This Teddy Bear Steals Your Ubuntu Secrets

Ubuntu just came out with the new long-term support version of their desktop Linux operating system. It’s got a few newish features, including incorporating the “snap” package management format. One of the claims about “snaps” is that they’re more secure — being installed read-only and essentially self-contained makes them harder to hack across applications. In principle.

[mjg59] took issue with their claims of increased cross-application security. And rather than just moan, he patched together an exploit that’s disguised as a lovable teddy bear. The central flaw is something like twenty years old now; X11 has no sense of permissions and any X11 application can listen in on the keyboard and mouse at any time, regardless of which application the user thinks they’re providing input to. This makes writing keylogging and command-insertion trojans effortless, which is just what [mjg59] did. You can download a harmless version of the demo at [mjg59]’s GitHub.

This flaw in X11 is well-known. In some sense, there’s nothing new here. It’s only in light of Ubuntu’s claim of cross-application security that it’s interesting to bring this up again.

xeyes

And the teddy bear in question? Xteddy dates back from when it was cool to display a static image in a window on a workstation computer. It’s like a warmer, cuddlier version of Xeyes. Except it just sits there. Or, in [mjg59]’s version, it records your keystrokes and uploads your passwords to shady underground characters or TLAs.

We discussed Snappy Core for IoT devices previously, and we think it’s a step in the right direction towards building a system where all the moving parts are only loosely connected to each other, which makes upgrading part of your system possible without upgrading (or downgrading) the whole thing. It probably does enhance security when coupled with a newer display manager like Mir or Wayland. But as [mjg59] pointed out, “snaps” alone don’t patch up X11’s security holes.

Modifying a Raspberry Pi 2 To Fit In Small Places

Still can’t get your hands on a Pi Zero? We know. Why not de-solder a few headers from a Raspberry Pi 2 to fit in your next project instead? Using a pair of 2.5″ HDD enclosures, [nodenet] made a mini linux laptop using the Raspberry Pi 2 — It even has a touch screen, and features a 1000mAh battery!

All in all it cost him about $120 for all the components, but before you JrECiM0rush out to make your own, you will need pretty good skills with a soldering iron to successfully downsize your Raspberry Pi 2. The modifications require removing both USB ports, the Ethernet plug, the GPIO pins, the HDMI port, the A/V jack and the camera connectors.

He used a combination of a mini hacksaw, and a soldering iron to remove all the components — what you’re left with his a business card sized computer — but the real fun part is re-attaching all the components with leads.

Continue reading “Modifying a Raspberry Pi 2 To Fit In Small Places”

Arduino Comes To The Raspberry Pi, Linux ARM Devices

Arduino is the perfect introduction to microcontrollers and electronics. The recent trend of powerful, cheap, ARM-based single board Linux computers is the perfect introduction to computer science, programming, and general Linux wizardry. Until now, though, Arduino and these tiny ARM computers have been in two different worlds. Now, finally, there are nightly builds of Arduino IDE on the Raspberry Pi and other single board Linux computers.

The latest Arduino build for ARM Linux popped up on the arduino.cc downloads page early this week. This is the result of an incredible amount of work from dozens of open source developers across the Arduino project. Now, with just a simple download and typing ‘install’ into a terminal, the Arduino IDE is available on just about every single board Linux computer without having to build the IDE from source. Of course, Arduino has been available on the Raspberry Pi for a very long time with sudo apt-get install arduino, but this was an older version that cannot work with newer Arduino boards.

Is this distribution of the Arduino IDE the same you would find on OS X and Windows? Yep, everything is the same:

While this is really just arduino.cc improving their automated build process and putting a link up on their downloads page, it does make it exceptionally easy for anyone to set up a high school electronics lab. The Raspberry Pi is almost a disposable computing device, and combining it with Arduino makes for a great portable electronics lab.

Windows and Ubuntu: “Cygwin Can Suck It”

For the last ten years or so, computing has been divided into two camps: Windows, and everything else with a *nix suffix. Want a computing paradigm where everything is a file? That’s Linux. Want easy shell scripting that makes the command line easy? Linux. Want a baroque registry with random percent signs and dollar symbols? That would be Windows. Want to run the most professional productivity apps for design and engineering? Sadly, that’s Windows as well.

