It’s been awhile since we checked in with Canada’s Edison Motors, so let’s visit [DeBoss Garage] for an update video. To recap, Edison Motors is a Canadian company building diesel-electric hybrid semi-trucks and more.

Well, they’ve thankfully moved out of the tent in their parents’ back yard where the prototype was built. They’ve bought themselves a company town: Donald, British Columbia, complete with a totally-not-controversial slogan “Make Donald Great Again”.

More interesting is that their commercial-off-the-shelf (COTS), right-to-repair centered approach isn’t just for semi-trucks: they’re now a certified OEM manufacturer of a rolling heavy truck chassis you can put your truck cab or RV body on, and they have partnered with three coach-builders for RVs and a goodly number of manufacturing partners for truck conversion kits. The kits were always in the plan, but selling the rolling chassis is new.

One amazingly honest take-away from the video is the lack of numbers for the pickups: top speed, shaft horsepower, torque? They know what all that should be, but unlike the typical vaporware startup, Edison won’t tell you the engineering numbers on the pickup truck kits until it has hit the race track and proved itself in the real world. These guys are gear-heads first and engineers second, so for once in a long time the adage “engineers hate mechanics” might not apply to a new vehicle.

The dirt track is the first thing under construction in Donald, so hopefully the next update we hear from Edison Motors will include those hard numbers, including pesky little things like MSRP and delivery dates. Stay tuned.

In our last post about an electric truck, a lot of you in the comments wanted something bigger, heavier duty, not pure battery, and made outside the USA. Well, here it is.

Thanks to [Keith Olson] for the tip. Remember, the lines are always open!

In the 1980s, there was a truly staggering amount of choice for a consumer looking to purchase a home computer. On the high end, something like an Apple Lisa, a business-class IBM PC, or a workstation from Sun Microsystems could easily range from $6,000 to $20,000 (not adjusted for inflation). For the time, these mind-blowing prices might have been worth the cost, but for those not willing to mortgage their homes for their computing needs, there were also some entry-level options. One of these was the Sinclair ZX-80, which was priced at an astounding $100, which caused RadioShack to have a bit of a panic and release this version of the TRS-80 computer to compete with it.

As [David] explains in his deep dive into this somewhat obscure machine, the TRS-80 MC-10 was a commercial failure, although not for want of features. It had a color display, a chicklet keyboard, and 4K of RAM, which were all things that the ZX-80 lacked.

Unfortunately, it also had a number of drawbacks compared to some of its other contemporaries that made consumers turn away. Other offerings by Commodore, Atari, Texas Instruments, and even RadioShack themselves were only marginally more expensive and had many more features, including larger memory and better storage and peripheral options, so most people chose these options instead.

The TRS-80 MC-10 is largely a relic of the saturated 80s home computer market. It’s drop in price to below $50, and the price competition between other PC manufacturers at the time was part of the reason for the video game crash of the 1980s, and even led to Steve Jobs getting fired from Apple. There’s not a huge retro scene for these machines either, although there is at least one game developer you can see in the video below from [Spriteworx]. If you want to experiment with some of the standard TRS-80 software, there are emulators that have everything you need.

Thanks to [Stephen] for the tip!

For over a decade, most passports have contained an NFC chip that holds a set of electronically readable data about the document and its holder. This has resulted in a much quicker passage through some borders as automatic barriers can replace human officials, but at the same time, it adds an opaque layer to the process. Just what data is on your passport, and can you read it for yourself? [Terence Eden] wanted to find out.

The write-up explains what’s on the passport and how to access it. Surprisingly, it’s a straightforward process, unlike, for example, the NFC on a bank card. Security against drive-by scanning is provided by the key being printed on the passport, requiring the passport to be physically opened.

He notes that it’s not impossible to brute force this key, though doing so reveals little that’s not printed on the document. The write-up reveals a piece of general-purpose technical knowledge we should all know. However, there’s a question we’re left with that it doesn’t answer. If we can read the data on a passport chip, could a passport forger thus create a counterfeit one? If any readers are in the know, we’d be interested to hear more in the comments. If you are into NFC hacking, maybe you need a handy multitool.

Header: [Tony Webster], CC BY-SA 4.0.

Although we might all fundamentally recognize that gaming consoles are just specialized computers, we generally treat them, culturally and physically, differently than we do desktops or laptops. But there was a time in the not-too-distant past where the line between home computer and video game console was a lot more blurred than it is today. Even before Microsoft entered the scene, companies like Atari and Commodore were building both types of computer, often with overlapping hardware and capabilities. But they weren’t the only games in town. This video takes a look at the Bally Home Computer System, which was a predecessor of many of the more recognized computers and gaming systems of the 80s.

At the time, Bally as a company was much more widely known in the pinball industry, but they seemed to have a bit of foresight that the computers used in arcades would eventually transition to the home in some way. The premise of this console was to essentially start out as a video game system that could expand into a much more full-featured computer with add-ons. In addition to game cartridges it came with a BASIC interpreter cartridge which could be used for programming. It was also based on the Z80 microprocessor which was used in other popular PCs of the time, so in theory it could have been a commercial success but it was never able to find itself at the top of the PC pack.

Although it maintains a bit of a cult following, it’s a limited system even by the standards of the day, as the video’s creator [Vintage Geek] demonstrates. The controllers are fairly cumbersome, and programming in BASIC is extremely tedious without a full keyboard available. But it did make clever use of the technology at the time even if it was never a commercial success. Its graphics capabilities were ahead of other competing systems and would inspire subsequent designs in later systems. It’s also not the last time that a video game system that was a commercial failure would develop a following lasting far longer than anyone would have predicted.

