Linux Fu: UEFI Booting

January 19, 2023 by Al Williams 30 Comments

Unless your computer is pretty old, it probably uses UEFI (Unified Extensible Firmware Interface) to boot. The idea is that a bootloader picks up files from an EFI partition and uses them to start your operating system. If you use Windows, you get Windows. If you use Linux, there’s a good chance you’ll use Grub which may or may not show you a menu. The problem with Grub is you have to do a lot of configuration to get it to do different things. Granted, distros like Ubuntu have tools that go through and do much of the work for you and if you are satisfied with that, there’s no harm in using Grub to boot and manage multiple operating systems.

An alternative would be rEFInd, which is a nice modern UEFI boot manager. If you are still booting through normal (legacy) BIOS, the installation might be a hassle. But, in general, rEFInd, once installed, just automatically picks up most things, including Windows, Mac, and Linux operating systems and kernels. The biggest reasons you might change the configuration is if you want to hide some things you don’t care about or change the visual theme.

Continue reading “Linux Fu: UEFI Booting” →

This Week In Security: Adblock For Security, ProxyNotShell Lives, And CVSS 10 To Not Worry About

December 30, 2022 by Jonathan Bennett 14 Comments

The ubiquity of ransomware continues, this time with The Guardian announcing they were partially shut down from an attack. Staff are working from home as the incident is being investigated and data is recovered. Publishing seems to be continuing, and the print paper ran as expected.

There have been a couple reports published recently on how ransomware and other malware is distributed, the first being a public service announcement from the FBI, detailing what might be a blindly obvious attack vector — search engine advertising. A bad actor picks a company or common search term, pays for placement on a search engine, and then builds a fake web site that looks legitimate. For bonus points, this uses a typosquatted domain, like adobe[dot]cm or a punycode domain that looks even closer to the real thing.

The FBI has a trio of recommendations, one of which I whole-heartedly agree with. Their first suggestion is to inspect links before clicking them, which is great, except for the punycode attack. In fact, there are enough lookalike glyphs to make this essentially useless. Second is to type in URLs directly rather than using a search engine to find a company’s site. This is great so long as you know the URL and don’t make a typo. But honestly, haven’t we all accidentally ended up at website[dot]co by doing this? Their last recommendation is the good one, and that is to run a high-quality ad-blocker for security. Just remember to selectively disable blocking for websites you want to support. (Like Hackaday!) Continue reading “This Week In Security: Adblock For Security, ProxyNotShell Lives, And CVSS 10 To Not Worry About” →

Linux Fu: Miller The Killer Makes CSV No Pest

December 28, 2022 by Al Williams 27 Comments

Historically, one of the nice things about Unix and Linux is that everything is a file, and files are just sequences of characters. Of course, modern practice is that everything is not a file, and there is a proliferation of files with some imposed structure. However, if you’ve ever worked on old systems where your file access was by the block, you’ll appreciate the Unix-like files. Classic tools like awk, sed, and grep work with this idea. Files are just characters. But this sometimes has its problems. That’s the motivation behind a tool called Miller, and I think it deserves more attention because, for certain tasks, it is a lifesaver.

The Problem

Consider trying to process a comma-delimited file, known as a CSV file. There are a lot of variations to this type of file. Here’s one that defines two “columns.” I’ve deliberately used different line formats as a test, but most often, you get one format for the entire file:

Slot,String 
A,"Hello" 
"B",Howdy 
"C","Hello Hackaday" 
"D","""Madam, I'm Adam,"" he said." 
E 100,With some spaces!
X,"With a comma, or two, even"

Continue reading “Linux Fu: Miller The Killer Makes CSV No Pest” →

DietPi Releases 8.12 With Support For The Rockchip RK3588 SoC

December 27, 2022 by Maya Posch 31 Comments

This month DietPi released version 8.12 of this SBC-oriented Linux distribution. Most notable is the addition of support for the NanoPi R6S and the Radxa ROCK 5B SBCs. The ROCK 5B features the new flagship Rockchip RK3588 SoC with quad Cortex-A76 and quad Cortex-A55. What makes DietPi interesting as an operating system for not just higher end SBCs but also lower-end SBCs compared to options like Debian, Raspberry Pi OS and Armbian is that it has a strong focus on being the most optimized. This translates in a smaller binary size, lower RAM usage and more optimized performance.

The DietPi setup experience is as straightforward as with the aforementioned options, except that right from the bat you get provided with many more options to tweak. While the out of the box experience and hitting okay on the provided defaults is likely to be already more than satisfactory for most users – with something like the optional graphical interface easy to add – enterprising users can tweak details about the hardware, the filesystem and more.

When we set up DietPi on a Raspberry Pi Zero, it definitely feels like a much more light-weight experience than the current Debian Bullseye-based Raspberry Pi OS. Even though DietPi is also based on Debian, it leaves a lot more RAM and storage space free, which is a definite boon when running on a limited platform like a Raspberry Pi Zero. Whether it’s polite to state in public or not, DietPi definitely rubs in that many standard SBC images are rather pudgy these days.

CoreFreq Gives Peek At CPU Performance Info On Linux

December 24, 2022 by Lewin Day 9 Comments

The CPU is the part of the computer that makes everything else tick. While GPUs have increasingly become a key part of overall system performance, we still find ourselves wanting to know how our CPU is doing. CoreFreq is a Linux tool that aims to tell you everything you want to know about your modern 64-bit CPU.

The tool relies on a kernel module, and is coded primarily in C, with some assembly code used to measure performance as accurately as possible. It’s capable of reporting everything from core frequencies to details on hyper-threading and turbo boost operation. Other performance reports include information on instructions per cycle or instructions per second, and of course, all the thermal monitoring data you could ask for. It all runs in the terminal, which helps keep overheads low.

The hardcore among us can build it from source, available on GitHub, though it’s reportedly available in package form, and as a live CD, too. We could imagine data captured from CoreFreq could be used for some fun performance visualizations, too. If you’ve been whipping up your own nifty command-line tools, be sure to drop us a line!

Chumby Gets New Kernel… Soon

December 21, 2022 by Al Williams 18 Comments

If you missed the Chumby, we’re sorry. They were relatively inexpensive Linux appliances that acted as a clock, Internet radio, and feed reader. The company went belly up, although there was some functionality remaining thanks to one of the founders and now, for a subscription fee, you can still keep your Chumby operating. However, [Doug Brown] bought one with the goal of using it for his own applications. But the 2.6.28 kernel is showing its age. So he decided to push a new kernel on the device.

If you are a Chumby enthusiast, don’t get too excited. The goal isn’t to provide the existing Chumby apps with a new kernel, [Doug] says that’s probably impossible. Instead, he wants a modern booting infrastructure and kernel on the device for his own software.

Continue reading “Chumby Gets New Kernel… Soon” →

A VM In An AI

December 10, 2022 by Jenny List 41 Comments

AI knoweth everything, and as each new model breaks upon the world, it attracts a new crowd of experimenters. The new hotness is ChatGPT, and [Jonas Degrave] has turned his attention to it. By asking it to act as a Linux terminal, he discovered that he could gain access to a complete Linux virtual machine within the model’s synthetic imagination.

The AI’s first response was a prompt, so he of course first tried to list the files. Up came a list of directories, so the next step was to create a file and put some text in it. All of this resulted in a readable file, so there was some promise in this unexpected computing resource. But can it run code? Continue reading “A VM In An AI” →