A Smart Thermostat For 120V Fan Coil Systems

April 24, 2026 by 1 Comment

Many HVAC systems in North America operate off 24V systems, which can be readily upgraded with off-the-shelf  smart thermostats quite easily. However, there are many people living in buildings with 120-volt fan coil units who aren’t so lucky. [mackswan] is one such individual, who set about building a smart thermostat to work in these situations.

The build is based around an ESP32 running ESPHome firmware. It rocks a 2.42″ OLED screen with automatic brightness adjustment for showing temperature and control parameters. There’s a rotary encoder on the front with an integrated button for control, with [mackswan] building the physical device to look as clean and neat as possible. The device uses a relay to switch the fan coil system on and off to heat or cool as needed, with an SHTC3 temperature and humidity sensor used to monitor current conditions in the home.

If you’re in an apartment building or live in a condo with this kind of setup, [mackswan’s] build might be just what you’re after to improve your HVAC control. We’ve featured plenty of other DIY thermostat hacks over the years, too. Meanwhile, if you’re finding creative ways to better heat and cool your living space, we’d love to hear about it on the tipsline!

2026 Green Powered Challenge: Solar-Powered Pollution Monitor

April 24, 2026 by No comments

As we learn more about all the nasty stuff floating in the air, it becomes more compelling to monitor the air for pollution levels. [Aleksei Tertychnyi] does just that with pollutagNode2, a solar-powered pollution sensor.

The device uses a Seeed Studio Wia-E5 module for its built-in LoRa low power long-range communication capabilities. Pair that with a cheap 2 watt solar panel and a Li-ion battery, and you have a monitoring device that can stay up indefinitely — or until harsh weather gets the better of it. Even if the solar panel were to be omitted, a full charge would last you about two weeks!

It comes on an open-hardware PCB; no need for giant wire messes, just solder the solar panel, battery, sensor, and anything else you want onto the convenient pads on the side. It also integrates into the existing sensor community nicely via existing LoRa infrastructure. All this combined makes it easy for anyone to deploy one.

2026 Hackaday Greep Powered Challenge

Hackaday Podcast Episode 367: Radioactive Weather, Continuous Pickles, And Moon Junk

April 24, 2026 by 2 Comments

When Elliot Williams and Al Williams compare their notes on the week in Hackaday, you know you’ll get at least one or two bad puns. How bad? Tune in and find out.

This week, Tom Nardi visits several in-person events, and Elliot and Al talk about smart buttons, Itanium, ejecting things from a rocket, and the infinite pickle. Will Elliot build the coin flipper? Will Al use plasma at his next cookout? Hard to say.

For the can’t miss articles, this week, Al swept the category with a post on splices and another on what human junk is still sitting on the moon.

What do you think? Leave us a comment or record something and send it to our mailbag.

Download a copy of the podcast with an MP3 from our continuous audio pipeline.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 367: Radioactive Weather, Continuous Pickles, And Moon Junk”

Spool Roller Gets Touch Screen

April 24, 2026 by 2 Comments

If you have a desktop 3D printer, you probably want something to hang filament spools on. [LVTRC] has a spool roller that fits the bill. It also incorporates a scale and a round touch screen. (Google Translate)

We’ve seen those round screens before, and now we wonder why we didn’t think of this. The GC9A01 display shows a progress ring and lets you save settings or calibrations to EEPROM. An Arduino Nano provides the brain, and the load cell connects to an HX711. The project is made to fit a specific printer, but it should be little trouble to adapt it to a different printer or to mount it in an external mount.

One of the calibration steps, of course, is to program the weight of an empty spool to subtract from the total weight. The device can store up to five specific profiles.

Not the biggest spool holder we’ve seen. We keep thinking that we don’t know why we want a circular screen, and then someone always drops in to show us another thing we didn’t think about.

This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse

April 24, 2026 by 11 Comments

The author of the BlueHammer exploit, which was released earlier this month and addressed in the last Patch Tuesday, continues to be annoyed with the responses from the Microsoft security research and vulnerability response team, and has released another Windows zero-day attack against Windows Defender.

The RedSun exploit targets a logic and timing error in Windows Defender, convincing it to install the target file in the system, instead of quarantining the file and protecting the system. Not, generally, what you would hope would happen.

Since the RedSun attack requires local access in the first place, it seems unlikely Microsoft will release an out-of-sequence patch for it, however with public code available, we can probably expect to see malware leveraging it to establish higher permissions on an infected system.

Releasing exploits out of spite feels like a return to the late 1990s, and I almost don’t hate it.

University Domains Hijacked

Reported in Bleeping Computer, a group tracked as “Hazy Hawk” has been hijacking unmaintained DNS records of universities and government institutions to serve ad click spam.

The attack seems simple and doesn’t even require compromising the actual institution, using dangling DNS “CNAME” records. A “CNAME” entry in DNS acts essentially as an alias, pointing one domain name at another, which can be used to provide content from an official domain that is hosted on a cloud service where the IP address of the service might change.

A DNS “A” (or “AAAA” if you speak IPv6) record points a hostname – like “foo.example.com” – to an IP address – like “1.1.1.1”. A “CNAME” record points a hostname to another hostname, like “foo.some_cloud_host.com”. Scanning “high value” domains (like Ivy League universities) for “CNAME” records which point to expired domains (or domains on cloud hosted providers which no longer exist) lets anyone able to register that domain (or create an account with the proper naming scheme on the cloud host) to post any content they wish, and still appear to be the original name.

At least 30 educational institutions have been impacted, along with several government agencies including the CDC.

Continue reading “This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse”

How Anthropic’s Model Context Protocol Allows For Easy Remote Execution

April 24, 2026 by 24 Comments

As part of the effort to push Large Language Model (LLM) ‘AI’ into more and more places, Anthropic’s Model Context Protocol (MCP) has been adopted as the standard to connect LLMs with various external tools and systems in a client-server model. A light oversight with the architecture of this protocol is that remote command execution (RCE) of arbitrary commands is effectively an essential part of its design, as covered in a recent article by [OX Security].

The details of this flaw are found in a detailed breakdown article, which applies to all implementations regardless of the programming language. Essentially the StdioServerParameters that are passed to the remote server to create a new local instance on said server can contain any command and arguments, which are executed in a server-side shell.

Continue reading “How Anthropic’s Model Context Protocol Allows For Easy Remote Execution”

Reviving Nintendo’s Early Arcade Game, Wild Gunman

April 24, 2026 by 11 Comments

There’s retrogaming, and then there’s retro gaming. This next project falls into the second category, as [Callan] of 74XX Arcade Repair digs into the original Wild Gunman, first released by Nintendo way, way back in 1974 — on 16 mm film. Yes, it was a film-based arcade machine, but how else were you going to get realistic graphics just two years after PONG?

The game had two 16 mm projectors, with four different sets of film reels available, each depicting five gunmen. Unfortunately for [Callan], the film is all he has, so he’s not so much repairing as re-creating the historic game. Luckily, he had the manuals, so at least he knew how it was supposed to come together.

One projector did most of the work, showing the gunmen and a hidden timing signal for the game to know when the user could shoot; the other only activated if the user pulled the trigger at the correct time. Interestingly the ‘gun’ has an IR illuminator that bounced infrared light off the screen to a detector in the cabinet — much like later TV remotes. That makes for a rather large circular hitbox around the enemy gunslinger, which is perhaps not a bad thing for a game likely to be found in a bar.

Continue reading “Reviving Nintendo’s Early Arcade Game, Wild Gunman