[Georges Gagnerot] has been trying to emulate iOS and run iPhone software in a virtual environment. There were a few choices, and qemu-t8030 had a number of interesting features that you can check out in his post.

The project requires a patched QEMU, and [Georges] did some basic jailbreaking techniques. The real problem, of course, was not having the Apple Silicon GPU. Older versions of iOS let you select software rendering, but that option is gone on newer versions. However, it was possible to patch the phone to still use software rendering. There are still apps that directly use Metal or OpenGL that won’t run, but that’s another problem.

There is a plan to explore forwarding GPU calls to a real device. However, that seems difficult so it will have to wait for now.

That wasn’t the last problem, of course. But the post gives you a great view into the detective work. There is still work to go, but it looks like a lot of progress.

You can find the t8030 code on GitHub. Most of the iPhone hacking we see is hardware even if it means cutting the screen.

It’s been 30 years since Windows 95 launched. [Ms-Dos5] and [Commodore Z] are celebrating with an epic exhibit at VCF East 2025.  They had no fewer than nine computers — all period-correct machines running versions of Windows 95. The pictures don’t do it justice, so if you are near Wall, NJ, on Sunday, April 5, 2025, definitely go check out this and the rest of the exhibits at VCF.

An exhibit like this isn’t thrown together overnight.  [Commodore Z] and [Ms-Dos5] worked for months to assemble the right mix of desktops, laptops, and prehiperals to showcase Windows 95. Many of the computers are networked as well – which was no easy task. One particular Thinkpad 760e required pliers and force to remove a stuck PCMCIA modem card. After a struggle that was ultimately destructive to the card, the pair determined it was stuck due to a sticker that had effectively glued the card into the laptop. As the sticker finally gave up, the card popped itself out of the laptop.

Hardware isn’t the only story of this Windows 95 exhibit. An operating system is software, after all. The team has plenty of software running. Some highlights are Kidpix, MS-paint, Lego Island, LucasArts Full Throttle, Duke Nukem 3D, Word 97, and Space Cadet Pinball, which came with the Plus! expansion pack.  There is a huge array of original boxes for Windows 95 software. It’s a nostalgia trip to see software in boxes,  especially in all those bright 90’s colors.

The various versions of Windows 95 are also represented. [Ms-Dos5] and [Commodore Z] are running all major versions from Chicago beta 73g to Windows 95 C / OSR2.5.

If you’re old enough to remember 1995, the Windows 95 launch event was a big deal. Windows 3.0 series was five years old at that point.  Millions of people owned PC compatible computers and were ready for something new and flashy, and Windows 95 delivered.  Thanks to [Commodore Z] and [Ms-Dos5] keeping this bit of internet history alive.

The F-number of a photographic lens is a measure of its light-gathering ability, and is expressed as its aperture diameter divided by its focal length. Lenses with low F-numbers are prized by photographers for their properties, but are usually expensive because making a good one can be something of a challenge. Nevertheless [Rulof] is giving it a go, making an 80mm F0.5 lens with a Sony E-mount. The video below the break has all the details, and also serves as a fascinating primer on lens design if you are interested.

Rather than taking individual lenses, he’s starting with the second-hand lens from an old projector. It’s got the required huge aperture, but it’s by no means a photographic lens. An interesting component is his choice of diaphragm for the variable aperture, it’s a drafting aid for drawing circles which closely resembles a photographic part. This is coupled with the triplet from an old SLR lens in a 3D-printed enclosure, and the result is a lens that works even if it may not be the best. We know from experiences playing with lens systems that adjusting the various components of a compound lens like this one can be very difficult; we can see it has the much sought-after bokeh or blurred background, but it lacks sharpness.

Perhaps because a camera is an expensive purchase, we don’t see as much of this kind of hacking as we’d like. That’s not to say that lenses don’t sometimes make their way here.

[Ben Eater]’s breadboard 6502 computer is no stranger to these parts, so it was a bit of a surprise that when [Mark] wrote in asking us if we’d covered [Ben]’s getting MS BASIC running on the breadboard, that our answer was “no”. Well, that changes today!

