Raspberry Pi 4 開賣,USD$35

Raspberry Pi 4 開賣,目前推出的是 Model B,最低規格的 1GB RAM 版本與之前 RPi 3 相同都是 USD$35,另外這次提供了以前沒有的 2GB 與 4GB 版本,分別是 USD$45 與 USD$55:「Raspberry Pi 4 on sale now from $35」。

有兩個比較大而且要注意的改變,第一個是電源接頭變成 Type-C 了:

We’ve moved from USB micro-B to USB-C for our power connector. This supports an extra 500mA of current, ensuring we have a full 1.2A for downstream USB devices, even under heavy CPU load.

另外一個是 HDMI 接頭換成 D Type:

To accommodate dual display output within the existing board footprint, we’ve replaced the type-A (full-size) HDMI connector with a pair of type-D (micro) HDMI connectors.

這兩個改變都需要準備額外的設備或是線材,其他的改變應該還好...

這次改版最明顯的是效能的增加,官方宣稱 CPU 速度是前一代的三倍:

A 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU (~3× performance)

而在 GPU 相關的則是對 H.265 的 4Kp60 硬體解壓縮:

4Kp60 hardware decode of HEVC video

先前用 RPi 3 放客廳還是覺得不太夠,也許可以考慮看看這個...

「歡樂」的 USB cable...

在這邊看到的,把整個惡意晶片藏在 USB cable 裡面,讓攻擊者可以透過 Wi-Fi 控制主機的 O.MG Cable:「WiFi Hides Inside a USB Cable」。

是個大家都有想過的情境,不算是特別的技術,困難點在於空間有限 (要藏在接頭裡面),現在有人做出 prototype 了... 在 demo 影片內可以看到可以透過 Wi-Fi 開啟主機本身的 browser 並且連線,不知道是模擬鍵盤還是其他方式做的?

Yubico 宣佈推出 Lightning 的 U2F 界面...

YubicoCES 2019 上宣佈推出兩用版的 YubiKey,同時支援 USB-CLightning 接頭:「Yubico Launches the Security Key NFC and a Private Preview of the YubiKey for Lightning at CES 2019」。

從照片可以看出來是直接做成兩側各一個頭:

目前是 Private Preview,開發者需要跟 Yubico 申請:

If you are a developer or service that would like to support strong hardware authentication on iOS, we invite you to work with us by applying to participate in the YubiKey for Lightning Program. Selected participants will have access to the private preview of YubiKey for Lightning and also the Yubico Mobile iOS SDK for Lightning.

不過看起來是硬體限制沒辦法朝 NFC 支援?另外如果蘋果下一代 iPhone 換掉變成 USB-C 就搞笑了...

便宜的 HSM

當然速度就不用想太多了...

一個是 Yubico 推出的 YubiHSM 2:「YubiHSM 2 is here: Providing root of trust for servers and computing devices」。

另外一個是 Mozilla 在 2013 年提到的 CryptoStick,不過現在連過去看到的是 Nitrokey HSM:「Using CryptoStick as an HSM」。

兩個都是走 USB 1.1 Type A,運算效能都普普通通,感覺自己用比較合適?像是 GnuPG 加解密。拿給線上服務用的效能還是要夠好...

Savitech (盛微) 的 USB 音效驅動程式會安裝 Root CA (被發了 CVE-2017-9758)

Hacker News 上看到 CERT 的「Savitech USB audio drivers install a new root CA certificate」提到 Savitech USB audio driver 會安裝自己的 Root CA:

Savitech provides USB audio drivers for a number of specialized audio products. Some versions of the Savitech driver package silently install a root CA certificate into the Windows trusted root certificate store.

出自「Inaudible Subversion - Did your Hi-Fi just subvert your PC? (原網站已經無法訪問,參考備份連結 https://archive.is/K6REr)」,CVE 編號是 CVE-2017-9758,最初是由 n3kt0n 提出的:「某單位 drivers silently install certificate in trusted root certificate authorities store [CVE-2017-9758]」:

Mitre assigned this exposure the identifier CVE-2017-9758, but was initially tracked by HITCON ZeroDay project as ZD-2017-00386.

