Slider

4997 Articles

Solar Balconies Take Europe By Storm

March 31, 2026 by 144 Comments

Solar power has been around for a long time now. Once upon a time, it was mostly the preserve of research projects and large-scale municipal installations. Eventually, as the technology grew ever cheaper, rooftop solar came along, and cashed-up homeowners rushed to throw panels on their homes to slash their power bills and even make money in some cases.

Those in apartments or rented accommodations had largely been left out of the solar revolution. That was, until the advent of balcony solar. Popular in Germany, but little known in the rest of the world, the concept has brought home power generation to a larger market than ever.

Continue reading “Solar Balconies Take Europe By Storm”

Reflective pool of the Court of the Myrtles, looking north towards the Comares Tower. (Credit: Tuxyso, Wikimedia)

Medieval Alhambra’s Pulser Pump And Other Aquatic Marvels

March 30, 2026 by 8 Comments

Recently the Practical Engineering YouTube channel featured a functional recreation of a pump design that is presumed by some to have been used to pump water up to the medieval Alhambra palace and its fortress, located in what is today Spain. This so-called pulser pump design is notable for not featuring any moving parts, but the water pump was just one of many fascinating engineering achievements that made the Alhambra a truly unique place before the ravages of time had their way with it.

Although the engineering works were said to still have been functional in the 18th century, this pumping system and many other elements that existed at the peak of its existence had already vanished by the 19th century for a number of reasons. During this century a Spanish engineering professor, Cáceres, tried to reconstruct the mechanism as best as he could based on the left-over descriptions, but sadly we’ll likely never know for certain that it is what existed there.

Similarly, the speculated time-based fountain in the Court of the Lions and other elements are now forever lost to time, but we have plenty of theories on how all of this worked in a pre-industrial era.

Continue reading “Medieval Alhambra’s Pulser Pump And Other Aquatic Marvels”

Spy Tech: Conflicts Bring A New Number Station

March 30, 2026 by 21 Comments

If you know much about radios and espionage, you’ve probably encountered number stations. These are mysterious stations that read out groups of numbers or otherwise encoded messages to… well… someone. Most of the time, we don’t know who is receiving the messages. You’d be excused for thinking that this is an old technology. After all, satellite phones, the Internet, and a plethora of options now exist to allow the home base to send spies secret instructions. However, the current-day global conflict has seen at least one new number station appear, apparently associated with the United States and, presumably, targeting some recipients in Iran, according to priyom.org.

As you might expect, these stations don’t identify themselves, but the Enigma Control List names this one as V32. It broadcasts two two-hour blocks a day at 0200 UTC and a repeat at 1800 UTC. Each message starts with the Farsi word for “attention” followed by what is assumed to be some header information as two 5-digit groups. Then there is a set of 181 five-digit groups. Each message is padded out to take 20 minutes, and there are six messages in each transmission.

Continue reading “Spy Tech: Conflicts Bring A New Number Station”

This Week In Security: Second Verse, Worse Than The First

March 27, 2026 by 16 Comments

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the wild, dubbed Darksword.

Like Coruna, Darksword appears to have followed the path of government security contractors, to different government actors, to crypto stealer. It appears to focus on exploits already fixed in modern iOS releases, with most affecting iOS 18 and all patched by iOS 26.3.

Going from almost no public examples of modern iOS exploits to two in as many weeks is wild, so if mobile device security is of interest, be sure to check out the Google write-up.

Another FBI Router Warning

The second too early to be retro – but too important to ignore – repeat security item is a second alert by the FBI cautioning about end-of-life consumer network hardware under active exploitation, with the FBI tracking almost 400,000 device infections so far.