This is a three-part video series, documenting how [Ben Eater] ports a 1977 version of MS BASIC to his 6502-based computer. The first video is all about just getting the BASIC up and working. It’s full of detail about how MS BASIC adapts to different architectures on the inside, and [Ben] essentially defines his own along the way.

Once he has BASIC working, the next two videos are about making it work not just with the serial terminal that he has attached, but also with the LCD display peripheral he has plugged into the breadboard. BASIC fans will not be surprised to see that it’s all about using POKE. But that ends up being to slow, so he extends it out with his own LCDPRINT command written in assembly.

Now that he can write a character to the LCD, he wants to be able to pass it a string: LCDPRINT “Hello world”. But that requires his command to be able to parse a string, and this has him diving down the rabbit hole into how MS BASIC parses strings, handles evals, and so on. If you want to know how MS BASIC works on the inside, this is the video for you. This video makes a lot of use of wozmon, which seems an almost ideal tool for this kind of low-level poking around.

All of this is done in [Ben]’s very well rehearsed, accessible, but pulling-no-punches style. Get ready to nerd out. All three of the videos are embedded just below the break.

While it’s not the Altair BASIC that Bill himself was writing about last week, it’s probably a direct descendent, and reading about the Altair version was what spurred [Mark Stevens] to send us the tip. Thanks!

If you think of records as platters, you are of a certain age. If you don’t remember records at all, you are even younger. But there was a time when audio records were not flat — they were drums, which was how the original Edison phonograph worked. [Our Own Devices] did a video earlier showing one of these devices, but since it was in a museum, he didn’t get to open it up. Lucky for us, he now has one of his own, and we get to see inside in the video below.

Ironically, Edison was deaf yet still invented the phonograph. While he did create the working phonograph — his self-identified most important invention — the original invention wasn’t commercially viable. You could record and playback audio on tin foil wrapped around a drum. But you couldn’t remove the foil without destroying it.

Edison was busy, but another inventor related to Bell created a similar system that used wax cylinders instead of foil. Edison’s vision for his invention didn’t include popular music, which hurt sales.

If you want to skip the history lesson — although it is well worth watching — you can skip to the 9-minute mark. You can hear the machine play and then see the box come off.

Oddly, people were recording things before they were able to play them back. Keeping a machine like this running can be quite a challenge.

If you’re living your life right, you probably know what as MOSFET is. But do you know the MESFET? They are like the faster, uninsulated, Schottky version of a MOSFET, and they used to rule the roost in radio-frequency (RF) silicon. But if you’re like us, and you have never heard of a MESFET, then give this phenomenal video by [Asianometry] a watch. In it, among other things, he explains how the shrinking feature size in CMOS made RF chips cheap, which brought you the modern cellphone as we know it.

The basic overview is that in the 1960s, most high-frequency stuff had to be done with discrete parts because the bipolar-junction semiconductors of the time were just too slow. At this time, MOSFETs were just becoming manufacturable, but were even slower still. The MESFET, without its insulating oxide layer between the metal and the silicon, had less capacitance, and switched faster. When silicon feature sizes got small enough that you could do gigahertz work with them, the MESFET was the tech of choice.

As late as the 1980s, you’d find MESFETs in radio devices. At this time, the feature size of the gates and the thickness of the oxide layer in MOSFETs kept them out of the game. But as CPU manufacturers pushed CMOS theses features smaller, not only did we get chips like the 8086 and 80386, two of Intel’s earliest CMOS designs, but the tech started getting fast enough for RF. And the world never looked back.

If you’re interested in the history of the modern monolithic RF ICs, definitely give the 18-minute video a watch. (You can skip the first three or so if you’re already a radio head.) If you just want to build some radio circuits, this fantastic talk from [Michael Ossmann] at the first-ever Supercon will make you an RF design hero. His secrets? Among them, making the most of exactly these modern everything-in-one-chip RF ICs so that you don’t have to think about that side of things too hard.

Thanks [Stephen] for the tip!

