Attributed to Picasso was the notion that when art critics get together they talk about content, style, trend, and meaning; but that when painters get together they talk about where to get the best turpentine. We can extend that sentiment into the digital age by saying that when philosophers get together they talk about ideas, theory, and meaning; but when hackers get together they talk about where to get the best tweezers.
In this video [nanofix] runs us through his collection of tweezers talking about what he likes and doesn’t like for each. If you’re just getting into microsoldering this video will have some tips about where you should start, and if you’ve been soldering tiny stuff for a while you might find some ideas for a helpful new bit of kit, or two.
If you’re interested in tweezers and novel applications you might want to check out “smart” tweezers, which can read capacitance and resistance values on the fly. Or read about a suction based SMD tool, which can securely hold SMD components with less risk of them flying across the bench and disappearing forever into the carpet on the floor.
If there is one thing we took from [azwankhairul345’s] environmental monitor project, it is this: sensors and computing power for such a project are a solved problem. What’s left is how to package it. The solution, in this case, was using recycled plastic containers, and it looks surprisingly effective.
A Raspberry Pi Pico W has the processing capability and connectivity for a project like this. A large power bank battery provides the power. Off-the-shelf sensors for magnetic field (to measure anemometer spins), air quality, temperature, and humidity are easy to acquire. The plastic tub that protects everything also has PVC pipe and plastic covers for the sensors. Those covers look suspiciously like the tops of drink bottles.
We noted that the battery bank inside the instrument doesn’t have a provision for recharging. That means the device will go about two days before needing some sort of maintenance. Depending on your needs, this could be workable, or you might have to come up with an alternative power supply.
This probably won’t perform as well as a Hoffman box-style container, and we’ve seen those crop up, too. There are a number of ways of sealing things against the elements.
The ruling in federal court in Minnesota lands as Immigration and Customs Enforcement faces scrutiny over an internal memo claiming judge-signed warrants aren’t needed to enter homes without consent.
Scammers are increasingly using visually stylized QR codes to deliver phishing links, Help Net Security reports.
QR code phishing (quishing) is already more difficult to detect, since these codes deliver links without a visible URL. Attackers are now using QR codes with colors, shapes, and logos woven into the code’s pattern.
When you spot false or misleading information online, or in a family group chat, how do you respond? For many people, their first impulse is to factcheck – reply with statistics, make a debunking post on social media or point people towards trustworthy sources.
Äike were an Estonian scooter company, which sadly went bust last year. [Rasmus Moorats] has one, and since the app and cloud service the scooter depends on have lost functionality, he decided to reverse engineer it. Along the way he achieved his goal, but found a vulnerability that unlocks all Äike scooters.
The write-up is a tale of app and Bluetooth reverse engineering, ending with the startling revelation of a hardcoded key that’s simply “ffffffffffffffff”. From that he can unlock and interact with any Äike scooter, except for a subset that were used as hire scooters and didn’t have Bluetooth. Perhaps of more legitimate use is the reverse engineering of the scooter functionality.
What do you do when you find a vulnerability in a product whose manufacturer has gone? He reported to the vendor of the IoT module inside the scooter, who responded that the key was a default value that should have been changed by the Äike developers. Good luck, should you own one of these machines.
Life as a startup carmaker is hard—just ask Lucid Motors.
When we met the brand and its prototype Lucid Air sedan in 2017, the company planned to put the first cars in customers' hands within a couple of years. But you know what they say about plans. A lack of funding paused everything until late 2018, when Saudi Arabia's sovereign wealth fund bought itself a stake. A billion dollars meant Lucid could build a factory—at the cost of alienating some former fans because of the source.
Then the pandemic happened, further pushing back timelines as supply shortages took hold. But the Air did go on sale, and it has more recently been joined by the Gravity SUV. There's even a much more affordable midsize SUV in the works called the Earth. Sales more than doubled in 2025, and after spending a week with a model year 2026 Lucid Air Touring, I can understand why.
Red Teaming has become one of the most discussed and misunderstood practices in modern cybersecurity. Many organizations invest heavily in vulnerability scanners and penetration tests, yet breaches continue to happen through paths those tools never simulate. Enterprise leaders now ask a deeper question: “Does our security testing completely reflect how attackers will break in?” This […]
After an Instagram impersonation, Alan Shimel reveals how Meta’s AI moderation dismissed a clear security threat—showing why identity protection is broken.
