Friends, I’ve gotten myself into a pickle and I need some help.

A few years back, I decided to get into solar power by building a complete PV system inside a mobile trailer. The rationale for this doesn’t matter for the current discussion, but for the curious, I wrote an article outlining the whole design and build process. Briefly, though, the system has two adjustable PV arrays mounted on the roof and side of a small cargo trailer, with an integrated solar inverter-charger and a 10-kWh LiFePO₄ battery bank on the inside, along with all the usual switching and circuit protection stuff.

It’s pretty cool, if I do say so myself, and literally every word I’ve written for Hackaday since sometime in 2023 has been on a computer powered by that trailer. I must have built it pretty well, because it’s been largely hands-off since then, requiring very little maintenance. And therein lies the root of my current conundrum.

Spicy Pillows

I generally only go in the trailer once a month or so, just to check things over and make sure no critters — or squatters — have taken up residence. Apparently, my inspections had become somewhat cursory, because somehow I had managed to overlook a major problem brewing:

This is one of two homebrew server rack battery modules I used in the trailer’s first battery bank. The LG-branded modules were removed from service and sold second-hand by Battery Hookup; I stripped the proprietary management cards out of the packs and installed a 100-amp BMS, plus the comically oversized junction box for wiring. They worked pretty well for a couple of months, but I eventually got enough money together to buy a pair of larger, new-manufacture server-rack modules from Ruixu, and I disconnected the DIY batteries and put them aside in the trailer.

Glass Houses

As for what happened to these batteries (while not as dramatic, the case on the other one is obviously swelling, too), I’m not sure. There was no chance for physical damage inside the trailer, and neither battery was dropped or penetrated. Whatever happened must have been caused by normal aging of the 28 pouch cells within, or possibly the thermal swings inside the trailer.

Either way, some of the pouches have obviously transformed into “spicy pillows” thanks to the chemical decomposition of their electrodes and electrolytes, creating CO₂ and CO gas under enough pressure to deform the 14-gauge steel case of the modules. It’s a pretty impressive display of power when you think about it, and downright terrifying.

I know that posting this is likely going to open me up to considerable criticism in the comments, much of it deserved. I was clearly negligent here, at least in how I chose to store these batteries once I removed them from service. You can also ding me for trying to save a few bucks by buying second-hand batteries and modifying them myself, but let those of you who have never shaken hands with danger cast the first stone.

To my credit, I did mention in my original write-up that, “While these batteries work fine for what they are, I have to admit that their homebrew nature gnawed at me. The idea that a simple wiring mistake could result in a fire that would destroy years of hard work was hard to handle.” But really, the risk posed by these batteries, not just to the years of work I put into the trailer, but also the fire danger to my garage and my neighbor’s boat, camper, and truck, all of which are close to the trailer, makes me a little queasy when I think about it.

Your Turn

That’s all well and good, but the question remains: what do I do with these batteries now? To address the immediate safety concerns, I placed them at my local “Pole of Inaccessibility,” the point in my backyard that’s farthest from anything that might burn. This is a temporary move until I can figure out a way to recycle them. While my city does have battery recycling, I’m pretty sure they’d balk at accepting 90-pound server batteries even if they were brand new. With obvious deformities, they’ll probably at least tell me to get lost; at worst, they’d call the hazmat unit on me. The Environmental Protection Agency has a program for battery recycling, but that’s geared to consumers disposing of a few alkaline cells or maybe the dead pack from a Ryobi drill. Good luck getting them to accept these monsters.

How would you handle this? Bear in mind that I won’t entertain illegal options such as an unfortunate boating accident or “dig deep and shut up,” at least not publicly. But if you have any other ideas, we’d love to hear them. More generally, what’s your retirement plan for lithium batteries look like? With the increased availability of used batteries from wrecked EVs or even e-bike and scooter batteries, it’s a question that many of us will face eventually. If you’ve already run up against this problem, we’d love to hear how you handled it. Sound off in the comments below.