Meet the little board that could: [alcor6502]’s tiny USB relay controller, now evolved into a multifunction marvel. Originally built as a simple USB relay to probe the boundaries of JLCPCB’s production chops, it has become a compact utility belt for any hacker’s desk drawer. Not only has [alcor6502] actually built the thing, he even provided intstructions. If you happened to be at Hackaday in Berlin, you now might even own one, as he handed out twenty of them during his visit. If not, read on and build it yourself.

This thing is not just a relay, and that is what makes it special. Depending on a few solder bridges and minimal components, it shape-shifts into six different tools: a fan controller (both 3- and 4-pin!), servo driver, UART interface, and of course, the classic relay. It even swaps out a crystal oscillator for USB self-sync using STM32F042‘s internal RC – no quartz, less cost, same precision. A dual-purpose BOOT0 button lets you flash firmware and toggle outputs, depending on timing. Clever reuse, just like our mothers taught us.

It’s the kind of design that makes you want to tinker again. Fewer parts. More function. And that little smile when it just works. If this kind of clever compactness excites you too, read [alcor6502]’s build log and instructions here.

Usually when we talk about retrocomputing, we want to look at — and in — some old hardware. But [Z→Z] has a different approach: dissecting MacPaint, the Apple drawing program from the 1980s.

While the program looks antiquated by today’s standards, it was pretty hot stuff back in the day. Things we take for granted today were big deals at the time. For example, being able to erase a part of something you drew prompted applause at an early public demo.

We enjoyed the way the program was tested, too. A software “monkey” was made to type keys, move things, and click menus randomly. The teardown continues with a look inside the Pascal and assembly code with interesting algorithms like how the code would fill an area with color.

The program has been called “beautifully organized,” and [Z→Z] examines that assertion. Maybe the brilliance of it has been overstated, but it did work and it did influence many computer graphics programs over the years.

We love digging through old source code. Even old games. If you do your own teardowns, be sure to send us a tip.

[Antoine Pirrone] and [Grégoire Passault] are making a DIY miniature re-imagining of Disney’s BDX droid design, and while it’s still early, there is definitely a lot of progress to see. Known as the Open Duck Mini v2 and coming in at a little over 40 cm tall, the project is expected to have a total cost of around 400 USD.

Bipedal robots are uncommon, and back in the day they were downright rare. One reason is that the state of controlled falling that makes up a walking gait isn’t exactly a plug-and-play feature.

Walking robots are much more common now, but gait control for legged robots is still a big design hurdle. This goes double for bipeds. That brings us to one of the interesting things about the Open Duck Mini v2: computer simulation of the design is playing a big role in bringing the project into reality.

It’s a work in progress but the repository collects all the design details and resources you could want, including CAD files, code, current bill of materials, and links to a Discord community. Hardware-wise, the main work is being done with very accessible parts: Raspberry Pi Zero 2W, fairly ordinary hobby servos, and an BNO055-based absolute orientation IMU.

So, how far along is the project? Open Duck Mini v2 is already waddling nicely and can remain impressively stable when shoved! (A “testing purposes” shove, anyway. Not a “kid being kinda mean to your robot” shove.)

Check out the videos to see it in action, and if you end up making your own, we want to hear about it, so remember to send us a tip!

We’ve seen a Linux-based operating system made to run on some widely varying pieces of hardware over the years, but [Dimity Grinberg]’s latest project may be one of the most unusual. It’s a PCB with 3 integrated circuits on it which doesn’t seem too interesting at first, but what makes it special is that all three of those chips are in 8-pin SOIC packages. How on earth can Linux run on 8-pin devices? The answer lies as you might expect, in emulation.

Two of the chips are easy to spot, a USB-to-serial chip and an SPI RAM chip. The processor is an STM32G0 series device, which packs a pretty fast ARM Cortex M0+ core. This runs a MIPS emulator that we’ve seen on a previous project, which is ripe for overclocking. At a 148 MHz clock it’s equivalent to a MIPS running at about 1.4 MHz, which is just about usable. Given that the OS in question is a full-featured Debian, it’s not running some special take on Linux for speed, either.

