This Teddy Bear Steals Your Ubuntu Secrets

Ubuntu just came out with the new long-term support version of their desktop Linux operating system. It’s got a few newish features, including incorporating the “snap” package management format. One of the claims about “snaps” is that they’re more secure — being installed read-only and essentially self-contained makes them harder to hack across applications. In principle.

[mjg59] took issue with their claims of increased cross-application security. And rather than just moan, he patched together an exploit that’s disguised as a lovable teddy bear. The central flaw is something like twenty years old now; X11 has no sense of permissions and any X11 application can listen in on the keyboard and mouse at any time, regardless of which application the user thinks they’re providing input to. This makes writing keylogging and command-insertion trojans effortless, which is just what [mjg59] did. You can download a harmless version of the demo at [mjg59]’s GitHub.

This flaw in X11 is well-known. In some sense, there’s nothing new here. It’s only in light of Ubuntu’s claim of cross-application security that it’s interesting to bring this up again.

xeyes

And the teddy bear in question? Xteddy dates back from when it was cool to display a static image in a window on a workstation computer. It’s like a warmer, cuddlier version of Xeyes. Except it just sits there. Or, in [mjg59]’s version, it records your keystrokes and uploads your passwords to shady underground characters or TLAs.

We discussed Snappy Core for IoT devices previously, and we think it’s a step in the right direction towards building a system where all the moving parts are only loosely connected to each other, which makes upgrading part of your system possible without upgrading (or downgrading) the whole thing. It probably does enhance security when coupled with a newer display manager like Mir or Wayland. But as [mjg59] pointed out, “snaps” alone don’t patch up X11’s security holes.

Windows and Ubuntu: “Cygwin Can Suck It”

For the last ten years or so, computing has been divided into two camps: Windows, and everything else with a *nix suffix. Want a computing paradigm where everything is a file? That’s Linux. Want easy shell scripting that makes the command line easy? Linux. Want a baroque registry with random percent signs and dollar symbols? That would be Windows. Want to run the most professional productivity apps for design and engineering? Sadly, that’s Windows as well.

*nix runs nearly the entire Internet, the top 500 supercomputers in the world, and is the build environment for every non-Windows developer. Yet Windows is the most popular operating system. The divide between Windows and *nix isn’t so much a rivalry, as much as people who still spell Microsoft with a dollar sign would tell you. It’s just the way personal computing evolved by way of legacy apps and IT directors.

Now, this great divide in the world of computing is slowly closing. At Microsoft’s Build 2016 developer’s conference, Microsoft and Canonical, Ubuntu’s parent company, announced a partnership that will allow Ubuntu to run using native Windows libraries.

In short, this announcement means bash and the Linux command line is coming to Windows 10. The command line is great, but userland is where it’s at, and here this partnership really shines. Unlike Cygwin, the current way to get *nix stuff running in a Windows environment, Windows’ bash will allow unmodified Linux programs to run unmodified on Windows 10.

It is not an understatement to say this is the most important development in operating systems in the last 10 years. For the last decade, every developer who is not purely a Windows developer has picked up a MacBook for the sole reason of having BSD under the hood. If you’re looking for a reason Apple is popular with devs, it’s *nix under the hood. This announcement changes all of that.

Drones Are Getting A Lot Smarter

[DJI], everyone’s favorite — but very expensive — drone company just announced the Manifold — an extremely capable high performance embedded computer for the future of aerial platforms. And guess what? It runs Ubuntu.

The unit features a quad-core ARM Cortex A-15 processor with an NVIDIA Keplar-based GPU and runs Canonical’s Ubuntu OS with support for CUDA, OpenCV and ROS. The best part is it is compatible with third-party sensors allowing developers to really expand a drone’s toolkit. The benefit of having such a powerful computer on board means you can collect and analyze data in one shot, rather than relaying the raw output down to your control hub.

And because of the added processing power and the zippy GPU, drones using this device will have new artificial intelligence applications available, like machine-learning and computer vision — Yeah, drones are going to be able to recognize and track people; it’s only a matter of time.

We wonder what this will mean for FAA regulations…

Ubuntu Core Supports Raspberry Pi 2 I/O

Although it isn’t official, Ubuntu Core–the tiny Internet of Things version of Ubuntu–now runs on the Raspberry Pi 2. There are prebuilt binaries as well as instructions for how to roll your own, if you prefer. You can even access GPIO

Ubuntu Core abandons the old-style Debian packages, in favor of Snap, a new version of the Ubuntu phone’s Click package manager. Snap offers transactional updates. The idea is that all of these “things” on the IoT need to be updated to patch security holes or fix other issues.

Continue reading “Ubuntu Core Supports Raspberry Pi 2 I/O”

Building a Portable Ham Radio Station

Nowadays, you can get into ham radio on the cheap. A handheld radio can be had for less than $30, and licensing is cheap or free depending on where you live. However, like most hobbies, you tend to invest in better kit over time.

[Günther] just finished up building this portable ham station to meet his own requirements. It runs off 230 VAC, or a backup 12 V car battery for emergency purposes. The Yaesu FT897d transceiver can communicate on HF + 6m, 2m, and 70 cm bands.

This transceiver can be controlled using a Microham USB-3 interface, which provides both CAT control and a soundcard. This pre-built solution is a bit simpler than the DIY option. With the interface in place, the whole rig can be controlled by a laptop running Ubuntu and open-source HAM software.

With the parts chosen, [Günther] picked up a standard 5 U 19″ rack, which is typically used for audio gear. This case has the advantage of being durable, portable, and makes it easy to add shelves and drawers. With an automotive fuse block for power distribution and some power supplies, the portable rig is a fully self-contained HAM station.

Web Interface for the FRAM LaunchPad

webUILaunchpad The Internet of Things is here in full force. The first step when adding to the Internet of Things is obvious, adding a web interface to your project. [Jaspreet] wrote in to tell us about his project that adds a web interface to his MSP430 based project, making it easy to add any project to the internet of things.

Creating a web interface can be a bit overwhelming if you have never done it before. This project makes it easy by using a dedicated computer running Linux to handle all of the web related tasks. The LaunchPad simply interfaces with the computer using USB and Python, and the computer hosts the webpage and updates it in real time using Node.js. The result is a very professional looking interface with an impressively responsive display that can control the on-board LEDs, read analog values from the integrated ADC, and stream accelerometer data. Be sure to see it in action after the break!

We could see this project being expanded to run on the Raspberry Pi with a multitude of sensors. What will you add a web interface to next? Home automation? A weather station? Let us know!

Continue reading “Web Interface for the FRAM LaunchPad”

Android stick mutates into a home server

small-form-factor-home-server

Kiss that energy hungry PC you’ve been using as a home server goodbye. [Vince Loschiavo] shows us how he squeezed a remarkable amount of functionality out of an inexpensive Android stick which manages his home’s digital empire.

He started off just wanting some network attached storage. For this he grabbed an MK802 Android Stick which you can get for a song if you find the right deal. To bend it to his will he said goodbye to the Android OS, installing Ubuntu for ARM instead. The stick (which is missing its case in the image above) connects to a USB hub in host mode, but does actually draw all of its power from the hub itself. This made it possible to attach a USB to Ethernet adapter to boost the speed which would have been limited by the WiFi connection. There’s a 320 gig USB hard drive for the storage. With that much space on hand it makes sense to add streaming media service as well which is simple since it’s running Linux. The last part of his work actually turns it into an Asterisk server by way of Google Voice and a SIP phone. An impressive outcome at a bargain price to be sure!