PostmarketOS Now Boots On Over 250 Devices

June 17, 2024 by Tom Nardi 43 Comments

Every year, as consumers gobble up the latest Android devices, more old, but perfectly serviceable, units end up collecting dust in drawers. Or worse, they end up getting tossed in the trash. One of the most promising tools we have to help keep these older devices useful is postmarketOS, a full-fledged Linux distribution that provides a flexible and up-to-date software environment on devices that might otherwise be stuck with some old and unsupported version of Google’s mobile operating system.

As of the latest update on the postmarketOS blog, the team has announced an exciting milestone: over 250 devices can now boot the stable release of the OS.

Now to be clear, not all devices will be fully functional. In fact, the blog post clarifies that some of them only barely boot. But it’s progress, and now that these semi-supported devices aren’t hidden behind a development version of the OS, it means more folks will be able to put them to use.

For example, if you want to turn your old smartphone into a low-energy headless webserver, it doesn’t really matter if its display, touchscreen, or speakers are supported. You just need it to boot into Linux and fire up an SSH server so you can get in and start working.

But support for new devices is just one of the additions in this new v24.06 release. The blog post also points out several notable software upgrades, including the move to the 6.x branch of KDE Plasma Mobile. This brings with it a long list of improvements and changes, including a rewritten homescreen with enhanced customization options. If you prefer a more minimal GUI, don’t worry. This new release also updates Sxmo, which provides a menu-driven interface for both touch screens and hardware controls.

Among the newly supported devices is a generic x86_64 image that should work on a wide array of PCs. While obviously there’s no shortage of Linux distros you could run on your old computer, being able to install postmarketOS on it is definitely helpful for development purposes. There’s also a new Tegra ARMv7 target which brings a number of new devices into the fold, such as the Google Nexus 7, and Microsoft Surface RT.

Looking to run postmarketOS on your own hardware? The best way to start is to check the Devices page and see how many of those old gadgets you’ve got collecting dust in a drawer are compatible.

Voyager 1 Once Again Returning Science Data From All Four Instruments

June 15, 2024 by Maya Posch 13 Comments

As humanity’s furthest reach into the Universe so far, the two Voyager spacecraft’s well-being is of utmost importance to many. Although we know that there will be an end to any science mission, the recent near-death experience by Voyager 1 was a shocking event for many. Now it seems that things may have more or less returned to normal, with all four remaining scientific instruments now back online and returning information.

Since the completion of Voyager 1’s primary mission over 43 years ago, five of its instruments (including the cameras) were disabled to cope with its diminishing power reserves, with two more instruments failing. This left the current magnetometer (MAG), charged particle (LECP) and cosmic ray (CRS) instruments, as well as the plasma wave subsystem (PWS). These are now all back in operation based on the returned science data after the Voyager team confirmed previously that they were receiving engineering data again.

With Voyager 1 now mostly back to normal, some housekeeping is necessary: resynchronizing the onboard time, as well as maintenance on the digital tape recorder. This will ensure that this venerable spacecraft will be all ready for its 47th anniversary this fall.

Thanks to [Mark Stevens] for the tip.

RIP Lynn Conway, Whose Work Gave Us VLSI And Much More

June 14, 2024 by Jenny List 47 Comments

Lynn Conway, American engineer and computer scientist, passed away at the age of 86 from a heart condition on June 9th, at her Michigan home. Her work in the 1970s led to the integrated circuit design and manufacturing methodology known as Very Large Scale Integration, or VLSI, something which touches almost all facets of the world we live in here in 2024.

It was her work at the legendary Xerox PARC that resulted in VLSI, and its subsequent publication had the effect through the 1980s of creating a revolution in the semiconductor industry. By rendering an IC into a library of modular units that could be positioned algorithmically, VLSI enabled much more efficient use of space on the die, and changed the design process from one of layout into one of design. In simple terms, by laying out pre-defined assemblies with a computer rather than individual components by hand, a far greater density of components could be achieved, and more powerful circuits could be produced.

You may have also heard of Lynne Conway, not because of her VLSI work, but because as a transgender woman she found herself pursuing a parallel career as an activist in her later decades. As an MIT student in the 1950s she had tried to transition but been beaten back by the attitudes of the time, before dropping out and only returning to Columbia University to finish her degree a few years later in the early 1960s. A job at IBM followed, but when she announced her intent to transition she was fired from IBM and lost access to her family. Continue reading “RIP Lynn Conway, Whose Work Gave Us VLSI And Much More” →

This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More

June 14, 2024 by Jonathan Bennett 7 Comments

There’s a popular Sysadmin meme that system problems are “always DNS”. In the realm of security, it seems like “it’s always Unicode“. And it’s not hard to see why. Unicode is the attempt to represent all of Earth’s languages with a single character set, and that means there’s a lot of very similar characters. The two broad issues are that human users can’t always see the difference between similar characters, and that libraries and applications sometimes automatically convert exotic Unicode characters into more traditional text.