You know what the worst thing about the Steam Deck is? Being able to play your games on the go. Wouldn’t it be better if it was a screenless brick that lived under your TV? Well, maybe not, but at least one person thought so, because [Interfacing Linux] has created the GeekDeck, a Steam OS console of sorts in this video embedded below.

The hack is as simple as can be: he took a GEEKOM A5, a minicomputer with very similar specs to the Steam Deck, and managed to load SteamOS onto it. We were expecting that to be a trial that took most of the video’s runtime, but no! Everything just… sorta worked. It booted to a live environment and installed like any other Linux. Which was unexpected, but Steam has released SteamOS for PC. 

In case you weren’t aware, SteamOS is an immutable distribution based on Arch Linux. Arch of course has all the drivers to run on… well, any modern PC, but it’s the immutable part that we were expecting to cause problems. Immutable distributions are locked down in a similar manner to Mac OS (everything but /home/ is typically read-only, even to the superuser) and SteamOS doesn’t ship with package manager that can get around this, like rpm-ostree in Fedora’s Silverblue ecosystem. Actually, if you don’t have a hardware package that matches the SteamDeck to the same degree this GEEKOM does, Bazzite might be a good bet– it’s based on Siverblue and was made to be SteamOS for PC, before Steam let you download their OS to try on your PC.

Anyway, you can do it. Should you? Well, based on the performance shown in the video, not if you want to run triple-A games locally. This little box is no more powerful than the SteamDeck, after all. It’s not a full gaming rig. Still, it was neat to see SteamOS off of the ‘deck and in the wild.

Usually we see hacks that use the guts of the SteamDeck guts with other operating systems, not the other way around. Like the Bento Box AR machine we liked so much it was actually  featured twice.  The SteamDeck makes for a respectable SBC, if you can find a broken one. If not, apparently a Chinese MiniPC will work just as well.

Most standing desks on the market use electric motors or hand cranks to raise and lower the deck. However, [Matthias Wandel] found a Kloud standing desk that used an altogether different set up. He set about figuring out how it worked in the old-fashioned way—by pulling it apart.

The Kloud desk relies on pneumatics rather than electrical actuators to move up and down. Inside the desk sits a small tank that can be pressurized with a hand-cranked mechanism. A lever can then be used to release pressure from this tank into a pair of pneumatic cylinders that drive the top of the desk upwards. The two cylinders are kept moving in sync by a tensioned metal ribbon that ties the two sides together. The mechanism is not unlike a gas lift chair—holding the lever and pushing down lets the desk move back down. Once he’s explained the basic mechanism, [Matthias] gets into the good stuff—pulling apart the leg actuator mechanism to show us what’s going on inside in greater detail.

If you’ve ever thought about building your own standing desk, this might be a video worth watching. We’ve featured some other great pneumatics projects before, too. Video after the break.

As humans we often think we have a pretty good handle on the basics of the way the world works, from an intuition about gravity good enough to let us walk around, play baseball, and land spacecraft on the moon, or an understanding of electricity good enough to build everything from indoor lighting to supercomputers. But zeroing in on any one phenomenon often shows a world full of mystery and surprise in an area we might think we would have fully understood by now. One such area is static electricity, and the way that it forms within certain materials shows that it can impart a kind of memory to them.

The video demonstrates a number of common ways of generating static electricity that most of us have experimented with in the past, whether on purpose or accidentally, from rubbing a balloon on one’s head and sticking it to the wall or accidentally shocking ourselves on a polyester blanket. It turns out that certain materials like these tend to charge themselves positively or negatively depending on what material they were rubbed against, but some researchers wondered what would happen if an object were rubbed against itself. It turns out that in this situation, small imperfections in the materials cause them to eventually self-order into a kind of hierarchy, and repeated charging of these otherwise identical objects only deepen this hierarchy over time essentially imparting a static electricity memory to them.

The effect of materials to gain or lose electrons in this way is known as the triboelectric effect, and there is an ordering of materials known as the triboelectric series that describes which materials are more likely to gain or lose electrons when brought into contact with other materials. The ability of some materials, like quartz in this experiment, to develop this memory is certainly an interesting consequence of an otherwise well-understood phenomenon, much like generating power for free from static electricity that’s always present within the atmosphere might surprise some as well.

Spending time as wee hackers perusing the family atlas taught us an appreciation for a good map, and [Billy Roberts], a cartographer at NREL, has served up a doozy with a map of the data center infrastructure in the United States. [via LinkedIn]

Fiber optic lines, electrical transmission capacity, and the data centers themselves are all here. Each data center is a dot with its size indicating how power hungry it is and its approximate location relative to nearby metropolitan areas. Color coding of these dots also helps us understand if the data center is already in operation (yellow), under construction (orange), or proposed (white).

Also of interest to renewable energy nerds would be the presence of some high voltage DC transmission lines on the map which may be the future of electrical transmission. As the exact location of fiber optic lines and other data making up the map are either proprietary, sensitive, or both, the map is only available as a static image.

If you’re itching to learn more about maps, how about exploring why they don’t quite match reality, how to bring OpenStreetMap data into Minecraft, or see how the live map in a 1960s airliner worked.

In an Earth-sized take on the age-old ‘correlation or causality’ question, researchers have come across a fascinating match between Earth’s magnetic field and its oxygen levels since the Cambrian explosion, about 500 million years ago. The full results by [Weijia Kuang] et al. were published in Science Advances, where the authors speculate that this high correlation between the geomagnetic dipole and oxygen levels as recorded in the Earth’s geological mineral record may be indicative of the Earth’s geological processes affecting the evolution of lifeforms in its biosphere.

