This Week In Security: The AI Hacker, FortMajeure, And Project Zero

August 15, 2025 by Jonathan Bennett 5 Comments

One of the hot topics currently is using LLMs for security research. Poor quality reports written by LLMs have become the bane of vulnerability disclosure programs. But there is an equally interesting effort going on to put LLMs to work doing actually useful research. One such story is [Romy Haik] at ULTRARED, trying to build an AI Hacker. This isn’t an over-eager newbie naively asking an AI to find vulnerabilities, [Romy] knows what he’s doing. We know this because he tells us plainly that the LLM-driven hacker failed spectacularly.

The plan was to build a multi-LLM orchestra, with a single AI sitting at the top that maintains state through the entire process. Multiple LLMs sit below that one, deciding what to do next, exactly how to approach the problem, and actually generating commands for those tools. Then yet another AI takes the output and figures out if the attack was successful. The tooling was assembled, and [Romy] set it loose on a few intentionally vulnerable VMs.

As we hinted at up above, the results were fascinating but dismal. This LLM successfully found one Remote Code Execution (RCE), one SQL injection, and three Cross-Site Scripting (XSS) flaws. This whole post is sort of sneakily an advertisement for ULTRARED’s actual automated scanner, that uses more conventional methods for scanning for vulnerabilities. But it’s a useful comparison, and it found nearly 100 vulnerabilities among the collection of targets.

The AI did what you’d expect, finding plenty of false positives. Ask an AI to describe a vulnerability, and it will glad do so — no real vulnerability required. But the real problem was the multitude of times that the AI stack did demonstrate a problem, and failed to realize it. [Romy] has thoughts on why this attempt failed, and two points stand out. The first is that while the LLM can be creative in making attacks, it’s really terrible at accurately analyzing the results. The second observation is one of the most important observations to keep in mind regarding today’s AIs. It doesn’t actually want to find a vulnerability. One of the marks of security researchers is the near obsession they have with finding a great score. Continue reading “This Week In Security: The AI Hacker, FortMajeure, And Project Zero” →

For Americans Only: Estimating Celsius And Other Mental Metrics

August 14, 2025 by Al Williams 194 Comments

I know many computer languages, but I’ve struggled all my life to learn a second human language. One of my problems is that I can’t stop trying to translate in my head. Just like Morse code, you need to understand things directly, not translate. But you have to start somewhere. One of the reasons metric never caught on in the United States is that it is hard to do exact translations while you are developing intuition about just how hot is 35 °C or how long 8 cm is.

If you travel, temperature is especially annoying. When the local news tells you the temperature is going to be 28, it is hard to do the math in your head to decide if you need a coat or shorts.

Ok, you are a math whiz. And you have a phone with a calculator and, probably, a voice assistant. So you can do the right math, which is (9/5) x °C + 32. But for those of us who can’t do that in our heads, there is an easier way.

Continue reading “For Americans Only: Estimating Celsius And Other Mental Metrics” →

FLOSS Weekly Episode 842: Will The Real JQ Please Stand Up

August 13, 2025 by Jonathan Bennett 7 Comments

We’re back! This week Jonathan chats with Mattias Wadman and Michael Farber about JQ! It’s more than just a JSON parser, JQ is a whole scripting language! Tune in to find out more about it.

Continue reading “FLOSS Weekly Episode 842: Will The Real JQ Please Stand Up” →

The World’s First Podcaster?

August 13, 2025 by Al Williams 12 Comments

When do you think the first podcast occurred? Did you guess in the 1890s? That’s not a typo. Telefonhírmondó was possibly the world’s first true “telephone newspaper.” People in Budapest could dial a phone number and listen to what we would think of now as radio content. Surprisingly, the service lasted until 1944, although after 1925, it was rebroadcasting a radio station’s programming.

Tivadar Puskás, the founder of Budapest’s “Telephone Newspaper” (public domain)

The whole thing was the brainchild of Tivadar Puskás, an engineer who had worked with Thomas Edison. At first, the service had about 60 subscribers, but Puskás envisioned the service one day spanning the globe. Of course, he wasn’t wrong. There was a market for worldwide audio programs, but they were not going to travel over phone lines to the customer.

