Connect with us

Technology

Redditor Boots Linux Kernel 5.8.0-rc2+ From Floppy On Intel 80486

Published

on


Do you remember your first PC on which you booted Linux from floppy? Well, Floppy disk is almost dead. The majority of people now use USB sticks or DVDs to install Linux distros on their PCs. However, retro enthusiasts love to revive their old hardware and relive the flashback.

Recently, a Redditor who goes by the name ‘FozzTexx’ demonstrated the latest stable Linux Kernel 5.8.0-rc2+ running from his floppy disk. He successfully booted a tiny kernel on a 30-year-old 32-bit Intel 80486 (i486 or 486) CPU. 

Now, if you think Linux kernel has dropped support for anything older than i686, it may prove you wrong. You know that freedom, customization, and support for legacy hardware are the characteristics of Linux.

Speaking of booting OS, if you’re 90s kid, you may remember installing Linux with boot floppies or installation CDs offered by Linux distros. Nowadays, the scenario has changed as people download the ISO from official websites and install it by creating a bootable USB or DVD.

In case you’re still wondering about booting Linux from floppy, a retro enthusiasts FozzTexx did it using a single 1.44MB floppy disk on his i486 CPU.

Booting Linux from 1.44MB floppy

He pulled the fresh Kernel 5.8.0-rc2+ from the git repo and shrank it to fit on a floppy using make tinyconfig. Then, he booted it on 486 into a busybox shell using rootfs.cpio.gz from Aboriginal Linux.

The tiny kernel surely misses network support or any other functional support. Though it may seem useless, the Redditor also added options like IDE support. Surprisingly, when he attached a hard drive and booted into the shell, he could see the drive as connected and its full capacity. You can see the result in the picture below.

Hard disk attached to 486 CPU
Hard disk attached to 486 CPU

You can also read the Twitter thread describing how he started loading kernel 5.8 on a 486 from floppy.

If you also have a 486 system lying around and want to load Linux, you can follow the tutorial which he’ll put on his blog site soon.

The post Redditor Boots Linux Kernel 5.8.0-rc2+ From Floppy On Intel 80486 appeared first on Fossbytes.



Source link

قالب وردپرس

Technology

8 million people, 14 alerts: why some covid-19 apps are staying silent

Published

on


When France launched its app for digital contact tracing, it looked like a possible breakthrough for the virus-ravaged country. After going live in June, StopCovid was downloaded by 2 million people in a short time, and digital affairs minister Cédric O said that “from the first downloads, the app helps avoid contamination, illness, and so deaths.” But officials soon had to walk their enthusiasm back after it emerged that in its first three weeks the app had alerted only 14 people to tell them they might have been exposed to the coronavirus. 

“This isn’t the end of the story,”  said O in its defense. “We keep improving the application.”

In Australia, meanwhile, things were even worse. The country’s Covidsafe app launched in April and got far greater adoption—6 million downloads in a country of 25 million. And yet it had even less of an impact: in the state of Victoria, it failed to identify a single contact that hadn’t already been uncovered by manual tracers, according to Gizmodo.

But while it doesn’t sound great, the lack of pings may not necessarily be a sign of failure in and of itself.

Part of the criticism may be due to too much hype. The early focus on contact tracing apps was understandable: a vaccine is still many months away, assuming we can even find one that will work. Apps stepped into the breach as a potential panacea—even though many insiders have consistently argued that they are only one of a number of tools we have to fight the virus.

On a mathematical level, too, the low level of notifications might be expected, according to Jon Crowcroft, professor of communications systems at the University of Cambridge. In a situation where there are low numbers of covid-19 cases, people are observing social distancing, and the density of app users is not high, you would not expect to see many notifications, he says.

“It’s simple math for the numbers of notifications: if 1% of people have covid-19 and they are all tested, and only 1% of people run the app, you have a 1 in 10,000 chance of having both the tested person and the exposed person having the app, so your notification rate will be 10,000 times lower than the case rate,” Crowcroft explains.  (For example, during the period in which Victoria issued 21 notifications, the state registered just 350 cases of covid-19.)

However, even with the most optimistic lens, it’s clear there’s a gulf between what was promised and what these apps are delivering. So what went wrong?

Technically awkward

First, it’s worth looking at the similarities between the two services. Both France and Australia shunned the model put forward by Google and Apple—where data is kept on the user’s phone to maintain privacy—in favor of a centralized approach, where user information is sent to remote servers. This is problematic because Google and Apple have restricted how much Bluetooth scanning centralized apps can do in the background.