*nix runs nearly the entire Internet, the top 500 supercomputers in the world, and is the build environment for every non-Windows developer. Yet Windows is the most popular operating system. The divide between Windows and *nix isn’t so much a rivalry, as much as people who still spell Microsoft with a dollar sign would tell you. It’s just the way personal computing evolved by way of legacy apps and IT directors.

Now, this great divide in the world of computing is slowly closing. At Microsoft’s Build 2016 developer’s conference, Microsoft and Canonical, Ubuntu’s parent company, announced a partnership that will allow Ubuntu to run using native Windows libraries.

In short, this announcement means bash and the Linux command line is coming to Windows 10. The command line is great, but userland is where it’s at, and here this partnership really shines. Unlike Cygwin, the current way to get *nix stuff running in a Windows environment, Windows’ bash will allow unmodified Linux programs to run unmodified on Windows 10.

It is not an understatement to say this is the most important development in operating systems in the last 10 years. For the last decade, every developer who is not purely a Windows developer has picked up a MacBook for the sole reason of having BSD under the hood. If you’re looking for a reason Apple is popular with devs, it’s *nix under the hood. This announcement changes all of that.

The Internet of Linux Things

The Linux Foundation is a non-profit organization that sponsors the work of Linus Torvalds. Supporting companies include HP, IBM, Intel, and a host of other large corporations. The foundation hosts several Linux-related projects. This month they announced Zephyr, an RTOS aimed at the Internet of Things.

The project stresses modularity, security, and the smallest possible footprint. Initial support includes:

  • Arduino 101
  • Arduino Due
  • Intel Galileo Gen 2
  • NXP FRDM-K64F Freedom

The project (hosted on its own Website) has downloads for the kernel and documentation. Unlike a “normal” Linux kernel, Zephyr builds the kernel with your code to create a monolithic image that runs in a single shared address space. The build system allows you to select what features you want and exclude those you don’t. You can also customize resource utilization of what you do include, and you define resources at compile time.

By default, there is minimal run-time error checking to keep the executable lean. However, there is an optional error-checking infrastructure you can include for debugging.

The API contains the things you expect from an RTOS like fibers (lightweight non-preemptive threads), tasks (preemptively scheduled), semaphores, mutexes, and plenty of messaging primitives. Also, there are common I/O calls for PWM, UARTs, general I/O, and more. The API is consistent across all platforms.

You can find out more about Zephyr in the video below. We’ve seen RTOS systems before, of course. There’s even some for robots. However, having a Linux-heritage RTOS that can target small boards like an Arduino Due and a Freedom board could be a real game changer for sophisticated projects that need an RTOS.

Continue reading “The Internet of Linux Things”

Wolfenstein in 600 Lines of Code

What’s more impressive, the fact that this Wolfenstein-like game is 600 lines of code, or that it’s written in AWK?

AWK is a language primarily used for text processing. But if you can write code the world bows to your wishes. [Fedor Kalugin] leverages the ability of a Linux terminal’s color options to draw his game. The 3D aspect is produced through ray-casting which generates a 2D image from 3D coordinates.

Trying out the game is extremely simple, install gawk, clone the repo, and play:

Continue reading “Wolfenstein in 600 Lines of Code”

LiteBSD Brings 4.4BSD to PIC32

A few years ago [Serge Vakulenko] started the RetroBSD project–a 16-bit port of the old 2.11BSD operating system to the Microchip PIC32 microcontroller. This was impressive, but version 2 of BSD is, to most people, old news and somewhat difficult to use compared to modern BSD and Linux operating systems.

[Serge] has been at it again, however, and now has a port of 4.4BSD–LiteBSD–running on the PIC32MZ. According to [Alexandru Voica] there is about 200K of user space memory in the basic build, and by removing some OS features, you could double or triple that figure.

Continue reading “LiteBSD Brings 4.4BSD to PIC32”