearch either loads them inline or strips them out entirely, depending on the browser you test with and how the page was formatted to begin with. (Ironically, modern Firefox doesn’t get images from BoingSearch’s page simplifier.) BoingSearch also gives you the option of searching with DuckDuckGo or Google via the SerpAPI, though note that poor [Nihirash] is paying out-of-pocket for google searches.

BoingSearch is explicitly aimed at the iBrowse browser for late-stage Amigas, but should work equally well with any modern browser. Apparently this project only exists because FrogFind went down for a week, and without the distraction of retrocomptuer websurfing, [Nihirash] was able to bash out his own version from scratch in Rust. If you want to self-host or see how they did it, [Nihirash] put the code on GitHub under a donationware license.

If you’re scratching your head why on earth people are still going on about Amiga in 2025, here’s one take on it.

Hacking Together An Expensive-Sounding Microphone At Home

October 30, 2025 by 9 Comments

When it comes to microphones, [Roan] has expensive tastes. He fancies the famous Telefunken U-47, but doesn’t quite have the five-figure budget to afford a real one. Thus, he set about getting as close as he possibly could with a build of his own.

[Roan] was inspired by [Jim Lill], who is notable for demonstrating that the capsule used in a mic has probably the greatest effect on its sound overall compared to trivialities like the housing or the grille. Thus, [Roan’s] build is based around a 3U Audio M7 capsule. It’s a large diaphragm condenser capsule that is well regarded for its beautiful sound, and can be had for just a few hundred dollars. [Roan] then purchased a big metal lookalike mic housing that would hold the capsule and all the necessary electronics to make it work. The electronics itself would be harvested from an old ADK microphone, with some challenges faced due to its sturdy construction. When the tube-based amplifier circuit was zip-tied into its new housing along with the fancy mic capsule, everything worked! Things worked even better when [Roan] realized an error in wiring and got the backplate voltage going where it was supposed to go. Some further tweaks to the tube and capacitors further helped dial in the sound.

If you’ve got an old mic you can scrap for parts and a new capsule you’re dying to use, you might pursue a build like [Roan’s]. Or, you could go wilder and try building your own ribbon mic with a gum wrapper. Video after the break.

Continue reading “Hacking Together An Expensive-Sounding Microphone At Home”

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

October 30, 2025 by 11 Comments
An example of RDD in a package's dependencies list. It's not even counted as a 'real' dependency. (Credit: Koi.ai)
An example of RDD in a package’s dependencies list. It’s not even counted as a ‘real’ dependency. (Credit: Koi.ai)

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, but this newly discovered one is among the more refined. It exploits not only the remote dynamic dependencies (RDD) ‘feature’ in NPM, but also uses the increased occurrence of LLM-generated non-existent package names to its advantage. Called ‘slopsquatting’, it’s only the first step in this attack that the researchers over at [Koi] stumbled over by accident.

Calling it the PhantomRaven attack for that cool vibe, they found that it had started in August of 2025, with some malicious packages detected and removed by NPM, but eighty subsequent packages evaded detection. A property of these packages is that in their dependencies list they use RDD to download malicious code from a HTTP URL. It was this traffic to the same HTTP domain that tipped off the researchers.

For some incomprehensible reason, allowing these HTTP URLs as package dependency is an integral part of the RDD feature. Since the malicious URL is not found in the code itself, it will slip by security scanners, nor is the download cached, giving the attackers significantly more control. This fake dependency is run automatically, without user interaction or notification that it has now begun to scan the filesystem for credentials and anything else of use.

The names of the fake packages were also chosen specifically to match incomplete package names that an LLM might spit out, such as unused-import instead of the full package name of eslint-plugin-unused-imports as example. This serves to highlight why you should not only strictly validate direct dependencies, but also their dependencies. As for why RDD is even a thing, this is something that NPM will hopefully explain soon.

Top image: North American Common Raven (Corvus corax principalis) in flight at Muir Beach in Northern California (Credit: Copetersen, Wikimedia)

100-Year Old Wagon Wheel Becomes Dynamometer

October 30, 2025 by 8 Comments

If you want to dyno test your tuner car, you can probably find a couple of good facilities in any  nearby major city. If you want to do similar testing at a smaller scale, though, you might find it’s easier to build your own rig, like [Lou] did.