Michael Veale, a digital policy lecturer at University College London, sums up the issue: “They aren’t detecting many phones because the background Bluetooth does not function. That’s because they aren’t using a decentralized approach.” 

This situation has created a series of other technical difficulties. Australia’s app works only 25% of the time on some devices, in particular iPhones. That’s because the Bluetooth “handshake” necessary to register proximity between two phones doesn’t work if the phone screen is locked. This was the exact problem that caused the UK to abandon its app last month (it’s not clear when it will launch a replacement).  

“This effectively means for a contact tracing app to work without using their system, a user has to walk around like a Pokemon Go player, with their phone out, the app open, and not use their phone for anything else,” says one researcher not directly involved in development for either app, who requested anonymity.

Too conservative

All this may have been exacerbated by adopting an overly conservative approach to avoid the risk of “over-notifying” users, says Crowcroft. Worries that oversensitive alerts could create panic means the apps only consider people who are extremely likely to have been in close contact with each other for extended periods of time—not just people you brushed past for a few seconds in the store. “A lot of care went into trying to avoid a lot of false positive notifications in some apps. This may make them super conservative,” he says.

In addition, both Australia’s and France’s apps have been blighted with performance issues and bugs. Users have complained that France’s app drains their phone’s battery life—possibly the reason that hundreds of thousands of people have uninstalled it. 

“This is the prime risk for developers: you make one mistake and wipe out somebody’s battery,” says Andrew Eland, who until recently worked as an engineering director at Google and then DeepMind Health. Some users say the StopCovid app regularly crashes, and has to be reactivated every time you switch your phone back on.

Aiming for improvement

So what are the lessons? Bluetooth is a very complex technology, but it’s fiendishly difficult to build a contact tracing app without using Apple and Google’s system. So for the sake of building an app rapidly, perhaps it’s best that governments don’t adopt a centralized system or something else that creates technical difficulties. If possible, countries should consider reusing the code for another country’s app that has proved to be a success—for example, Germany’s open-source Corona-Warn App, which has been downloaded by over 15 million people in a population of 83 million since it launched on June 15. Secrecy and clinging to exceptionalism are a poor combination when it comes to building contact tracing apps.

And ultimately, the public needs to bear in mind that contact tracing apps are likely to be only a small part of the fight against the coronavirus—rather than a magic answer to the problem. 

“If you want to know the best way to spend time and money on technology to track and trace coronavirus infections, it would probably be better to focus on making manual contact tracing more efficient,” says Eland.



Source link

قالب وردپرس

Continue Reading

Technology

This Week in Security: F5, Novel Ransomware, Freta, and Database Woes

Published

on


The big story of the last week is a problem in F5’s BIG-IP devices. A rather trivial path traversal vulnerability allows an unauthenticated user to call endpoints that are intended to be restricted to authenticated. That attack can apparently be as simple as:

'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin'

A full exploit has been added to the metasploit framework. The timeline on this bug is frighteningly quick, as it’s apparently being actively exploited in the wild. F5 devices are used all over the world, and this vulnerability requires no special configuration, just access to the opened management port. Thankfully F5 devices don’t expose the vulnerable interface to the internet by default, but there are still plenty of ways this can be a problem.

Freta

Microsoft has made a new tool publicly available, Freta. This tool searches for rootkits in uploaded memory snapshots from a Linux VM. The name, appropriately, is taken from the street where Marie Curie was born.

The project’s namesake, Warsaw’s Freta Street, was the birthplace of Marie Curie, a pioneer of battlefield imaging.

The impetus behind the project is the realization that once a malicious actor has compromised a machine, it’s possible to compromise any security software running on that machine. If, instead, one could perform a security x-ray of sorts, then a more reliable conclusion could be reached. Freta takes advantage of the VM model, and the snapshot capability built into modern hypervisors.

As you might imagine, the idea of sending snapshots of your Linux VMs to Microsoft for scanning has been met with some skepticism. That said, the primary use case for Freta will likely be the Azure cloud, so it’s reasonable to see this as just another tool for that ecosystem. It will be interesting to see this technology mature, as there seems to be great potential.

