Archive for the ‘Webtechnology’ Category

« Older Entries
Newer Entries »
No Comments

How to check your CPU is vulnerable for Retbleed?

Friday, December 16th, 2022

On Linux checking for known vulnerabilities is quite easy.

grep -r . /sys/devices/system/cpu/vulnerabilities

On a Zen2 processor  you’ll get these results:


/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Retpolines, IBPB: conditional, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/retbleed:Mitigation: untrained return thunk; SMT enabled with STIBP protection
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected

On a Zen3 processor you’ll get these results:

/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/retbleed:Not affected
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected

As you can see a Zen2 (Ryzen <5000 series) is vulnerable for Retbleed, why the newer generations are not (Ryzen >=5000 series).

Tags: , ,
Posted in Webtechnology | No Comments »

No Comments

Fixing the Annoying Pending Update of Snap Store in Ubuntu, get rid of it.

Sunday, September 18th, 2022

Ubuntu is my default OS since Windows XP/MS Explorer crashed to often around 2004, and I’m quite happy with it most of the time. Compared to Windows it is a breath to have and use just open-source software, no more installation, backup, upgrade of hardware or license problems.

You always know that if you buy another computer you can run the same software.

But it’s not only heaven, there are changes and choices made in the infrastructure and they involve wins and losses.

One of the problems I had lately on 20.04LTS is a message that I should update the snap-store app. As it seems the snap-store-app snap is Ubuntu”s new version of the old ubuntu-software package, which on it self is a fork of gnome-software.

Although in Gnome Activities the software program is advertised as Ubuntu-Software, on the command line it is called snap-store. That is confusing. And that cloaking is for a reason I suppose.

Most users aren’t charmed of snaps.

Firefox has moved to snap packaging (+21.10) and in the beginning it was really slow starting and it broke major things like native-messaging for extensions. The latter is still not fixed (both snaps and flatpaks), only in the Firefox Beta channel. (also for Flatpak versions of Firefox)

And AFAICS there is no support for Flatpaks in the snap-store.

That did it.

So I took these bold steps:

sudo snap remove snap-store

sudo apt install --install-suggests gnome-software

Now I have a software app that is call `software` in the Activities and `gnome-software` on the CLI.

It does support debs, snaps and flatpaks.

What do I want more?

Posted in Webtechnology | No Comments »

No Comments

Adding events to elements the simple way, using optional chaining

Thursday, August 11th, 2022

On modern JavaScript driven or enhanced sites the HTML DOM is sprinkled with events.

Since the birth of HTML5, (and decline of the worst (most expensive) browser ever: Microsoft Explorer) the appropriate way of attaching events is using AddEventListener()

document.querySelector('selector').addEventListener('click', function () { console.log("Hi, you clicked") });

This works only if the queried element does exists. Otherwise you”ll get an error and further execution of the script will fail.

So you’ll need to add a conditional check, the querySelector function returns null when the element can’t be found:

if (document.querySelector('selector'))
 document.querySelector('selector').addEventListener('click', function () {
console.log("Hi, you clicked")
});

Modern JavaScript is developing

But functionality to JavaScript is added every year and now there is a optional chaining and that feature is exactly what we need.

Optional chaining was introduced in ES2020. It’s supported by all modern updated browsers.

Optional chaining

Simply add a ? to a object property or method to check if it is existing.

book.author?.name

This will not cause an error if book.author is nullish (not existing)

Using this syntax and arrow functions the new code for attaching an event to an element is:

document.querySelector('selector')?.addEventListener('click', ()=>console.log("Hi, you clicked"));

If the element doesn’t exist, it will not do anything (document.querySelector('selector') is nullish). It won’t cause an error.

Exactly what we need!

UPDATE

What I miss though is something like this:

document.querySelector("#menu-comments a")?.href += "?comment_status=moderated";

Above oneliner is my simple solution to set the default Comments-link in WordPress to show the pending or new comments by default. Most (99%) are SPAM unfortunately, so this way it’s safer to select all and do a bulk action delete permanently or mark as spam.

But above onliner gives an JS error:

Uncaught SyntaxError: invalid assignment left-hand side

To my surprise there was a proposal in the spec to allow this. I would welcome that change, hopefully it will come one day.

