The BornHack 2026 Cyber Ægg Is A Badge With A Life Afterwards

A problem facing the designers of event badges is this: what happens to the badge after the event? It’s one that designers have tried to solve in many ways with varying levels of success, whether that be by making it a dev board, a games console, a mesh-networked communicator, or as in the case of Electromagnetic Field, a continuing badge for future events. Ar BornHack 2026 they have taken a novel approach, by making it a useful desktop appliance. The BornHack Cyber Ægg is a half-egg-shaped badge with a 3D-printed case, and aside from its on-camp applications it’s both a desktop clock/calendar, and a MeshCore node.

Produced with the assistance of the badge.team European badge makers, it’s an egg-shaped PCB with a Nordic nRF52840 at its heart, a Semtech LoRa module, and an e-paper display. On-site there’s a Tamagotchi-style virtual pet game, an event calender, and an RFID token game, but it’s the other two features that give it a life after the camp. The clock and Meshcore, coupled with its case being designed with a flat spot to sit on a desk, make this badge as much an appliance as it is a badge. This is where it will sit in the Hackaday office, and we’re pretty sure most BornHack attendees will use it thus too.

We like this approach to giving a badge a life after the event, and we look forward to seeing what influence it has on future badges. A badge should be a thing to enjoy, not a piece of e-waste.

Hackaday Podcast Episode 378: C Coders, Ceramic Printers, And Shadow Archives

It’s a hot one at both microphones, as Elliot Williams and Kristina Panos wilt in the heat with ice lollies and freezer packs. But still, we persevered long enough to make a podcast.

In Hackaday news, Supercon is on! It’s going down in Pasadena, California, but the talks will be somewhere slightly larger, with a courtyard instead of an alley. Get your talk proposals in now! In other Hackaday news, we still have our Frikkin’ Lasers Contest going on until Thursday, July 23rd.

Interestingly enough, we got a comment on an older article from none other than [Michael J. Van de Graaff], whose grandfather invented the Van de Graff generator and was “quite upset” when plans for a DIY version appeared in Scientific American. And finally, Google Earth’s desktop client is being discontinued, but you can still travel the globe on your phone, or in your PC’s browser.

Not only do we have another triple mailbag this week, we have another failed attempt at guessing the Sound by Kristina. However, [Alexander] knew that it was CD-ROM drive a-spinnin’. Speaking of What’s That Sound, be sure to let us know your ideas for the new prize.

That sounds like a lot of preamble, but we quickly get to a full slate of hacks, a couple of which are pretty retro in retrospect. Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in lovely MP3.

Continue reading “Hackaday Podcast Episode 378: C Coders, Ceramic Printers, And Shadow Archives”

MacSurf Hits 2.0 To Bring PowerPCs Back Online

There’s an interesting thing about retrocomputing — the moment that you realize your 25-year-old machine can do almost everything your average person uses a computer for. The problem is that the average person mostly uses a computer as an internet appliance, and the big missing piece for most old machines is hooking up to the modern internet. HTTPS is good to have, but isn’t so easy to implement when your browser gets megabytes of RAM instead of gigabytes.

That’s why MacSurf by [mplsllc] is so interesting, especially version 2.0 just released-– its explicit goal is to get as much of the modern web onto an OS 9 equipped PowerPC Macintosh as physically possible.

Before you get too excited– no, you won’t be hitting up YouTube.com or even GitHub. That’s just too big and bloated now, even if you can get past the HTTPS hurdle. You will, however, be able to access, say MacintoshGarden.org, whose out-of-order HTTPS certificates sent the last version for a tizzy. The forums at 68kMLA work, and threads load quickly thanks to the as-needed image loading added this version.

Other nice things added include a proper history and bookmark manager.  There’s still no tab support, but have you seen the modern web? You’re not fitting more than one webpage into RAM on a G3 no matter how hard you try. You can, however, download the web browser directly from the http-only MacSurf.org homepage.

We featured the first release of this netsurf-based browser, and have to admit we’re impressed with the speed of development. If you want a totally modern system on PPC instead of just an up-to-date browser, you might want to check out MorphOS.

This Week In Security: Another Record Patch Tuesday, LAME Is More Secure, Secure Boot Is Less Secure, And Milk Malware

Following the reports last week using the Windows Global Device ID (GDID) in tracking a malware operators behavior, here is a comprehensive write-up about what goes into the GDID and how it is used. It’s worth noting that the GDID itself was not used to catch the malware operator, however once a suspect was identified, the GDID was used to correlate behavior across various Microsoft products on the Internet.

The GDID is generated and assigned during a Windows install, but a re-install of Windows will generate a new GDID. Developer [SmtimesIWndr] tracks the generation and tracking of the GDID through the various Windows libraries and services, identifying where it appears to be created and how it is passed to other services like Azure.

Worth noting is your GDID is a unique, personally identifiable piece of information; if you go exploring and extract it from your Windows install, be sure to keep it private!

LAME mp3 updates

Those of us who were around for the dawn of MP3 files may remember the LAME encoder and library. After almost 10 years, there is a new LAME release.

Notably, this includes two security fixes, one for a stack buffer overflow based on malicious input to the Blade encoder, and an integer underflow in the AIFF header parser. Both of the fixed bugs feel very old-school, which seems appropriate given the age of the library and most of the related code.

Buffer overflows impacting the stack are some of the simplest and most direct forms of vulnerabilities, where it is possible to write past the end of a buffer and control how the function returns and instead execute arbitrary code. Integer under-flows, similarly, impact memory management; usually caused by allowing a variable that stores the size of a buffer to go negative. Since sizes are typically unsigned positive numbers, a negative is interpreted as an enormous positive number, writing past the proper buffer length.