As with any such correlation, one has to entertain the notion that said correlation might be spurious or indirectly related before assuming a strong causal link. Here it is for example known already that the solar winds affect the Earth’s atmosphere and with it the geomagnetic field, as more intense solar winds increase the loss of oxygen into space, but this does not affect the strength of the geomagnetic field, just its shape. The question is thus whether there is a mechanism that would affect this field strength and consequently cause the loss of oxygen to the solar winds to spike.

Here the authors suggest that the Earth’s core dynamics – critical to the geomagnetic field – may play a major role, with conceivably the core-mantle interactions over the course of millions of years affecting it. As supercontinents like Pangea formed, broke up and partially reformed again, the impact of this material solidifying and melting could have been the underlying cause of these fluctuations in oxygen and magnetic field strength levels.

Although hard to say at this point in time, it may very well be that this correlation is causal, albeit as symptoms of activity of the Earth’s core and liquid mantle.

If you’ve put in all the necessary practice to learn bike tricks, you’d probably like an appropriately dramatic soundtrack to accompany your stunts. A team of students working on a capstone project at the University of Washington took this natural desire a step further with the Music Bike, a system that generates adaptive music in response to the bike’s motion.

The Music Bike has a set of sensors controlled by an ESP32-S3 mounted beneath the bike seat. The ESP32 transmits the data it collects over BLE to an Android app, which in turn uses the FMOD Studio adaptive sound engine to generate the music played. An MPU9250 IMU collects most position and motion data, supplemented by a hall effect sensor which tracks wheel speed and direction of rotation.

When the Android app receives sensor data, it performs some processing to detect the bike’s actions, then uses these to control FMOD’s output. The students tried using machine learning to detect bike tricks, but had trouble with latency and accuracy, so they switched to a threshold classifier. They were eventually able to detect jumps, 180-degree spins, forward and reverse motion, and wheelies. FMOD uses this information to modify music pitch, alter instrument layering, and change the track. The students gave an impressive in-class demonstration of the system in the video below (the demonstration begins at 4:30).

Surprisingly enough, this isn’t the first music-producing bike we’ve featured here. We’ve also seen a music-reactive bike lighting system.

Thanks to [Blake Hannaford] for the tip!

The fun part about logic gates is that there are so many ways to make them, with each approach having its own advantages and disadvantages. Although these days transistor-transistor logic (TTL) is the most common, diode-transistor logic (DTL) once was a regular sight, as well as diode-resistor logic (DRL). These logic gates are the topic of a recent video by [Anthony Francis-Jones], covering a range of logic gates implemented using mostly diodes and resistors.

Of note is that there’s another class of logic gates: this uses resistors and transistors (RTL) and preceded DTL. While DRL can be used to implement AND and OR logic gates, some types of logic gates (e.g. NOT) require an active (transistor) element, which is where DTL comes into play.

In addition to the construction of a rather nifty demonstration system and explanation of individual logic gates, [Anthony] also shows off a range of DTL cards used in the Bendix G-15 and various DEC systems. Over time TTL would come to dominate as this didn’t have the diode voltage drop and other issues that prevented significant scaling. Although the rise of VLSI has rendered DRL and DTL firmly obsolete, they still make for a fascinating teaching moment and remind us of the effort over the decades to make the computing device on which you’re reading this possible.

Meshtastic just released an eye-watering 9.5 CVSS CVE, warning about public/private keys being re-used among devices. And I’m the one that wrote the code. Not to mention, I triaged and fixed it. And I’m part of Meshtastic Solutions, the company associated with the project. This is is the story of how we got here, and a bit of perspective.

First things first, what kind of keys are we talking about, and what does Meshtastic use them for? These are X25519 keys, used specifically for encrypting and authenticating Direct Messages (DMs), as well as optionally for authorizing remote administration actions. It is, by the way, this remote administration scenario using a compromised key, that leads to such a high CVSS rating. Before version 2.5 of Meshtastic, the only cryptography in place was simple AES-CTR encryption using shared symmetric keys, still in use for multi-user channels. The problem was that DMs were also encrypted with this channel key, and just sent with the “to” field populated. Anyone with the channel key could read the DM.

I re-worked an old pull request that generated X25519 keys on boot, using the rweather/crypto library. This sentence highlights two separate problems, that both can lead to unintentional key re-use. First, the keys are generated at first boot. I was made painfully aware that this was a weakness, when a user sent an email to the project warning us that he had purchased two devices, and they had matching keys out of the box. When the vendor had manufactured this device, they flashed Meshtastic on one device, let it boot up once, and then use a debugger to copy off a “golden image” of the flash. Then every other device in that particular manufacturing run was flashed with this golden image — containing same private key. sigh

There’s a second possible cause for duplicated keys, discovered while triaging the golden image issue. On the Arduino platform, it’s reasonably common to use the random() function to generate a pseudo-random value, and the Meshtastic firmware is careful to manage the random seed and the random() function so it produces properly unpredictable values. The crypto library is solid code, but it doesn’t call random(). On ESP32 targets, it does call the esp_random() function, but on a target like the NRF52, there isn’t a call to any hardware randomness sources. This puts such a device in the precarious position of relying on a call to micros() for its randomness source. While non-ideal, this is made disastrous by the fact that the randomness pool is being called automatically on first boot, leading to significantly lower entropy in the generated keys.

Release 2.6.11 of the Meshtastic firmware fixes both of these issues. First, by delaying key generation until the user selects the LoRa region. This makes it much harder for vendors to accidentally ship devices with duplicated keys. It gives users an easy way to check, just make sure the private key is blank when you receive the device. And since the device is waiting for the user to set the region, the micros() clock is a much better source of randomness. And second, by mixing in the results of random() and the burnt-in hardware ID, we ensure that the crypto library’s randomness pool is seeded with some unique, unpredictable values.