Vulnerability Compatibility in IE11

Earlier in the year, yet another jscript.dll vulnerability was found and fixed in Internet Explorer. As a quick recap, jscript.dll is the javascript engine from IE8. The continual presence of IE8 compatibility mode means that this old codebase still persists in modern Windows versions. Were IE8 only accessible by user intervention, this would be much less of an issue, but a website can request this compatibility mode, meaning that simply visiting a malicious website could enable an attack.

What we have this week is a detailed look at CVE-2020-1062, the bug in question. It’s a use after free, and it’s triggered by freeing an object in an overridden callback of that object. In the example code, the exploit defines the “toString” function, and manages to free the parent object in that function. As is almost always the case, finding a crash is the easy part, but turning it into a working exploit is much harder. The use-after-free bug doesn’t in itself allow for code execution, but results in code execution jumping to a location controlled by the attacker. Using the Binary Ninja tool, the researchers found an existing function that they could jump to, and from there pull off remote code execution. The full story is more involved than we have space here to cover, so go check it out for the full details.

Citrix Bug Detailed

Earlier this year, we covered CVE-2019-19781, another path transversal vulnerability, but this one is in Citrix products. Now, six months have passed since the initial disclosure, and Mikhail Klyuchnikov has written up a more detailed report on the flaw.

At it’s core, the vulnerability is simple. On a Citrix gateway, “/vpn/” hosts the login page for remote users. The url isn’t properly sanitized, so something like: /vpn/../vpns/portal/scripts/[scriptName].pl
doesn’t require authentication, but does actually execute the Perl script at the given location. The ability to interact directly with these scripts as an unauthenticated user would be problem enough, but the newbm.pl script actually allows writing data to arbitrary locations. Between the ability to execute Perl scripts, and the ability to write to the file system, it’s rather trivial to install a remote shell using this vulnerability.

Ransomware Hitchhikes on USB Drives

Try2cry is a new ransomware, spreading itself through USB flash drives. In the old days, this sort of worm would simply use the autorun feature of Windows to automatically infect a machine when plugged in. On modern machines, with autorun disabled, malware authors have to be more creative in order to spread their wares. Try2cry copies it’s installer to the root of the flash drive, marks all the existing files and folders as hidden, and then creates shortcuts in place of the hidden files. These shortcuts all point back to the malware installer, and the hope is that a user won’t notice the change, and installs the malware when trying to access the files.

Apparently this ransomware is little more than a copy-and-paste of the open source “stupid” ransomware, available on GitHub. The good news is that it can be decrypted with available tools.

MongoDB Ransomware

Yes, even more ransomware. MongoDB databases are quite popular, with something like 45,000 of them exposed to the internet. The problem is that half of those are configured without a password. Anyone can connect to, read, and write to them. Yes, many of those are probably just for testing, but inevitably some of them have live data as well. Apparently some aspiring blackhat realized that all those unprotected databases were a prime target, and launched an attack.

Each database is wiped, and a ransomware note is added in place. As far as ransomware goes the .015 BTC that is requested is rather cheap, valued at $138 at time of writing. The worst part of the attack might be the threat attached: to leak the stolen data, and then file a GDPR complaint on behalf of those whose data was exposed.

And Finally…

Samba announced a pair of bugs recently. So far, it appears that neither problem can lead to RCE, but they’re rather simple to launch DoS attacks. One attack is a variation on the zip bomb, where a DNS name composed of 8127 dots causes Samba to lose it’s mind. The other flaw is a code softlock triggered by a UDP packet with an empty data message. Both flaws require netbios to be enabled in an Active Directory configuration.

IBM’s Db2 database software has a remotely exploitable buffer overflow. This issue can result in arbitrary code execution as root, so make sure to get this patched if you’re running big blue.

 



Source link

قالب وردپرس

Continue Reading

Technology

5 Best Google Fi Compatible Phones You Can Go For

Published

on


Google Fi, a carrier service launched by Google in the US, was previously available for Pixel and Nexus smartphones only. As of now, Google has extended support for a lot of Android smartphones.

The Google Fi service provides the users with data services on three different mobile networks including US Cellular, Sprint, and T-Mobile. Google Fi also utilizes Wi-Fi for texting and calling according to the availability.

Previously, it was easy to choose a Google Fi compatible phones as there were only two or three of them. Now, finding the most appropriate Google Fi compatible phone is a task due to several options available now.

Here we have curated the list of 5 best Google Fi compatible phones. You can select the best fit for you according to your needs after going through the specifications of the smartphones.

