Ubuntu 改變放掉 i386 的計畫

先前在「Ubuntu 19.10 要放掉 i386 架構」這邊提到 Ubuntu 要放掉 i386 的計畫,因為造成的迴響很大,現在官方決定修改本來的結論:「Statement on 32-bit i386 packages for Ubuntu 19.10 and 20.04 LTS」。

在本來的計畫裡,是完全放生 i386 架構 (完全不管):

While this means we will not provide 32-bit builds of new upstream versions of libraries, there are a number of ways that 32-bit applications can continue to be made available to users of later Ubuntu releases, as detailed in [4]. We will be working to polish the 32-bit support story over the course of the 19.10 development cycle. To follow the evolution of this support, you can participate in the discourse thread at [5].

現在則是打算透過 container 技術支援 32-bit library & binary,算是某種緩衝方式:

We will also work with the WINE, Ubuntu Studio and gaming communities to use container technology to address the ultimate end of life of 32-bit libraries; it should stay possible to run old applications on newer versions of Ubuntu. Snaps and LXD enable us both to have complete 32-bit environments, and bundled libraries, to solve these issues in the long term.

但應該還是會有程式沒辦法在 container 環境裡跑,看起來官方決定放掉了...

Raspberry Pi 4 開賣,USD$35

Raspberry Pi 4 開賣,目前推出的是 Model B,最低規格的 1GB RAM 版本與之前 RPi 3 相同都是 USD$35,另外這次提供了以前沒有的 2GB 與 4GB 版本,分別是 USD$45 與 USD$55:「Raspberry Pi 4 on sale now from $35」。

有兩個比較大而且要注意的改變,第一個是電源接頭變成 Type-C 了:

We’ve moved from USB micro-B to USB-C for our power connector. This supports an extra 500mA of current, ensuring we have a full 1.2A for downstream USB devices, even under heavy CPU load.

另外一個是 HDMI 接頭換成 D Type:

To accommodate dual display output within the existing board footprint, we’ve replaced the type-A (full-size) HDMI connector with a pair of type-D (micro) HDMI connectors.

這兩個改變都需要準備額外的設備或是線材,其他的改變應該還好...

這次改版最明顯的是效能的增加,官方宣稱 CPU 速度是前一代的三倍:

A 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU (~3× performance)

而在 GPU 相關的則是對 H.265 的 4Kp60 硬體解壓縮:

4Kp60 hardware decode of HEVC video

先前用 RPi 3 放客廳還是覺得不太夠,也許可以考慮看看這個...

Linode 推出 GPU Instance

所以 Linode 開始有 GPU Instance 產品線了:「Introducing Linode GPU Instances」。

用的是 Nvidia Quadro RTX 6000:

Linode GPU instances are built on NVIDIA Quadro RTX 6000 GPU cards.

查維基百科可以看到是 2018-08-13 推出的卡。價錢不算便宜:

去年十月的新聞可以看到 Quadro RTX 6000 的報價是 $6,300:「Nvidia Lists Quadro RTX 6000 GPU at $6,300」,這樣可以跟 EC2 那邊的規格與價錢比一下感覺...

EC2 的 C5 系列機器推出 12x、24x 以及 metal 類別

EC2c5 系列主機推出了 12xlarge24xlarge 以及 metal 三種新的類別:「Now Available: New C5 instance sizes and bare metal instances」。

本來的 c5largexlarge2xlarge4xlarge9xlarge (這邊有一些不規則了),現在多了 12xlarge24xlarge,應該是大到需要依照硬體規格對齊數字了?

另外一個是,c5.24xlargec5.metal 其實是一樣的硬體規格 (以及價錢),主要的差異在 c5.metal 沒有虛擬化,所以除了壓榨效能以外,還可以看到很多硬體資訊:

  • do not want to take the performance hit of nested virtualization,
  • need access to physical resources and low-level hardware features, such as performance counters and Intel VT that are not always available or fully supported in virtualized environments,
  • are intended to run directly on the hardware, or licensed and supported for use in non-virtualized environments.

Ubuntu 19.10 要放掉 i386 架構

Ubuntu 19.10 版將不再支援 i386 架構了:「i386 architecture will be dropped starting with eoan (Ubuntu 19.10)」。

查了一下 x86-64 條目,AMD 的第一個 x86-64 版本是在 2003 年四月推出的:

The first AMD64-based processor, the Opteron, was released in April 2003.

Intel 則是在 2004 年六月推出:

The first processor to implement Intel 64 was the multi-socket processor Xeon code-named Nocona in June 2004.

但是 mobile 版的是 2006 年七月:

The first Intel mobile processor implementing Intel 64 is the Merom version of the Core 2 processor, which was released on July 27, 2006.

不論如何都已經十年了,如果考慮到 Ubuntu 18.04 提供五年支援,其實到 2023 年四月前都還有得用...

利用 Sensor 校正資訊產生 Device Fingerprint 的隱私攻擊

看到「Fingerprinting iPhones」這篇提出的攻擊,標題雖然是提到 iPhone,但實際上攻擊包括了 Android 的手機:

You are affected by this fingerprinting attack if you are using any iOS devices with the iOS version below 12.2, including the latest iPhone XS, iPhone XS Max, and iPhone XR. You are also likely to be affected if you are using a Pixel 2/3 device, although we hypothesise the generated fingerprint has less entropy and is unlikely to be globally unique. A SensorID can be generated by both apps and mobile websites and requires no user interaction.

目前 iPhone 升級到 12.2 之後可以緩解這個問題,Android 看起來還不清楚...