We like some of the hardware hacks needed to get serial, memory, and SD card, onto so few pins. The SD and serial share the same pins, with a filter in place to remove the high-frequency SPI traffic from the low-frequency serial traffic. We’re not entirely sure what use this machine could be put to, but it remains an impressive piece of work.

If you flew or drove anything remote controlled until the last few years, chances are very good that you’d be using some faceless corporation’s equipment and radio protocols. But recently, open-source options have taken over the market, at least among the enthusiast core who are into squeezing every last bit of performance out of their gear. So why not take it one step further and roll your own complete system?

Apparently, that’s what [Malcolm Messiter] was thinking when, during the COVID lockdowns, he started his own RC project that he’s calling LockDownRadioControl. The result covers the entire stack, from the protocol to the transmitter and receiver hardware, even to the software that runs it all. The 3D-printed remote sports a Teensy 4.1 and off-the-shelf radio modules on the inside, and premium FrSky hardware on the outside. He’s even got an extensive folder of sound effects that the controller can play to alert you. It’s very complete. Heck, the transmitter even has a game of Pong implemented so that you can keep yourself amused when it’s too rainy to go flying.

Of course, as we alluded to in the beginning, there is a healthy commercial infrastructure and community around other open-source RC projects, namely ExpressLRS and OpenTX, and you can buy gear that runs those software straight out of the box, but it never hurts to have alternatives. And nothing is easier to customize and start hacking on than something you built yourself, so maybe [Malcolm]’s full-stack RC solution is right for you? Either way, it’s certainly impressive for a lockdown project, and evidence of time well spent.

Thanks [Malcolm] for sending that one in!

We remember when the transputer first appeared. Everyone “knew” that it was going to take over everything. Of course, it didn’t. But [Oscar Toledo G.] gives us a taste of what life could have been like with a JavaScript emulator for the transputer, you can try in your browser.

If you don’t recall, the transputer was a groundbreaking CPU architecture made for parallel processing. Instead of giant, powerful CPUs, the transputer had many simple CPUs and a way to chain them all together. Sounds great, but didn’t quite make it. However, you can see the transputer’s influence on CPUs even today.

Made to work with occam, the transputer was built from the ground up for concurrent programming. Context switching was cheap, along with simple message passing and hardware scheduling.

The ersatz computer has a lot of messages in Spanish, but you can probably muddle through if you don’t hablar español. We did get the ray tracing example to work, but it was fairly slow.

Want to know more about the CPU? We got you. Of course, these days, you can emulate a transputer with nearly anything and probably outperform the original. What we really want to see is a GPU emulation.

[Morten] works very fast. He has already designed, fabbed, populated, and tested a breakout board for the new tiniest microcontroller on the market, and he’s even made a video about it, embedded below.

You might have heard about this new TI ARM Cortex MO micro on these very pages, where we asked you what you’d do with this grain-of-rice-sized chunk of thinking sand. (The number one answer was “sneeze and lose it in the carpet”.)

From the video, it looks like [Morten] would design a breakout board using Kicad 8, populate it, get it blinking, and then use its I2C lines to make a simple digital thermometer demo. In the video, he shows how he worked with the part, from making a custom footprint to spending quite a while nudging it into place before soldering it carefully down.

But he nailed it on the first try, and honestly it doesn’t look nearly as intimidating as we’d feared, mostly because of the two-row layout of the balls. It actually looks easy enough to fan out. Because you can’t inspect the soldering work underneath the chip, he broke out all of the lines to a header to make it quick to check for shorts between those tiny little balls. Smart.

We love to see people trying out the newest hotness. Let us know down in the comments what new parts you’re trying out.

Thanks [Clint] for the tip!

If you’re on the US East Coast, you should head on over to Wall, NJ and check out the Vintage Computer Festival East. After all, [Brian Kernighan] is going to be there. Yes, that [Brian Kernighan].

Events are actually well underway, and you’ve already missed the first few TRS-80 Color Computer programming workshops, but rest assured that they’re going on all weekend. If you’re from the other side of the retrocomputing fence, namely the C64 side, you’ve also got a lot to look forward to, because the theme this year is “The Sounds of Retro” which means that your favorite chiptune chips will be getting a workout.

