This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

December 5, 2025 by 3 Comments

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you need something to shake you out of that turkey-induced coma, React Server has a single request Remote Code Execution flaw in versions 19.0.1, 19.1.2, and 19.2.1.

The issue is insecure deserialization in the Flight protocol, as implemented right in React Server, and notably also used in Next.js. Those two organizations have both issued Security Advisories for CVSS 10.0 CVEs.

There are reports of a public Proof of Concept (PoC), but the repository that has been linked explicitly calls out that it is not a true PoC, but merely research into how the vulnerability might work. As far as I can tell, there is not yet a public PoC, but reputable researchers have been able to reverse engineer the problem. This implies that mass exploitation attempts are not far off, if they haven’t already started. Continue reading “This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud”

Ride On With FOSS And GoldenCheetah

December 3, 2025 by 4 Comments

If you exclude certain companies like Peloton, the world of cycling technology is surprisingly open. It’s not perfect by any means, but there are enough open or open-ish standards for many different pieces of technology from different brands to interoperate with each other, from sensors and bike computers and even indoor trainers to some extent. This has also made it possible for open source software to exist in this realm as well, and the GoldenCheetah project has jumped in for all of us who value FOSS and also like to ride various bicycles from time to time.

GoldenCheetah focuses on gathering data from power meters, allowing cyclists to record their rides and save them in order to keep track of their training performance over time. It works well with sensors that use the ANT+ protocol, and once it has that data it can provide advanced analytics such as power curves, critical power modeling, and detailed charts for power, heart rate, and cadence. It can display and record live indoor-training data, and in some situations it can even run interval workouts, although not every indoor trainer is supported. There are no social features, subscriptions, or cloud requirements which can be refreshing in the modern world, but is a bit of a downside if you’re used to riding with your friends in something like Zwift.

All in all, though, it’s an impressive bit of software that encourages at least one realm of consumer electronics to stay more open, especially if those using bike sensors, computers, and trainers pick ones that are more open and avoid those that are proprietary, even if they don’t plan to use GoldenCheetah exclusively. And if you were wondering about the ANT+ protocol mentioned earlier, it’s actually used for many more things that just intra-bike wireless communications.

LoRa Repeater Lasts 5 Years On PVC Pipe And D Cells

December 2, 2025 by 64 Comments

Sometimes it makes sense to go with plain old batteries and off-the-shelf PVC pipe. That’s the thinking behind [Bertrand Selva]’s clever LoRaTube project.

PVC pipe houses a self-contained LoRa repeater, complete with a big stack of D-size alkaline cells.

LoRa is a fantastic solution for long-range and low-power wireless communication (and popular, judging by the number of projects built around it) and LoRaTube provides an autonomous repeater, contained entirely in a length of PVC pipe. Out the top comes the antenna and inside is all the necessary hardware, along with a stack of good old D-sized alkaline cells feeding a supercap-buffered power supply of his own design. It’s weatherproof, inexpensive, self-contained, and thanks to extremely low standby current should last a good five years by [Bertrand]’s reckoning.

One can make a quick LoRa repeater in about an hour but while the core hardware can be inexpensive, supporting electronics and components (not to mention enclosure) for off-grid deployment can quickly add significant cost. Solar panels, charge controllers, and a rechargeable power supply also add potential points of failure. Sometimes it makes more sense to go cheap, simple, and rugged. Eighteen D-sized alkaline cells stacked in a PVC tube is as rugged as it is affordable, especially if one gets several years’ worth of operation out of it.

You can watch [Bertrand] raise a LoRaTube repeater and do a range test in the video (French), embedded below. Source code and CAD files are on the project page. Black outdoor helper cat not included.

Continue reading “LoRa Repeater Lasts 5 Years On PVC Pipe And D Cells”

Sensor Package Aims To Predict Acid Rain

December 1, 2025 by 6 Comments

Acid rain sucks, particularly if you run a fancy university with lots of lovely statues outside. If you’d like to try and predict when it’s going to occur, you might like this project from [Mohammad Nihal].

