Hackaday Links: June 21, 2026

June 21, 2026 by Tom Nardi No comments

Today marks the summer solstice, the longest day of the year and the start of astronomical summer in the Northern Hemisphere. This doesn’t really have much to do with hacking hardware or building gadgets other than the fact that from this point on you’ll have progressively less daylight hours to do it in each day. Of course, if you do your best work in the middle of the night this won’t impact things much.

If you’re as likely to find a controller in your hand as a soldering iron in the evenings, you might be interested in a recent filing against Sony. Lawyers representing a group of four gamers allege that the entertainment giant is violating a California law that says digital storefronts need to make it clear that buyers don’t technically own the games in question but are merely licensing them — a license which, as we’ve seen in the past, can be revoked or modified at any time with no restitution made to the purchaser.

Now while we agree conceptually that selling gamers a license rather than an actual copy of the game is clearly a one-sided deal, we’re still not sure this case has a lot of merit. As far as we can tell, Sony does make it clear in the fine print that you’re not really going to own anything once they take your money. Or, at the very least, they make it equally as clear as any other company that’s selling digital downloads these days. Should the court actually find that said fine print is a little too fine, it could conceivably have ramifications throughout the entertainment industry. This is certainly a case to keep an eye on.

Continue reading “Hackaday Links: June 21, 2026” →

Home Automation: Simple Vs Easy

June 20, 2026 by Elliot Williams 26 Comments

We’ve been talking a bunch of home automation on the Podcast lately, and this week, in the Mailbag segment, a reader asked us about our setups. Neither Kristina nor I are poster children for the home automation movement: she has absolutely no smart anything because she didn’t want her data up in “the cloud”, and I have an entirely local system that’s really nothing more than a bunch of ad-hoc scripts that talk to an MQTT broker, everything fully DIY but held together with metaphorical duct tape. Neither of us are doing it right, but we’re doing it wrong in interestingly different ways.

Kristina thought, probably because of the range of commercial devices out there that tie you into using their remote data storage services, that giving up control of her data was necessary to use it. And it might be, if you insist that setting up the system be as easy as possible. But the tradeoff for this ease is a drastic reduction in simplicity. You shouldn’t need a remote server in some foreign country to turn your lights on and off. Adding “the cloud” into the mix brings a lot of complexity, mostly in the form of servers that have to be paid for somehow by whatever company is providing the service. It needs to be secure. You might even have to create accounts, remember passwords, and manage that whole deal. Sure, that’s easy enough, but it’s a lot of moving parts, and you can’t blame her for rejecting that complexity.

My system is hosted on a now-ancient OrangePi in the corner, and the network in question is an old WiFi router that it sits on. Nothing needs to leave my four walls, but actually some of it does – I bridge some of the MQTT topics out to an external server for my own amusement. There is no protocol, and no real “system” frankly. Each device in the network has its own topic, and I’m responsible for knowing what it means. The thermometer in the basement has an ESP8266 that transmits on the home/basement/temperature topic, and it puts out its temperature in degrees Celsius. It was the simplest system I could think of, but I have to write whatever software I want to log, display, or act on the data. Of course, that’s simple if you can write some four-liner scripts on the OrangePi broker, but it’s not easy enough that my wife wants to hack on it.

So if the full-buy-in commercial systems are easy but overly complex, and my DIY network is transparently simple but requires a level of hands-on that isn’t easy for “normies”, is there a middle ground? I know half of you are already screaming Home Assistant or Domoticz, and you’re also thinking of which client device libraries you like the most for all your DIY applications: ESPHome vs Tasmota, for instance. And you’re all right!

We are living the in the golden age of the home automation projects. Open-source software and firmware, combined with an abundance of online tutorials and worked examples, have made huge strides toward bridging the gap between simplicity and ease of use. You can set up a hub for everything on a single-board computer, upload the software of your choice, and you don’t need the complexity or loss-of-support liability of a cloud provider. At the same time, setup is easy enough if you’re willing to roll up your sleeves a little bit, and when it’s not, chances are good that someone else has already figured it out for you. These days, interoperability with popular commercial products is shockingly easy to boot.

I need to spend some time and rationalize my system: given the state of the art, it’s simply too simple, and taking a step into an open-source solution would make it easier to use for the rest of the family, without overly complexifying things, adding sketchy dependencies, or losing our data sovereignty. I haven’t finished exploring my options yet, but from what I can see, the community has converged on some goldilocks setups: not too simple or too easy, but rather just right. Thanks, y’all!

Hackaday Podcast Episode 374: Flippin’ Phones, Sexy Spraysers, And Frikkin’ Lasers

June 19, 2026 by Kristina Panos 2 Comments

Things are back to normal around the Podcast studio, and this week you’ll hear the dulcet tones of Elliot Williams and Kristina Panos.

In Hackaday news, we still have a Frikkin’ Lasers Challenge going on, and now you can even enter your project into it! Join the ranks, won’t you?

Not only do we have a triple mailbag this week, we have another failed attempt at guessing the sound by Kristina. However, [Baron Maximilian von Knuthausen] knew that it was a train, a British one, even. Then it’s on to the hacks, of course, which ought to go far in explaining the show title.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in lovely MP3.

Continue reading “Hackaday Podcast Episode 374: Flippin’ Phones, Sexy Spraysers, And Frikkin’ Lasers” →

This Week In Security: Arch AUR, Steam Marketplace, WordPress All Face Issues, Taco-Themed Coding, And Mythos Makes National News

June 19, 2026 by Mike Kershaw 7 Comments

Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken over by a new maintainer, which was exploited by the attackers to claim ownership.

