在 ESP32 跑 Linux 作業系統

Hacker News 首頁上看到在有中國的開發者在 ESP32 上跑 Linux 作業系統:「Linux 5.0 shown to boot on ESP32 processor」,對應的討論在「Linux 5.0 shown to boot on ESP32 processor (cnx-software.com)」這邊可以看到。

文章最後面有提到這不是第一次在 ESP32 上跑 Linux:

Note it’s not the first time somebody runs Linux on ESP32, as last year the older Ubuntu 9.04 was demonstrated on ESP32.

看起來應該是作者覺得很有趣,所以還是提出來... 機器是 8MB PSRAM 與 2MB SPI flash:

ESP32 IoT processor supports up to 8MB PSRAM which makes it just enough to run a minimal version of Linux. There’s little practical application for it, but it may be fun to try, and one developer apparently managed to boot Linux 5.0.0 on a board with an ESP32 dual-core Xtensa processor connected to 8MB PSRAM and a 2MB SPI flash.

如果以 8MB RAM 來推算的話,大概是 i386 (80386) 到 i486 (80486) 時代的電腦?不過 ESP32 的 CPU 時脈快不少 (雖然架構不同不太能直接比較)。

Ubuntu 環境 PPPoE 遇到拿的到 IPv6 address 但是卻不通的問題

Ubuntu 的環境裡透過 PPPoE 上拿 IPv6 address 不是什麼大問題,搜一下大概都可以找到,在 /etc/ppp/options 的最後面加上這串就可以了 (或是在 /etc/ppp/peers/ 裡面的檔案對特定的設定加):

+ipv6 ipv6cp-use-ipaddr

不過我遇到的問題是,ppp0 雖然拿到了 IPv6 address (從 ip addr 或是 ifconfig 可以看到),但 mtr -6 www.google.com 確不通。

找問題時發現 netstat -6rn 有兩筆 IPv6 default gateway,刪掉 enp3s0 的那筆馬上就通了,所以是跟 routing 有關的問題,在本地端收到了 default routing,優先權還比 ppp0 拿到的還高。

因為這台主機是跑 Netplan,所以就用 Netplan 的方式強制關掉本地端的 Router Advertisement (RA):

network:
    version: 2
    renderer: networkd
    ethernets:
        enp3s0:
            accept-ra: false

最後重開機確認後就通了...

Rocky Linux 8.4 推出了...

用來替代 CentOSRocky Linux 8.4 推出了:「Rocky Linux 8.4 GA Available Now」,可以在 Downloads 這個頁面下載。

一般 HTTPS 下載可以看到透過 Fastly 的 CDN,雖然台灣沒有 PoP,但拉了一下看起來還是夠快 (即使是晚上時間),台北市家裡的 HiNet 1G/600M 可以跑到 56.1MB/sec,新莊家裡的 300M/100M 則是 11.8MB/sec,都是走 IPv6,雖然沒滿速但這個速度算快了,畢竟要跨國塞...

如果真的要快的話 (畢竟 x86_64 的 image 要 9GB),透過 BitTorrent 下載的速度會快不少,至少我是可以跑滿 HiNet 上 1G 與 300M 的下載...

另外一個加速的方式是平行下載,像是透過 AXEL 這種工具:

axel -c 4 https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8.4-x86_64-minimal.iso

官方有提供 migration tool,可以讓使用者從 CentOS 轉移到 Rocky Linux,對於不方便或是不想要重灌的使用者提供另外一種選擇:「migrate2rocky -- Conversion Script」。

居然在安全性漏洞的 PoC 上面看到拿 Bad Apple!! 當作範例

人在日本的資安專家 Hector Martin 找到了 Apple M1 的安全漏洞,可以不用透過 macOS Big Sur 提供的界面,直接透過 M1 的漏洞跨使用者權限傳輸資料,這可以用在突破 sandbox 的限制。而也如同目前的流行,他取了一個好記的名字:「M1RACLES: M1ssing Register Access Controls Leak EL0 State」,對應的 CVECVE-2021-30747

先講比較特別的點,PoC 的影片放在 YouTube 上,作者拿 Bad Apple!! 當作示範,這很明顯是個雙關的點:

這應該是當年的影繪版本,看了好懷念啊... 當年看到的時候有種「浪費才能」的感覺,但不得不說是個經典。

Hacker News 上有討論可以翻翻:「M1racles: An Apple M1 covert channel vulnerability (m1racles.com)」。

依照作者的說明,Apple A14 因為架構類似,也有類似的問題,不過作者沒有 iPhone,沒辦法實際測試:

Are other Apple CPUs affected?