After a quiet week in the news cycle, surveillance concern Flock jumped right back in with both feet, announcing a strategic partnership with Amazon’s Ring to integrate that company’s network of doorbell cameras into one all-seeing digital panopticon. Previously, we’d covered both Flock’s “UAVs as a service” model for combating retail theft from above, as well as the somewhat grassroots effort to fight back at the company’s wide-ranging network of license plate reader cameras. The Ring deal is not quite as “in your face” as drones chasing shoplifters, but it’s perhaps a bit more alarming, as it gives U.S. law enforcement agencies easy access to the Ring Community Request program directly through the Flock software that they (probably) already use.

In the event of a crime, police can use the integration to easily blast out a request for footage to Ring owners in the vicinity. The request is supposed to contain details of the alleged crime, including its time and location. Owners are free to comply with the request or ignore it at their discretion, and there is supposed to be no way for the police to track who declines a request, theoretically eliminating the potential for retaliation. On the one hand, we see the benefit of ready access to footage that might be needed quickly to catch a suspect or solve a crime. But on the other hand, it just seems like there’s nowhere you can go anymore where there isn’t a camera ready to be used against you.

Remember “Solar Freakin’ Roadways”? We sure do, and even though the idea of reconfigurable self-powered paving tiles didn’t seem to be going anywhere the last time we checked, we always did like the idea of self-lighted roads. But pluggable modules with solar panels and LEDs built to withstand being run over by cars and trucks and the rigors of Mother Nature might be a more complicated way to go about it than, say, painting the road with glow-in-the-dark paint. Unfortunately, that doesn’t seem to work much better, as revealed by a recent trial in Malaysia.

Admittedly, the trail was limited; a mere 245 meters of rural roadway received the phosphorescent paint markings. The paint absorbed light during the day and emitted a soft green glow at night, to the delight of drivers who praised its visibility. For a while, at least, because within a year or so, the paint had lost most of its power. At 20 times the cost of normal roadway marking paint, it wasn’t cheap either, probably thanks to the europium-doped strontium aluminate compounds that gave it its glow. It’s too bad the trial didn’t work out, because the markings looked fantastic.

You’ve heard about Power-over-Ethernet, but how about Power-over-Skin? The idea comes from a group at Carnegie-Mellon University, and is aimed at powering a network of battery-free wearables using the surface of the skin as the only conductor. To make it work, the researchers use a 40-MHz RF transmitter that’s kept in the user’s pocket and couples with the skin even through layers of fabric. Devices on the user’s skin can pick up the signal through a tuned circuit and rectify it to power a microcontroller. The 40-MHz frequency was selected in part because it offers head-to-toe coverage, but also because it’s too high to cause potentially painful “muscle activation” or local heating. Talk about your skin effect!

If you currently crave a trip to one of the many national parks or monuments in the United States, you might want to hold off until the government shutdown is resolved. Until then, you’ll have to be content with virtual tours such as this one for the Hanford B Reactor site, which, along with Los Alamos in New Mexico and Oakridge in Tennessee, is part of the Manhattan Project National Historic Park. The virtual tour is pretty cool, and everything inside the reactor building, from the sickly green paint to the mid-century furniture, seems to have been restored to what it would have looked like in the 1940s. The Fallout-esque control room is a treat, too. But alas, there’s no virtual gift shop on the way out.

And finally, a bit of electronics history with this fascinating video about how early home computers glitched their way into displaying color. On paper, the video interface on the TRS-80 Color Computer was only capable of generating a monochrome signal. But according to Coco Town, a carefully crafted monochrome signal could convince an analog NTSC television to display not only white pixels but also red and blue, or blue and red, depending on when you hit the reset button. It’s an interesting trip through the details of color TV, and the way that the standard was exploited to make color graphics on the cheap is truly a hack worth understanding. Enjoy!

If you’ve been following the hubbub about 3I/ATLAS, you’re probably either in the camp that thinks it’s just a comet from ridiculously far away that’s managed to find its way into our solar system, or you’re preparing for an alien invasion. (Lukewarm take: it’s just a fast moving comet.) But that doesn’t stop it from being interesting – its relatively fast speed and odd trajectory make astronomers wonder where it’s coming from, and give us clues about how old it is likely to be.