This week we see the resurrection of an ancient vulnerability in PHP-CGI, that allows injecting command line switches when a web server launches an instance of PHP-CGI. The solution was to block some characters in specific places in query strings, like a query string starting with a dash.

The bypass is due to a Windows feature, “Best-Fit”, an automatic down-convert from certain Unicode characters. This feature works on a per-locale basis, which means that not every system language behaves the same. The exact bypass that has been found is the conversion of a soft hyphen, which doesn’t get blocked by PHP, into a regular hyphen, which can trigger the command injection. This quirk only happens when the Windows locale is set to Chinese or Japanese. Combined with the relative rarity of running PHP-CGI, and PHP on Windows, this is a pretty narrow problem. The XAMPP install does use this arrangement, so those installs are vulnerable, again if the locale is set to one of these specific languages. The other thing to keep in mind is that the Unicode character set is huge, and it’s very likely that there are other special characters in other locales that behave similarly.

Downloader Beware

The ComfyUI project is a flowchart interface for doing AI image generation workflows. It’s an easy way to build complicated generation pipelines, and the community has stepped up to build custom plugins and nodes for generation. The thing is, it’s not always the best idea to download and run code from strangers on the Internet, as a group of ComfyUI users found out the hard way this week. The ComfyUI_LLMVISION node from u/AppleBotzz was malicious.

The node references a malicious Python package that grabs browser data and sends it all to a Discord or Pastebin. It appears that some additional malware gets installed, for continuing access to infected systems. It’s a rough way to learn. Continue reading “This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More” →

Raspberry Pi Goes Public

June 11, 2024 by Elliot Williams 57 Comments

We’ve heard rumors for the last few months, and now it looks like they’ve come true: the business side of Raspberry Pi, Raspberry Pi Holdings has become a publicly listed company on the London Stock Exchange.

We heard rumblings about this a while back, and our own [Jenny List] asked the question of what this means for the hobbyist and hacker projects that use their products. After all, they’ve been spending a lot of money making new silicon, and issuing stock helps them continue. Jenny worried that they’d forget that what sells their hardware is the software, but ends up concluding that they’ll probably continue doing more of the same thing, just with better funding.

Raspberry Pi CEO [Eben Upton] said basically the same when we asked him what a floatation would mean for the Raspberry Pi Foundation, which is the non-profit arm of the Raspberry Empire, and which is responsible for a lot of the educational material and outreach that they do. (Fast-forward to minute 40.) Before the share issue, the Foundation wholly owned Holdings, and received donations to fund its work. Now that there has been a floatation, it looks like the Foundation will owns 70% of Holdings, and will use this endowment to finance its educational mission.

We don’t have a crystal ball, but we suspect this changes not much at all. Raspberry Pi Holdings Ltd is doing great business by producing niche single-board computers that appeal both to the hacker and industrial markets, and the Raspberry Pi Foundation now has a more concrete source of funding to continue its educational goals. But the future will tell!

Scrapping The Local Loop, By The Numbers

June 11, 2024 by Dan Maloney 57 Comments

A few years back I wrote an “Ask Hackaday” article inviting speculation on the future of the physical plant of landline telephone companies. It started innocently enough; an open telco cabinet spotted during my morning walk gave me a glimpse into the complexity of the network buried beneath my feet and strung along poles around town. That in turn begged the question of what to do with all that wire, now that wireless communications have made landline phones so déclassé.

At the time, I had a sneaking suspicion that I knew what the answer would be, but I spent a good bit of virtual ink trying to convince myself that there was still some constructive purpose for the network. After all, hundreds of thousands of technicians and engineers spent lifetimes building, maintaining, and improving these networks; surely there must be a way to repurpose all that infrastructure in a way that pays at least a bit of homage to them. The idea of just ripping out all that wire and scrapping it seemed unpalatable.

With the decreasing need for copper voice and data networks and the increasing demand for infrastructure to power everything from AI data centers to decarbonized transportation, the economic forces arrayed against these carefully constructed networks seem irresistible. But what do the numbers actually look like? Are these artificial copper mines as rich as they appear? Or is the idea of pulling all that copper out of the ground and off the poles and retasking it just a pipe dream?

Continue reading “Scrapping The Local Loop, By The Numbers” →