FOSDEM 2019 Open Source Developers Meeting Schedule


FOSDEM – which stands for Free and Open Source Software Developers’ European Meeting – is a free-to-participate event where developers meet on the first week-end of February to discuss open source software & hardware projects. FOSDEM 2019 will take place on February 2 & 3, and the schedule has already been published with 671 speakers scheduled to speak in 711 events themselves sorted in 62 tracks. Like every year, I’ll create a virtual schedule based on some of the sessions most relevant to this blog in tracks such as  open hardware, open media, RISC-V, and hardware enablement tracks. February 2 10:30 – 10:55 – VkRunner: a Vulkan shader test tool by Neil Roberts A presentation of VkRunner which is a tool to help test the compiler in your Vulkan driver using simple high-level scripts. Perhaps the largest part of developing a modern graphics driver revolves around getting the compiler to generate the correct code. In order to achieve this, extensive …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Linux 4.19 Release – Main Changes, Arm and MIPS Architectures

Linux 4.19 Changelog

With Linus Torvalds taking a leave from the Linux kernel project, Greg Kroah-Hartman was the one to release Linux 4.19 last Sunday: Hi everyone! It’s been a long strange journey for this kernel release… While it was not the largest kernel release every by number of commits, it was larger than the last 3 releases, which is a non-trivial thing to do. After the original -rc1 bumps, things settled down on the code side and it looks like stuff came nicely together to make a solid kernel for everyone to use for a while. And given that this is going to be one of the “Long Term” kernels I end up maintaining for a few years, that’s good news for everyone. A small trickle of good bugfixes came in this week, showing that waiting an extra week was a wise choice. However odds are that linux-next is just bursting so the next -rc1 merge window is going to be bigger …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Check for Spectre, Meltdown, and L1 Terminal Fault Vulnerabilities with Spectre-meltdown-checker Script

Spectre Meltdown Foreshadow Checker

Yesterday, we wrote a little bit about the new speculative execution vulnerability known as L1 Terminal Fault (L1TF) or Foreshadow, and a reader – MHSadri – pointed to an interesting script that checks for all three speculative execution vulnerabilities, and runs in Linux and BSD (FreeBSD, NetBSD, DragonFlyBSD)  across multiple architectures: Intel x32, AMD64, Arm and ARM64. Other architectures will also work, but mitigation reporting may not be correct. So I tried it on my own machine, a computer running Ubuntu 18.04 on an AMD FX8350 processor. Installation is easy: The developer recommends to check the script manually first, just for security sake. You can have two way to run it: either directly inside your OS, or via docker which may be a better idea since it would not be able to mess with your system especially I had to run it with sudo to avoid permission issues. Here’s the full output while running the script in a terminal window …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Zymkey is a Hardware Security Module for Raspberry Pi Board

Zymkey Raspberry Pi Security Module Blockchain

Microchip ATECC508A CryptoAuthentication chip appears to be a popular way to add hardware encryption support to development boards, as we’ve seen previously with 96Boards’ Secure96 mezzanine or LoRa explorer kit, and even just earlier today with Analoglamb Fish32 Seed ESP32 education board. Another solution is from Zymbit which provides Zymkey security modules for Raspberry Pi based on the ATECC508A CryptoAuthentication chip in different form factor: either a USB stick, an I2C module, or for further integration into your own design, an SMT component. Zymkey enables multifactor device ID & authentication, data encryption & signing, key storage & generation, and physical tamper detection. It also features a secure element root of trust, a real-time clock, and a true random number generator (TRNG). The company provides a simple Python or C/C++ API to make it easier to add Zymkey support to any Linux application, and the secure module can  be integrated with third party applications such as LUKS file encryption, OpenSSL, AWS …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

$50 Fish32 Seed “Education” ESP32 Board Comes with Plenty of I/Os, Sensors, and Connectivity Options

ESP32 Fish32 Seed Board

Sometimes I feel the word “Education” is sometimes thrown around for marketing purpose, and AnalogLamb Fish32 Seed board for “ESP32 Community Education Board” feels that way to me as so far, I could not see any tutorials or other teaching/ learning resources for the board. Having said that I can see why it could be potentially used for education: the sheer number of features, sensors, and connectivity options should allow students to learn to program my different components around ESP32. It’s just at this stage it may not be such an easy platform to learn on. Fish32 Seed board specifications: Supported ESP32 Modules – ESP32-WROVER, ALB32-WROVER, ESP32-WROOM-32 Connectivity 802.11 b/g/n WiFi and Bluetooth 4.2 via ESP32 10/100M Ethernet (RJ45) via WIZnet W5500 chip with support for up to 8 independent sockets LoRa via SX1278 chip (433 MHz) Sensors NXP MPU-9250 with 3-axis MEMS gyroscope, 3-axis MEMS accelerometer, 3-axis MEMS magnetometer Broadcom APDS-9960 digital proximity sensor, ambient light sensor, RGB color …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

More Speculative Execution Exploits – Meet Foreshadow / L1 Terminal Fault

Speculative execution is a feature to speed up performance of recent processors which works by predicting and loading likely future instructions ahead of time.  The features became somewhat famous a few months ago with Meltdown and Spectre vulnerabilities exploiting the features. The exploits impact Intel, AMD, Arm, and other processors to various degrees, and since the feature is built-in into the hardware, there’s no easy fix, and instead operating systems vendors, cloud service providers, hosting services and other stakeholders implemented mitigations. While a lot of progress has been made, work is still going on with the just released Linux 4.18 still getting some code changes related to the exploits. But just as solutions were found for Spectre and Meltdown, a new speculative execution exploitation has raised its ugly head: L1 Terminal Fault also known as Foreshadow.  The new flaw appears to be just as serious, and a dedicated website has been setup. Two versions of the exploit have been announced …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

USB Charging Actually Poses Security Risks – Hacking a Laptop via a USB-C Adapter

Hacked USB type-C Charger

Smartphones have been charged over USB for many years, but with the advance of USB type-C now even laptops may be charged over USB, instead of the typical DC power barrel jack. Why am I writing about that? That’s because charging over a DC jack is normally safe, but after reading an article on BBC website, I’ve just realized when you charge over USB you also give access to the data connection, and security researcher (MG) has found a way to hack the USB-C charger of an Apple laptop and show a login prompt to steal credentials (username / password). The full details of the hack are no public, but it does require altering the hardware of the charger. So as long as you use the charger sold with your laptop, you should be safe. However, there’s always a risk if you charge from public places, or buy  a charger from a third party. It’s a limited risk, but still …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Google Titan Security Key Prevents Phishing Attacks

Google Titan Security Key

Phising is a social engineering method that aims to trick users into giving their passwords. This can normally be mitigated with things called “brain” and “paying attention”, but since we are all humans mistakes may happen on a bad day. Even Google employees who should be tech savvy fell for the tricks from time-to-time, so Google made employees use 2-factor authentication with a  hardware security key since January 2017, and none of Google workers failed for a phising attack since then. CNET was provided with a sample of Google’s “Titan Security Key”, which comes in both USB and Bluetooth/NFC versions, and will be available for sale in Google’s online store within the next few months. The full technical details have not been provided for the key, but we do know Titan Security Keys support FIDO protocol, and are built with a secure element and a firmware written by Google that verifies the integrity of security keys at the hardware level. …

Support CNX Software – Donate via PayPal or become a Patron on Patreon