Also Read: Top Gaming Phones For 2020: Best Smartphones To Play Video Games

5 Best Google Fi Compatible Phones

1. Moto G7

Moto G7 can be considered as the most affordable smartphone with Google Fi support. It comes with a 6.2-inch Full HD+ display and has a water repellant design. It is based on the Android 9.0 Pie and runs on the Qualcomm Snapdragon 632 processor.

Moto G7 has 4GB RAM along with 64GB onboard storage and its memory is expandable up to 128GB via microSD card. It sports a dual rear camera set up including a 12MP primary sensor and a 5MP depth sensor. The phone also features a 8MP selfie camera.

In terms of battery, Moto G7 is powered by a 3000mAh battery and supports 15W TurboPower charge. As of now, Moto G7 is available at a price of $198.50. So if you want to buy an affordable google fi compatible phone, Moto G7 is the best fit.

2. OnePlus 7T

Best google fi compatible phones

OnePlus 7T is one of the best mid-ranged smartphones available in the market. The phone features a 6.55-inch Fluid Display along with a 90Hz refresh rate. It runs on the Qualcomm Snapdragon 855 processor and is based on the latest Android 10.

OnePlus 7T sports a triple rear camera setup including a 48MP primary sensor, 12MP secondary sensor, and a 16MP tertiary sensor. Apart from that, it features a 16MP front camera for selfies.

The smartphone has two variants based on storage including 128GB onboard storage variant and 256GB onboard storage variant. The smartphone comes equipped with a powerful battery of 3800mAh and supports Warp Charge 30T.

The basic variant of OnePlus 7T including 8GB RAM and 128GB onboard storage is available at a price of $502.50 approximately and the top-notch variant is available at a price of $515.40.

3. Google Pixel 4 XL

Best Google Fi compatible phones

Google Pixel 4 XL was launched back in October 2019. The smartphone comes with a 6.3-inch display and is based on the Android 10. It runs on the Qualcomm Snapdragon 855 processor and can be dubbed as one of the best Google Fi compatible phones.

Snapdragon 855 is accompanied with 6GB RAM and 64GB onboard storage in the Google Pixel 4. Apart from that, it sports a dual rear camera setup including a 16MP primary camera and a 12MP secondary sensor.

Google Pixel 4 XL comes equipped with a 3700mAh battery and USB Type-C support. However, the price of the smartphone is a bit high as it is available at a price of $939 in the market. You can go forward to buy Pixel 4 XL only if you want a high ranged smartphone.

4. Samsung Galaxy S20

Samsung Galaxy S20

If you are looking for a Google Fi compatible smartphone with 5G connectivity support then Samsung Galaxy S20 is the best option out there. The smartphone features a 6.2-inch punch-hole display along with a 90Hz refresh rate. It runs on the Samsung Exynos 990 processor that is accompanied by 8GB RAM and 128GB onboard storage.

The best part about the smartphone is that it has a expandable memory upto 1TB via a microSD card. Samsung Galaxy S20 comes with a triple rear camera setup including a 64MP primary lens, 12MP secondary lens and a 12MP tertiary lens. It sports a 10MP selfie camera.

Samsung Galaxy S20 comes with a massive 4000mAh battery. The smartphone is available at a price of $933.12 in the market. Apart form Samsung Galaxy S20, you can also go for other smartphones of Samsung Galaxy S20 series as they all are Google Fi compatible.

5. Google Pixel 3a

Best Google-Fi compatible phones

Google Pixel 3a is the best fit for you if you are looking for a compact Google Fi compatible smartphone. With a 5.6-inch OLED display, the smartphone features three different color profiles.

Google Pixel 3a runs on the Qualcomm Snapdragon 670 processor and is based on the Android 9.0 Pie. In terms of storage, the smartphone comes equipped with 4GB RAM along with 64GB onboard storage.

Google Pixel has very basic camera specifications including a 12MP rear camera and an 8MP front camera. It is powered by a 3000mAh battery. Google Pixel 3a will cost around $406.13 as of now.

Choosing Google Fi Compatible Phones

You can choose the most appropriate smartphone from the above-mentioned Google Fi compatible smartphones. Apart from those smartphones, you can also check out whether your smartphone is compatible with Google Fi or not by visiting the compatibility page.

We will keep updating this list with new Google Fi compatible phones as and when they become available. So, don’t forget to check the list again after some time.

The post 5 Best Google Fi Compatible Phones You Can Go For appeared first on Fossbytes.



Source link

قالب وردپرس

Continue Reading

Trending