Maybe, but I don't have an iPhone or a DTK to test it. Feel free to report back if you try it. The A14 has been confirmed as also affected, which is expected, as it is a close relative of the M1.

另外作者覺得這個安全漏洞在 macOS 上還好,主要是你系統都已經被打穿可以操控 s3_5_c15_c10_1 register 了,應該會有更好的方式可以用:

So you're telling me I shouldn't worry?

Yes.

What, really?

Really, nobody's going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use for cooperative cross-process communication (e.g. cache stuff), on every system. Covert channels can't leak data from uncooperative apps or systems.

Actually, that one's worth repeating: Covert channels are completely useless unless your system is already compromised.

比較明顯的問題應該是 iOS 這邊的 privacy issue,不過 iOS 上的 app store 有基本的保護機制:(不過想到作者可以故意寫成 RCE 漏洞...)

What about iOS?

iOS is affected, like all other OSes. There are unique privacy implications to this vulnerability on iOS, as it could be used to bypass some of its stricter privacy protections. For example, keyboard apps are not allowed to access the internet, for privacy reasons. A malicious keyboard app could use this vulnerability to send text that the user types to another malicious app, which could then send it to the internet.

However, since iOS apps distributed through the App Store are not allowed to build code at runtime (JIT), Apple can automatically scan them at submission time and reliably detect any attempts to exploit this vulnerability using static analysis (which they already use). We do not have further information on whether Apple is planning to deploy these checks (or whether they have already done so), but they are aware of the potential issue and it would be reasonable to expect they will. It is even possible that the existing automated analysis already rejects any attempts to use system registers directly.

Rocky Linux 放出 RC1 了

Red Hat 實質上廢掉 CentOS 後,原來 CentOS 的人決定要再 fork 一次,弄了 Rocky Linux,前幾天放出 RC1 了:「Rocky Linux 8.3 RC1 Available Now」。

還沒下載下來測試,但我猜應該跟當初的 CentOS 差不多...

文章裡面提到的贊助商不少大公司,包括 AWS 也在列表內,好像可以理解為什麼...

另外翻到「Public active mirrors」這頁,看到 Fastly 居然有贊助頻寬,看起來也不需要擔心頻寬問題了。

等晚點再進去看看情況... 話說回來,官網上對 Rocky Linux 的介紹真是隱晦,完全不提到 Red Hat 看起來是避免被告 (以及被搞):

Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with America's top enterprise Linux distribution now that its downstream partner has shifted direction. It is under intensive development by the community. Rocky Linux is led by Gregory Kurtzer, founder of the CentOS project. Release Candidate 1 is now available for testing. Contributors are asked to reach out using the communication options offered on this site.

FreeBSD & pfSense 上的 WireGuard 問題

FreeBSDpfSense 上的 WireGuard 實做問題前幾天被 Ars 的人整理出來:「Buffer overruns, license violations, and bad code: FreeBSD 13’s close call」,文章有點長度,但整個劇情有種在看八點檔的感覺... 在 Hacker News 上的「Buffer overruns, license violations, and bad code: FreeBSD 13’s close call (arstechnica.com)」與後續的「In-kernel WireGuard is on its way to FreeBSD and the pfSense router (arstechnica.com)」都值得翻翻。

目前 FreeBSD 與 pfSense 都已經把現有的 WireGuard 實做拿掉,主要原因是實做本身的品質很差 (以及安全性問題),而且沒有將 WireGuard 的功能實做完整。

文章裡面有提到兩個組織面上的問題 (還有攻擊個人的部份,這邊就不提了),第一個是 FreeBSD 的 review process,看起來比較像是系統面的問題,目前還是缺乏人力。

另外一個是 Netgate 本身 (pfSense 後面的公司),本來沒有太多背景知識,但這次事件發生後跑去翻了一下資料,發現原來之前就有一些「記錄」了,像是註冊競爭對手的產品 OPNsense 沒有註冊的網域 opnsense.com,然後導去 pfSense 家的事情,最後使得 Deciso (OPNsense 後面的公司) 到 WIPO 上搶回來:「WIPO Domain Name Decision: D2017-1828」。

可以花些時間來看看替代方案...

繞過 Screensaver Lock 的有趣話題...

Hacker News Daily 上看到「Screensaver lock by-pass via the virtual keyboard」這篇,裡面這邊題到了 screensaver lock 的有趣話題。

先講嚴肅一點的,這個 bug 被編號為 CVE-2020-25712,問題出在 xorg-x11-server 上:

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

比較有趣的事情是,這個 bug 是小朋友在亂玩時拉出 virtual keyboard 觸發的:

A few weeks ago, my kids wanted to hack my linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play... when the screensaver core dumped and they actually hacked their way in! wow, those little hackers...