The Hungarian government kept tight control over newspapers in those days. However, as we see in modern times, new media often slips through the cracks. After two weeks of proving the concept out, Puskás asked for formal approval and for a 50-year exclusive franchise for the city of Budapest. They would eventually approve the former, but not the latter.

Unfortunately, a month into the new venture, Puskás died. His brother Albert took over and continued talks with the government. The phone company wanted a piece of the action, as did the government. Before anything was settled, Albert sold the company to István Popper. He finalized the deal, which included rules requiring signed copies of the news reports to be sent to the police three times a day. The affair must have been lucrative. The company would eventually construct its own telephone network independent of the normal phone system. By 1907, they boasted 15,000 subscribers, including notable politicians and businesses, including hotels. Continue reading “The World’s First Podcaster?” →

Design Review: LattePanda Mu NAS Carrier

August 12, 2025 by Arya Voronova 17 Comments

It is a good day for design review! Today’s board is the MuBook, a Lattepanda Mu SoM (System-on-Module) carrier from [LtBrain], optimized for a NAS with 4 SATA and 2 NVMe ports. It is cheap to manufacture and put together, the changes are non-extensive but do make the board easier to assemble, and, it results in a decent footprint x86 NAS board you can even order assembled at somewhere like JLCPCB.

This board is based on the Lite Carrier KiCad project that the LattePanda team open-sourced to promote their Mu boards. I enjoy seeing people start their project from a known-working open-source design – they can save themselves lots of work, avoid reinventing the wheel and whole categories of mistakes, and they can learn a bunch of design techniques/tips through osmosis, too. This is a large part of why I argue everyone should open-source their projects to the highest extent possible, and why I try my best to open-source all the PCBs I design.

Let’s get into it! The board’s on GitHub as linked, already containing the latest changes.

Git’ting Better

I found the very first review item when downloading the repo onto my computer. It took a surprising amount of time, which led me to believe the repo contains a fair bit of binary files – something quite counterproductive to keep in Git. My first guess was that the repo had no .gitignore for KiCad, and indeed – it had the backups/ directory with a heap of hefty .zips, as well as a fair bit of stuff like gerbers and footprint/symbol cache files. I checked in with [LtBrain] that these won’t be an issue to delete, and then added a .gitignore from the Blepis project.

Continue reading “Design Review: LattePanda Mu NAS Carrier” →

Neon Bulbs? They’re A Gas!

August 11, 2025 by Al Williams 39 Comments

When you think of neon, you might think of neon signs or the tenth element, a noble gas. But there was a time when neon bulbs like the venerable NE-2 were the 555 of their day, with a seemingly endless number of clever circuits. What made this little device so versatile? And why do we see so few of them today?

Neon’s brilliant glow was noted when William Ramsay and Morris Travers discovered it in 1898. It would be 1910 before a practical lighting device using neon appeared. It was 1915 when the developer, Georges Claude, of Air Liquide fame, received a patent on the unique electrodes suitable for lighting and, thus, had a monopoly on the technology he sold through his company Claude Neon Lights.

However, Daniel Moore in 1917 developed a different kind of neon bulb while working for General Electric. These bulbs used coronal discharge to produce a red glow or, with argon, a blue glow. This was different enough to earn another patent, and neon bulbs found use primarily as indicator lamps before the advent of the LED. However, it would also find many other uses.

Continue reading “Neon Bulbs? They’re A Gas!” →

Hackaday Links: August 10, 2025

August 10, 2025 by Dan Maloney 11 Comments

We lost a true legend this week with the passing of NASA astronaut Jim Lovell at the ripe old age of 97. Lovell commanded the ill-fated Apollo 13 mission back in 1970, and along with crewmates Jack Swigert and Fred Haise — along with just about every person working at or for NASA — he managed to guide the mortally wounded Odyssey command module safely back home. While he’s rightly remembered for the heroics on 13, it was far from his first space rodeo. Lovell already had two Gemini missions under his belt before Apollo came along, including the grueling Gemini 7, where he and Frank Borman undertook the first long-duration space mission, proving that two men stuffed into a Volkswagen-sized cockpit could avoid killing each other for at least two weeks.

Continue reading “Hackaday Links: August 10, 2025” →