?

Log in

No account? Create an account

pavelmachek's Journal

Recent Entries

You are viewing the most recent 25 entries.

29th July 2018

8:20am: Pretty big side-effect
Timing and side-channels are not normally considered side-effects, meaning compilers and cpus feel free to do whatever they want. And they do. Unfortunately, I consider leaking my passwords to remote attackers prety significant side-effect... Imagine simple function.
void handle(char secret) {}
That's obviously safe, right? And now
void handle(char secret) { int i; for (i=0; i<secret*1000000; i++) ; }
That's obviously bad idea, because now secret is exposed via timing. Now, that used to be the only sidechannel for a while, but then, caches were invented. These days,
static char font[16*256]; void handle(char secret) { font[secret*16]; }
may be bad idea. But C has not changed, it knows nothing about caches, and nothing about side-channels. Caches are old news. But today we have complex branch predictors, and speculative execution. It is called spectre. This is bad idea:
static char font[16*256]; void handle(char secret) { if (0) font[secret*16]; }
as is this:
static char small[16], big[256]; void foo(int untrusted) { if (untrusted<16) big[small[untrusted]]; }
CPU bug... unfortunately it is tricky to fix, and the bug only affects caches / timing, so it "does not exist" as far as C is concerned. Canonical fix is something like
static char small[16], big[256]; void foo(int untrusted) { if (untrusted<16) { asm volatile("lfence"); big[small[untrusted]]; }}
which is okay as long as compiler compiles it the obvious way. But again, compiler knows nothing about caches / side channels, so it may do something unexpected, and re-introduce the bug. Unfortunately, it seems that there's not even agreement whose bug it is. Is it time C was extended to know about side-channels? What about
void handle(int please_do_not_leak_this secret) {}
? Do we need new language to handle modern (speculative, multi-core, fast, side-channels all around) CPUs?
(Now, you may say that it is impossible to eliminate all the side-channels. I believe eliminating most of them is well possible, if we are willing to live with ... huge slowdown. You can store each variable twice, to at least detectrowhammer. Caches still can be disabled -- row buffer in DRAM will be more problematic, and if you disable hyperthreading and make every second instruction  lfence, you can get rid of Spectre-like problems. You may get 100x? 1000x? slowdown, but if that's applied only to software that needs it, it may be acceptable. You probably want your editors & mail readers protected. You probably don't need gcc to be protected. No, running modern web browser does not look sustainable).

7th June 2018

2:34pm: Complex cameras coming to PCs
It seems PCs are getting complex cameras. Which is bad news for PCs, because existing libv4l2 will not work there, but good news for OMAP3, as there will be bigger pressure to fix stuff.

29th April 2018

10:52pm: Crazy complexity
Its crazy how complex PCs have become. ARMs are not exactly simple with the TrustZone and similar stuff, but.. this is crazy. If you thought you understand x86 architecture... this is likely to prove you wrong. There's now non-x86 cpu inside x86 that performs a lot of rather critical functions...
...and shows that SGX indeed is evil.
10:50pm: Microsoft sabotaging someone else's computers
My father got himself in a nice trap: he let his Lenovo notebook to update to Windows 10. Hard to blame him, as user interface was confusing on purpose.Now 2 out of 3 USB ports are non-functional (USB 2 port works USB 3 ports don't), and there's no way to fix that. And apparently, Microsoft knew about the problem. Congratulations, Microsoft...

Ouch and they are also sending people to jail for producing CDs neccessary to use licenses they already sold. Microsoft still is evil.
10:45pm: O2 attacking their own customers
Just because you are paying for internet service does not mean O2 will not try to replace web-pages with advertising. Ouch. Seems like everyone needs to use https, we need better network-neutrality laws, and probably also class-action lawsuits.
10:43pm: Dark design patterns
Got Jolla installed. Ok, it looks cool. But already some unnice things can be seen. You _need_ jolla account to install apps. You need to agree to nasty legaleese. You are asked for name and password, it looks like that's all, and then it wants to know real name, email address, birthday... Appstore looks cool... but does not list licenses for software being installed. Still better than Android. Miles away from Debian.
It also seems to require login separate from app store login to get the "really" interesting stuff. Unfortunately, I don't know how to get that one.
I'd quite like to get python/gtk to work on Jolla (or maybe Android). If someone knows how to do that, I'd like to know. But I guess running Maemo Leste is easier at the moment.
10:40pm: Motorola Droid 4 is now usable
23.4.2018, around 12:34... I realized how unix ttys are sabotaging my attempts to send SMS.. and solved it. So now I have Motorola Droid 4, running 4.17-rc1 kernel, with voice calls working, SMSes, data connection, GPS working and have some basic GUIs to control the stuff. WIFI works. Screen locks, and keyboard map still could be improved. Battery life will probably will not be great. But hey, its a start -- I have GNU/Linux working on a cellphone. More precisely Maemo Leste, based on Devuan, based on Debian. Sure, some kernel patches are still needed, and there's a lot more work to do in userland... Today, Microsoft sold out last Windows Mobile phones. I guess that's just a coincidence.

