Easy Device Configuration For Your Pi Projects

November 18, 2020 by Jenny List 14 Comments

We’re all familiar with a typical configuration sequence for a new mass-market IoT device. Turn it on for the first time and it exposes a temporary Wi-Fi network, connect to that network and open a Web page for device configuration. Wouldn’t it be useful to be able to incorporate that functionality into your own projects without having to write it yourself! Happily now thanks to [Peter Walsh] you can, with his AppDaemon project for the Raspberry Pi.

At its heart is a set of Perl scripts that run whatever your software is, then monitor a GPIO. A button press toggling the GPIO stops the application and fires up the access point and web server. Handily the code can all be found in a GitHub repository, and there is a run-through of the features in a video that we’ve placed below the break. It’s not something that will appeal to everybody, but for anyone who has to pass their work onto people who can’t dive into a config file and break out the editor, it should be a particularly useful addition to the armoury.

Continue reading “Easy Device Configuration For Your Pi Projects” →

Escalating Privileges In Ubuntu 20.04 From User Account

November 11, 2020 by Bryan Cockfield 28 Comments

Ubuntu 20.04 is an incredibly popular operating system, perhaps the most popular among the Linux distributions due to its ease-of-use. In general, it’s a fairly trustworthy operating system too, especially since its source code is open. However, an update with the 20.04 revision has led to security researcher [Kevin Backhouse] finding a surprisingly easy way to escalate privileges on this OS, which we would like to note is not great.

The exploit involves two bugs, one in accountservice daemon which handles user accounts on the computer, and another in the GNOME Display Manager which handles the login screen. Ubuntu 20.04 added some code to the daemon which looks at a specific file on the computer, and with a simple symlink, it can be tricked into reading a different file which locks the process into an infinite loop. The daemon also drops its privileges at one point in this process, a normal security precaution, but this allows the user to crash the daemon.

The second bug for this exploit involves how the GNOME Display Manager (gdm3) handles privileges. Normally it would not have administrator privileges, but if the accountservice daemon isn’t running it escalates itself to administrator, where any changes made have administrator privileges. This provides an attacker with an opportunity to create a new user account with administrator privileges.

Of course, this being Ubuntu, we can assume that this vulnerability will be immediately patched. It’s also a good time to point out that the reason that open-source software is inherently more secure is that when anyone can see the source code, anyone can find and report issues like this which allow the software maintainer (or even the user themselves) to make effective changes more quickly.

Thread Carefully: An Introduction To Concurrent Python

December 18, 2018 by Ben James 7 Comments

The ability to execute code in parallel is crucial in a wide variety of scenarios. Concurrent programming is a key asset for web servers, producer/consumer models, batch number-crunching and pretty much any time an application is bottlenecked by a resource.

It’s sadly the case that writing quality concurrent code can be a real headache, but this article aims to demonstrate how easy it is to get started writing threaded programs in Python. Due to the large number of modules available in the standard library which are there to help out with this kind of thing, it’s often the case that simple concurrent tasks are surprisingly quick to implement.

We’ll walk through the difference between threads and processes in a Python context, before reviewing some of the different approaches you can take and what they’re best suited for.

Continue reading “Thread Carefully: An Introduction To Concurrent Python” →

Huge Functionality, Small Package: A Custom Tablet, Raspberry Style

July 23, 2017 by James Hobson 35 Comments

As the adage goes, “if you want something done right, do it yourself.” Desirous of a tablet but preferring to eschew consumer models, [Stefan Vorkoetter] constructed his own compact and lightweight Raspberry Pi tablet, covering several extra miles in the process.

The tablet makes use of a Raspberry Pi 3 and the official touchscreen, with the final product marginally larger than the screen itself. Designed with a ‘slimmer the better’ profile in mind, [Vorkoetter] had to modify several components to fit this precept; most obvious of these are the removal of the Pi’s GPIO headers, USB, and Ethernet ports, and removing the USB power out port from the touchscreen controller board so the two could be mounted side-by-side.

An Adafruit PowerBoost 1000C handles charging the 6200 mAh battery — meaning up to six hours(!) of YouTube videos — via a micro USB, but only after [Vorkoetter] attached a pair of home-made heatsinks due to negligible air flow within the case. A modified USB audio adapter boosts the Pi’s audio capabilities, enabling the use of headphones, a mic, and a built-in speaker which is attached to the tablet’s back cover.

Continue reading “Huge Functionality, Small Package: A Custom Tablet, Raspberry Style” →