Despite the new findings, the LAME codebase has been extremely resilient over the years, and considering the number of programs that likely still use LAME under the covers to process audio, seeing the project wake up with security fixes is great news.

Recovering Passwords from BIOS

Researchers have found a vulnerability in Dell BIOS code that allows extraction of the administrator password from the BIOS flash chips, either with physical access via a flash programmer, or via administrator or root level access to the operating system and reading the contents of the flash chip.

Dell used a 20 byte key to encrypt a 32 byte password field: for any admin password of 12 characters or fewer, the password is stored in completely plaintext. For longer passwords, characters beyond the first 12 are encrypted – but the random bytes are computed from the first character of the password mixed with fixed device data, yielding only 256 possible encryption seeds for the remaining bytes.

Using the BIOS admin password for evil requires local access, so the attack surface is small, however as the researchers note it controls the boot order and may allow an attacker with physical access to then boot an unsigned OS or bypass full-disk encryption, so it’s serious.

Continue reading “This Week In Security: Another Record Patch Tuesday, LAME Is More Secure, Secure Boot Is Less Secure, And Milk Malware”

EU Adds Exemptions To User-Serviceable Batteries Rules

Built-in batteries put a timebomb inside devices, with especially the calendar aging feature of Li-ion chemistries setting a hard limit on when you’ll have to toss the device or figure out a way to replace the battery somehow. Here the EU’s Battery Regulation policy with the 2027 implementation of the user-serviceable battery requirement provided a lot of hope. Now six new categories of exemptions are diminishing what could have been a bonanza of easy repairability.

Most notable here are smartwatches, fitness trackers, wireless earbuds and other so-called ‘wet devices’, which as GSMArena also notes is an area where having a user-replaceable battery might affect features like being water-resistant. Something which is also relevant for e.g. outdoor wireless speakers. There’s also a new exemption for smartphones, where if its battery retains at least 83% of its original capacity after 500 charge cycles, battery replacement has to be only replaceable by professionals. Which is probably code for ‘glue, hotplates and prying tools’.

Considering just how daft of an idea built-in batteries are, this is somewhat disappointing to see. While it’s understandable that ‘wet devices’ get such broad exemptions, it should be noted here that advanced technologies like gaskets are neither complicated nor expensive. You can even hand the average user a tube of RTV silicone and let them go to town on a part in the happy knowledge that there’s never such a thing as ‘too much’ RTV silicone.

It is likely that there was some pressure from the industry on the EU to not change too much, but at the very least us happy few in the EU will be getting a new Nintendo Switch 2 with easily replaced battery in both the main unit and its controllers. For the average rechargeable device you keep kicking around the house this should also still apply as long as its manufacturer cannot squeeze it into one of these exemption categories.

The Right to Repair battles shall continue.

Wireless LCD Streaming For The ANENG AN870 Multimeter

Having the information shown on the display of a digital multimeter also recorded off-screen can be incredibly useful, but unless the device exposes something like SCPI on a network interface, you will have to get creative. In the case of the budget ANENG AN870 digital multimeter (DMM), [Bits und Bolts] really wanted to show its display clearly as an overlay in OBS instead of just the camera view, but with said DMM not offering an easy way he had to resort to just copying the data sent to its multiplexed LCD.

The GitHub project page contains the background information, as well as the instructions if you too have this DMM. It might of course also be useful as the jumping off point for your own DMM modification. In total the project requires three modules: an RP2040 Zero and HC-12 433 MHz transceiver on the DMM side, and another HC-12 plus ESP32-C3 module on the receiving side. A boost module is also added to generate 3.3 V out of the 2.4 V – 3 V provided by the meter’s two AA cells.

To be able to read the LCD signal lines, a custom PCB was created that is installed inside the DMM. With the LCD’s segments mapped, this meant being able to send a perfect copy of the display’s state to the ESP32-C3 and from there making it available via WiFi.

Continue reading “Wireless LCD Streaming For The ANENG AN870 Multimeter”

A person's hand is shown holding a glass flask in a dark room. An orange-red glow is emanating from the flask in a patches, forming a splash-like pattern near the base of the flask.

A Sloshing-Mercury-Powered Neon Light

In 1675, while transporting a barometer by night, the astronomer Jean Picard noticed a glow inside its glass tube, just above the mercury. As the mercury sloshed and splashed across the surface of the glass, a static electric charge had built up, which was discharging by ionizing the residual gas molecules inside the evacuated tube. [Styropyro] recreated this effect, and found that the dim glow could be made much stronger by adding some noble gas to the tube.

It starts with a simple recreation: he took a volumetric flask, attached a narrow glass stem to the mouth, added some mercury to the flask, evacuated it with a vacuum pump, and sealed off the glass stem. This produced a faint glow when shaken, but it was only really visible under very low light. When [Styropyro] brought it near a Tesla coil, however, it did glow much more brightly.

Backfilling an identical flask with neon to about 40 millitorr produced a much more spectacular result (a low pressure in the tube is necessary, but moderate pressure variations don’t significantly alter the effect). When shaken even slightly, this neon-containing flask produced a bright orange-red glow just above the surface of the mercury. Points of obstruction, such as those in a zig-zag tube, produced a brighter glow. A krypton-containing tube glowed blue, but less brightly than the neon tube.

Since this is, essentially, a triboelectric effect, other materials besides mercury should work; [Styropyro] tested several materials, and found that pieces of Teflon produced a faint glow, and copper beads a somewhat brighter glow. Unfortunately, Galinstan, the obvious replacement for mercury, wets and coats glass, preventing a charge buildup.

Without an added noble gas, the standard glow of barometric light comes from the excitation of mercury vapors, a glow which can also be seen in mercury rectifiers, and which excites the phosphors of fluorescent light bulbs.

Continue reading “A Sloshing-Mercury-Powered Neon Light”