This Week In Security: F5, SonicWall, And The End Of Windows 10

October 17, 2025 by Jonathan Bennett 12 Comments

F5 is unintentionally dabbling in releasing the source code behind their BIG-IP networking gear, announcing this week that an unknown threat actor had access to their internal vulnerability and code tracking systems. This security breach was discovered on August 9th, and in the time since, F5 has engaged with CrowdStrike, Mandiant, and NCC Group to review what happened.

So far it appears that the worst result is access to unreleased vulnerabilities in the F5 knowledge management system. This means that any unpatched vulnerabilities were effectively 0-days, though the latest set of patches for the BIG-IP system has fixed those flaws. There aren’t any reports of those vulnerabilities being exploited in the wild, and F5 has stated that none of the leaked vulnerabilities were critical or allowed for remote exploitation.

Slightly more worrying is that this access included the product development environment. The problem there isn’t particularly the leak of the source code — one of the covered projects is NGINX, which is already open source software. The real danger is that changes could have been surreptitiously added to those codebases. The fact that NGINX is Open Source goes a long way to alleviate that danger, and when combined with the security built into tools like git, it seems very unlikely that malicious code could be sneaked into the NGINX public code base. A thorough review of the rest of the F5 codebases has similarly come up negative, and so far it looks like the supply-chain bullet has been dodged. Continue reading “This Week In Security: F5, SonicWall, And The End Of Windows 10” →

Three Years In, JawnCon Continues To Grow And Impress

October 16, 2025 by Tom Nardi 5 Comments

Make no mistake, just getting a hacker con off the ground is a considerable challenge. But the really hard part comes after. To be more than a one-off success story, you’ve got to expand the event year after year in a manageable way. Go too slow, and attendees might lose interest. Move too fast, and you run the risk of going broke if your ticket sales don’t keep up with your ambitions.

Luckily for hackers living in the Philadelphia area, the folks behind JawnCon have once again demonstrated they’re able to thread the needle. While the ticket price remained the same as in 2024, this year an additional track of talks was introduced as well as expanded activities throughout the con. Even though it only wrapped this past weekend, there’s already buzz about what the event will look like in 2026.

Until then, let’s take a look at some of the projects that were on display at this year’s JawnCon. If it’s the talks you’re after, they’ll be edited and uploaded to the event’s YouTube page in the near future. In the meantime, the Friday and Saturday live streams are still available.

Continue reading “Three Years In, JawnCon Continues To Grow And Impress” →

FLOSS Weekly Episode 851: Buckets Of Money

October 15, 2025 by Jonathan Bennett 1 Comment

This week Jonathan talks to James Cole about Firefly III, the personal finance manager! This one itches James’ own itch, but brings great visualization and management tools for your personal finances!

Continue reading “FLOSS Weekly Episode 851: Buckets Of Money” →

2025 Hackaday Supercon: Crafting The Final Frontier Keynote Event

October 15, 2025 by Tom Nardi No comments

In the history of entertainment, few properties have made the sort of indelible mark on popular culture as Star Trek has. In 950 episodes across the twelve television series that have carried the name, the franchise has made a spectacle not of explosions and machismo, but of competent professionals working together to solve complex problems. In the world of Star Trek, the coolest people in the room are the scientists, engineers, physicists, and doctors — is it any wonder so many in the sciences credit the show for putting them on their career path?

Hardware hacker, maker, and Trekkie Andrew [MakeItHackin] will lead the panel.

To celebrate the impact of Star Trek, we’re proud to announce our keynote event for the 2025 Hackaday Supercon: Crafting the Final Frontier. This round-table discussion led by Andrew [MakeItHackin] will bring together some of the artists that have helped cultivate the look and feel of the final frontier since Star Trek: The Next Generation and all the way into the modern era with Star Trek: Picard.

While the art direction of the original Star Trek series from 1966 was remarkably ahead of its time, these are some of the key individuals who were brought in to refine those early rough-hewn ideas into cultural touchstones. Their work ended up becoming more than simple entertainment, and ultimately helped inspire some of the real-world technology we use on a daily basis. The iconic LCARS computer interface predicted the rise of the touch screen, while its impossible to look at props such as the PADD and Tricorder and not see the parallels with modern tablets and smartphones.

