The Linux Scheduler And How It Handles More Cores

Sometimes you read an article headline and you find yourself re-reading it a few times before diving into the article. This was definitely the case for a recent blog post by [The HFT Guy], where the claim was made that the Linux kernel has for fifteen years now been hardlocked into not scheduling for more than 8 cores. Obviously this caused a lot of double-checking and context discovery on both Hacker News and the Level 1 Techs forum. So what is going on exactly? Did the Linux developers make an egregious error more than a decade ago that has crippled Linux performance to this day? Continue reading “The Linux Scheduler And How It Handles More Cores”

Obsolete E-Reader Gets New Life

For those who read often, e-readers are a great niche device that can help prevent eye fatigue with their e-ink displays especially when compared to a backlit display like a tablet or smartphone, all while taking up minimal space unlike a stack of real books. But for all their perks, there are still plenty of reasons to maintain a library of bound paper volumes. For those who have turned back to books or whose e-readers aren’t getting the attention they once did, there are plenty of things to do with them like this e-book picture frame.

The device started life as a PocketBook Basic Touch, or PocketBook 624, a fairly basic e-reader from 2014, but at its core is a decent ARM chip that can do many more things than display text. It also shipped running a version of Linux, which made it fairly easy to get a shell and start probing around. Unlike modern smart phones this e-reader seems to be fairly open and able to run some custom software, and as a result there are already some C++ programs available for these devices. Armed with some example programs, [Peter] was able to write a piece of custom software that displays images from an on-board directory and mounted the new picture display using an old book.

There were a number of options for this specific device that [Peter] explored that didn’t pan out well, like downloading images from the internet to display instead of images on the device, but in the end he went with a simpler setup to avoid feature creep and get his project up and running for “#inktober”, a fediverse-oriented drawing challenge that happened last month. While not strictly in line with a daily piece of hand-drawn artwork, the project still follows the spirit of the event. And, for those with more locked-down e-readers there’s some hope of unlocking the full functionality of older models with this FOSS operating system.

Reliving The Authentic 90s Linux Experience

Installing Linux on a modern PC has never been easier. There are tons of tools available that will nearly-automatically download your Linux distribution of choice, image a USB drive, and make it bootable so you can finally ditch your bloated, privacy-violating operating system and get the free performance boost that comes along with it. This wasn’t always the case, though. In the 90s you had to take a trip to a store (or library) and buy (or borrow) a boxed copy of some variety of Linux on floppy disk or CDs, and then install it on your own, often without the help of the Internet. [Action Retro] demonstrates this process for us so we don’t have to relive the pain ourselves.

Complete with a 90s-era Pentium machine enclosed in a beige case, this is really the full 90s experience. He’s found a boxed version of Red Hat version 5.2 with everything needed to get it up and running and, after a brief issue with the installer crashing because it couldn’t figure out the ZIP disk drive, had another era-appropriate experience by erasing the existing Windows 98 installation. This was before automatic partitioning tools were widely available, so it was a real risk for beginner Linux enthusiasts if they were trying to dual boot.

With the installation complete, the X window system still needed to be set up, as well as making sure the settings for the old CRT monitor were correct. With everything finalized, the system can really be explored. It includes out-of-the-box some software plenty of us would recognize today such as GIMP and some other software we might not, like Netscape Communicator. It’s a real time machine experience to get this operating system running on period-appropriate hardware, and a lot of features of modern Linux systems can still be seen especially if your modern distribution of choice still requires a lot of manual configuration during installation. Old operating systems aside, this machine might be capable of running a modern Linux distribution as well, provided it has something slightly newer than a 486.

Continue reading “Reliving The Authentic 90s Linux Experience”

Linux Fu: Customizing Printf

When it comes to programming in C and, sometimes, C++, the printf function is a jack-of-all-trades. It does a nice job of quickly writing output, but it can also do surprisingly intricate formatting. For debugging, it is a quick way to dump some data. But what if you have data that printf can’t format? Sure, you can just write a function to pick things apart into things printf knows about. But if you are using the GNU C library, you can also extend printf to use custom specifications. It isn’t that hard, and it makes using custom data types easier.