Astronomy is the odd-man-out in the natural sciences. In most branches of physics, chemistry, and even biology, you can run experiments. Even those non-experimental corners of the above fields, like botany, for instance, you can get your hands on the objects you’re talking about. Not so astronomy. When I was studying in college, one of my professors quipped that astronomers were pretty happy when they could hammer down a value within an order of magnitude, and ecstatic when they could get a factor of two or three. The deck is simply stacked against them.

With that background, I love two recent papers about 3I/ATLAS. The first tries to figure out why it’s moving so fast by figuring out if it’s been going that fast since its sun kicked it out, or if it has picked up a gravitational boost along the way. While they can’t go all the way back in time, they’ve worked out whether it has flown by anything close enough to get a significant boost over the last 10 million years. This is impressive that we can calculate the trajectory so far back, but at the same time, 10 million years is peanuts on the cosmic timescale.

According to another paper, there is a weak relationship between interstellar objects’ age and their velocity, with faster-moving rocks being older, they can estimate the age of 3I/ATLAS at between 7.6 and 14 billion years old, assuming no gravitational boosts along the way. While an age range of 7 billion years may seem like a lot, that’s only a factor of two. A winner for astronomy!

Snarkiness aside, its old age does make a testable prediction, namely that it should be relatively full of water ice. So as 3I/ATLAS comes closer to the sun in the next few weeks, we’ll either see it spitting off lots of water vapor, and the age prediction checks out, or we won’t, and they’ll need to figure out why.

Whatever happens, I appreciate how astronomers aren’t afraid to outline what they can’t know – orbital dynamics further back than a certain date, or the precise age of rocks based solely on their velocity. Most have also been cautious about calling the comet a spaceship. On the other hand, if it is, one thing’s for sure: after a longer-than-10-million-year road trip, whoever is on board that thing is going to be hungry.

It was Elliot and Dan on the podcast today, taking a look at the best the week had to offer in terms of your hacks. We started with surprising news about the rapidly approaching Supercon keynote; no spoilers, but Star Trek fans such as we who don’t have tickets will be greatly disappointed.

Elliot waxed on about taking the poop out of your prints (not pants), Dan got into a camera that adds a dimension to its images, and we both delighted in the inner workings of an air-powered squishy robot.

Questions? We’ve got plenty. Is it possible to take an X-ray without an X-ray tube? Or X-rays, for that matter? Did Lucille Ball crack a spy ring with her fillings? Is Algol set to take over the world? What’s inside a germanium transistor? How does a flipping fish say Happy Birthday? And how far down the Meshtastic rabbit hole did our own Tom Nardi fall? Tune in to find out the answers.

Download this free-range, cruelty-free MP3.

Episode 342 Show Notes:

News:

• 2025 Hackaday Supercon: Crafting The Final Frontier Keynote Event

What’s that Sound?

• Congrats to [James Barker] for picking the sound of a rake!

Interesting Hacks of the Week:

• SLM Co-extruding Hotend Makes Poopless Prints
  • I built a rotating mixing nozzle to print with different colors
  • 3D Printer with “rotating nozzle”
  • GitHub – Heinz-Loepmeier/nozzleboss
  • Waterjet-Cut Precision Pastry
• Waverider: Scanning Spectra One Pixel At A Time
  • Pi-Based Spectrometer Puts The Complexity In The Software
• More Than 100 Sub-Circuit Designs From Texas Instruments
• The Singing Dentures Of Manchester And Other Places
  • Hackaday Links: March 31, 2024 (Last item)
  • More Power: Powel Crosley And The Cincinnati Flamethrower
• Printing An Air-Powered Integrated Circuit For Squishy Robots
• Tubeless X-Ray Runs On Patience
  • This Scratch-Built X-Ray Tube Really Shines
  • To See Within: Making Medical X-rays

Quick Hacks:

• Elliot’s Picks
  • Could This Be The Year Of Algol?
  • How Bad Can A Cheap Knockoff ADS1115 ADC Be?
  • RFIDisk: When Floppy Drives Go Contactless
  • Attack Turns Mouse Into Microphone
• Dan’s Picks:
  • Toasty Subwoofer Limps Back To Life
  • Inside A Germanium Transistor
  • Billy Bass Gets New Job As A Voice Assistant

Can’t-Miss Articles:

• Rubik’s WOWCube: What Really Makes A Toy?
• Meshtastic: A Tale Of Two Cities

F5 is unintentionally dabbling in releasing the source code behind their BIG-IP networking gear, announcing this week that an unknown threat actor had access to their internal vulnerability and code tracking systems. This security breach was discovered on August 9th, and in the time since, F5 has engaged with CrowdStrike, Mandiant, and NCC Group to review what happened.