The reality is that IoT devices without dedicated cryptography chips will always struggle to produce high quality randomness. If you really need secure Meshtastic keys, you should generate them on a platform with better randomness guarantees. The openssl binary on a modern Linux or Mac machine would be a decent choice, and the Meshtastic private key can be generated using openssl genpkey -algorithm x25519 -outform DER | tail -c32 | base64.

What’s Up with SVGs?

You may have tried to share a Scalable Vector Graphics (SVG) on a platform like Discord, and been surprised to see an obtuse text document rather than your snazzy logo. Browsers can display SVGs, so why do many web platforms refuse to render them? I’ve quipped that it’s because SVGs are Turing complete, which is almost literally true. But in reality it’s because SVGs can include inline HTML and JavaScript. IBM’s X-Force has the inside scoop on the use of SVG files in fishing campaigns. The key here is that JavaScript and data inside an SVG can often go undetected by security solutions.

The attack chain that X-Force highlights is convoluted, with the SVG containing a link offering a PDF download. Clicking this actually downloads a ZIP containing a JS file, which when run, downloads and attempts to execute a JAR file. This may seem ridiculous, but it’s all intended to defeat a somewhat sophisticated corporate security system, so an inattentive user will click through all the files in order to get the day’s work done. And apparently this tactic works.

*OS Spyware

Apple published updates to its entire line back in February, fixing a pair of vulnerabilities that were being used in sophisticated targeted attacks. CVE-2025-43200 was “a logic issue” that could be exploited by malicious images or videos sent in iCloud links. CVE-2025-24200 was a flaw in USB Restricted Mode, that allowed that mode to be disabled with physical access to a device.

What’s newsworthy about these vulnerabilities is that Citizen Lab has published a report that CVE-2025-43200 was used in a 0-day exploitation of journalists by the Paragon Graphite spyware. It is slightly odd that Apple credits the other fixed vulnerability, CVE-2025-24200, to Bill Marczak, a Citizen Lab researcher and co-author of this report. Perhaps there is another shoe yet to drop.

Regardless, iOS infections have been found on the phones of two separate European Journalists, with a third confirmed targeted. It’s unclear what customer contracted Paragon to spy on these journalists, and what the impetus was for doing so. Companies like Paragon, NSO Group, and others operate within a legal grey area, taking actions that would normally be criminal, but under the authority of governments.

A for Anonymous, B for Backdoor

WatchTowr has a less-snarky-than-usual treatment of a chain of problems in the Sitecore Experience that take an unauthenticated attacker all the way to Remote Code Execution (RCE). The initial issue here is the pre-configured user accounts, like default\Anonymous, used to represent unauthenticated users, and sitecore\ServicesAPI, used for internal actions. Those special accounts do have password hashes. Surely there isn’t some insanely weak password set for one of those users, right? Right? The password for ServicesAPI is b.

ServicesAPI is interesting, but trying the easy approach of just logging in with that user on the web interface fails with a unique error message, that this user does not have access to the system. Someone knew this could be a problem, and added logic to prevent this user from being used for general system access, by checking which database the current handler is attached to. Is there an endpoint that connects to a different database? Naturally. Here it’s the administrative web login, that has no database attached. The ServicesAPI user can log in here! Good news is that it can’t do anything, as this user isn’t an admin. But the login does work, and does result in a valid session cookie, which does allow for other actions.

There are several approaches the WatchTowr researchers tried, in order to get RCE from the user account. They narrowed in on a file upload action that was available to them, noting that they could upload a zip file, and it would be automatically extracted. There were no checks for path traversal, so it seems like an easy win. Except Sitecore doesn’t necessarily have a standard install location, so this approach has to guess at the right path traversal steps to use. The key is that there is just a little bit of filename mangling that can be induced, where a backslash gets replaced with an underscore. This allows a /\/ in the path traversal path to become /_/, a special sequence that represents the webroot directory. And we have RCE. These vulnerabilities have been patched, but there were more discovered in this research, that are still to be revealed.

The Day the Internet Went Down

OK, that may be overselling it just a little bit. But Google Cloud had an eight hour event on the 12th, and the repercussions were wide, including taking down parts of Cloudflare for part of that time on the same day.

Google’s downtime was caused by bad code that was pushed to production with insufficient testing, and that lacked error handling. It was intended to be a quota policy check. A separate policy change was rolled out globally, that had unintentional blank fields. These blank fields hit the new code, and triggered null pointer de-references all around the globe all at once. An emergency fix was deployed within an hour, but the problem was large enough to have quite a long tail.

Cloudflare’s issue was connected to their Workers KV service, a Key-Value store that is used in many of Cloudflare’s other products. Workers KV is intended to be “coreless”, meaning a cascading failure should be impossible. The reality is that Workers KV still uses a third-party service as the bootstrap for that live data, and Google Cloud is part of that core. When Google’s cloud starting having problems, so did Cloudflare, and much of the rest of the Internet.

I can’t help but worry just a bit about the possible scenario, where Google relies on an outside service, that itself relies on Cloudflare. In the realm of the power grid, we sometimes hear about the cold start scenario, where everything is powered down. It seems like there is a real danger of a cold start scenario for the Internet, where multiple giant interdependent cloud vendors are all down at the same time.

Bits and Bytes

Fault injection is still an interesting research topic, particularly for embedded targets. [Maurizio Agazzini] from HN Security is doing work on voltage injection against an ESP32 V3 target, with the aim of coercing the processor to jump over an instruction and interpret a CRC32 code as an instruction pointer. It’s not easy, but he managed 1.5% success rate at bypassing secure boot with the voltage injection approach.

Intentional jitter is used in many exploitation tools, as a way to disguise what might otherwise be tell-tale traffic patterns. But Varonis Threat Labs has produced Jitter-Trap, a tool that looks for the Jitter, and attempts to identify the exploitation framework in use from the timing information.