然後他說他自己搞不出來:

I tried to recreate the crash on my own with no success, maybe because it required more than 4 little hands typing and using the mouse on the virtual keyboard.

另外一個人也說他家小朋友也弄出 segfault 了:

My kids came upon a similar cinnamon-screensaver segfault! I've emailed details of how to reproduce the problem to root@linuxmint.com.

小朋友超強 XDDD

FreeBSD 要從 Subversion 換到 Git

#bsdchat 上面看到 FreeBSD 提供了 Git repository,翻了一下看起來是最近在切換,這邊有翻到慣例的 HEADS UP:「HEADS UP: FreeBSD changing from Subversion to Git this weekend」。

The FreeBSD project will be moving it's source repo from subversion to git starting this this weekend. The docs repo was moved 2 weeks ago. The ports repo will move at the end of March, 2021 due to timing issues.

大概是 2008 年先把 src tree 從 CVS 換到 Subversion 上:「FreeBSD src 部份由 CVS 轉換到 Subversion」。

然後 2012 年把 ports tree 換過去:「FreeBSD ports 將從 CVS 轉移到 Subversion 上...」。

雖然已經很久沒用 FreeBSD 了 (最近碰到最接近的系統應該是 pfSense),但還是先恭喜他們總算要切換了,兩邊的能量差太多了...

CentOS 將會變成 CentOS Stream

讓不少團隊要炸的消息,CentOS 將會被消滅變成 CentOS Stream:「CentOS Project shifts focus to CentOS Stream」與「CentOS Stream: Building an innovative future for enterprise Linux」。

很多團隊用 CentOS 的主要原因就是因為他基本上就是個 RHEL 重新打包的版本,一來更新速度沒有很快 (所以穩定不少,跑得好好的就不要動他最穩...),二來很多商用軟體都可以在支援 RHEL 時「順便」支援 CentOS。

再來是考慮到他有超級長的支援期,像是 2011 年推出的 CentOS 6 到上個月月底 (2020/11/30) 才終止支援,相較於 Ubuntu LTS 提供的五年來說長很多。

所以兩邊都有選擇的理由 (以及族群),一邊是追求穩定性,一邊是有新技術的需求。

不過 IBM 在 2018 年收購 Red Hat 後看起來對這件事情有很不一樣的看法:決定要收掉 CentOS,然後借屍還魂叫做 CentOS Stream,上面開始會有與 RHEL 不同的東西。

When CentOS Linux 8 (the rebuild of RHEL8) ends, your best option will be to migrate to CentOS Stream 8, which is a small delta from CentOS Linux 8, and has regular updates like traditional CentOS Linux releases.

所以接下來還有支援的兩個版本,分別是 2014 年出的 CentOS 7,將照原訂的 10 年計畫支援到 2024/06/30,以及 2019 年出的 CentOS 8,就只會支援到 2021/12/31 了。

翻了一下 Hacker News 上的討論,先不講幹聲一片的問題,看起來原來建立 CentOS 的 Gregory Kurtzer 決定出來再幹一次:「Original CentOS founder intends to create new fork of RHEL (rockylinux.org)」。

來看看後續社群會怎麼玩吧...

Amazon EC2 推出 Mac Instance

AWSMac miniAmazon EC2 上推出了 Mac Instance:

Powered by Mac mini hardware and the AWS Nitro System, you can use Amazon EC2 Mac instances to build, test, package, and sign Xcode applications for the Apple platform including macOS, iOS, iPadOS, tvOS, watchOS, and Safari.

這批 Mac mini 是 Intel i7 的機器:

The instances feature an 8th generation, 6-core Intel Core i7 (Coffee Lake) processor running at 3.2 GHz, with Turbo Boost up to 4.6 GHz. There’s 32 GiB of memory and access to other AWS services including Amazon Elastic Block Store (EBS), Amazon Elastic File System (EFS), Amazon FSx for Windows File Server, Amazon Simple Storage Service (S3), AWS Systems Manager, and so forth.

要注意的是最低租用時間是 24 小時:

Dedicated Hosts – The instances are launched as EC2 Dedicated Hosts with a minimum tenancy of 24 hours. This is largely transparent to you, but it does mean that the instances cannot be used as part of an Auto Scaling Group.

然後 Apple M1 也在規劃中:

Apple M1 Chip – EC2 Mac instances with the Apple M1 chip are already in the works, and planned for 2021.

區域上不多,不過亞洲區居然是新加坡首發:

You can start using Mac instances in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore) Regions today, and check out this video for more information!

以前是自己用地端的 Mac mini 去接雲端的服務 (有點 worker 的感覺),現在這樣看起來又多了一些東西可以玩...?