[Tom Nardi] went to VCF East last year, so if you’re on the fence, just have a look at his writeup and you’ll probably hop in your car, or like us, wish you could. If when you do end up going, let us know how it was in the comments!

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the charge on untangling this attack, and they’ve just released an update to their coverage. The conclusion is that Coinbase was the initial target of the attack, with the open source agentkit package first (unsuccessfully) attacked. This attack chain started with pull_request_target in the spotbugs/sonar-findbugs repository.

The pull_request_target hook is exceptionally useful in dealing with pull requests for a GitHub repository. The workflow here is that the project defines a set of Continuous Integration (CI) tests in the repository, and when someone opens a new Pull Request (PR), those CI tests run automatically. Now there’s an obvious potential problem, and Github thought of it and fixed it a long time ago. The GitHub Actions are defined right in the repository, and letting any pull request run arbitrary actions is a recipe for disaster. So GitHub always uses actions as they are defined in the repository itself, ignoring any incoming changes in the PR. So pull_request_target is safe now, right? Yes, with some really big caveats.

The simplest security problem is that many projects have build scripts in the repository, and those are not considered part of GitHub Actions by GitHub. So include malicious code in such a build script, make it a PR that runs automatically, and you have access to internal elements like organization and repository secrets and access tokens. The most effective mitigation against this is to require approval before running workflows on incoming PRs.

So back to the story. The spotbugs/sonar-findbugs repository had this vulnerability, and an attacker used it to export secrets from a GitHub Actions run. One of those secrets happened to be a Personal Access Token (PAT) belonging to a spotbugs maintainer. That PAT was used to invite a throwaway account, [jurkaofavak], into the main spotbugs repository. Two minutes after being added, the [jurkaofavak] account created a new branch in spotbugs/spotbugs, and deleted it about a second later. This branch triggered yet another malicious CI run, now with arbitrary Github Actions access rather than just access through a build script. This run leaked yet another Personal Access Token, belonging to a maintainer that worked on both the spotbugs and reviewdog projects.

That token had access to create and edit tags in reviewdog/action-setup, a GitHub Action that runs as a dependency for multiple other actions. The attacker created a fork of this repository, added malicious code, and then overwrote the v1 git tag to point to this malicious code. The tj-actions/changed-files ran a CI flow that made use of the malicious reviewdog/action-setup fork, leaking a GitHub token with write permission to tj-actions/changed-files.

The tag override trick does a lot of heavy lifting in this story, and that’s what was used on tj-actions/changed-files too. Another malicious fork, and a specific tag was overridden to point there. The tag chosen was one used in a Coinbase repository. Specifically coinbase/agentkit used the newly malicious tag in one of its workflows. A Coinbase maintainer discovered this, and deleted the targeted workflow, putting an end to the Coinbase-specific attack. At this point, the attacker opted to burn the pilfered access, and pushed malicious code to every tj-actions/changed-files tag. The idea apparently being that there would likely be some interesting secrets that were leaked. It’s also possible this was intended to hide Coinbase as the primary target. Regardless, that’s the widespread attack we’ve already covered, and now you know the rest of the story.

ZendTo: No CVE, No Problem?

ZendTo is a nifty Open Source, web-based file sharing platform. It’s been around for a while, and the release notes from a 2021 release makes reference to a “security fix” with no additional details given. That caught the attention of [Jay] from Project Black. It sounds like a potential vulnerability, but it seems like no CVE was ever assigned, and no further details were given.

Here’s the issue: ZendTo has an anonymous file upload feature on by default. This has a security feature built in, in the form of scanning the uploaded file with ClamAV in a temporary location, before moving the file to its long term storage directory. Part of this process includes the ever lovely exec("/bin/chmod go+r " . $ccfilelist); line. PHP has some footguns to be aware of, and calling exec() with any user-provider input is one of them. And of course, the user-provided tmp_name value is used to construct the $ccfilelist string. Set tmp_name to 1;command, and you’ve got code execution.