We’ve talked a few times about vibe researching, but [Craig Young] is only tipping his toes in here. He used an LLM to find a published vulnerability, and then analyzed it himself. Turns out that the GIMP despeckle plugin doesn’t do bounds checking for very large images. Back again to an LLM, to get a Python script to generate such a file. It does indeed crash GIMP when trying to despeckle, confirming the vulnerability report, and demonstrating that there really are good ways to use LLMs while doing security research.

Over on his YouTube channel our hacker [Yuchi] is building an STM32 BLDC motor winding machine.

This machine is for winding brushless motors because manual winding is highly labor intensive. The machine in turn is made from four brushless motors. He is using the SimpleFOC library to implement closed-loop angle control. Closed-loop torque control is also used to maintain correct wire tension.

The system is controlled by an STM32G431 microcontroller. The motor driver used is the DRV8313. There are three GBM5208 75T Gimbal motors for close-loop angle control, and one BE4108 60T Gimbal motor for torque control. The torque control motor was built with this machine! [Yuchi] says that the Gimbal motors used are designed to be smooth, precise, and powerful at low speeds.

The components of the machine communicate with each other over a CAN bus. This simplifies wiring as components (such as motor controller boards) only require four connections.

Thanks to [Ben] for writing in to let us know about this project. If you’re interested in automated wire winding we have certainly covered that before here at Hackaday. You might like to check out Tips For Winding Durable Coils With Nice, Flat Sides or Coil Winding Machine Makes It Easy.

For a world covered in oceans, getting a drink of water on Planet Earth can be surprisingly tricky. Fresh water is hard to come by even on our water world, so much so that most sources are better measured in parts per million than percentages; add together every freshwater lake, river, and stream in the world, and you’d be looking at a mere 0.0066% of all the water on Earth.

Of course, what that really says is that our endowment of saltwater is truly staggering. We have over 1.3 billion cubic kilometers of the stuff, most of it easily accessible to the billion or so people who live within 10 kilometers of a coastline. Untreated, though, saltwater isn’t of much direct use to humans, since we, our domestic animals, and pretty much all our crops thirst only for water a hundred times less saline than seawater.

While nature solved the problem of desalination a long time ago, the natural water cycle turns seawater into freshwater at too slow a pace or in the wrong locations for our needs. While there are simple methods for getting the salt out of seawater, such as distillation, processing seawater on a scale that can provide even a medium-sized city with a steady source of potable water is definitely a job for Big Chemistry.

Biology Backwards

Understanding an industrial chemistry process often starts with a look at the feedstock, so what exactly is seawater? It seems pretty obvious, but seawater is actually a fairly complex solution that varies widely in composition. Seawater averages about 3.5% salinity, which means there are 35 grams of dissolved salts in every liter. The primary salt is sodium chloride, with potassium, magnesium, and calcium salts each making a tiny contribution to the overall salinity. But for purposes of acting as a feedstock for desalination, seawater can be considered a simple sodium chloride solution where sodium anions and chloride cations are almost completely dissociated. The goal of desalination is to remove those ions, leaving nothing but water behind.

While thermal desalination methods, such as distillation, are possible, they tend not to scale well to industrial levels. Thermal methods have their place, though, especially for shipboard potable water production and in cases where fuel is abundant or solar energy can be employed to heat the seawater directly. However, in most cases, industrial desalination is typically accomplished through reverse osmosis RO, which is the focus of this discussion.

In biological systems, osmosis is the process by which cells maintain equilibrium in terms of concentration of solutes relative to the environment. The classic example is red blood cells, which if placed in distilled water will quickly burst. That’s because water from the environment, which has a low concentration of solutes, rushes across the semi-permeable cell membrane in an attempt to dilute the solutes inside the cell. All that water rushing into the cell swells it until the membrane can’t take the pressure, resulting in hemolysis. Conversely, a blood cell dropped into a concentrated salt solution will shrink and wrinkle, or crenellate, as the water inside rushes out to dilute the outside environment.

Reverse osmosis is the opposite process. Rather than water naturally following a concentration gradient to equilibrium, reverse osmosis applies energy in the form of pressure to force the water molecules in a saline solution through a semipermeable membrane, leaving behind as many of the salts as possible. What exactly happens at the membrane to sort out the salt from the water is really the story, and as it turns out, we’re still not completely clear how reverse osmosis works, even though we’ve been using it to process seawater since the 1950s.

Battling Models

Up until the early 2020s, the predominant model for how reverse osmosis (RO) worked was called the “solution-diffusion” model. The SD model treated RO membranes as effectively solid barriers through which water molecules could only pass by first diffusing into the membrane from the side with the higher solute concentration. Once inside the membrane, water molecules would continue through to the other side, the permeate side, driven by a concentration gradient within the membrane. This model had several problems, but the math worked well enough to allow the construction of large-scale seawater RO plants.

The new model is called the “solution-friction” model, and it better describes what’s going on inside the membrane. Rather than seeing the membrane as a solid barrier, the SF model considers the concentrate and permeate surfaces of the membrane to communicate through a series of interconnected pores. Water is driven across the membrane not by concentration but by a pressure gradient, which drives clusters of water molecules through the pores. The friction of these clusters against the walls of the pores results in a linear pressure drop across the membrane, an effect that can be measured in the lab and for which the older SD model has no explanation.

As for the solutes in a saline solution, the SF model accounts for their exclusion from the permeate by a combination of steric hindrance (the solutes just can’t fit through the pores), the Donnan effect (which says that ions with the opposite charge of the membrane will get stuck inside it), and dielectric exclusion (the membrane presents an energy barrier that makes it hard for ions to enter it). The net result of these effects is that ions tend to get left on one side of the membrane, while water molecules can squeeze through more easily to the permeate side.