So far it appears that the worst result is access to unreleased vulnerabilities in the F5 knowledge management system. This means that any unpatched vulnerabilities were effectively 0-days, though the latest set of patches for the BIG-IP system has fixed those flaws. There aren’t any reports of those vulnerabilities being exploited in the wild, and F5 has stated that none of the leaked vulnerabilities were critical or allowed for remote exploitation.

Slightly more worrying is that this access included the product development environment. The problem there isn’t particularly the leak of the source code — one of the covered projects is NGINX, which is already open source software. The real danger is that changes could have been surreptitiously added to those codebases. The fact that NGINX is Open Source goes a long way to alleviate that danger, and when combined with the security built into tools like git, it seems very unlikely that malicious code could be sneaked into the NGINX public code base. A thorough review of the rest of the F5 codebases has similarly come up negative, and so far it looks like the supply-chain bullet has been dodged.

WatchGuard Out of Bounds

WatchGuard’s Fireware OS has a stack buffer overflow. There’s a few interesting details about this story. The first, as WatchTowr researchers gleefully point out, is that it’s 2025 and a security vendor has a stack overflow bug straight out of the ’90s. But second, this is one of the first vulnerabilities we’ve covered that has a CVSS 4.0 score. In CVSS 3 terms, this would be a severity 10 vulnerability. As the the 4th iteration of the Common Vulnerability Scoring System also measures the impact on the rest of the network, it scores a bit lower 9.3 there, though one could probably make an argument that it should be higher.

The actual vulnerability is in the VPN service, and it’s as simple as it gets. An attacker controlled buffer is copied into a fixed length memory region without any bounds checking. That VPN service uses an IKEv2 handshake protocol to establish connections, and the server responds with an odd Base64 encoded string. Decode the string, and it turns out the vulnerable service announces VN=12.11.3 BN=719894, the version number and build string, allowing for super easy identification of vulnerable targets.

The final step in turning this into a true vulnerability is to corrupt the stack, take control of the program counter, and Return-Oriented-Program your way through a couple gadgets to be able to call system(). Right? This platform doesn’t turn on every mitigation — stack canaries and position independent execution are noticeably missing. But there are some good hardening steps that were done, like leaving out /bin/sh altogether. How do you run shellcode when the machine doesn’t have a shell at all? The answer the WatchTowr crew turned to was to run the system code in the Python3 shell. Thinking outside the box!

Sonicwall and Unintentional Distributed Backups

About a month ago, we shared the news that Sonicwall had a breach of their own, with limited customers backups being exposed. At the time, the word was that fewer than 5% of customers would be affected. That estimate seems to have been a bit optimistic, as SonicWall is now recommending that all customers step through their new remediation playbook, which calls for a complete cycling of all credentials stored on Sonicwall devices.

It’s unclear if this is because more configuration data was accessible than was previously believed, or because attackers are actively using the pilfered data in attacks against SonicWall customers. The unintentional distribution of system backups turns out not to have been a good strategy.

UEFI Backdoor

UEFI and Secure Boot have been viewed with skepticism, particularly by Linux enthusiasts over the years. There is, however, something to be said for the idea that your computer won’t boot a manipulated OS without your permission, and especially since major Linux distros have access to signed Secure Boot keys, it hasn’t been the dystopian disaster that many of us feared. The security question of the UEFI root of trust has had its own problems, and one of those problems has recently bitten Framework laptops. The issue is the mm (Memory Modify) command that can optionally be built into UEFI shells. This is strictly for debugging purposes, and it’s been discovered that allowing arbitrary access to system memory is not great for system security.