When rain is particularly acidic, it’s usually because of the combination of sulfur dioxide or nitrogen dioxide and moisture in the atmosphere. This combination ends up making sulfuric acid or nitric acid that then falls to the ground as precipitation. The low-pH rain that results can harm ecosystems, melt statues, and just generally give everyone a hard time.

[Mohammed] decided to try and predict acid rain by building a simple device based on an Arduino Nano. It records SO2 levels with an MQ-136 gas sensor, and NO2 levels with an unspecified MEMS-based sensor. There’s also a DHT11 temperature & humidity sensor in the mix, which is important since moisture content plays a role. The Arduino reads these sensors and uses a simple predictive algorithm to create an “Acid Rain Risk Score” that is displayed on a 16×2 character LCD. It’s all wrapped up in a fun 3D printed enclosure that looks like a cloud.

There are some limitations to the device. Namely, it doesn’t necessarily have a great read on atmospheric SO2 and NO2 levels in the atmosphere, particularly at altitudes where rain is formed, because the sensor sits inside the device indoors. However, the basic concept is there, and improvements could certainly be made with some upgrades and further research.

Hacky Thanksgiving

November 29, 2025 by 9 Comments

It’s that time of year when we eat perhaps a little too much food, and have maybe just a few too many sips of red wine. But it’s also when we think about what we’ve been grateful for over the past year. And here at Hackaday, that’s you all: the people out there making the crazy projects that we get the pleasure of writing about, and those of you just reading along. After all, we’re just the hackers in the middle. You are all Hackaday.

And it’s also the time of year, at least in this hemisphere, when the days get far too short for their own good and the weather gets frankly less than pleasant. That means more time indoors, and if we play our cards right, more time in the lab. Supercon is over and Hackaday Europe is still far enough in the future. Time for a good project along with all of the festive duties.

So here we sit, while the weather outside is frightful, wishing you all a pleasant start to the holiday season. May your parts bin overflow and your projects-to-do-list never empty!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Hackaday Podcast Episode 347: Breaking Kindles, Baby’s First Synth, And Barcodes!

November 28, 2025 by 3 Comments

This week, Hackaday’s Elliot Williams and Kristina Panos met up over coffee to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous seven days or so.

On What’s That Sound, Kristina got sort of close, but of course failed spectacularly. Will you fare better and perhaps win a Hackaday Podcast t-shirt? Mayhap you will.

After that, it’s on to the hacks and such, beginning with an interesting tack to take with a flat-Earther that involves two gyroscopes.  And we take a look at the design requirements when it comes to building synths for three-year-olds.

Then we discuss several awesome hacks such as a vehicle retrofit to add physical heated seat controls, an assistive radio that speaks the frequencies, and an acoustic radiometer build. Finally, we look at the joys of hacking an old Kindle, and get a handle on disappearing door handles.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 347: Breaking Kindles, Baby’s First Synth, And Barcodes!”

Building A Low-Cost Satellite Tracker

November 26, 2025 by 8 Comments

Looking up at the sky just after sunset or just before sunrise will reveal a fairly staggering amount of satellites orbiting overhead, from tiny cubesats to the International Space Station. Of course these satellites are always around, and even though you’ll need specific conditions to view them with the naked eye, with the right radio antenna and only a few dollars in electronics you can see exactly which ones are flying by at any time.

[Josh] aka [Ham Radio Crash Course] is demonstrating this build on his channel and showing every step needed to get something like this working. The first part is finding the correct LoRa module, which will be the bulk of the cost of this project. Unlike those used for most Meshtastic nodes, this one needs to be built for the 433 MHz band. The software running on this module is from TinyGS, which we have featured here before, and which allows a quick and easy setup to listen in to these types of satellites. This build goes much further into detail on building the antenna, though, and also covers some other ancillary tasks like mounting it somewhere outdoors.

With all of that out of the way, though, the setup is able to track hundreds of satellites on very little hardware, as well as display information about each of them. We’d always favor a build that lets us gather data like this directly over using something like a satellite tracking app, although those do have their place. And of course, with slightly more compute and a more directed antenna there is all kinds of other data beaming down that we can listen in on as well, although that’s not always the intent.

Continue reading “Building A Low-Cost Satellite Tracker”