This Week In Security: Anime Catgirls, Illegal AdBlock, And Disputed Research

August 22, 2025 by Jonathan Bennett 28 Comments

You may have noticed the Anime Catgirls when trying to get to the Linux Kernel’s mailing list, or one of any number of other sites associated with Open Source projects. [Tavis Ormandy] had this question, too, and even wrote about it. So, what’s the deal with the catgirls?

The project is Anubis, a “Web AI Firewall Utility”. The intent is to block AI scrapers, as Anubis “weighs the soul” of incoming connections, and blocks the bots you don’t want. Anubis uses the user agent string and other indicators to determine what an incoming connection is. But the most obvious check is the in-browser hashing. Anubis puts a challenge string in the HTTP response header, and JavaScript running in the browser calculates a second string to append this challenge. The goal is to set the first few bytes of the SHA-256 hash of this combined string to 0.

[Tavis] makes a compelling case that this hashing is security theatre — It makes things appear more secure, but doesn’t actually improve the situation. It’s only fair to point out that his observation comes from annoyance, as his preferred method of accessing the Linux kernel git repository and mailing list are now blocked by Anubis. But the economics of compute costs clearly demonstrate that this SHA-256 hashing approach will only be effective so long as AI companies don’t add the 25 lines of C it took him to calculate the challenge. The Anubis hashing challenge is literally security by obscurity.

Continue reading “This Week In Security: Anime Catgirls, Illegal AdBlock, And Disputed Research” →

Linux Fu: Windows Virtualization The Hard(ware) Way

August 21, 2025 by Al Williams 31 Comments

As much as I love Linux, there are always one or two apps that I simply have to run under Windows for whatever reason. Sure, you can use wine, Crossover Office, or run Windows in a virtual machine, but it’s clunky, and I’m always fiddling with it to get it working right. But I recently came across something that — when used improperly — makes life pretty easy. Instead of virtualizing Windows or emulating it, I threw hardware at it, and it works surprisingly well.

Once Upon a Time

First, a story. Someone gave me a Surface Laptop 2 that was apparently dead. It wouldn’t charge, and you can’t remove the keyboard without power. Actually, you can with a paper clip, and I suggested pulling it to see if the screen would charge by itself. They said they had already bought a new computer, so they didn’t care.

Unsurprisingly, once I popped the keyboard off, the computer charged and was fine. You just have to replace the keyboard or use another one. Or use it as a tablet, which it is set up for anyway. But I have plenty of laptops and computers of every description. What was I going to do with this nice but keyboardless computer? Continue reading “Linux Fu: Windows Virtualization The Hard(ware) Way” →

FLOSS Weekly Episode 843: Money Usually Helps

August 20, 2025 by Jonathan Bennett No comments

This week Jonathan and Dan chat with Farid Abdelnour about Kdenlive! It’s top quality video editing software, and happens to be what we use to edit the show! What’s next for the project, and how can you help? Watch to find out!

Continue reading “FLOSS Weekly Episode 843: Money Usually Helps” →

Instant Macropad: Just Add QMK

August 20, 2025 by Al Williams 2 Comments

I recently picked up one of those cheap macropads (and wrote about it, of course). It is surprisingly handy and quite inexpensive. But I felt bad about buying it. Something like that should be easy to build yourself. People build keyboards all the time now, and with a small number of keys, you don’t even have to scan a matrix. Just use an I/O pin per switch.

The macropad had some wacky software on it that, luckily, people have replaced with open-source alternatives. But if I were going to roll my own, it would be smart to use something like QMK, just like a big keyboard. But that made me wonder, how much trouble it would be to set up QMK for a simple project. Spoiler: It was pretty easy.

The Hardware

Simple badge or prototype macropad? Why not both?

Since I just wanted to experiment, I was tempted to jam some switches in a breadboard along with a Raspberry Pi Pico. But then I remembered the “simple badge” project I had up on a nearby shelf. It is simplicity itself: an RP2040-Plus (you could just use a regular Pi Pico) and a small add-on board with a switch “joystick,” four buttons, and a small display. You don’t really need the Plus for this project since, unlike the badge, it doesn’t need a battery. The USB cable will power the device and carry keyboard (or even mouse) commands back to the computer.

Practical? No. But it would be easy enough to wire up any kind of switches you like. I didn’t use the display, so there would be no reason to wire one up if you were trying to make a useful copy of this project.

Continue reading “Instant Macropad: Just Add QMK” →

Food Irradiation Is Not As Bad As It Sounds

August 19, 2025 by Lewin Day 50 Comments

Radiation is a bad thing that we don’t want to be exposed to, or so the conventional wisdom goes. We’re most familiar with it in the context of industrial risks and the stories of nuclear disasters that threaten entire cities and contaminate local food chains. It’s certainly not something you’d want anywhere near your dinner, right?

You might then be surprised to find that a great deal of research has been conducted into the process of food irradiation. It’s actually intended to ensure food is safer for human consumption, and has become widely used around the world.

Continue reading “Food Irradiation Is Not As Bad As It Sounds” →

How Laser Headlights Died In The US

August 18, 2025 by Lewin Day 140 Comments

Automotive headlights started out burning acetylene, before regular electric lightbulbs made them obsolete. In due time, halogen bulbs took over, before the industry began to explore even newer technologies like HID lamps for greater brightness. Laser headlights stood as the next leap forward, promising greater visibility and better light distribution.

Only, the fairytale didn’t last. Just over a decade after laser headlights hit the market, they’re already being abandoned by the manufacturers that brought them to fruition. Laser headlights would end up fighting with one hand behind their back, and ultimately became irrelevant before they ever became the norm.

Continue reading “How Laser Headlights Died In The US” →

Hackaday Links: August 17, 2025

August 17, 2025 by Dan Maloney 15 Comments

We’ve studiously avoided any mention of our latest interstellar visitor, 3I/Atlas, on these pages, mainly because of all the hoopla in the popular press about how Avi Loeb thinks it’s aliens, because of course he does. And we’re not saying it’s aliens either, mainly because we’d never be lucky enough to be alive during an actual alien invasion — life just hasn’t historically been that kind to us. So chances are overwhelming that 3I/Atlas is just a comet, but man, it’s doing its level best to look like it’s not, which means it’s time to brave the slings and arrows and wade into this subject.

The number of oddities surrounding 3I/Atlas just keeps growing, from its weird Sun-directed particle stream to its extreme speed, not to mention a trajectory through the solar system that puts it just a fraction of an astronomical unit from two of the three planets within the “Goldilocks Zone” of our star — ignore the fact that at an estimated seven billion years old, 3I/Atlas likely would have started its interstellar journey well before our solar system had even started forming. Still, it’s the trajectory that intrigues us, especially the fact that it’s coming in at a very shallow along to the ecliptic, and seems like it will cross that imaginary plane almost exactly when it makes its closest approach to the Sun on October 29, which just coincidentally happens to be at the very moment Earth is exactly on the opposite side of our star. We’ll be as far as possible from the action on that date, with the comet conveniently lost in the glare of the Sun. Yes, there’s talk of re-tasking some of our spacecraft around Mars or in the Jovian system to take a peek when 3I/Atlas passes through their neighborhoods, but those are complicated affairs that show no sign of bearing fruit in the short time left before the comet heads back out into the Deep Dark. Too bad; we’d really love an up-close and personal look at this thing.

Continue reading “Hackaday Links: August 17, 2025” →