After the swivel by Helium Inc. towards simply running distributed WiFi hotspots after for years pushing LoRaWAN nodes, much of the associated hardware became effectively obsolete. This led to quite a few of these Nebra LoRa Miners getting sold off, with the [Buy it Fix it] channel being one of those who sought to give these chunks of IP-67-rated computing hardware a new life.
Originally designed to be part of the Helium Network Token (HNT) cryptocurrency mining operation, with users getting rewarded by having these devices operating, they contain fairly off-the-shelf hardware. As can be glanced from e.g. the Sparkfun product page, it’s basically a Raspberry Pi Compute Module 3+ on a breakout board with a RAK 2287 LoRa module. The idea in the video was to convert it into a Meshcore repeater, which ought to be fairly straightforward, one might think.
Unfortunately the unit came with a dead eMMC chip on the compute module, the LoRa module wasn’t compatible with Meshcore, and the Nebra breakout board only covers the first 24 pins of the standard RPi header on its pin header.
The solutions involved using a µSD card for the firmware instead of the eMMC, and doing some creative routing on the bottom of the breakout board to connect the unconnected pins on the breakout’s RPi header to the pins on the compute module’s connector. This way a compatible LoRa module could be placed on this header.
Rather than buying an off-the-shelf LoRa module for the RPi and waiting for delivery, a custom module was assembled from an eByte E22 LoRa module and some stripboard to test whether the contraption would work at all. Fortunately a test of the system as a Meshcore repeater showed that it works as intended, serving as a pretty decent proof-of-concept of how to repurpose those systems from a defunct crypto mining scheme into a typical LoRa repeater, whether Meshcore or equivalent.
A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports.
Threat actors are using bots to post the comments, which impersonate LinkedIn itself and inform the user that their account has been restricted due to policy violations. The comments contain links to supposedly allow the user to appeal the restriction.
Agencies are getting more information on how to implement the recently finalized “rule of many.” The federal hiring strategy, several years in the making, aims to create broader pools of qualified job candidates while adding flexibility for federal hiring managers.
A series of guidance documents the Office of Personnel Management published earlier this month outlined the steps agencies should take to begin using the “rule of many” when hiring. OPM’s new resources also detail how the “rule of many” intersects with other aspects of the federal hiring process, such as shared certificates, skills-based assessments and veterans’ preference.
Under the “rule of many,” federal hiring managers score job candidates on their relevant job skills, then rank the candidates based on those scores. From there, hiring managers can choose one of several options — a cut-off number, score or percentage — to pare down the applicant pool and reach a list of qualified finalists to select from.
OPM’s new guidance comes after the agency finalized regulations last September to officially launch the “rule of many.” The concept was initially included in the fiscal 2019 National Defense Authorization Act, and OPM during the Biden administration proposed regulations on the “rule of many” in 2023.
“Coupled with the use of functional skills assessments … the [rule of many] gives hiring managers the much-needed flexibility to distinguish candidates based on their demonstrated functional merit-based qualifications for the role in question,” OPM Director Scott Kupor wrote in a Sept. 8 blog post, the same day OPM issued the final rule.
The “rule of many” aligns with some aspects of the Trump administration’s merit hiring plan, OPM said, such as using technical assessments and shared certificates. OPM said the “rule of many” in particular aligns with skills-based hiring, since it can expand candidate pools with applicants who have more fitting skillsets.
The “rule of many” also encourages agencies to use more “comprehensive” assessments, like structured interviews or job simulations, OPM said in its new guidance. And it can “support improved hiring outcomes, particularly for nontraditional candidates, veterans and those with varied career paths,” OPM added.
But for many agencies, the actual adoption of the “rule of many” may be put on the back burner, according to Jenny Mattingley, vice president of government affairs at the Partnership for Public Service. She said without enough funding or staffing, agencies are not likely to overhaul their current and already well-established hiring practices in the short term.
“The ‘rule of many’ is a good tool, but until those ingredients are all put together, I don’t think that you’ll see it rolled out immediately,” Mattingley said in an interview.
OPM’s finalization of the “rule of many” last September officially ended agencies’ ability to use the past “rule of three” hiring practice. The older candidate assessment technique already had been largely phased out, but previously restricted agencies to only selecting from the top three ranked applicants.
The “rule of many” also differs from most agencies’ current candidate-vetting technique, called “category rating,” which lets federal hiring managers assort job applicants into categories such as “qualified,” “better qualified,” and “best qualified,” then select a candidate for the job from the highest category.