18th January 2018

7:42pm: Fun with Rust (not spinning this time)
Rust... took me while to install. I decided I did not like curl | sh, so I created fresh VM for that. That took a while, and in the end I ran curl | sh, anyway. I coded weather forecast core in Rust... And I feel like every second line needs explicit typecast. Not nice, but ok; result will be fast, right? Rust: 6m45 seconds, python less then 1m7 seconds. Ouch. Ok, rust really needs optimalizations to be anywhere near reasonable run-time speed. 7 seconds optimized. Compile time is... 4 seconds for 450 lines of code. Hmm. Not great. .. but I guess better than alternatives.
7:38pm: Hey Intel, what about an apology?
Hey, Intel. You were selling faulty CPUs for 15+ years, you are still selling faulty CPUs, and there are no signs you even intend to fix them. You sold faulty CPUs for half a year, knowing they are faulty, without telling you customers. You helped develop band-aids for subset of problems, and subset of configurations. Yeah, so there's work around for Meltdown on 64-bit Linux. Where's work around for Meltdown on 32-bit? What about BSDs? MINIX? L4? Where are work arounds for Spectre? And more importantly -- where are real fixes? You know, your CPUs fail to do security checks in time. Somehow I think that maybe you should fix your CPUs? I hearing you want to achieve “quantum supremacy". But maybe I'd like to hear how you intend to fix the mess you created, first? I actually started creating a workaround for x86-32, but I somehow feel like I should not be the one fixing this. I'm willing to test the patches...

(And yes, Spectre is industry-wide problem. Meltdown is -- you screwed it up.)

26th December 2017

11:59am: PostmarketOS and digital cameras
I did some talking in 2017. If you want to learn about postmarketOS (in Czech), there's recording at https://www.superlectures.com/openalt2017/telefonni-revoluce-se-blizi . ELCE talk about status of phone cameras is at https://www.youtube.com/watch?v=fH6zuK2OOVU .

22nd October 2017

12:22am: Prague and Nokia N900s
If you are travelling to Prague to ELCE, and have Nokia N900, N9 or N950, or spare parts for them, please take them with you. I may help you install postmarket os there (https://wiki.postmarketos.org/wiki/Main_Page), can probably charge N900 that does not charge, and spare parts would be useful for me. I have a talk about cameras, and will be around... https://osseu17.sched.com/event/ByYH/cheap-complex-cameras-pavel-machek-denx-software-engineering-gmbh .

16th October 2017

9:36am: Help time travelers!
Ok, so I have various machines here. It seems only about half of them has working RTC. That are the boring ones.

And even the boring ones have pretty imprecise RTCs... For example Nokia N9. I only power it up from time to time, I believe it drifts something like minute per month... For normal use with SIM card, it can probably correct from GSM network if you happen to have a cell phone signal, but...

More interesting machines... Old thinkpad is running without CMOS battery. ARM OLPC has _three_ RTCs, but not a single working one. N900 has working RTC but no or dead backup battery. On these, RTC driver probably knows time is not valid, but feeds the garbage into the system time, anyway. Ouch. Neither Sharp Zaurus SL-5500 nor C-3000 had battery backup on RTC...

Even in new end-user machines, time quality varies a lot. "First boot, please enter time" is only accurate to seconds, if the user is careful. RTC is usually not very accurate, either... and noone uses adjtime these days. GSM time and ntpdate are probably accurate to miliseconds, GPS can provide time down to picoseconds... And broken systems are so common "swclock" is available in init system to store time in file, so it at least does not go backwards.

https (and other crypto) depends on time... so it is important to know approximate month we are in.

Is it time we handle it better?

