linux

613 Articles

Linux Fu: Moving /usr

September 3, 2020 by 83 Comments

Linux has changed. Originally inspired by Unix, there were certain well understood but not well enforced rules that everyone understood. Programs did small things and used pipes to communicate. X Windows servers didn’t always run on your local machine. Nothing in /usr contributed to booting up the system.

These days, we have systemd controlling everything. If you run Chrome on one display, it is locked to that display and it really wants that to be the local video card. And moving /usr to another partition will easily prevent you from booting up, unless you take precautions. I moved /usr and I lived to tell about it. If you ever need to do it, you’ll want to hear my story.

A lot of people are critical of systemd — including me — but really it isn’t systemd’s fault. It is the loss of these principles as we get more programmers and many of them are influenced by other systems where things work differently. I’m not just ranting, though. I recently had an experience that brought all this to mind and, along the way, I learned a few things about the modern state of the boot process. The story starts with a friend giving me an Intel Compute Stick. But the problems I had were not specific to that hardware, but rather how modern Linux distributions manage their start-up process.

Continue reading “Linux Fu: Moving /usr”

Linux-Fu: Your Own Dynamic DNS

August 25, 2020 by 14 Comments

It is a problem as old as the Internet. You want to access your computer remotely, but it is behind a router that randomly gets different IP addresses. Or maybe it is your laptop and it winds up in different locations with, again, different IP addresses. There are many ways to solve this problem and some of them are better than others.

A lot of routers can report their IP address to a dynamic DNS server. That used to be great, but now it seems like many of them hound you to upgrade or constantly renew so you can see their ads. Some of them disappear, too. If your router vendor supplies one, that might be a good choice, until you change routers, of course. OpenWRT supports many such services and there are many lists of common services.

However, if you have a single public accessible computer, for example a Web server or even a cloud instance, and you are running your own DNS server, you really don’t need one of those services. I’m going to show you how I do it with an accessible Linux server running Bind. This is a common setup, but if you have a different system you might have to adapt a bit.

There are many ways to set up dynamic DNS if you are willing to have a great deal of structure on both sides. Most of these depend on setting up a secret key to allow for DNS updates and some sort of script that calls nsupdate or having the DHCP server do it. The problem is, I have a lot of client computers and many are set up differently. I wanted a system where the only thing needed on the client side was ssh. All the infrastructure remains on the DNS server.

Continue reading “Linux-Fu: Your Own Dynamic DNS”

FBI Reports On Linux Drovorub Malware

August 22, 2020 by 26 Comments

The FBI and the NSA released a report on the Russian-based malware that attacks Linux known as Drovorub (PDF) and it is an interesting read. Drovorub uses a kernel module rootkit and allows a remote attacker to control your computer, transfer files, and forward ports. And the kernel module takes extraordinary steps to avoid detection while doing it.

What is perhaps most interesting though, is that the agencies did the leg work to track the malware to its source: the GRU — Russian intelligence. The name Drovorub translates into “woodcutter” and is apparently the name the GRU uses for the program.

A look inside the code shows it is pretty mundane. There’s a server with a JSON configuration file and a MySQL backend. It looks like any other garden-variety piece of code. To bootstrap the client, a hardcoded configuration allows the program to make contact with the server and then creates a configuration file that the kernel module actively hides. Interestingly, part of the configuration is a UUID that contains the MAC address of the server computer.

The rootkit won’t persist if you have UEFI boot fully enabled (although many Linux computers turn UEFI signing off rather than work through the steps to install an OS with it enabled). The malware is easy to spot if you dump raw information from the network, but the kernel module makes it hard to find on the local machine. It hooks many kernel functions so it can hide processes from both the ps command and the /proc filesystem. Other hooks remove file names from directory listings and also hides sockets. The paper describes how to identify the malware and they are especially interested in detection at scale — that is, if you have 1,000 Linux PCs on a network, how do you find which ones have this infection?

This is a modern spy story, but not quite what we’ve come to expect in Bond movies. “Well, Moneypenny, it appears Spectre is using the POCO library to generate UUIDs,” is hard to work into a trailer. We prefer the old days when high-tech spying meant nonlinear junction detectors, hacking Selectrics, moon probe heists, and passive bugging.

Exotic Device Gets Linux Support Via Wireshark And Rust

August 20, 2020 by 10 Comments

What can you do if you have a nice piece of hardware that kinda works out of the box, but doesn’t have support for your operating system to get the full functionality out of it? [Harry Gill] found himself in such a situation with a new all-in-one (AIO) water cooling system. It didn’t technically require any operating system interaction to perform its main task, but things like settings adjustments or reading back statistics were only possible with Windows. He thought it would be nice to have those features in Linux as well, and as the communication is done via USB, figured the obvious solution is to reverse engineer the protocol and simply replicate it.

