Author: Jonathan Bennett

543 Articles

The Linux Kernel 5.14 Audio Update

July 13, 2021 by 39 Comments

You may remember the Pipewire coverage we ran a couple weeks ago, and the TODO item to fix up Firewire device support with Pipewire. It turns out that this is an important feature for kernel hackers, too, because the Alsa changes just got pulled into the 5.14 kernel, and included is the needed Firewire audio work. Shout-out to [Marcan] for pointing out this changeset. Yes, that’s the same as [Hector Martin], the hacker bringing Linux to the M1, who also discovered M1racles. We’ve covered some of his work before.

It turns out that some Firewire audio devices expect timing information in the delivery stream to match the proper playback time for the audio contained in the stream. A naive driver ends up sending packets of sound to the Firewire device that wanted to be played before the packet arrives. No wonder the devices didn’t work correctly. I’m running a 5.14 development kernel, and so far my Focusrite Saffire Pro40 has been running marvelously, where previous kernels quickly turned its audio into a crackling mess.

There is another fix that’s notable for Pipewire users, a reduction in latency for USB audio devices. That one turned out to be not-quite-correct, leading to a hang in the kernel on Torvald’s machine. It’s been reverted until the problem can be corrected, but hopefully this one will land for 5.14 as well. (Edit: The patch was cleaned up, and has been pulled for 5.14. Via Phoronix.) Let us know if you’d like to see more kernel development updates!

This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!

July 9, 2021 by 29 Comments

For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.

Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild. Continue reading “This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!”

Evan Doorbell’s Telephone World

July 6, 2021 by 19 Comments

Ah, phone phreaking. Some of us are just old enough to remember the ubiquity of land lines, but just young enough to have missed out on the golden years of phreaking. There’s something nostalgic about the analog sounds of the telephone, and doubly so when you understand what each click and chunk sound means. If this wistful feeling sounds familiar, then you too will appreciate [Evan Doorbell] and his recordings of 1970s telephone sounds. He’s been slowly working through his old recordings, and compiling them into a series of narrated tours of the phreak subculture.

[Evan]’s introduction to exploring the phone system started from a misdialed number, and an odd message. He describes that recorded “wrong number” message as being very different from the normal Ma Bell messages — this one was almost sultry. What number did he have to dial to hear that unique recording again? What follows is a youth spent in pursuit of playing with the phone system, though it would be more accurate to say the “phone systems”, as discovering the differences between the various local phone exchanges is a big part of the collection. Check out the first tape in the series after the break.
Continue reading “Evan Doorbell’s Telephone World”

This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape

July 2, 2021 by 14 Comments

Code signing is the silver bullet that will save us from malware, right? Not so much, particularly when vendors can be convinced to sign malicious code. Researchers at G DATA got a hit on a Windows kernel driver, indicating it might be malicious. That seemed strange, since the driver was properly signed by Microsoft. Upon further investigation, it became clear that this really was malware. The file was reported to Microsoft, the signature revoked, and the malware added to the Windows Defender definitions.

The official response from Microsoft is odd. They start off by assuring everyone that their driver signing process wasn’t actually compromised, like you would. The next part is weird. Talking about the people behind the malware: “The actor’s goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers.” This doesn’t seem to really match the observed behavior of the malware — it seemed to be decoding SSL connections and sending the data to the C&C server. We’ll update you if we hear anything more on this one.
Continue reading “This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape”

This Week In Security: Schemeflood, Modern Wardialing, And More!

June 25, 2021 by 17 Comments

There’s been yet another technique discovered to fingerprint users, and this one can even work in the Tor browser. Scheme flooding works by making calls to application URLs, something like steam://browsemedia. If your machine supports the requested custom URL, a pop-up is displayed, asking permission to launch the external application. That pop-up can be detected by JavaScript in the browser. Detect enough apps, and you can build a reasonable fingerprint of the system the test is run on. Unlike some previous fingerprinting techniques, this one isn’t browser dependent — it will theoretically give the same results for any browser. This means even the Tor browser, or any browser being used over the Tor network, can give your potentially unique set of installed programs away.

Now for the good news. The Chrome devs are already working on this issue, and in fact, Chrome on my Linux desktop didn’t respond to the probes in a useful way. Feel free to check out the demo, and see if the results are accurate. And as for Tor, you really should be running that on a dedicated system or in a VM if you really need to stay anonymous. And disable JavaScript if you don’t want the Internet to run code on your computer.
Continue reading “This Week In Security: Schemeflood, Modern Wardialing, And More!”

Rocky Linux Is Ready For Prime Time!

June 24, 2021 by 23 Comments

For some small percentage of the Hackaday crowd, our world got turned upside down at the end of last year, when Red Hat announced changes to CentOS. That distro is the official repackage of Red Hat Enterprise Linux, providing a free, de-branded version of RHEL. The big problem was that CentOS 8 support has been cut way short, ending at the end of 2021 instead of the expected 2029. This caused no shortage of consternation in the community, and a few people and companies stepped forward to provide their own CentOS alternative, with AlmaLinux and Rocky Linux being the two most promising. AlmaLinux minted their first release in March, but the Rocky project made the decision to take things a bit slower. The wait is over, and the Rocky Linux 8.4 release is ready.

Not only are there ISOs for new installs, there is also a script to convert a CentOS 8 install to Rocky. Now before you run out and convert all your CentOS machines, there are a few caveats. First, the upgrade script is still being tested and fixed as problems are found. The big outstanding issue is that Secure Boot isn’t working yet. The process of spinning up a new Secure Boot shim and getting it properly signed is non-trivial, and takes time. The plan is to do an 8.4 re-release when the shim is ready, so keep an eye out for that, if you need Secure Boot support.

The future looks bright for enterprise Linux, with options such as Rocky Linux, AlmaLinux, and even CentOS Stream. It’s worth noting that Rocky has a newly formed company behind it, CIQ, offering support if you want it. The Rocky crew is planning a launch party online on June 25th, so tune in if that’s your thing. Regardless of which Linux OS you run, it’s good to have Rocky in the game.

PipeWire, The Newest Audio Kid On The Linux Block

June 23, 2021 by 65 Comments

Raise your hand if you remember when PulseAudio was famous for breaking audio on Linux for everyone. For quite a few years, the standard answer for any audio problem on Linux was to uninstall PulseAudio, and just use ALSA. It’s probably the case that a number of distros switched to Pulse before it was quite ready. My experience was that after a couple years of fixing bugs, the experience got to be quite stable and useful. PulseAudio brought some really nice features to Linux, like moving sound streams between devices and dynamically resampling streams as needed.

Continue reading “PipeWire, The Newest Audio Kid On The Linux Block”