Eclypsium researchers are calling this one BombShell, and it boils down to overwriting the security handler pointer in the UEFI firmware, so all Secure Boot checks are disabled. It seems that this level of tampering is invisible to the system and booted OS. And with just a bit of cleverness, it can be injected as a permanent boot payload. While it’s specifically Framework laptops that are in question with this specific disclosure, it’s not strictly a Framework issue, but can affect any UEFI machine that ships a signed UEFI shell, that includes dangerous commands like mm.

Hack a Car Company, and All the Cars

We have a delightful hack from Def Con 33, where an as-of-yet-unnamed car brand had a couple security problems with their admin web portal, and those problems are pretty serious when put together. First, the invite-only dealer portal didn’t actually verify the invite tokens. And second, when creating an account, the back-end didn’t actually check the account creation details. Meaning that anyone that knew where to look could create an admin account.

The result was that a VIN number could be used to look up a car, and the owner’s details could be accessed. Or the system could be searched via owner’s information, to find vehicle information. It allowed transferring authentication of one of the vehicles to a new mobile app account, and the mobile app could be used to unlock the vehicle.

Windows 10

It’s time to turn out the lights, the party is over. The sun has set and Windows 10 has entered its twilight. The advice from every other legacy OS applies: upgrade if you can. Yes, there are some frustrating problems with upgrading to Windows 11, particularly if your machine is just too old to have a TPM or Secure Boot.

If you’re stuck on Windows 10, there’s good news and bad news. The good news is that Microsoft is making security updates available for free, for many computers, if you use a Microsoft account on the machine. The bad news is that those updates are a monthly trickle of fresh vulnerabilities that some machines just won’t ever get patched for.

Bits and Bytes

What do you do when you’re flying, and you’re too cheap frugal to pay for in-flight wifi? Naturally, find some way to tunnel out for free. The key is usually DNS. It’s probably the inverse of the meme, that the problem is always DNS, as that’s the last thing a security hardening team wants to break. And if that won’t work, there’s always MAC address cloning.

Many a pen test has hit a brick wall when faced with a gRPC endpoint. Google’s Remote Procedure Call framework is binary, and without reflection turned on, extremely difficult to map what calls are available. There’s a new tool, grpc-scan, that just might shed some light on the subject. It’s a combination of common design patterns, and carefully parsing the returned errors to learn about the system.

And finally, where’s the most bulletproof place you can host some malicious code? A server in Russia? Apparently it’s now on the blockchain. This isn’t a theoretical attack from a security thinktank, but a real-world malware campaign believed to originate from North Korean hackers. Yet another red flag to watch out for in smart contracts!

Make no mistake, just getting a hacker con off the ground is a considerable challenge. But the really hard part comes after. To be more than a one-off success story, you’ve got to expand the event year after year in a manageable way. Go too slow, and attendees might lose interest. Move too fast, and you run the risk of going broke if your ticket sales don’t keep up with your ambitions.

Luckily for hackers living in the Philadelphia area, the folks behind JawnCon have once again demonstrated they’re able to thread the needle. While the ticket price remained the same as in 2024, this year an additional track of talks was introduced as well as expanded activities throughout the con. Even though it only wrapped this past weekend, there’s already buzz about what the event will look like in 2026.

Until then, let’s take a look at some of the projects that were on display at this year’s JawnCon. If it’s the talks you’re after, they’ll be edited and uploaded to the event’s YouTube page in the near future. In the meantime, the Friday and Saturday live streams are still available.

Meshtastic Spreads its Web

While it wasn’t officially part of JawnCon’s considerable network infrastructure playground, Meshtastic ended up being a big part of the two-day event. Members of Philly Mesh had a table where they were showing off a wide array of commercial and DIY nodes, the crew behind the Hacker Pager were offering up a special edition of the faux-retro portable communicator, and it seemed like every other attendee had brought their own mesh-capable gadget with them.

The end result was easily the most active Meshtastic environment I’ve ever personally found myself in. Wandering the con venue you could expect to see more than 100 individual nodes in the area, with the majority of them happily chattering away. Even during the off-hours on Friday and Saturday night, there was still plenty of mesh activity between the two main hotels where many of the attendees were staying.