[Lou’s] dynamometer is every bit a DIY project, relying on a 100-year-old wagon wheel as the flywheel installed in a simple frame cobbled together from 6×6 timber beams. As you might imagine, a rusty old wagon wheel probably wouldn’t be in great condition, and that was entirely true here. [Lou] put in the work to balance it up with some added weights, before measuring its inertia with a simple falling weight test. The wheel is driven via a chain with a 7:1 gear reduction to avoid spinning it too quickly. Logging the data is a unit from BlackBoxDyno, which uses hall effect sensors to measure engine RPM and flywheel RPM. With this data and a simple calibration, it’s possible to calculate the torque and horsepower of a small engine hooked up to the flywheel.

Few of us are bench testing our lawnmowers for the ultimate performance, but if you are, a build like this could really come in handy. We’ve seen other dyno builds before, too. Video after the break.

Continue reading “100-Year Old Wagon Wheel Becomes Dynamometer”

Iconic Xbox Prototype Brought To Life

October 30, 2025 by 12 Comments

When Microsoft decided they wanted to get into the game console market, they were faced with a problem. Everyone knew them as a company that developed computer software, and there was a concern that consumers wouldn’t understand that their new Xbox console was a separate product from their software division. To make sure they got the message though, Microsoft decided to show off a prototype that nobody could mistake for a desktop computer.

The giant gleaming X that shared the stage with Bill Gates and Seamus Blackley at the 2000 Game Developers Conference became the stuff of legend. We now know the machine wasn’t actually a working Xbox, but at the time, it generated enormous buzz. But could it have been a functional console? That’s what [Tito] of Macho Nacho Productions wanted to find out — and the results are nothing short of spectacular.

Continue reading “Iconic Xbox Prototype Brought To Life”

Build Your Own Force-Feedback Joystick

October 30, 2025 by 10 Comments

Force feedback joysticks are prized for creating a more realistic experience when used with software like flight sims. Sadly, you can’t say the same thing about using them with mech games, because mechs aren’t real. In any case, [zeroshot] whipped up their own stick from scratch for that added dose of realistic feedback in-game.

[zeroshot] designed a simple gimbal to allow the stick to move in two axes, relying primarily on 3D-printed components combined with a smattering of off-the-shelf bearings. For force feedback, an Arduino Micro uses via TMC2208 stepper drivers to control a pair of stepper motors, which can apply force to the stick in each axis via belt-driven pulleys. Meanwhile, the joystick’s position on each axis is tracked via magnetic encoders. The Arduino feeds this data to an attached computer by acting as a USB HID device.

We’ve seen some other great advanced joystick projects over years, too. Never underestimate how much a little haptic feedback can add to immersion.

Continue reading “Build Your Own Force-Feedback Joystick”

The Time Of Year For Things That Go Bump In The Night

October 30, 2025 by 19 Comments

Each year around the end of October we feature plenty of Halloween-related projects, usually involving plastic skeletons and LED lights, or other fun tech for decorations to amuse kids. It’s a highly commercialised festival of pretend horrors which our society is content to wallow in, but beyond the plastic ghosts and skeletons there’s both a history and a subculture of the supernatural and the paranormal which has its own technological quirks. We’re strictly in the realm of the science here at Hackaday so we’re not going to take you ghost hunting, but there’s still an interesting journey to be made through it all.

Today: Fun For Kids. Back Then: Serious Business

A marble carved skull on a 17th century monument in the church of st. Mary & st. Edburga, Stratton Audley, Oxfordshire.
English churches abound with marble-carved symbols of death.

Halloween as we know it has its roots in All Hallows Eve, or the day before the remembrance festivals of All Saint’s Day and All Soul’s Day in European Christianity. Though it has adopted a Christian dressing, its many trappings are thought to have their origin in pagan traditions such as for those of us where this is being written, the Gaelic Samhain (pronounced something like “sow-ain”). The boundary between living and dead was thought to be particularly porous at this time of year, hence all the ghosts and other trappings of the season you’ll see today.

Growing up in a small English village as I did, is to be surrounded by the remnants of ancient belief. They survive from an earlier time hundreds of years ago when they were seen as very real indeed, as playground rhymes at the village school or hushed superstitions such as that it would be bad luck to walk around the churchyard in an anticlockwise manner.

As a small child they formed part of the thrills and mild terrors of discovering the world around me, but of course decades later when it was my job to mow the grass and trim the overhanging branches in the same churchyard it mattered little which direction I piloted the Billy Goat. I was definitely surrounded by the mortal remains of a millennium’s worth of my neighbours, but I never had any feeling that they were anything but at peace. Continue reading “The Time Of Year For Things That Go Bump In The Night”