An Example

Suppose you are writing a program that studies coin flips. Even numbers are considered tails, and odd numbers are heads. Of course, you could just print out the number or even mask off the least significant bit and print that. But what fun is that?

Here’s a very simple example of using our new printf specifier “%H”:

printf("%H %H %H %H\n",1,2,3,4);
printf("%1H %1H\n",0,1);

When you have a width specification of 1 (like you do in the second line) the output will be H or T. If you have anything else, the output will be HEADS or TAILS.

Continue reading “Linux Fu: Customizing Printf”

Because You Can: Linux On An Arduino Uno

There are a few “Will it run” tropes when it comes to microcontrollers, one for example is “Will it run Doom?“, while another is “Will it run Linux?”. In one of the lowest spec examples of the last one, [gvl610] has got an up-to-date Linux kernel to boot on a vanilla Arduino Uno. And your eyes didn’t deceive you, that’s a full-fat kernel rather than the cut-down μClinux for microcontrollers.

Those of you who’ve been around a while will probably have guessed how this was done, as the ATmega328 in the Uno has no MMU and is in to way powerful enough for the job. It’s running an emulator, in this case just enough RISC-V to be capable, and as you’d imagine it’s extremely slow. You’ll be waiting many hours for a shell with this machine.

The code is written in pure AVR C, and full instructions for compilation are provided. Storage comes from an SD card, as the ATmega’s meagre 32k is nowhere near enough. If you’re having a bit of deja vu here we wouldn’t blame you, but this one is reputed to be worse than the famous 2012 “Worst PC Ever“, which emulated ARM instead of RISC-V.

Thanks [Electronics Boy] for the tip!

Explore Linux Space Time

If you’ve ever wondered how much memory a process uses, you’ve probably used a form of task manager or system monitor. System monitors can be useful to identify resource hogs, but are often less versatile if you want more details about just one process. If you’ve ever faced this problem, then [Fabien Sanglard]’s Space-Time explorer is for you!

The wonderfully punny Space-Time tool records physical memory usage, time spent in user space vs. kernel space and even threads and subprocesses created. These words may not mean much to some readers, so let’s quickly go over them: Physical memory usage is the actual amount of RAM given (not always the same as requested). The kernel (which lives in kernel space) is the supervisor to all processes on a computer. In contrast, every process lives in it’s own “user space”, a way of protecting the kernel. Finally, a subprocess (or “child process”) is simply a process started by another process (the “parent”). Continue reading “Explore Linux Space Time”

This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina

Last week we covered the latest 0-day from NSO group, BLASTPASS. There’s more details about exactly how that works, and a bit of a worrying revelation for Android users. One of the vulnerabilities used was CVE-2023-41064, a buffer overflow in the ImageIO library. The details have not been confirmed, but the timing suggests that this is the same bug as CVE-2023-4863, a Webp 0-day flaw in Chrome that is known to be exploited in the wild.

The problem seems to be an Out Of Bounds write in the BuildHuffmanTable() function of libwebp. And to understand that, we have to understand libwebp does, and what a Huffman Table has to do with it. The first is easy. Webp is Google’s pet image format, potentially replacing JPEG, PNG, and GIF. It supports lossy and lossless compression, and the compression format for lossless images uses Huffman coding among other techniques. And hence, we have a Huffman table, a building block in the image compression and decompression.

What’s particularly fun about this compression technique is that the image includes not just Huffman compressed data, but also a table of statistical data needed for decompression. The table is rather large, so it gets Huffman compressed too. It turns out, there can be multiple layers of this compression format, which makes the vulnerability particularly challenging to reverse-engineer. The vulnerability is when the pre-allocated buffer isn’t big enough to hold one of these decompressed Huffman tables, and it turns out that the way to do that is to make maximum-size tables for the outer layers, and then malform the last one. In this configuration, it can write out of bounds before the final consistency check.

An interesting note is that as one of Google’s C libraries, this is an extensively fuzzed codebase. While fuzzing and code coverage are both great, neither is guaranteed to find vulnerabilities, particularly well hidden ones like this one. And on that note, this vulnerability is present in Android, and the fix is likely going to wait til the October security update. And who knows where else this bug is lurking. Continue reading “This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina”