Bye Bye Ubuntu, Hello Manjaro. How Did We Get Here?

June 8, 2023 by 117 Comments

Last week I penned a cheesy fake relationship breakup letter to Ubuntu, my Linux distribution of choice for the last 15 years or so. It had well and truly delivered on its promise of a painless Linux desktop for most of that time, but the most recent upgrades had rendered it slow and bloated, with applications taking minutes to load and USB peripherals such as my film scanner mysteriously stopping working. I don’t have to look far to identify the point at which they adopted Snap packages as the moment when it all went wrong. I’d reached the point at which I knew our ways must part, and it was time to look for another distro.

Continue reading “Bye Bye Ubuntu, Hello Manjaro. How Did We Get Here?”

Dear Ubuntu…

May 22, 2023 by 280 Comments

Dear Ubuntu,

I hope this letter finds you well. I want to start by saying that our time together has been one of creativity and entertainment, a time in which you gave me the tools to develop a new career, to run a small electronics business, make fun things, and to write several thousand articles for Hackaday and other publications, but for all that it’s sadly time for our ways to part. The magic that once brought us together has faded, and what remains is in danger of becoming a frustration.

In our early days as an item you gave me for the first time a Linux distro that was complete, fast, and easy to use without spending too much time at the CLI or editing config files to make things happen; you gave me a desktop that was smooth and uncluttered, and you freed me from all those little utilities that were required to make Windows usable. You replaced the other distros I’d been using, you dual-booted with my Windows machines, and pretty soon you supplanted the Microsoft operating system entirely.

Ubuntu and me and a trusty Dell laptop, Oxford Hackspace, 2017.
Me and Ubuntu in 2017, good times.

We’ve been together for close to two decades now, and in that time we’ve looked each other in the eye across a variety of desktop and laptop computers. My trusty Dell Inspiron 640 ran you for over a decade through several RAM, HDD, and SSD upgrades, and provided Hackaday readers with the first few years of my writing. Even the Unity desktop couldn’t break our relationship, those Linux Mint people weren’t going to tear us asunder! You captured my text, edited my videos and images, created my PCBs and CAD projects, and did countless more computing tasks. Together we made a lot of people happy, and for that I will always be grateful. Continue reading “Dear Ubuntu…”

Building The Dolphin Emulator In Ubuntu On A Nintendo Switch

March 28, 2021 by No comments

[LOE TECH] has made a habit of trying out various emulation methods on his Nintendo Switch and recording the results for our benefit. Of that testing, some of the best performance he’s seen makes use of the Dolphin emulator running in Ubuntu Linux, and he has made a tutorial video documenting how to build the project, as well as how to make some performance tweaks to get the most out of the mod.

We love seeing Linux run on basically anything with a processor. It’s a classic hack at this point. Nintendo has traditionally kept its consoles fairly locked down, though, even in the face of some truly impressive efforts; so it’s always a treat to see the open-source OS run relatively smoothly on the console. This Ubuntu install is based on NVIDIA’s Linux for Tegra (L4T) package, which affords some performance gains over Android installations on the same hardware. As we’ve seen with those Android hacks, however, this software mod also makes use of the Switchroot project and, of course, it only works with specific, unpatched hardware. But if you’ve won the serial number lottery and you’re willing to risk your beloved console, [LOE TECH] also has a video detailing the process he used to get Ubuntu up and running.

Check out the video below for a medley of Gamecube game test runs. Some appear to run great, and others, well… not so much. But we truly appreciate how he doesn’t edit out the games that stutter and lag. This way, we get a more realistic, more comprehensive overview of unofficial emulation performance on the Switch. Plus, it’s almost fun to watch racing games go by in slow motion; almost, that is, if we couldn’t empathize with how frustrating it must have been to play.

Continue reading “Building The Dolphin Emulator In Ubuntu On A Nintendo Switch”

Escalating Privileges In Ubuntu 20.04 From User Account

November 11, 2020 by 28 Comments

Ubuntu 20.04 is an incredibly popular operating system, perhaps the most popular among the Linux distributions due to its ease-of-use. In general, it’s a fairly trustworthy operating system too, especially since its source code is open. However, an update with the 20.04 revision has led to security researcher [Kevin Backhouse] finding a surprisingly easy way to escalate privileges on this OS, which we would like to note is not great.

The exploit involves two bugs, one in accountservice daemon which handles user accounts on the computer, and another in the GNOME Display Manager which handles the login screen. Ubuntu 20.04 added some code to the daemon which looks at a specific file on the computer, and with a simple symlink, it can be tricked into reading a different file which locks the process into an infinite loop. The daemon also drops its privileges at one point in this process, a normal security precaution, but this allows the user to crash the daemon.

The second bug for this exploit involves how the GNOME Display Manager (gdm3) handles privileges. Normally it would not have administrator privileges, but if the accountservice daemon isn’t running it escalates itself to administrator, where any changes made have administrator privileges. This provides an attacker with an opportunity to create a new user account with administrator privileges.

Of course, this being Ubuntu, we can assume that this vulnerability will be immediately patched. It’s also a good time to point out that the reason that open-source software is inherently more secure is that when anyone can see the source code, anyone can find and report issues like this which allow the software maintainer (or even the user themselves) to make effective changes more quickly.