Having a relatively active mesh added a new dynamic to the con. Occasionally, pieces of real-time information would make its way through the net, such as what time the nearby cafe was opening, or which talk was currently taking place. A few times it allowed for quick response to semi-emergencies, such as when some hackers which shall remain nameless ended up causing a minor spill, and found themselves in need of cleaning supplies.

It also provided even more data to pore over — since the con wrapped, an SQLite database containing every packet that went through the mesh has been floating around for anyone who wants to analyze it. Hope nobody said anything they’ll regret…

Wardrive All the Things

This year, [BusySignal] returned with another big box of radio hardware. Unlike the impressive wardriving rig he showed off during the first JawnCon, this new build isn’t limited to just WiFi and Bluetooth. The concept has now evolved to include other wireless signals thanks to a bank of software-defined radios (SDRs), ranging from a handful of RTL-SDRs for the easy stuff like 433 MHz wireless sensors, and a HackRF for when things get a bit more serious.

The rig, enclosed in a rugged orange case and powered by batteries, exists at least in part so that [BusySignal] can show off the considerable capabilities of Kismet. He argues that the open source wireless sniffing suite is capable of much more than casual users may realize, and wants to inspire developers and hackers to add new protocols to the already impressive array of signals that it’s able to ingest and display.

This exploration of Kismet’s capabilities was the subject of his Friday talk, Get More Radio Frequency Curious. Definitely one to keep an eye out for when the edited talks start hitting the JawnCon YouTube channel.

GameTank Comes Out to Play

Tucked away in one corner of the chill out area was an 8-bit game system that the passerby might have thought was a relic from the 1980s. But on closer inspection, its 3D printed shell quickly gives away the fact that is no classic machine.

The GameTank is an open source hardware retroconsole designed around the 6502, more specifically, the modern W65C02S variant. Clyde Shaffer created the system in the spirit of other fantasy consoles like the Pico-8, with the key difference being that he started from the physical console and worked his way forward from there. It features a modernized development and debugging environment for both C and Rust, including an emulator that will run on Windows, Linux, Mac OS. In fact, if you can take a hit to the performance, the emulator can even run right in the web browser — making it easy to check out the GameTank’s library of games.

We’ve actually covered the GameTank here on Hackaday in the past, but seeing it in person, you really appreciate all the little details. The cartridges specifically are a very nice touch. Of course, we know that a single modern SPI flash chip could  allow the GameTank to hold hundreds (if not thousands) of games internally. Yet there’s just something so nostalgic about rummaging through pile of cartridges, searching for a particular game, and then slamming it home into the console.

But is it any fun to play? To that end, I’m happy to say it passed the test with a few of the kids that ended up coming to JawnCon with their parents. I overheard someone at the lock picking table saying that their son had abandoned his expensive Nintendo Switch on the table in favor of pulling up a chair to the GameTank and basking in its CRT glory. Maybe the kids will be alright after all.

The Next Jawneration

It’s obviously very early to predict what the next JawnCon will look like. After all, a lot can happen in the next 359 days.

But having had the good fortune to attend all three of these events and see its trajectory, I can say in my mumble opinion that JawnCon is approaching an inflection point of sorts. While the area of Arcadia University that’s been made available for the con since its inception has never been particularly large, this was the first year it actually started to feel small. It’s no exaggeration to say that on several occasions, I struggled to find a surface flat enough to put my laptop down — whether it was lock picks, stickers, payphones, or even just cabling — literally every table in the room had something on it.

Of course, this isn’t necessarily a bad thing. If the worst that can be said about a hacker con was that it had a lot of people and so much interesting stuff on display that you couldn’t find a place to sit down, count me in. But in the same way keeping a plant in a pot that’s too small can stunt its growth, I think JawnCon will need to find a way to stretch its legs if it’s to remain healthy over the long term.

That being said, I plan on being there in 2026, and if you’re in the Philadelphia area, so you should you. Even if it means we might have to take turns sitting in each other’s laps.

This week Jonathan talks to James Cole about Firefly III, the personal finance manager! This one itches James’ own itch, but brings great visualization and management tools for your personal finances!

• https://www.firefly-iii.org/
• https://docs.firefly-iii.org/?mtm_campaign=firefly-iii-org&mtm_kwd=top-link
• https://github.com/firefly-iii/firefly-iii/

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License