Turning these models into a practical industrial process takes a great deal of engineering. A seawater reverse osmosis or SWRO, plant obviously needs to be located close to the shore, but also needs to be close to supporting infrastructure such as a municipal water system to accept the finished product. SWRO plants also use a lot of energy, so ready access to the electrical grid is a must, as is access to shipping for the chemicals needed for pre- and post-treatment.

Pores and Pressure

Seawater processing starts with water intake. Some SWRO plants use open intakes located some distance out from the shoreline, well below the lowest possible tides and far from any potential source of contamination or damage, such a ship anchorages. Open intakes generally have grates over them to exclude large marine life and debris from entering the system. Other SWRO plants use beach well intakes, with shafts dug into the beach that extend below the water table. Seawater filters through the sand and fills the well; from there, the water is pumped into the plant. Beach wells have the advantage of using the beach sand as a natural filter for particulates and smaller sea critters, but do tend to have a lower capacity than open intakes.

Aside from the salts, seawater has plenty of other unwanted bits, all of which need to come out prior to reverse osmosis. Trash racks remove any shells, sea life, or litter that manage to get through the intakes, and sand bed filters are often used to remove smaller particulates. Ultrafiltration can be used to further clarify the seawater, and chemicals such as mild acids or bases are often used to dissolve inorganic scale and biofilms. Surfactants are often added to the feedstock, too, to break up heavy organic materials.

By the time pretreatment is complete, the seawater is remarkably free from suspended particulates and silt. Pretreatment aims to reduce the turbidity of the feedstock to less than 0.5 NTUs, or nephelometric turbidity units. For context, the US Environmental Protection Agency standard for drinking water is 0.3 NTUs for 95% of the samples taken in a month. So the pretreated seawater is almost as clear as drinking water before it goes to reverse osmosis.

The heart of reverse osmosis is the membrane, and a lot of engineering goes into it. Modern RO membranes are triple-layer thin-film composites that start with a non-woven polyester support, a felt-like material that provides the mechanical strength to withstand the extreme pressures of reverse osmosis. Next comes a porous support layer, a 50 μm-thick layer of polysulfone cast directly onto the backing layer. This layer adds to the physical strength of the backing and provides a strong yet porous foundation for the active layer, a cross-linked polyamide layer about 100 to 200 nm thick. This layer is formed by interfacial polymerization, where a thin layer of liquid monomer and initiators is poured onto the polysulfone to polymerize in place.

Modern membranes can flow about 35 liters per square meter every hour, which means an SWRO plant needs to cram a lot of surface area into a little space. This is accomplished by rolling the membrane up into a spiral and inserting it into a fiberglass pressure vessel, which holds seven or eight cartridges. Seawater pumped into the vessel soaks into the backing layer to the active layer, where only the water molecules pass through and into a collection pipe at the center of the roll. The desalinated water, or permeate, exits the cartridge through the center pipe while rejected brine exits at the other end of the pressure vessel.

The pressure needed for SWRO is enormous. The natural osmotic pressure of seawater is about 27 bar (27,000 kPa), which is the pressure needed to halt the natural flow of water across a semipermeable membrane. SWRO systems must pressurize the water to at least that much plus a net driving pressure (NPD) to overcome mechanical resistance to flow through the membrane, which amounts to an additional 30 to 40 bar.

Energy Recovery

To achieve these tremendous pressures, SWRO plants use multistage centrifugal pumps driven by large, powerful electric motors, often 300 horsepower or more for large systems. The electricity needed to run those motors accounts for 60 to 80 percent of the energy costs of the typical SWRO plant, so a lot of effort is put into recovering that energy, most of which is still locked up in the high-pressure rejected brine as hydraulic energy. This energy used to be extracted by Pelton-style turbines connected to the shaft of the main pressure pump; the high-pressure brine would spin the pump shaft and reduce the mechanical load on the pump, which would reduce the electrical load. Later, the brine’s energy would be recovered by a separate turbo pump, which would boost the pressure of the feed water before it entered the main pump.

While both of these methods were capable of recovering a large percentage of the input energy, they were mechanically complex. Modern SWRO plants have mostly moved to isobaric energy recovery devices, which are mechanically simpler and require much less maintenance. Isobaric ERDs have a single moving part, a cylindrical ceramic rotor. The rotor has a series of axial holes, a little like the cylinder of an old six-shooter revolver. The rotor is inside a cylindrical housing with endcaps on each end, each with an inlet and an outlet fitting. High-pressure reject brine enters the ERD on one side while low-pressure seawater enters on the other side. The slugs of water fill the same bore in the rotor and equalize at the same pressure without much mixing thanks to the different densities of the fluids. The rotor rotates thanks to the momentum carried by the incoming water streams and inlet fittings that are slightly angled relative to the axis of the bore. When the rotor lines up with the outlet fittings in each end cap, the feed water and the brine both exit the rotor, with the feed water at a higher pressure thanks to the energy of the reject brine.

For something with only one moving part, isobaric ERDs are remarkably effective. They can extract about 98% of the energy in the reject brine, pressuring the feed water about 60% of the total needed. An SWRO plant with ERDs typically uses 5 to 6 kWh to produce a cubic meter of desalinated water; ERDs can slash that to just 2 to 3 kWh.

Finishing Up

Once the rejected brine’s energy has been recovered, it needs to be disposed of properly. This is generally done by pumping it back out into the ocean through a pipe buried in the seafloor. The outlet is located a considerable distance from the inlet and away from any ecologically sensitive areas. The brine outlet is also generally fitted with a venturi induction head, which entrains seawater from around the outlet to partially dilute the brine.