When “category rating” was introduced years ago, it was an improvement over the “rule of three,” but Kupor said “category rating” created other challenges — namely, that all candidates within a single category would be considered equally qualified.
“In other words, the categories are minimum hurdles for consideration, but they don’t distinguish between applicants within a category,” Kupor said in September. “For example, if a score of 80% is the minimum hurdle to qualify into the ‘best qualified’ category, an applicant who scores 100% is treated no differently than one who scores 80%.”
OPM said in its new guidance that the “rule of many” uses the strengths of “category rating,” while adding flexibility to the process. It also allows for “finer distinctions” between candidates and broadens the range of applicants available for selection.
In most cases, OPM said the “rule of many” is preferable over “category rating.” But there are also best use cases for each hiring mechanism. Higher-level positions with more robust assessments will usually require the finer distinctions between candidates that the “rule of many” provides. But for more entry-level positions that don’t require highly technical qualifications, the “category rating” system may be just as effective.
Adopting the “rule of many” will also require a significant cultural shift at agencies, which the Partnership’s Mattingley said can be difficult. Existing strategies like skills-based hiring have not yet been fully adopted at agencies, which may indicate that the uptake of the “rule of many” will also be slow, she explained.
“Until agencies crack the nut on really leveraging skills-based hiring, I don’t think it’s going to be this big change in the immediate future,” Mattingley said. “You need skills-based hiring in order to leverage the rule of many, because you have to be able to make much finer technical assessments on the skills between candidates if you’re going to rank them in the way rule of many does.”
OPM’s “rule of many” guidance comes a few months after President Donald Trump officially lifted the governmentwide hiring freeze. But the White House has emphasized that when hiring, agencies should still focus on maintaining their now-smaller staffing sizes.
“Hiring is still a big question this year,” Mattingley said. “It does look like the administration is going to encourage agencies to hire, except at the same time, agencies are still facing budget uncertainty. They’re facing downward pressure on headcount.”
Well there’s your problem. (Credit: Mark Funeaux, YouTube)
Akin to the razor-and-blades model, capsule-based coffee machines are an endless grind of overpriced pods and cheaply made machines that you’re supposed to throw out and buy a new one of, just so that you don’t waste all the proprietary pods you still have at home. What this also means is a seemingly endless supply of free broken capsule coffee makers that might be repairable. This is roughly how [Mark Furneaux] got into the habit of obtaining various Nespresso VertuoLine machines for attempted repairs.
The VirtuoLine machines feature the capsule with a bar code printed on the bottom of the lip, requiring the capsule to be spun around so that it can be read by the optical reader. Upon successful reading, the code is passed to the MCU after which the brewing process is either commenced or cruelly halted if the code fails. Two of the Vertuo Next machines that [Mark] got had such capsule reading errors, leading to a full teardown of the first after the scanner board turned out to work fine.
Long story short and many hours of scrubbed footage later, one machine was apparently missing the lens assembly on top of the photo diode and IR LED, while the other simply had these lenses gunked up with spilled coffee. Of course, getting to this lens assembly still required a full machine teardown, making cleaning it an arduous task.
Unfortunately the machine that had the missing lens assembly turned out to have another fault which even after hours of debugging remained elusive, but at least there was one working coffee machine afterwards to make a cup of joe to make [Mark] feel slightly better about his life choices. As for why the lens assembly was missing, it’s quite possible that someone else tried to repair the original fault, didn’t find it, and reassembled the machine without the lens before passing the problem on to the next victim.
A survey by the World Economic Forum (WEF) found that 47% of organizations cite the advancement of adversarial capabilities as their top concern surrounding generative AI.
There was a time when wise older people warned you to check your tire pressure regularly. We never did, and would eventually wind up with a flat or, worse, a blowout. These days, your car will probably warn you when your tires are low. That’s because of a class of devices known as tire pressure monitoring systems (TPMS).
If you are like us, you see some piece of tech like this, and you immediately guess how it probably works. In this case, the obvious guess is sometimes, but not always, correct. There are two different styles that are common, and only one works in the most obvious way.
Obvious Guess
We’d guess that the tire would have a little pressure sensor attached to it that would then wirelessly transmit data. In fact, some do work this way, and that’s known as dTPMS where the “d” stands for direct.
Of course, such a system needs power, and that’s usually in the form of batteries, although there are some that get power wirelessly using an RFID-like system. Anything wireless has to be able to penetrate the steel and rubber in the tire, of course.
But this isn’t always how dTPMS systems worked. In days of old, they used a finicky system involving a coil and a pressure-sensitive diaphragm — more on that later.