There is another outstanding issue, where legacy md5 passwords that happen to begin with 0e will be interpreted as a number in scientific notation. PHP handles some type comparisons a bit weirdly. These scientific notation values all evaluate as 0. Using any password that also evaluates to one of these special “scientific” md5 hashes, and the comparison collapses to 0 == 0. So one out of every 256 users have a trivially bypassed password — if their account was still using a md5 password hash.

So here we have a pair of serious vulnerabilities, though one has limited exposure, with neither being fully disclosed nor given CVEs. What’s the result of this lack of transparency? Old, vulnerable installs of ZendTo are still on the Internet. Without a CVE, there’s much less pressure to update. No CVE doesn’t necessarily mean no vulnerabilities.

Leaking Call Records

Researcher [Evan Connelly] was looking into the Verizon Call Filter iOS app, and found it to be using an interesting web service. The callLogRetrieval endpoint allows a user to look up call logs for their own Verizon number. Authorization is done using JSON Web Tokens (JWT), which included a “sub” field, indicating the phone number the token was authorized to fetch. The request itself also has a field to indicate the number being queried. This particular endpoint uses a JWT for authorization, but returns the information requested in the query field — without comparing the two values. Yes, any customer that could obtain a valid JWT could query the call records of virtually any other Verizon number. While this is particularly bad, Verizon acknowledged it quickly, and rolled a fix out in less than a month.

When Parameterized Queries Aren’t

What’s the single most powerful tool to prevent SQL injection attacks? Easy: Parameterized queries. Write the SQL query ahead of time, the library converts it into native database code, and only then are the user-generated values plugged in. In theory that means those values can never be understood as part of the SQL logic. While there are ways this can still go wrong, the basic approach is sound. But what if a language, like Nim, had a parameterization option that didn’t actually do parameterized queries?

Yes, Nim’s db_postgres module provides the facility to run code like getRow(sql"SELECT username FROM users WHERE username=?;", "user"), which is intended to protect against SQL injection. But, under the hood, it really is just doing string replacement with character escaping, like replacing null characters with \\0. Now consider PostreSQL’s standard_conforming_strings setting, which among other things, removes the backslash as a special character. But if that setting is disabled, the backslash can be used to escape quotes. Nim doesn’t know anything about that behavior. This combination of not-actually-parameterized parameterization, and lack of awareness of the standard_conforming_strings behavior, means that ./poc '\' ' OR user_id=1; --' is once again a potential SQL injection. Whoops.

Oracle: Oh, That Oracle Cloud!

We finally have a bit more insight into what’s going on at Oracle. You probably remember that the company has continually denied a breach into Oracle Cloud. It seems this is a bit of verbal sleight-of-hand, as Oracle has renamed part of their cloud offering to Oracle Cloud Classic. The remaining, current generation service is the Oracle Cloud. Oracle Cloud Classic has suffered the breach, not technically Oracle Cloud.

It’s not clear that this is really all there is to the story, though, as more data is getting released by the attacker, including video of a web meeting from 2019. Oracle has started reaching out to customers and confirmed the breach, though apparently strictly avoiding putting anything in writing.

Microsoft Joins the Hotpatch Game

Enterprise Linux distros have long had support for various forms of live-patching. We even interviewed TuxCare about this feature for FLOSS Weekly a few weeks ago. It seems that Microsoft finally wants in on the fun. Windows 11 Enterprise has in-memory security patching starting with the 24H2 update. This support is strictly for machines with an Enterprise or certain Education Microsoft subscriptions. The Hotpatches will be available for 8 of the 12 monthly security patches, with an enforced quarterly update via traditional updates and a reboot.

Bits and Bytes

Researchers at GreyNoise have noted an uptick in IPs scanning for Palo Alto device login pages for several days in March. The scanning had as many as 20,000 unique IPs hunting for these login interfaces, which suggests a botnet has been tasked with finding these devices. It’s very possible that a threat actor has found a new vulnerability in Palo Alto devices, and is preparing to launch an attack.

And finally, a pair of posts from ZDI caught our attention this week. The first is a dive into how Binary Ninja’s static code analysis can find potential use-after-free vulnerabilities. The second is all about building an electric car simulator, that can actually plug into real electric vehicle charging stations, and actually fool the charger into believing a car is attached. How is this problem approached safely, given the high voltages and amperages involved? Very carefully.