As for the permeate that comes off the RO racks, while it is almost completely desalinated and very clean, it’s still not suitable for distribution into the drinking water system. Water this clean is highly corrosive to plumbing fixtures and has an unpleasantly flat taste. To correct this, RO water is post-processed by passing it over beds of limestone chips. The RO water tends to be slightly acidic thanks to dissolved CO₂, so it partially dissolves the calcium carbonate in the limestone. This raises the pH closer to neutral and adds calcium ions to the water, which increases its hardness a bit. The water also gets a final disinfection with chlorine before being released to the distribution network.

It’s never a bad time to look at a clock, and one could certainly do worse than this delightful Paper Sunshine Clock by [anneosaur]. The sun-ray display is an interesting take on the analog clock, and its method of operation is not one we see every day, either.

Reading the clock is straightforward: there are twelve rays divided into two segments. Once you figure out that this artful object is a clock, it’s easy enough to guess that the rays give the hours, and half-rays are half-hours. In the photo above, it’s sometime between nine o’clock and nine thirty. Our Swiss readers might not be terribly impressed, but a “fuzzy” clock like this is quite good enough much of the time for many people.

The title gives away its method of operation: it’s thermochromic paint! The paint is printed onto a piece of Japanese awagami paper, which is pressed against a flexible PCB holding an array of resistors. Large copper pads act as heat spreaders for the resistors. For timekeeping and control, an Atmega328PB is paired with a DS3231MZ RTC, with a coin cell for backup power when the unit is unplugged. (When plugged in, the unit uses USB-C, as all things should.) That’s probably overkill for a +/-30 minute display, but we’re not complaining.

The Atmega328PB does not have quite enough outputs to drive all those resistors, so a multiplexing circuit is used to let the 10 available GIPO control current to 24 rays. Everything is fused for safety, and [anneosaur] even includes a temperature sensor on the control board. The resistors are driven by a temperature-compensated PWM signal to keep them from overheating or warming up too slowly, regardless of room temperature. The attention to detail here is as impressive as the aesthetics.

[annenosaur] has even thought of those poor people for whom such a fuzzy clock would never do (be they Swiss or otherwise) — the Paper Sunshine Clock has a lovely “sparkle mode” that turns the rays on and off at random, turning the clock into an art piece. A demo video of that is below. If you find this clock to be a ray of sunshine, everything you need to reproduce it is on GitHub under an MIT or CC4.0 license.

This is not the first thermochromic clock we’ve featured, though the last one was numeric. If you must have minute accuracy in a thermochromic analog clock, we’ve got you covered there, too.

Special thanks to [anneosaur] for submitting the hack. If you’ve seen (or made) a neat clock, let us know! You won’t catch us at a bad time; it’s always clock time at Hackaday.

The advent of cheap and accessible one-off PCB production has been one of the pivotal moments for electronic experimenters during the last couple of decades. Perhaps a few still etch their own boards, but many hobbiest were happy to put away their ferric chloride. There’s another way to make PCBs, though, which is to mill them. [Tom Nixon] has made a small CNC mill for that purpose, and it’s rather beautiful.

In operation it’s a conventional XYZ mechanism, with a belt drive for the X and Y and a lead screw for the Z axis. The frame is made from aluminium extrusion, and the incidental parts such as the belt tensioners are 3D printed. The write-up is very comprehensive, and takes the reader through all the stages of construction. The brains of the outfit is a Creality 3D printer controller, but he acknowledges that it’s not the best for the job.

It’s certainly not the first PCB router we’ve seen, but it may be one of the nicer ones. If you make a PCB this way, you might like to give it professional-looking solder mask with a laser.

Both small children and cats have a certain tendency to make loud noises at inopportune times, but what if there were a way to combine these auditory effects? This seems to have been the reasoning behind the creation of the Meowsic keyboard, a children’s keyboard that renders notes as cats’ meows. [Steve Gilissen], an appreciator of unusual electronic instruments, discovered that while there had been projects that turned the Meowsic keyboard into a MIDI output device, no one had yet added MIDI input to it, which of course spurred the creation of his Meowsic MIDI adapter.

The switches in the keys of the original keyboard form a matrix of rows and columns, so that creating a connection between a particular row and column plays a certain note. [Steve]’s plan was to have a microcontroller read MIDI input, then connect the appropriate row and column to play the desired note. The first step was to use a small length of wire to connect rows and columns, thus manually mapping connections to notes. After this tedious step, he designed a PCB that hosts an Arduino Nano to accept input, two MCP23017 GPIO expanders to give it enough outputs, and CD4066BE CMOS switches to trigger the connections.

[Steve] was farsighted enough to expect some mistakes in the PCB, so he checked the connections before powering the board. This revealed a few problems, which some bodge wires corrected. It still didn’t play during testing, and after a long debugging session, he realized that two pins on an optoisolator were reversed. After fixing this, it finally worked, and he was able to create the following video.

Most of the MIDI hacks we’ve seen involved creating MIDI outputs, including one based on a Sega Genesis. We have seen MIDI input added to a Game Boy, though.

In the olden days of the 1990s and early 2000s, PCs were big and videocards were small-ish add-in boards that blended in with other ISA, PCI and AGP cards. These days, however, videocards are big and computers are increasingly smaller. That’s why US-based CherryTree Computers did what everyone has been joking about, and installed a PC inside a GPU, with [Gamers Nexus] having the honors of poking at the creatively titled GeeFarce 5027POS Micro Computer.

As CherryTree describes it on their website, this one-off build was the result of a joke about how GPUs nowadays are more expensive than the rest of the PC combined. Thus they did what any reasonable person would do and put an Asus NUC 13 with a 13th gen Core i7, 64 GB of and 2 TB of NVMe storage inside an (already dead) Asus Aorus RTX 2070 GPU.