Like the warning two weeks ago, the FBI calls out a handful of consumer routers – but this time they’re devices that may actually still be service in some of our homes (or our less cutting edge friends and family), calling out devices from Netgear, TP-Link, D-Link, and Zyxel:

  • Netgear DGN2200v4 and AC1900 R700
  • TP-Link Archer C20, TL-WR840N, TL-WR849N, and WR841N
  • D-Link DIR-818LW, 850L, and 860L
  • Zyxel EMG6726-B10A, VMG1312-B10D, VMG1312-T20B, VMG3925-B10A, VMG3925-B10C, VMG4825-B10A, VMG4927-B50A, VMG8825-T50K

While many of these devices are over ten years old, they still support modern networking – some of them even supporting 802.11ac (also called Wi-Fi 5).  Unfortunately, since support has been ended by the manufacturers, publicly disclosed vulnerabilities have not been patched (and now never will be, officially) Continue reading “This Week In Security: Second Verse, Worse Than The First”

FLOSS Weekly Episode 867: Pangolin: People Can Lie

March 25, 2026 by No comments

This week Jonathan chats with Milo Schwartz about Pangolin, the Open Source tunneling solution. Why do we need something other than Wireguard, and how does Pangolin fix IoT and IT problems? And most importantly, how do you run your own self-hosted Pangolin install? Watch to find out!

Continue reading “FLOSS Weekly Episode 867: Pangolin: People Can Lie”

Retail Fail: The :CueCat Disaster

March 25, 2026 by 71 Comments

Digital Convergence Corporation is hardly a household name, and there’s a good reason for that. However, it raised about $185 million in investments around the year 2000 from companies such as Coca-Cola, Radio Shack, GE, E. W. Scripps, and the media giant Belo Corporation. So what did all these companies want, and why didn’t it catch on? If you are old enough, you might remember the :CueCat, but you probably thought it was Radio Shack’s disaster. They were simply investors.

The Big Idea

The :CueCat was a barcode scanner that, usually, plugged into a PC’s keyboard port (in those days, that was normally a PS/2 port). A special cable, often called a wedge, was like a Y-cable, allowing you to use your keyboard and the scanner on the same port. The scanner looked like a cat, of course.

However, the :CueCat was not just a generic barcode scanner. It was made to only scan “cues” which were to appear in catalogs, newspapers, and other publications. The idea was that you’d see something in an ad or a catalog, rush to your computer to scan the barcode, and be transported to the retailer’s website to learn more and complete the purchase.

The software could also listen using your sound card for special audio codes that would play on radio or TV commercials and then automatically pop up the associated webpage. So, a piece of software that was reading your keyboard, listening to your room audio at all times, and could inject keystrokes into your computer. What could go wrong?

Continue reading “Retail Fail: The :CueCat Disaster”

The Most Secure, Modern Computer Might Be A Mac

March 25, 2026 by 43 Comments

The Linux world is currently seeing an explosion in new users, thanks in large part to Microsoft turning its Windows operating system into the most intrusive piece of spyware in modern computing. For those who value privacy and security, Linux has long been the safe haven where there’s reasonable certainty that the operating system itself isn’t harvesting user data or otherwise snooping where it shouldn’t be. Yet even after solving the OS problem, a deeper issue remains: the hardware itself. Since around 2008, virtually every Intel and AMD processor has included coprocessors running closed-source code known as the Intel Management Engine (IME) or AMD Platform Security Processor (PSP).

M1 MacBook Air, now with more freedom

These components operate entirely outside the user’s and operating system’s control. They are given privileged access to memory, storage, and networking and can retain that access even when the CPU is not running, creating systemic vulnerabilities that cannot be fully mitigated by software alone. One practical approach to minimizing exposure to opaque management subsystems like the IME or PSP is to use platforms that do not use x86 hardware in the first place. Perhaps surprisingly, the ARM-based Apple M1 and M2 computers offer a compelling option, providing a more constrained and clearly defined trust model for Linux users who prioritize privacy and security.

Before getting into why Apple Silicon can be appealing for those with this concern, we first need to address the elephant in the room: Apple’s proprietary, closed-source operating system. Luckily, the Asahi Linux project has done most of the heavy lifting for those with certain Apple Silicon machines who want to go more open-source. In fact, Asahi is one of the easiest Linux installs to perform today even when compared to beginner-friendly distributions like Mint or Fedora, provided you are using fully supported M1 or M2 machines rather than attempting an install on newer, less-supported models. The installer runs as a script within macOS, eliminating the need to image a USB stick. Once the script is executed, the user simply follows the prompts, restarts the computer, and boots into the new Linux environment. Privacy-conscious users may also want to take a few optional steps, such as verifying the Asahi checksum and encrypting the installation with LUKS but these steps are not too challenging for experienced users. Continue reading “The Most Secure, Modern Computer Might Be A Mac”