Home » Posts tagged "linux" (Page 3)

Linux 下 RAID1 的 SSD 會有讀取不平均問題

在「Unbalanced reads from SSDs in software RAID mirrors in Linux」這邊看到作者看 S.M.A.R.T. 數據時發現兩顆 SSD 硬碟組成的 RAID1 有很明顯的讀取不平均的問題:

242 Total_LBAs_Read [...] 16838224623
242 Total_LBAs_Read [...] 1698394290

原因是因為 Linux 對 RAID1 的 SSD 有不一樣的演算法:

The current state of RAID1 read balancing is kind of complex, but the important thing here in all kernels since 2012 is that if you have SSDs and at least one disk is idle, the first idle disk will be chosen.

2016 時演算法就更激進了,變成非 SSD 會:

In kernels with the late 2016 change, this widens to if at least one disk is idle, the first idle disk will be chosen, even if all mirrors are HDs.

加上 SSD 很快,這造成 loading 幾乎都在第一顆上... 這對 SSD 應該是還好啦 (理論上 SSD 的讀取不傷壽命),不過還是有點怪就是了。

U2F Security Key 產品測試?

Adam Langley 的「Testing Security Keys」這篇測試了不少有支援 U2F Security Key 的產品,這邊作者是以 Linux 環境測試。

tl;dr:在 Linux 環境下,除了 Yubico 的產品沒問題外,其他的都有問題... (只是差在問題多與少而已)

Yubico 的沒找到問題:

Easy one first: I can find no flaws in Yubico's U2F Security Key.

VASCO SecureClick 的則是 vendor ID 與 product ID 會跑掉:

If you're using Linux and you configure udev to grant access to the vendor ID & product ID of the token as it appears normally, nothing will work because the vendor ID and product ID are different when it's active. The Chrome extension will get very confused about this.

Feitian ePass 的 ASN.1 DER 編碼是錯的:

ASN.1 DER is designed to be a “distinguished” encoding, i.e. there should be a unique serialisation for a given value and all other representations are invalid. As such, numbers are supposed to be encoded minimally, with no leading zeros (unless necessary to make a number positive). Feitian doesn't get that right with this security key: numbers that start with 9 leading zero bits have an invalid zero byte at the beginning. Presumably, numbers starting with 17 zero bits have two invalid zero bytes at the beginning and so on, but I wasn't able to press the button enough times to get such an example. Thus something like one in 256 signatures produced by this security key are invalid.

Thetis 根本沒照 spec 走,然後也有相同的 ASN.1 DER 編碼問題:

With this device, I can't test things like key handle mutability and whether the appID is being checked because of some odd behaviour. The response to the first Check is invalid, according to the spec: it returns status 0x9000 (“NO_ERROR”), when it should be 0x6985 or 0x6a80. After that, it starts rejecting all key handles (even valid ones) with 0x6a80 until it's unplugged and reinserted.

This device has the same non-minimal signature encoding issue as the Feitian ePass. Also, if you click too fast, this security key gets upset and rejects a few requests with status 0x6ffe.

U2F Zero 直接 crash 沒辦法測 XDDD:

A 1KiB ping message crashes this device (i.e. it stops responding to USB messages and needs to be unplugged and reinserted). Testing a corrupted key handle also crashes it and thus I wasn't able to run many tests.

KEY-ID (網站連 HTTPS 都沒上...) / HyperFIDO 也有編碼問題但更嚴重:

The Key-ID (and HyperFIDO devices, which have the same firmware, I think) have the same non-minimal encoding issue as the Feitian ePass, but also have a second ASN.1 flaw. In ASN.1 DER, if the most-significant bit of a number is set, that number is negative. If it's not supposed to be negative, then a zero pad byte is needed. I think what happened here is that, when testing the most-significant bit, the security key checks whether the first byte is > 0x80, but it should be checking whether it's >= 0x80. The upshot is the sometimes it produces signatures that contain negative numbers and are thus invalid.

所以還是乖乖用 GitHub 帳號買 Yubico 吧...

Firefox 的 Headless 模式

Google Chrome 推出 Headless 模式後,Firefox 也推出了:「Headless mode」。

目前正式版是 55 版,只有 Linux 版本有支援,下一個版本 56 版就會包括 Windows 與 Mac 了:

Headless Firefox works on Fx55+ on Linux, and 56+ on Windows/Mac.