Could we return both time and log2(expected error) from system calls?

That way we could hide the clock in GUI if time is not available or not precise to minutes, ignore certificate dates when time is not precise to months, and you would not have to send me a "Pavel, are you time traveling, again?" message next time my mailer sends email dated to 1970.

25th September 2017

10:25am: Colorful LEDs
RGB LEDs do not exist according to Linux LED subsystem. They are modeled as three separate LEDs, red, green and blue; that matches the hardware.

Unfortunately, it has problems. Lets begin with inconsistent naming: some drivers use :r suffix, some use :red. There's no explicit grouping of LEDs for one light -- there's no place to store parameters common for the light. (LEDs could be grouped by name.)

RGB colorspace is pretty well defined, and people expect to set specific colors. Unfortunately.... that does not work well with LEDs. First, LEDs are usually not balanced according to human perception system, so full power to the LEDs (255, 255, 255) may not
result in white. Second, monitors normally use gamma correction before displaying color, so (128, 128, 128) does not correspond to 50% of light being produced. But LEDs normally use PWM, so (128, 128, 128) does correspond to 50% light. Result is that colors are completely off.

I tested HSV colorspace for the LEDs. That would have advantage of old triggers being able to use selected colors... Unfortunately, on N900, white color is something like 15% blue, which would result in significantly reducing number of white intensities we can display.

20th September 2017

12:16am: Unicsy phone
For a long time, I wanted a phone that runs Unix. And I got that, first Android, second Maemo on Nokia N900. With Android I realized that running Linux kernel is not enough. Android is really far away from normal Unix machine, and I'd argue away from anything usable, too. Maemo was slightly closer, and probably could be fixed if it was open-source.

But I realized Linux kernel is not really the most important part. There's more to Unix: compatibility with old apps, small programs where each one does one thing well, data in text formats so you can put them in git. Maemo got some parts right, at least you could run old apps in a useful way; but most important data on the phone (contacts, calendar) were still locked away in sqlite.

And that is something I'd like to change: phone that is ssh-friendly, text-editor-friendly and git-friendly. I call it "Unicsy phone". No, I don't want to do phone `cat addressbook | grep Friend | cut -f 1`... graphical utilities are okay. But console tools still should be there, and file formats should be reasonable.

So there is tui project, and recently postmarketos project appeared. Nokia N900 is mostly supported by mainline kernel (with exceptions of bluetooth and camera, everything works). There's work to be done, but it looks doable.

More is missing in the userspace. Phone parts need work, as expected. What is more surprising... there's emacs org mode, with great calendar capabilities, but I could not find matching application to display data nicely and provide alerts. Situation is even worse for contacts; emacs org can help there, too, but there does not seem to be agreement that this is the way to go. (And again, graphical applications would be nice).

16th September 2017

1:41pm: FlightGear fun
How to die in Boeing 707, quick and easy. Take off, realize that you should set up fuel heating, select Help|, aim for checklists.. and hit auto startup/shutdown. Instantly lose all the engines. Fortunately, you are at 6000', so you start looking for the airport. Then you
realize "hmm, perhaps I can do the startup thing now", and hit the menu item once again. But instead of running engines, you get fire warnings on all the engines. That does not look good. Confirm fire, extinguish all four engines, and resume looking for airport in range. Trim for best glide. Then number 3 comes up. Then number 4. Number one and you know it will be easy. Number two as you fly over the runway... go around and do normal approach.

26th February 2017

11:32pm: Using Linux notebook as an alarm clock
Is someone using notebook as an alarm clock? Yes, it would be easy if I did not suspend machine overnight, but that would waste power and produce noise from fans. I'd like version that suspends the machine...

21st February 2017

11:21pm: X220 to play with
Nice machine. Slightly bigger than X60, bezel around display way too big, but quite powerful. Biggest problem seems to be that it does not accept 9.5mm high drives...

I tried 4.10 there, and got two nasty messages during bootup. Am I the last one running 32 bit kernels?

I was hoping to get three-monitor configuration on my desk, but apparently X220 can not do that. xrandr reports 8 outputs (!), but it physically only has 3: LVDS, displayport and VGA. Unfortunately, it seems to only have 2 CRTCs, so only 2 outputs can be active at a time. Is there a way around that?

