Bye Bye Vi: GNU/Linux Distros Drop Support

April 1, 2019 by Ted Yapo 167 Comments

If you grew up with Unix systems like we did, you’ll be sorry to hear the news: vi, the noble text editor that has served us so well these 40 years, is going away — from many GNU/Linux systems, anyway. As of this writing, GNU/Linux Mint, Debian, Ubuntu, and OpenSUSE — four of the five most popular GNU/Linux distributions — have all announced that they will no longer ship the ‘vi’ editor as part of their base installs. For those of us who got our start in the punched-card era and still think of files as a collection of lines instead of a stream of bytes, this is a major blow. But, we can all take some comfort in the fact that, at least for now, the stripped-down version of vim synonymous with vi on these systems will continue to be available from package repositories.

The reasons for the move aren’t entirely clear to us, but from what we can see on the GNU/Linux mailing lists, the confusing modal interface and the fact that novice (and many seasoned) users can’t figure out how to save a file and exit the program seem to have influenced the decision. Also cited were support changes expected as GNU/Linux gains in popularity. As the user base expands to include less technically-savvy individuals, fewer people will be able to fix their constant boot issues, which is the primary use-case for vi. Replacing the self-help model will be a support infrastructure where users can take their machines to “GNU/Linux Geniuses” who will solve the problems for them.

Continue reading “Bye Bye Vi: GNU/Linux Distros Drop Support” →

Reverse Engineering A Modern IP Camera

March 28, 2019 by Lewin Day 51 Comments

Security cameras used to be analog devices feeding back into a room full of tiny screens and commercial grade VCRs. As technology moved forward, IP cameras began to proliferate. Early models simply presented a video stream and configuration page to the local network. Modern models aimed at the home market differ however. More often than not, configuration is through a strange smartphone app, and video is accessed through third-party servers. It’s all a bit oblique, and so [Alex] decided to take a look under the hood.

The exploration begins externally, with [Alex] capturing data sent to and from the camera with Wireshark. Straight away, red flags are raised. For as yet unknown reasons, the camera attempts to resolve Google, Facebook and Alibaba servers over DNS. Disassembly then follows, revealing that a serial terminal with root access is available. [Alex] uses this to probe around, uncovering the firmware update script and a way to decrypt said updates.

The work thus is a great example of how to approach hacking a given device from first principles. The overall goal is to find a way to gain complete control over the camera, reprogramming it to serve up video as [Alex] wishes, rather than to a distant third party server. It’s not the first time we’ve seen an IP camera hacked, and we doubt it will be the last. If you’ve got one cracked, be sure to let us know.

Octavo Systems Shows Off With Deadbug Linux Computer

March 15, 2019 by Roger Cheng 11 Comments

Once upon a time, small Linux-capable single board computers were novelties, but not anymore. Today we have a wide selection of them, many built around modules we could buy for our own projects. Some of the chipset suppliers behind these boards compete on cost, others find a niche to differentiate their product. Octavo Systems is one of the latter offering system-in-package (SiP) modules that are specifically designed for easy integration. They described how simple it would be to build a minimal computer using their SC335x C-SiP, and to drive the point home they brought a deadbug implementation to Embedded World 2019. [Short video after the break.]

Most of us encounter Octavo modules as the heart of a BeagleBoard. Their increasing integration made tiny wonders like PocketBeagle possible. But bringing out all those pins for use still required a four-layer circuit board. Octavo’s pitch for hardware professionals center around how easy integration saves time for faster time to market, and fortunately for us easy integration also translates to a more accessible device for our projects. It’s one thing to publish a document describing a hypothetical single-layer PCB for an Octavo module, it’s quite something else to show that concept in action with no PCB at all.

Of course, this little machine only has access to a fraction of the module’s functionality, and it is certainly overkill if the objective is just to blink a few LEDs. If so, we’d just use 555 timers! But it does show how simple a bare bones “Hello World” machine can be built, removing intimidation factor and invite more people to come play.

One of the three top winners in our circuit sculpture contest was a wireframe Z80 computer. There’s quite a jump from a Z80 to an Octavo SC335x, but we’ve already seen one effort by [Zach] over Supercon 2018 weekend to build a deadbug computer with an Octavo module. It won’t be long before someone one-ups this minimalist LED blinker with something more sophisticated and we can’t wait to see it. Continue reading “Octavo Systems Shows Off With Deadbug Linux Computer” →

Hackers Turn Hard Drive Into Microphone That Can Listen In On Your Computer’s Fan Whine

March 13, 2019 by Brian Benchoff 28 Comments

As reported by The Register, hackers can now listen in on conversations happening around your computer by turning a hard drive into a microphone. There are caveats: the hack only works if these conversations are twice as loud as a blender, or about as loud as a lawn mower. In short, no one talks that loud, move along, nothing to see here.