然後大家也都是以 Selenium 為重心,所以使用上應該不會是大問題...

Debian 對 Reproducible Build 的討論

Debian 在討論 package 的可重製性:「debian-policy: Packages should be reproducible」。本來的討論其實還好,在 2017/08/12 的 DebConf17 後,看起來有一些人取得共識,於是討論熱了起來... 有興趣的人可以從 Message #107 開始看。

Debian 社群想做的事情是「給足夠的資訊以及 source code,就能產生出一模一樣的 binary package」,這樣就不需要盲目信任 Debian 官方。

Debian 官方的 Wiki 上有「ReproducibleBuilds Howto」可以參考,然後也看到「reproducible-builds.org」這個站。

AWS 的 Patch Manager 支援 Linux

在「Amazon EC2 Systems Manager Patch Manager now supports Linux」這邊 AWS 宣佈了 Patch Manager 支援 Linux 的消息。


  • Amazon Linux 2014.03 and later (2015.03 and later for 64-bit)
  • Ubuntu Server 16.04 LTS, 14.04 LTS, and 12.04 LTS
  • RHEL 6.5 and later (7.x and later for 64-Bit)

連已經超過 LTS 支援期的 Ubuntu 12.04 都支援了... 不過 CentOS 看起來沒順便支援?

可以設計一些規定 (與組織內規範相關的,像是 approval process) 讓 Patch Manager 決定要怎麼佈:


在 Linux 下引用 Windows 的 DLL 檔

作者為了在 Linux 下進行安全分析而弄出來的計畫:「Porting Windows Dynamic Link Libraries to Linux」。

作者對 Windows 的架構有不少抱怨 XDDD

Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data.

This is less of a problem on Linux, and I've found that porting components of Windows Antivirus products to Linux is often possible. This allows me to run the code I’m testing in minimal containers with very little overhead, and easily scale up testing.

This is just personal opinion, but I also think Linux has better tools. ¯\_(ツ)_/¯

而這個專案跟 WineHQ 完整模擬不一樣,這只是給 Linux 下原生的程式使用 Windows 下 DLL 內的功能:

This project does not replace Wine or Winelib.

Winelib is used to port Windows C++ projects to Linux, and Wine is intended to run full Windows applications. This project is intended to allow native Linux code to load simple Windows DLLs.

The closest analogy would be ndiswrapper but for userspace.

作者拿了 Windows Defender 當範例,示範在 Linux 下呼叫 Windows 的 DLL...

修改 User-Agent 讓 Office 365 服務變快...

Facebook 上看到剛剛在 Hacker News 上熱起來的「Onedrive is slow on Linux but fast with a “Windows” user-agent (2016)」這篇,引用了 2016 年在 Microsoft Community 上的討論:「Onedrive for Business open is very slow on Linux (Chrome/Firefox) but with very fast with a "Windows" user-agent」。

Reddit 的「Office 365 Onedrive looks at user-agent to determine performance.」有更多的討論。

因為工作上也會用到 Office 365,也覺得在 Ubuntu 上用起來超級慢,然後看到有使用者也講了 Linux 下的 Google Chrome 也會有類似的問題:

I just tried this same thing--changing the OS in the user agent--on Chome on Linux. The difference really is incredible. Normally I find 365 to be so slow as to be borderline unusable, now it's almost as quick as Google docs. Even the institutional log-ins for my university are faster.

EDIT: Just to clarify, I was testing specifically the web apps for Word and OneNote hosted by my uni. I tried loading them both in normal tabs and ones where I had changed the OS useragent in Chrome's developer panel. The normal tabs hung badly as usual (30+ seconds to load the UI), while the modified tabs loaded very quickly. I tried this several times, but I suppose YMMV.

所以我也拿「User-Agent Switcher for Chrome」加上 IE11 的 user-agent 後測試:

最明顯的差異就是 redirect 變少了,然後開 Word 與 Excel 的速度變快好多 @_@


As Office 365 for Business services(e.g. SharePoint Online, including OneDrive for Business, Exchange Online) are not supported on Linux as shown below, for the best experience, we recommend the operating system listed in the article.

所以只能拿老招出來,把 User-Agent 改成 IE 後就變得超~級~快~

然後最 helpful 的回答是:

Thank you
I go back to Google Apps suite.