17th November 2016

12:49am: Linux did not win, yet
http://www.cio.com/article/3141918/linux/linux-has-won-microsoft-joins-the-linux-foundation.html Yes, Linux won on servers. Unfortunately... servers are not that important, and Linux still did not win on desktops (and is not much closer now than it was in 1998, AFAICT). We kind-of won on phones, but are not getting any benefits from that. Android is incompatible with X applications. Kernels on phones are so patched that updating kernel on phone is impossible... . This means that Microsoft sponsors Linux Foundation. Well, nice, but not a big deal. Has Microsoft promised not to use their patents against Linux? Does their kernel actually contain vfat code? Can I even get source for "their" Linux kernel? [Searching for Linux on microsoft.com does not reveal anything interesting; might be switching to english would help...]

14th November 2016

11:22am: foxtrotgps: not suitable for spacecraft navigation
Subject: foxtrotgps: not suitable for spacecraft navigation
Package: foxtrotgps
Version: 1.2.0-1
Severity: normal
Dear Maintainer,
Trying to use foxtrotgps in the spacecraft leads to some interesting
glitches.
When date line is reached, "track traveled" jumps over the whole
world, and "your position" gets de-synchronized from point when the
red line is painted.
Reproduced with Vostok-1 spacecraft.

6th October 2016

10:56am: FlightGame
FlightGame
FlightGear is a very nice simulator, but it is not a lot of fun: page with "places to fly" helps. But when you setup your flight details, including weather and failures, you can kind of expect what is going to happen. FlightGame was designed to address this (not for me, unfortunately, alrough... if you ever debugged piece of software you know unexpected things happen): levels are prepared to be interesting, yet they try to provide enough information so that you don't need to
study maps and aircraft specifications before the flight.
Don't expect anything great/too complex, this is just python getting data from gpsd, and causing your aircaft probles over internal webserver. But it still should be fun.
Code is at
. I guess I should really create a better README.
Who wants to play?

3rd October 2016

1:13pm: Linux V4.8 on N900
Basics work, good. GSM does not work too well, which is kind of a problem. Camera broke between 4.7 and 4.8. That is not good, either.

If you want to talk about Linux and phones, I'll probably be on LinuxDays in Prague this weekend, and will have a talk about it at Ubucon Europe.

24th September 2016

12:05pm: Audio fun
Documentation for audio on Linux... is pretty much nonexistent.

Notice!
There is a hidden pointer somewhere in this text to a page containing deeper information about using audio. You should have perfect understanding about the features described in this page before jumping into more complicated information. Just make sure you read this text carefully enough so you will be able to find the link.
Oh, thank you, so we are now on treasure hunt?
Under construction!
This page is currently being written. A more complete version should be released shortly.
....
Last updated Fri 16 Aug 1996 (minor changes).
Seems like the complete page is not going to be available any time soon.
Still, that was best page explaining how audio is supposed to work on Linux. Ouch. I could not get ALSA to work. OSS works fine. (I guess that also talks a bit about state of audio on Linux). And then I discovered that modem does not work in kernel 4.8, so my problems were not pulseaudio problems but modem problems. Oh well.
--

8th September 2016

12:46pm: Security getting hard/impossible on recent systems
Cache attacks: this is not good. Ok, so we have a rowhammer: basically very common, hard-to-work-around, hardware problem. Bits in your memory may flip. Deal with it.
And now, there are cache attacks, too. Users should not be able to spy on each other on multiuser system, but they very probably can. In particular, other users can tell which parts of emacs you are executing, and when. They can probably not distinguish what characters you are typing, but they can probably learn when you are typing space, normal letter, or moving cursor. Ouch. And if they indeed can spy on individual characters... you can hardly blame emacs. With plain keyboard, cache attack on individual letters is probably not feasible. With t-9 like system on touchscreen... it probably is. Deal with it. But how?
12:36pm: fcam-dev now gets autofocus on 4.7 kernel
Ok, without proper timing support, everything is really, really slow, but hey - I already got one usable photo out of the system :-).
Oh, and this is the reason to run Debian on your phone: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ .
12:32pm: 25 years of Linux
25 years of linux and yes, I know Linux is popular. Still it was unexpected when I was asked in public transport if I know about Linux. Man wanted me to help with X restarting due to bad graphics drivers... I asked how he realized... and he told me about my T-shirt. I realized I have UnitedLinux T-shirt on... Given SCO's involvement in that one... should I burn the shirt?
Powered by LiveJournal.com