攻擊的方式是透過手機在出場前會使用外部的校正工具,找出手機內 sensor 所偵測到的值與實際值的差異,然後把這些資訊燒到韌體裡,當呼叫 API 時就可以修正給出比較正確的值。

而因為這些校正資訊幾乎每一隻手機都不一樣,而且不會因為重裝而變更 (即使 factory reset),加上還可以跨 app 與 web 追蹤,就成為這次攻擊的目標:

In the context of mobile devices, the main benefit of per-device calibration is that it allows more accurate attitude estimation.

資訊量其實相當大,透過 app 分析可以得到 67 bits entropy,透過網頁也有 42 bits entropy,而且不怎麼會變:

In general, it is difficult to create a unique fingerprint for iOS devices due to strict sandboxing and device homogeneity. However, we demonstrated that our approach can produce globally unique fingerprints for iOS devices from an installed app -- around 67 bits of entropy for the iPhone 6S. Calibration fingerprints generated by a website are less unique (~42 bits of entropy for the iPhone 6S), but they are orthogonal to existing fingerprinting techniques and together they are likely to form a globally unique fingerprint for iOS devices.

We have not observed any change in the SensorID of our test devices in the past half year. Our dataset includes devices running iOS 9/10/11/12. We have tested compass calibration, factory reset, and updating iOS (up until iOS 12.1); the SensorID always stays the same. We have also tried measuring the sensor data at different locations and under different temperatures; we confirm that these factors do not change the SensorID either.

目前提出來的解法是加入隨機值的噪音 (iOS 的作法),不過作者有建議預設應該要關閉 js 存取 sensor 的權限:

To mitigate this calibration fingerprint attack, vendors can add uniformly distributed random noise to ADC outputs before calibration is applied. Alternatively, vendors could round the sensor outputs to the nearest multiple of the nominal gain. Please refer to our paper for more details. In addition, we recommend privacy-focused mobile browsers add an option to disable the access to motion sensors via JavaScript. This could help protect Android devices and iOS devices that no longer receive updates from Apple.

不過當初這群人怎麼會注意到的...

在一連串的安全更新後,AMD 的 CPU 比 Intel 快了...

在「Intel Performance Hit 5x Harder Than AMD After Spectre, Meltdown Patches」這邊看到的測試:

把現有的安全性更新都開啟後,Intel CPU 的效能掉了 20% 左右 (在 Intel 上需要把 HT 關掉):

While the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 percent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 percent (for the 7980XE), 24.8 percent (8700K) and 20.5 percent (6800K).

The AMD CPUs are not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses ~3 percent with all fixes enabled

可以注意到兩家目前桌機的頂規在上了安全性更新後,AMD 的 2990WX 比 Intel 的 7980XE 快了一些些... 當初擠牙膏擠出來的都吐回去了,不知道之後出的 security issue 還需要再吐多少回去。

SpaceX 得到 FCC 的同意架設家用的衛星網路

在「FCC approves SpaceX’s plans to fly internet-beaming satellites in a lower orbit」這邊看到的:

The Federal Communications Commission has approved SpaceX’s request to fly a large swath of its future internet-beaming satellites at a lower orbit than originally planned.

預定打四千顆低軌道衛星上去:

Under SpaceX’s original agreement with the commission, the company had permission to launch 4,425 Starlink satellites into orbits that ranged between 1,110 to 1,325 kilometers up. But then SpaceX decided it wanted to fly 1,584 of those satellites in different orbits, thanks to what it had learned from its first two test satellites, TinTin A and B. Instead of flying them at 1,150 kilometers, the company now wants to fly them much lower at 550 kilometers.

不知道價位會落在那個區塊... 如果價位夠低的話,也許是可以考慮當作偏鄉地區的通訊方案?至少是個備用方式...

AWS 推出使用 AMD CPU 的 t3a.*

AWS 推出了 t3a.* 的 EC2 instance:「Now Available – AMD EPYC-Powered Amazon EC2 T3a Instances」。

目前開放的區域有限,但算是個開始:

You can launch T3a instances today in seven sizes in the US East (N. Virginia), US West (Oregon), Europe (Ireland), US East (Ohio), and Asia Pacific (Singapore) Regions in On-Demand, Spot, and Reserved Instance form.

價錢大約再低個 10% 左右:

Pricing is 10% lower than the equivalent existing T3 instances; see the On-Demand, Spot, and Reserved Instance pricing pages for more info.

有些超小的機器可以考慮重開的時候就順便換過去...

修正 Mac 外接螢幕的 Underscan 問題

公司的 MacBook Pro (13-inch, 2017, Two Thunderbolt 3 ports) 透過 HDMI 接 Dell P2419H 一直都有 Underscan 的問題:


出自「About overscan and underscan on your Mac, Apple TV, or other display

本來想透過 Underscan slide 修改 (像是下面這張圖),但發現系統內沒有 Underscan slide。


出自「About overscan and underscan on your Mac, Apple TV, or other display

找了不少文章後後來是在「Fixing Issues with Overscan/Underscan(Black Borders) on macOS」這篇的 comment 看到解法:

Ran into this same underscan problem with black borders showing up on my new Dell 24-inch Ultrasharp U2415 connected to a 2013 Macbook Air running High Sierra, and after hours of looking into the problem the fix turned out to be super simple:

Just restart in Safe Mode.

That’s it. Restart your Mac in Safe Mode (restart, hold down the Shift key after the Apple BONG sounds, then restart normally once again for good measure. I don’t know what this clears or resets but it worked for me. No more letterboxing or black borders with the native 1920×1200 resolution selected.

So maybe something to try first for anyone coming across this post.

照著重開進 Safe mode 後再開回一般模式就正常了 (what???),先記錄起來,讓我之後遇到時可以搜尋到自己的文章...