Bears! Are they scared of massive arcs that rip through the air, making a lot of noise in the process? [Jay] from the Plasma Channel sure hopes so, because that’s how his bear deterrent works!

[Jay] calls it the Bear Blaster 5000. Right from the drop, this thing looks like some crazy weapon out of Halo. That’s because it throws huge arcs at 280,000 volts. The basic concept behind it is simple enough—a battery drives a circuit which generates (kinda) low voltage AC. This is fed to the two voltage multipliers which are set up with opposite polarity to create the greatest possible potential difference between the two electrodes they feed. The meaty combination is able to arc across electrodes spaced over four inches apart. It’s all wrapped up in a super-cool 3D printed housing that really shows off the voltage multiplier banks.

Given its resemblance to a stun gun, you might think the idea is to jab an attacking bear with it. But the reality is, if the bear is close enough that you could press this device against it, you’re already lunch. [Jay] explains that it’s more about scaring the animal off with the noise and light it produces. We’d certainly take a few steps back if we heard this thing fire off in the woods.

[Jay] does a great job of explaining how the whole setup works, as well as showing off its raw ability to spark. We’ve seen some great builds from [Jay] before, too, like this beefy custom flyback transformer.

You don’t see them as often as you used to, but it used to be common to see “electronics trainers” which were usually a collection of components and simple equipment combined with a breadboard, often in a little suitcase. We think [Pro Maker_101’s] portable electronics workstation is in the same kind of spirit, and it looks pretty nice.

The device uses a 3D printed case and a custom PC board. There are a number of components, although no breadboard. There is a breakout board for Raspberry Pi GPIO, though. So you could use the screw terminals to connect to an external breadboard. We were thinking you could almost mount one as a sort of lid so it would open up like a book with the breadboard on one side and the electronics on the other. Maybe version two?

One thing we never saw on the old units? An HDMI flat-screen display! We doubt you’d make one exactly like this, of course, but that’s part of the charm. You can mix and match exactly what you want and make the prototyping station of your dreams. Throw in a small portable soldering iron, a handheld scopemeter, and you can hack anywhere.

We’d love to see something like this that was modular. Beats what you could build in 1974.

Odd hardware designs crop up in art and renders far more frequently than in the flesh, but console modder [GingerOfOz] felt the need to bring [Anh Dang]’s image of the inevitable carcinization of our gaming consoles to life.

Starting with the image as inspiration, [GingerOfOz] got to work in CAD, creating an entirely new shell for the battered PSOne he adopted for the project. The final product is slightly less curvy than the picture, but some artistic license was necessary to go from the page to the real world.

The enclosure itself looks straightforward, if a bit tedious, but the articulating crab controller is a work of art itself. He could’ve made the arms static or non-functional, but they’re a fully-functional PlayStation controller that can move around just like on your favorite crustacean at the beach, minus the pinching. We love this whimsical take on the console mod which is a breath of salty air to the continuous race to get increasingly complex consoles into handheld form, although there’s certainly nothing wrong with that!

If you’re looking for some other console mods, how about this Apple M1 inside a Wii or getting your old Ouya up-and-running again?

The console wars of the early 1990s had several players, but the battle that mattered was between Nintendo’s SNES and Sega’s Genesis, or Megadrive if you are European. They are both famous for their games, but in terms of software they can only run what’s on a cartridge. The Genesis has a Motorola 68000 on board though, which is capable of far more than just Sonic the Hedgehog. [EythorE] evidently thinks so, because here’s a port of Fusix, a UNIX-like OS, for the Sega platform.

As it stands, the OS is running on the BlastEm emulator, but given a Sega Saturn keyboard or a modified PC keyboard for the Sega, it could be run on real hardware. What you get is a basic UNIX-like OS with a working shell and the usual UNIX utilities. With 64k of memory to play with this will never be a powerhouse, but on the other hand we’d be curious to see it in a working cartridge.

Meanwhile, if the console interests you further, someone has been into its workings in great detail.

Header: Evan-Amos, CC BY-SA 3.0.