Once the packages were adopted by the malicious maintainers, the next part should sound familiar: The package build scripts, which are executed by the Arch yay and paru package managers, were modified to install malicious NPM packages (atomic-lockfile and js-digest) each containing the now-usual suite of infostealer malware targeting browser credentials and tokens, SSH private keys, package repository tokens, cloud compute, AI tokens, and crypto wallets.

The malware once installed uses several tricks to cloak itself by renaming processes, and to install systemd services to restart itself, and leveraging eBPF filtering in the kernel to hide the sockets and processes further. It specifically targets browsers and Electron-based applications, which are basically a light-weight Chromium browser disguised as an application anyway. Slack, Discord, Signal, and many more use the Electron wrapper.

A preliminary analysis of the malware is available, which breaks down the exact behavior in more detail and lists the known targets of the malware.

Initially believed to be “only” a few hundred packages, the compromised list eventually grew to over 1500, and additional packages may still be discovered. On June 14, Phoronix reported that a second wave of compromised packages has been found in the AUR repositories, including NeoVim plugins and multiple browsers. The second set of infected packages were compromised in a similar fashion, but with more heavily obfuscated scripts.

Steam Wallpaper Malware

Kaspersky Labs finds that Steam users have been targeted by malware uploaded via a popular animated wallpaper application, “Wallpaper Engine”.

While Valve normally does an admirable job filtering the Steam store, it looks like an exploit has slipped through in “Wallpaper Engine”. Animated wallpapers can be videos, web pages, or full executables themselves. Obviously, being able to run any program masquerading as wallpaper directly is an excellent vector to install malware, so of course this is what happened.

Using the integrated Steam Workshop, which allows users to share game mods and other game content directly, malicious wallpapers install a wide variety of malware including the usual gamut of infostealers, remote access, residential proxy, key logging, and crypto miners. This makes it one of the rare times installing crypto miners almost makes sense, considering most Steam users likely have better than average video cards.

Once a user is infected, the malware also steals the current Steam login credentials, and several instances attempt to then upload additional infected wallpapers to the Steam Workshop under the compromised users identity, completing the supply chain circle of life.

Continue reading “This Week In Security: Arch AUR, Steam Marketplace, WordPress All Face Issues, Taco-Themed Coding, And Mythos Makes National News” →

FLOSS Weekly Episode 871: Rust Won’t Save You

June 17, 2026 by Jonathan Bennett No comments

This week Jonathan chats with Florian Gilcher about Rust and Ferrous Systems! How have we gotten here, what’s coming next, and what’s new in the Rust world? Watch to find out!

Continue reading “FLOSS Weekly Episode 871: Rust Won’t Save You” →

An image of a miniature diorama of Snow White and the Seven Dwarves. On the left is a more detailed 1/6 scale model with a tall, dark haired Snow White and dwarves with red caps and tan tunics. The image on the right is of a much smaller and less detailed set of miniatures. The figures's proportions are a little more uncanny and feel like a low budget Disney rip-off.

How Did They Make View-Master Slides?

June 16, 2026 by Navarre Bartz 19 Comments

The basics of producing a stereophotograph of real life places were well-established by the time the View-Master arrived, but producing images of imaginary scenes was a bit more involved. [View Master Travels and Peter Dibble] took a look at how the fairy tale and media tie-in reels may have been made.

Starting with simple dioramas, View-Master eventually developed an entire team to work on fairy tales. One of the most influential members was sculptor [Florence Thomas]. She was instrumental in updating many of the original fairy tale reels from small scale miniatures to 1/6 scale dioramas for the scenes. Unfortunately, the department was eventually cut and all the original miniatures thrown away.

Before VCRs, View-Master was the primary way people could interact with their favorite TV shows and movies when they weren’t being broadcast. TV shows could be photographed while in production in Hollywood with a stereo camera giving great visual detail. Some cartoon and movie reels were less engaging, having been made from promotional images, giving more of a paper cutout appearance rather than “real” 3D. In either case, many of these visual techniques have been lost with little documentation on how they were achieved.

We previously covered [View Master Travels and Peter Dibble]’s History of the View-Master and how you can digitize the disks for posterity.

Continue reading “How Did They Make View-Master Slides?” →

Hackaday Links: June 14, 2026

June 14, 2026 by Tom Nardi No comments

Times are tough out there, and many are starting to feel the pressure at the grocery store checkout line or the gas pump. But whenever you start to worry about affording life’s necessities, take comfort in the knowledge that somebody is so flush with cash that on Friday they decided to treat themselves and spend $3 million for a sealed copy of Super Mario Bros for the Nintendo Entertainment System.

Although we’re not going to say it necessarily justifies the insane price — a new record for the most ever paid for a video game, incidentally — Heritage Auctions does note in their press release that this is an exceptionally rare version of what’s admittedly one of the most iconic pieces of software ever produced. This is only one of three copies of this particular variant known to exist, which Nintendo apparently distributed to test markets in the United States ahead of the game’s official 1985 release.

In slightly more modern gaming news, Asha Sharma, the new head of Microsoft’s Xbox division, has been making some big swings to try and get Microsoft’s gaming division back on track after years of declining sales. As part of that effort, she recently penned an article detailing some of the challenges the company is facing, which includes some interesting hardware details.

According to the blog post, she claims that in February, the cost of memory and storage components for the Xbox console had doubled compared to the previous year. But those numbers have jumped again, and by the time the holidays roll around, she expects they’ll be paying five times what they did in 2024. That’s bad news for anyone looking to put an Xbox under the tree come Christmas, but even worse news as the company works on the console’s successor. Considering that today’s hardware from Sony and Microsoft can already set you back $700 USD depending on which version you get, it seems like we’re approaching a point where gaming consoles could price themselves out of the market.

Continue reading “Hackaday Links: June 14, 2026” →