Ubuntu (Finally) Officially Lands On The Raspberry Pi. But Will Anyone Notice?

October 31, 2020 by 51 Comments

The Raspberry Pi has been with us for over eight years now, and during that time it has seen a myriad operating system ports. It seems that almost anything can be run on the little computer, but generally the offerings have seen minority uptake in the face of the officially supported Raspbian, or as it’s now called, Raspberry Pi OS.

Maybe that could change, with the arrival of an Ubuntu release for the platform. For those of you pointing out that this is nothing new, what makes the new version 20.10 release special is that it’s the first official full Ubuntu release, rather than an unofficial port.

So Raspberry Pi 4 owners can now install the same full-fat Ubuntu they have on their PCs, and with the same official Ubuntu support. What does this really do for them that Raspberry Pi OS doesn’t? Underneath they share Debian underpinnings, and they both benefit from a huge quantity of online resources should the user find themselves in trouble. Their repositories both contain almost every reasonable piece of software that could be imagined, so the average Pi user might be forgiven for a little confusion.

We don’t expect this news to take the Pi desktop world by storm then. Ubuntu is a powerful distribution, but it’s fair to say that it is not the least bloated among distributions, and that some of its quirks such as Snap applications leave many users underwhelmed. By contrast Raspberry Pi OS is relatively lightweight, and crucially it’s optimised for the Pi. Its entire support base online is specific to the Pi hardware, so the seeker of solutions need not worry about encountering some quirk in an explanation that pertains only to PC platforms.

It’s fair to say though, that this release is almost certainly not targeted at the casual desktop user. We’d expect that instead it will be in the Ubuntu portfolio for commercial and enterprise users, and in particular for the new Raspberry Pi 4 Compute Module in which it will no doubt form the underpinnings of many products without their owners ever realising it.

[via OMG Ubuntu]

Ubuntu Update Hack Chat

July 20, 2020 by 18 Comments

Join us on Wednesday, July 22 at noon Pacific for the Ubuntu Update Hack Chat with Rhys Davies and Alan Pope!

Everyone has their favorite brands, covering everything from the clothes they wear to the cars they drive. We see brand loyalty informing all sorts of acquisition decisions, not only in regular consumer life but in technology, too. Brand decisions sort people into broad categories like Mac versus PC, or iPhone versus Android, and can result in spirited discussions of the relative merits of one choice over the others. It’s generally well-intentioned, even if it gets a bit personal sometimes.

Perhaps no choice is more personal in hacker circles than which Linux distribution to use. There are tons to choose from, each with their various features and particular pros and cons. Ubuntu has become a very popular choice for Linux aficionados, attracting more than a third of the market. Canonical is the company behind the Debian-based distro, providing editions that run on the desktop, on servers, and on a variety of IoT devices, as well as support and services for large-scale users.

To fill us in on what’s new in the world of Ubuntu, Canonical product manager Rhys Davies and developer advocate Alan Pope will stop by the Hack Chat this week. They’ll be ready to answer all your questions about the interesting stuff that’s going on with Ubuntu, including the recently announced Ubuntu Appliances, easy to install, low maintenance images for Raspberry Pis and PCs that are built for security and simplicity. We’ll also talk about snaps, desktops, and whatever else crops up.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, July 22 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Ubuntu Update Hack Chat”

Reliably Exploiting Apport In Ubuntu

December 16, 2016 by 17 Comments

[Donncha O’Cearbhaill] has successfully exploited two flaws in Apport, the crash report mechanism in Ubuntu. Apport is installed by default in all Ubuntu Desktop installations >= 12.10 (Quantal). Inspired by [Chris Evan] work on exploiting 6502 processor opcodes on the NES, [Donncha] describes the whole process of finding and exploiting a 0-day on a modern linux system.

One of the flaws, tracked as CVE-2016-9949, relies on a python code injection in the crash file. Apport blindly uses the python eval() function on an unsanitized field (CrashDB) inside the .crash file. This leads directly to arbitrary python code execution. The other flaw, tracked as CVE-2016-9950, takes advantage of a path traversal attack and the execution of arbitrary Python scripts outside the system hook_dirs. The problem arises when another field (Package) from the crash report file is used without sanitizing when building a path to the package hook files.

CVE-2016-9949 is easily exploitable, if an attacker can trick a user into opening a specially crafted file (apport .crash file), the attacker can execute the python code of his/her choice. Two details make it a very interesting exploit.

The first thing to note is the exploit’s reliability. Given that it is pure python code execution, an attacker doesn’t have to worry about ASLR, Non-Exec Memory, Stack Canaries and other security features that Ubuntu ships by default. As the author notes:

“There are lots of bugs out there which don’t need hardcore memory corruption exploitation skills. Logic bugs can be much more reliable than any ROP chain.”

Another interesting detail is that the exploit file doesn’t need to have the .crash extension, as long as its content starts with the string “ProblemType: ” and the file extension is not associated already with other software, Ubuntu considers it being of mime-type type=”text/x-apport” (for example, .ZlP or .0DF). This significantly improves the chances of an unsuspecting user being fooled into open the file.

Continue reading “Reliably Exploiting Apport In Ubuntu”