TPMS sensor (by [Lumu] CC BY-SA 3.0Many modern systems use iTPMS (indirect). These systems typically work on the idea that a properly inflated tire will have a characteristic rolling radius. Fusing data from the wheel speed sensor, the electronic steering control, and some fancy signal processing, they can deduce if a tire’s radius is off-nominal. Not all systems work exactly the same, but the key idea is that they use non-pressure data to infer the tire’s pressure.
This is cheap and requires no batteries in the tire. However, it isn’t without its problems. It is purely a relative measurement. In practice, you have to inflate your tires, tell the system to calibrate, and then drive around for half an hour or more to let it learn how your tires react to different roads, speeds, and driving styles.
Changes in temperature, like the first cold snap of winter, are notorious for causing these sensors to read flat. If the weather changes and you suddenly have four flat tires, that’s probably what happened. The tires really do lose some pressure as temperatures drop, but because all four change together, the indirect system can’t tell which one is at fault, if any.
History
When the diaphragm senses correct pressure, the sensor forms an LC circuit. Low air pressure causes the diaphragm to open the switch, breaking the circuit.
The first passenger vehicle to offer TPMS was the 1986 Porsche 959. Two sensors made from a diaphragm and a coil are mounted between the wheel and the wheel’s hub. The sensors were on opposite sides of the tire. With sufficient pressure on the diaphragm, an electrical contact was made, changing the coil value, and a stationary coil would detect the sensor as it passed. If the pressure drops, the electrical contact opens, and the coil no longer sees the normal two pulses per rotation. The technique was similar to a grid dip meter measuring an LC resonant circuit. The diaphragm switch would change the LC circuit’s frequency, and the sensing coil could detect that.
If one or two pulses were absent despite the ABS system noting wheel rotation, the car would report low tire pressure. There were some cases of centrifugal force opening the diaphragms at high speed, causing false positives, but for the most part, the system worked. This isn’t exactly iTPMS, but it isn’t quite dTPMS either. The diaphragm does measure pressure in a binary way, but it doesn’t send pressure data in the way a normal dTPMS system does.
Of course, as you can see in the video, the 959 was decidedly a luxury car. It would be 1991 before the US-made Corvette acquired TPMS. The Renault Laguna II in 2000 was the first high-volume car to have similar sensors.
Now They’re Everywhere
In many places, laws were put in place to require TPMS in vehicles. It was also critical for cars that used “run flat” tires. The theory is that you might not notice your run flat tires were actually flat, and while they are, as their name implies, made to run flat, they also require you to limit speed and distance when they are flat.
Old cars or other vehicles that don’t have TPMS can still add it. There are systems that can measure tire pressure and report to a smartphone app. These are, of course, a type of dTPMS.
Problems
Of course, there are always problems. An iTPMS system isn’t really reading the tire pressure, so it can easily get out of calibration. Direct systems need battery changing, which usually means removing the tire, and a good bit of work — watch the video below. That means there is a big tradeoff between sending data with enough power to go through the tire and burning through batteries too fast.
Another issue with dTPMS is that you are broadcasting. That means you have to reject interference from other cars that may also transmit. Because of this, most sensors have a unique ID. This raises privacy concerns, too, since you are sending a uniquely identifiable code.
Of course, your car is probably also beaming Bluetooth signals and who knows what else. Not to even mention what the phone in your car is screaming to the ether. So, in practice, TPMS attacks are probably not a big problem for anyone with normal levels of paranoia.
An iTPMS sensor won’t work on a tire that isn’t moving, so monitoring your spare tire is out. Even dTPMS sensors often stop transmitting when they are not moving to save battery, and that also makes it difficult to monitor the spare tire.
The (Half Right) Obvious Answer
Sometimes, when you think of the “obvious” way something works, you are wrong. In this case, you are half right. TPMS reduces tire wear, prevents accidents that might happen during tire failure, and even saves fuel.
Thanks to this technology, you don’t have to remember to check your tire pressure before a trip. You should, however, probably check the tread.
Why Stitched Together Platforms Quietly Increase Breach Probability In today’s cybersecurity market, nearly every vendor claims to offer an integrated or unified platform. For buyers under pressure to reduce complexity, these promises are appealing. But beneath the marketing language lies a reality that many organizations only discover after a breach: integration does not equal unification.
Login
![[nanofix] and his assortment of tweezers](../themes/icons/grey.gif){kind=icon}