有兩把 CA public key 被塞進去。雖然目前還沒有徵兆 private key 有外洩,但還是建議儘快移除:

There is currently no evidence that the Savitech private key is compromised. However, users are encouraged to remove the certificate out of caution. The two known certificates are:

SaviAudio root certificate #1
‎Validity: Thursday, ‎May ‎31, ‎2012 - ‎Tuesday, ‎December ‎30, ‎2036
Serial number: 579885da6f791eb24de819bb2c0eeff0
Thumbprint: cb34ebad73791c1399cb62bda51c91072ac5b050

SaviAudio root certificate #2
Validity: ‎Thursday, ‎December ‎31, ‎2015 - ‎Tuesday, ‎December ‎30, ‎2036
Serial number: ‎972ed9bce72451bb4bd78bfc0d8b343c
Thumbprint: 23e50cd42214d6252d65052c2a1a591173daace5

另外 Savitech 也放出了新版的 driver,不包含 Root CA:

Savitech has released a new driver package to address the issue. Savitech drivers version 2.8.0.3 or later do not install the root CA certificate. Users still must remove any previously installed certificate manually.

看了一下說明,看起來是當時為了支援 Windows XP 而做的,但微軟已經不提供驅動程式的數位簽章了,所以就只好這樣搞...

Amazon Device Farm 支援讓使用者直接連上去 debug 了...

Amazon Device Farm 推出這樣的功能又朝著設備租賃服務更進一步了:「Amazon Device Farm Launches Direct Device Access for Private Devices」。

Now, with direct device access, mobile applications developers can use individual devices in their private test set as if they were directly connected to their local machine via USB. Developers can now test against a wide array of devices just like they would as if the devices were sitting on their desk.

這樣就可以使用更底層的東西了...

因為一條 USB 線燒了三個設備...

Benson Leung 花了不少時間在測試 USB 線 (「Google 工程師在 Amazon 上留下對 USB-C 線的精彩評價...」與「Google 工程師在 Amazon 上對 Type C USB 線的評論」),而前陣子他測到一條超棒的 USB 線,把他三個測試設備都燒壞了:(出自這邊)

Surjtech's A-to-C cable seriously damaged a Pixel 2 laptop and two USB PD analyzers.

他在 Amazon 上留下的說明可以看到他發現廠商直接把 GND 與 Vbus 的線接錯了 (這個有厲害...):

I directly analyzed the Surjtech cable using a Type-C breakout board and a multimeter, and it appears that they completely miswired the cable. The GND pin on the Type-A plug is tied to the Vbus pins on the Type-C plug. The Vbus pin on the Type-A plug is tied to GND on the Type-C plug.

另外在回覆裡也有更完整的說明:

I've had the cable taken apart, and we've discovered some interesting details. I'll post a post with pictures soon.

1) Vbus and Gnd are switched. Red wire goes to G on the Type-C's PCB, Black wire goes to V.
2) 10 kΩ resistor instead of 56 kΩ resistor used.
3) resistor hooked up as a Pull-down instead of a pull-up
4) Wire is COMPLETELY missing SuperSpeed wires. It is NOT actually a USB 3.1 cable, even though it has a blue connector on the A side and SuperSpeed logos.

Bad. So bad.

照片可以在這邊看到。看起來 Benson Leung 得再去 Google 內要新的機器來測試了...

Google 工程師在 Amazon 上對 Type C USB 線的評論

先前提到「Google 工程師在 Amazon 上留下對 USB-C 線的精彩評價...」,後來這位工程師 Benson Leung 寫了更多的評價出來,在「Amazon.com: Profile for Benson Leung」這邊可以看到。

可以看到大量的線被打了兩顆星,不過還是少數有幾條線測過了:

35 條只過了 6 條,看起來狀況不太好啊 XDDD

Benchmark DAC2 HGC 在 Ubuntu 14.04 LTS 下使用 USB 沒有聲音的問題

記得剛買來的時候是有聲音的,後來突然有一天沒聲音... 試了一堆方法都沒用 (換 kernel 版本、禁用 xHCI、換 USB 線、...),最後是在「Benchmark DAC2 HGC impressions (and Linux setup notes)」這邊看到方法。

這邊有幾個重點:

DAC2's USB 1.0 mode doesn't work with Linux kernel 3.8.x, but USB 2.0 does. So switch it to USB 2.0 and forget about it. Next, I figured that the audio was simply being muted in some instances. The solution is to open a terminal window, run AlsaMixer, hit F6 to configure the DAC 2. Even though their levels cannot be altered (they're fixed at 00), the first two items must be unmuted in order to get any sound:

如同文章裡說的,USB 1.0 模式 (會抓到「Benchmark DAC2 USB Audio 1.0」) 是不會動的,而 USB 2.0 可以 (會抓到「Benchmark DAC2 USB Audio 2.0」),但播放時沒有聲音。

解法則是使用 alsamixer,進入後按 F6 選 Benchmark DAC2,將前面兩個用 m 給 unmute 掉就好了:

為此學到一堆底層看 USB 的工具...