The attack is to be presented at the 2019 IEEE Symposium on Security and Privacy, and describes the attack as a modification of the firmware on a disk drive to read the Position Error Signal that keeps read/write heads in the optimal position. This PES is affected by air pressure, and if something is affected by air pressure, you’ve got a microphone. In this case, it’s a terrible microphone that’s mechanically coupled to a machine that has a lot of vibrations including the spinning platter and a bunch of fans inside the computer. This is an academic exercise, and not a real attack, and either way to exfiltrate this data you need to root the computer the hard drive is attached to. It’s attacks all the way down.

The limiting factor in this attack is that it requires a very loud conversation to be held near a hard drive. To record speech, the researchers had to pump up the volume to 85 dBA, or about the same volume as a blender crushing some ice. Recording music through this microphone so that Shazam could identify the track meant playing the track back at 90 dBA, or about the same volume as a lawnmower. Basically, this isn’t happening.

The interesting bit of this hack isn’t using a hard drive as a microphone. It’s modifying the firmware on a hard drive to do something. We’ve seen some hacks like this before, but the latest public literature on hard drive firmware hacking is years old. If you’ve got a tip on how to hack hard drives, even if it’s to do something that’s horribly impractical, we’d love to see it.

Bash Pipeline Puzzle: Green, Blue, Or Blue Green?

March 10, 2019 by Al Williams 16 Comments

[Marek Gibney] poses an interesting puzzle. What does the following bash command line print?

( echo red ; echo green 1>&2 ) | echo blue

You’d like to think it prints three lines: red, green, and blue. But would you be surprised to find out that it can sometimes output “blue green” and sometimes just output blue. The first surprise is that it isn’t deterministic. But the second thing that is surprising is the sometimes the entire left-hand part of the line doesn’t do anything. [Chris Siebenmann] did the analysis and explains what’s going on in a recent blog post.

Before you click the link or read further, you might want to see if you can deduce what’s going on. Give up? Here’s a hint: Part of the solution hinges on the fact that echo is built into the shell.

Continue reading “Bash Pipeline Puzzle: Green, Blue, Or Blue Green?” →

New Part Day: The STM32 That Runs Linux

February 27, 2019 by Brian Benchoff 45 Comments

There are a lot of ARM microcontrollers out there, and the parts from ST are featured prominently is the high-power builds we’re seeing. The STM32F4 and ~F7 are powerhouses with great support, and the STM32F0 and the other younger children of the family make for very good, low-power microcontrollers. Now, the STM32 family is getting a big brother. It runs Linux. It’s two ARM Cortex-A7 cores and one M4 core on the same chip. The STM32MP1 is the chip you want if you still can’t figure out how to waste computing cycles by blinking LEDs.

Block diagram of the STM32MP157 Image: ST

First, that Linux support. The STM32MP157C was mainlined into Linux last summer, and there is support for Android. So yes, this chip can run Linux. There is an optional 3D GPU in this family, a MIPI-DSI controller, support for HDMI-CEC, USB 2.0, and 10/100M or Gigabit Ethernet. This brings us the inevitable question of whether you can build a Raspberry Pi clone with these parts. Maybe, champ, but if you’re asking that question it’s probably not you that’s going to build one. It looks as if this chip is designed for phones, set-top boxes, and smart TVs. That doesn’t preclude a single board computer, but the biggest problem there is maintaining software support anyway.

The chip family in question all come with dual ARM Cortex-A7 processors running at a nominal 650MHz. There’s also a Cortex-M4 running at 209MHz, and the ST literature suggests that engineers are already running Linux on the A7 and an RTOS on the M4. This chip will need external memory, but DDR3 / DDR3L / LPDDR2 / LPDDR3 are supported.

This chip is only announced right now, you can’t get it on Mouser or Digikey yet, and there’s no information on pricing. However, there are two development boards available, the Evaluation board, which features 1 GB of DDR3L, 128 MB of Flash, and an 8 GB eMMC. There’s a 5.5″ display, and enough connectors to make your heart flutter. The Discovery board is a bit more cut down, and comes with a 4″ 480×800 LCD, WiFi, Bluetooth LE, and of course it comes with GPIO expansion connectors for an Arduino and Raspberry Pi. The Discovery Board is not available at this time, but it will sell for $99 USD.

Command Line Utilities… In The Cloud?

February 17, 2019 by Al Williams 40 Comments

Although many people think of Linux-based operating systems as graphical, really that GUI is just another application running over the bare operating system. Power users, remote administrators, and people running underpowered computers like a Raspberry Pi have a tendency to do more with command line tools. [Igor] did a FOSDEM19 presentation you can see below about how he’s providing web-like services to the command line using web servers and curl as a client.

This is subtly different from just accessing an ordinary web server via curl. The output is meant for display in the terminal. Of course, you could also hit them with a web browser, if you wanted — at least, for some of them. [Igor’s] tools include a weather reporter, a QR code encoder, information and graphs for currency and cybercurrency rates, and an online help system for programmers.

Continue reading “Command Line Utilities… In The Cloud?” →