In the [Gamers Nexus] video we can see that it’s definitely a quick-and-dirty build, with plenty of heatshrink and wires running everywhere in addition to the chopped off original heatsink. That said, from a few meter away it still looks like a GPU, can be installed like a GPU (but the PCIe connector does nothing) and is in the end a NUC PC inside a GPU shell that you can put a couple of inside a PC case.

Presumably the next project we’ll see in this vein will see a full-blown x86 system grafted inside a still functioning GPU, which would truly make the ‘install the PC inside the GPU’ meme a reality.

Everyone these days wants to talk about Small Modular Reactors (SMRs) when it comes to nuclear power. The industry seems to have pinned its hopes for a ‘nuclear renaissance’ on the exciting new concept. Exciting as it may be, it is not exactly new: small reactors date back to the heyday of the atomic era. There were a few prototypes, and a lot more paper projects that are easy to sneer at today. One in particular caught our eye, in a write-up from Steve Wientz, that is described as an atomic outboard motor.

It started as an outgrowth from General Electric’s 1950s work on airborne nuclear reactors. GE’s proposal just screams “1950s” — a refractory, air-cooled reactor serving as the heat source for a large turboprop engine. Yes, complete with open-loop cooling. Those obviously didn’t fly (pun intended, as always) but to try and recoup some of their investment GE proposed a slew of applications for this small, reactor-driven gas turbine. Rather than continue to push the idea of connecting it to a turboprop and spew potentially-radioactive exhaust directly into the atmosphere, GE proposed podding up the reactor with a closed-cycle gas turbine into one small, hermetically sealed-module.

Bolt-On Nuclear Power

There were two variants of a sealed reactor/turbine module proposed by GE: the 601A, which would connect the turbine to an electric generator, and 601B, which would connect it to a gearbox and bronze propeller for use as a marine propulsion pod. While virtually no information seems to have survived about 601A, which was likely aimed at the US Army, the marine propulsion pod is fairly well documented in comparison in GE-ANP 910: Application Studies, which was reviewed by Mark at Atomic Skies. There are many applications in this document; 601 is the only one a modern reader might come close to calling sane.

The pod would be slung under a ship or submarine, much like the steerable electric azimuth thrusters popular on modern cruise ships and cargo vessels. Unlike them, this pod would not require any electrical plant onboard ship, freeing up an immense amount of internal volume. It would almost certainly have been fixed in orientation, at least if it had been built in 1961. Now that such thrusters are proven technology though, there’s no reason an atomic version couldn’t be put on a swivel.

Two sizes were discussed, a larger pod 60″ in diameter and 360″ long (1.5 m by 9.1 m) that would have weighed 45,000 lbs (20 metric tonnes) and output 15,000 shp (shaft horse power, equivalent to 11 MW). The runtime would have been 5000 hours on 450 lbs (204 kg) of enriched uranium. This is actually comparable to the shaft power of a large modern thruster.

There was also a smaller, 45″ diameter version that would produce only 3750 shp (2796 kW) over the same runtime. In both, the working gas of the turbines would have been neon, probably to minimize the redesign required of the original air-breathing turbine.

Steve seems to think that this podded arrangement would create drag that would prove fatally noisy for a warship, but the Spanish Navy seems to disagree, given that they’re putting azimuth thrusters under their flagship. A submarine might be another issue, but we’ll leave that to the experts. The bigger problem with using these on a warship is the low power for military applications. The contemporary Farragut-class destroyers made 85,000 shp (63 MW) with their steam turbines, so the two-pod ship in the illustration must be both rather small and rather slow.

Of course putting the reactors outside the hull of the ship also makes them very vulnerable to damage. In the 1950s, it might have seemed acceptable that a reactor damaged in battle could simply be dumped onto the seafloor. Nowadays, regulators would likely take a dimmer view of just dropping hundreds of pounds of uranium and tonnes of irradiated metal into the open ocean.

Civilian Applications

Rather than warships, this sort of small, modular reactor sounds perfect for the new fleet of nuclear cargo ships the UN is pushing for to combat climate change. The International Maritime Organization’s goal of net-zero emissions by 2050 is just not going to happen without nuclear power or a complete rethink of our shipping infrastructure. Most of the planning right now seems to center on next-generation small modular reactors: everything from pebble-bed to thorium. This Cold War relic of an idea has a few advantages, though.

Need to refuel? Swap pods. Mechanical problems? Swap pods. The ship and its nuclear power plant are wholly separate, which ought to please regulators and insurers. Converting a ship to use azimuth thrusters is a known factor, and not a huge job in dry dock. There are a great many ships afloat today that will need new engines anyway if they aren’t to be scrapped early and the shipping sector is to meet its ambitious emissions targets. Pulling out their original power plants and popping ‘atomic outboards’ underneath might be the easiest possible solution.

Sure, there are disadvantages to dusting off this hack — and we think a good case can be made that turning a turboprop into a ship-sized outboard ought to qualify as a ‘hack’. For one thing, 5000 hours before refueling isn’t very long. Most commercial cargo ships can cruise at least that long in a single season. But if swapping the pods can be done in-harbor and not in dry dock, that doesn’t seem like an insurmountable obstacle. Besides, there’s no reason to stay 100% faithful to a decades-old design; more fuel capacity is possible.

For another, most of the shielding on these things would have been provided by seawater by design, which is going to make handling the pods out of water an interesting experience. You certainly would not want to see a ship equipped with these pods capsize. Not close up, anyway.

Rather than pass judgement, we ask if General Electric’s “atomic outboard” was just way ahead of its time. What do you think?