Continue reading “2025 Hackaday Supercon: Crafting The Final Frontier Keynote Event” →

OpenSCAD In Living Color

October 14, 2025 by Al Williams 10 Comments

I modified a printer a few years ago to handle multiple filaments, but I will admit it was more or less a stunt. It worked, but it felt like you had to draw mystic symbols on the floor of the lab and dance around the printer, chanting incantations for it to go right. But I recently broke down and bought a color printer. No, probably not the one you think, but one that is pretty similar to the other color machines out there.

Of course, it is easy to grab ready-made models in various colors. It is also easy enough to go into a slicer and “paint” colors, but that’s not always desirable. In particular, I like to design in OpenSCAD, and adding a manual intervention step into an otherwise automatic compile process is inconvenient.

The other approach is to create a separate STL file for each filament color you will print with. Obviously, if your printer can only print four colors, then you will have four or fewer STLs. You import them, assign each one a color, and then, if you like, you can save the whole project as a 3MF or other file that knows how to handle the colors. That process is quick and painless, so the question now becomes how to get OpenSCAD to put out multiple STLs, one for each color.

But… color()

OpenSCAD has a color function, but that just shows you colors on the screen, and doesn’t actually do anything to your printed models. You can fill your screen with color, but the STL file you export will be the same. OpenSCAD is also parametric, so it isn’t that hard to just generate several OpenSCAD files for each part of the assembly. But you do have to make sure everything is referenced to the same origin, which can be tricky.

It turns out, the development version of OpenSCAD has experimental support for exporting 3MF files, which would allow me to sidestep the four STLs entirely. However, to make it work, you not only have to run the development version, but you also have to enable lazy unions in the preferences. You might try it, but you might also want to wait until the feature is more stable.

Besides, even with the development version, at least as I tried it, every object in the design will still need its color set in the slicer. The OpenSCAD export makes them separate objects, but doesn’t seem to communicate their color in a way that the slicer expects it. If you have a large number of multi-color parts, that will be a problem. It appears that if you do go this way, you might consider only setting the color on the very top-most objects unless things change as the feature gets more robust.

A Better Way

What I really wanted to do is create one OpenSCAD file that shows the colors I am using on the screen. Then, when I’m ready to generate STL files, I should be able to just pick one color for each color I am using.

Continue reading “OpenSCAD In Living Color” →

Hackaday Links: October 12, 2025

October 12, 2025 by Dan Maloney 2 Comments

We’ve probably all seen some old newsreel or documentary from The Before Times where the narrator, using his best Mid-Atlantic accent, described those newfangled computers as “thinking machines,” or better yet, “electronic brains.” It was an apt description, at least considering that the intended audience had no other frame of reference at a time when the most complex machine they were familiar with was a telephone. But what if the whole “brain” thing could be taken more literally? We’ll have to figure that out soon if these computers powered by miniature human brains end up getting any traction.

Continue reading “Hackaday Links: October 12, 2025” →

Easy For The Masses

October 11, 2025 by Elliot Williams 93 Comments

Last week, we were talking about how glad we are to be the type who by-and-large understands technology, and how it’s becoming more and more difficult to simply get along otherwise. We thought we had a good handle on the topic.

Then, we were talking about Google’s plans to require an ID for Android developers, and whether or not this will shut down free and open software development on the Android platform. Would this be the end of the ability to run whatever software that you’d like on your phone? Google offered the figleaf that “sideloading” – installing software through methods other than Google’s official store, would still be be allowed. But there’s a catch – you have to use Android Debug Bridge (ADB).

Is that a relief? It surely means that I will be able to install anything I want: I use ADB all the time, because it’s one of the fastest and easiest ways to transfer files and update software on the device. But how many non-techies do you know who use ADB? We’d guess that requiring this step shuts out 99.9% of Android users. If you make software hard to install for the masses, even if you make it possible for the geeks, you’re effectively killing it.

I have long wondered why end-to-end encrypted e-mail isn’t the default. After all, getting a GPG signing key, distributing it to your friends, and then reading mail with supporting software shouldn’t be a big deal, right? If GPG signing were available by default in Outlook or GMail, everyone would sign their e-mail. But there is no dead-simple, non-techie friendly way to do so, and so nobody does it.

Requiring ADB to load Android software is going to have the same effect, and it’s poised to severely restrict the amount of good, open software we have on the platform unless we can figure out a way to make installing that software easy enough that even the naive users can do it.