His first step was to set up a dual boot system (his attempts at running the software in a VM didn’t go very well) which allowed him to capture the USB traffic with Wireshark and USBPcap. Then it would simply be a matter of analyzing the captures and writing some Linux software to make sense of the data. The go-to library for USB tasks would be libusb, which has bindings for plenty of languages, but as an avid Rust user, that choice was never really an issue anyway.

How to actually make use of the captured data was an entirely different story though, and without documentation or much help from the vendor, [Harry] resorted to good old trial and error to find out which byte does what. Eventually he succeeded and was able to get the additional features he wanted supported in Linux — check out the final code in the GitHub repository if you’re curious what this looks like in Rust.

Capturing the USB communication with Wireshark seems generally a great way to port unsupported features to Linux, as we’ve seen earlier with an RGB keyboard and the VGA frame grabber that inspired it. If you want to dig deeper into the subject, [Harry] listed a few resources regarding USB in general, but there’s plenty more to explore with reverse engineering USB.

Six New HackadayU Courses Announced For Fall 2020

August 13, 2020 by 6 Comments

The fall lineup of HackadayU courses was just announced, get your tickets now!

Each course is led by expert instructors who have refined their topics into a set of four live, interactive classes plus one Q&A session we like to call Office Hours. Topics range from leveling up your Linux skills and learning about serial buses to building interactive art and getting into first-person view (FPV) drone flight.

Checkout the course titles, instructors, and details listed below. If you’d like to hear about each class from the instructors themselves, their teaser videos are embedded after the break.

  • Interactive Media Art with Light and Sensors
    • Instructor: Mirabelle Jones
    • Course overview: This course will cover how to develop interactive artworks, installations, and experiences based on sensor input.
  • Introduction to FPV Drones
    • Instructor: Ayan Pahwa
    • Course overview: We’ll get familiar with the multi-rotor category of Unmanned Aerial Vehicles (UAVs) including physics, aerodynamics, electronics, digital signal processing (DSP), and writing software that is involved.
  • Intro to LEDs Using Arduino and FastLED
    • Instructors: Cathy Laughlin & Mirabelle Jones
    • Course overview: Students will learn all about how LEDs work as well as how to program LED patterns using the Arduino IDE.
  • Linux + Electronics: A Raspberry Pi Course
    • Instructor: Pablo Oyarzo
    • Course overview: This course is for those who had wanted to go from Arduino to a Linux computer small enough to fit the project but greatly more powerful to full fill the project’s needs and don’t know where to start.
  • Embedded Serial Buses (Part 1)
    • Instructor: Alexander Rowsell
    • Course overview: This course will cover the I2C and 1-Wire serial buses. We will look at the hardware layer, the protocol layer, and the software/application layer for both bus types.
  • Art + Code
    • Instructor: Casey Hunt
    • Course overview: Students will grow their technical skills through mastery of the P5.js JavaScript library, and will also learn about aesthetics and art history in the digital space.

HackadayU courses are “pay-as-you-wish”. To help ensure the live seats don’t go to waste, the minimum donation for each class is $1. Proceeds go to charity and we’re happy to report a donation of $4,200 going to Steam Coders from the summer session of HackadayU. A new charity will be chosen for the fall classes, details to follow.

Each class will be recorded and made available once they’ve been edited. You can take a look at the excellent Reverse Engineering with Ghidra series right now. Videos of the Quantum Computing and KiCad + FreeCAD courses are coming soon.

Continue reading “Six New HackadayU Courses Announced For Fall 2020”

Popcorn Pocket P. C. Open Sourced

August 11, 2020 by 19 Comments

If you miss the days you could get an organizer that would — sort of — run Linux, you might be interested in Popcorn computer’s Pocket P. C., which was recently open-sourced on GitHub. Before you jump over to build one, though, there are a few things you should know.

First, the files are untested since the first unit hasn’t shipped yet. In addition, while the schematic looks pretty complete, there’s no actual bill of materials and the PCB layers in the PDF file might not be very easy to replicate, since they are just a series of images, one for each layer. You can see an overview video of the device, below.

Continue reading “Popcorn Pocket P. C. Open Sourced”

A Shell? A Programming Language? Relax! It’s Both!

August 8, 2020 by 54 Comments

Every time we publish a Linux hack that uses a shell script, someone will chime in about how awful it is to program shell scripts. While we like the ubiquity and efficiency, we can’t disagree that the shell is a bit of a hack itself. [Axel Lijencrantz] wants to change your shell to be a full-blow programming language called Crush.

On the face of it, it looks like a shell. Want to see the contents of the current directory? Simple: ls.

The difference is underneath. In Crush, ls is a built-in and it returns data in rows like a database. You can manipulate that database with SQL-like commands: ls | where {type=="directory"}.

Continue reading “A Shell? A Programming Language? Relax! It’s Both!”