I hate writing this verbose conditional:

if (document.querySelector("#menu-comments a"))
document.querySelector("#menu-comments a").href += "?comment_status=moderated";

Maybe I should start writing CoffeeScript or use Babel by default. 😉

Tags:
Posted in HTML5, Javascript, Webtechnology | No Comments »

No Comments

Install separate Firefox (Beta) Snap on Ubuntu 22.04

Wednesday, August 3rd, 2022

To try out a beta version of Firefox snap, you have to enable the experimental – read developer options – of parallel instances install of snap.

sudo snap set system experimental.parallel-instances=true

Them you can install a beta version of Firefox next to the stable version

sudo snap install --beta firefox_beta

But that doesn’t work, you will probably get some error/warning message like this:

error: cannot perform the following tasks:
- Set automatic aliases for snap "firefox_beta" (cannot enable alias "geckodriver" for "firefox_beta", already enabled for "firefox")

As it seems you’ll need to add  --unaliased when installing firefox_beta

sudo snap install --beta --unaliased firefox_beta

See the snap forum thread

That does work.

How to install Firefox Beta snap parallel to Firefox

sudo snap install --beta --unaliased firefox_beta
firefox_beta (beta) 104.0b5-1 from Mozilla✓ installed

To my surprise it copied the profile directory, I had all the same extensions and bookmarks installed and available.

Different profile directories

Firefox stable profiles path:

~/snap/firefox/common/.mozilla/firefox/…

Firefox Beta profiles path:

~/snap/firefox_beta/common/.mozilla/firefox/…

Tags:
Posted in browser, Webtechnology | No Comments »

3 Comments

Scanning the WiFi network with the Raspberry Pi Pico W

Friday, July 22nd, 2022

Let’s try the Wifi features of the new Raspberry Pi Pico W.

The Pico W has two Wifi interfaces:

  • network.STA_IF, the station interface
  • network.AP_IF, the access-point interface

network.STA_IF

The station (or standard) interface, can be used to connect the Pico W to another 2.4GHz WiFi access point. This seems to be the default.

network.AP_IF

The access-point interface can be used to turn your Pico W into a WiFi access-point that can connect up to 4 devices at the moment.

Use the Pico W to scan access points

Let’s try out the station interface, network.STA_IF.

Using micropython it’s really a breeze:


import network
import binascii
wlan = network.WLAN() #  network.WLAN(network.STA_IF)
wlan.active(True)
networks = wlan.scan() # list with tupples with 6 fields ssid, bssid, channel, RSSI, security, hidden
i=0
networks.sort(key=lambda x:x[3],reverse=True) # sorted on RSSI (3)
for w in networks:
      i+=1
      print(i,w[0].decode(),binascii.hexlify(w[1]).decode(),w[2],w[3],w[4],w[5])

In most example code you need to specify the interface, but apparently it defaults to the standard station network.STA_INF interface.

The output is a list with tupples that according to the docs should contain six fields ssid, bssid, channel, RSSI, security, hidden.

The bssid is the same as the hardware unique MAC-address.

There are five values for security:

  1. open (0)
  2. WEP (1)
  3. WPA-PSK (2)
  4. WPA2-PSK(3)
  5. WPA/WPA2-PSK (4)

and two for hidden:

  1. visible (0)
  2. hidden (1)

The docs states that for hidden 0 = visible and  1 = hidden, but actually the output I get, some twenty networks(!?) gives no 0, but several undocumented values for hidden: 1,2,3,4,5,7.

Twenty WiFi-networks? Yes, I do work in a city. And that’s only the 2.4GHz band. 🙁

So what does those values mean, what is there more than visible or hidden?

Also the security results differ with outputs from 0 (=open), most 5, but some report 7.

What do those values for security mean?

Is it a bug or a (undocumented) feature?

Tags: ,
Posted in raspberrypi, Webtechnology | 3 Comments »

8 Comments

Blinking a led on the Raspberry Pi Pico W

Thursday, July 21st, 2022

One much requested feature has landed to the Raspberry Pi Pico, and that is connection, Wifi and in the future Bluetooth are added, and that new Raspberry Pi Pico W just landed in my postbox.

Blinking a led is the first thing most lads try out, a bit like printing “Hello World” in any new program language.

The official documentation gives this example

from machine import Pin
led = Pin(25, Pin.OUT)
led.value(1) // led on
led.value(0) // led off

I blinked my eye twice, but running this code the Pico W did not light its led.

How to blink a led on the Raspberry Pi Pico W

I did remember reading about a change in GPIO pins, because the Wifi-modules needed some for connection, but I was surprised it was not mentioned in the official Raspberry Pi Pico documentation.

Actually with the introduction of the Wifi variant there are changes made in the micropython framework, to let the same code blink a led on any Raspberry Pi Pico, they gave the needed pin a name; “LED”, and added two functions, on and off.

from machine import Pin
led = Pin("LED", Pin.OUT)
led.on()  // a method instead of setting the value
led.off() // turn it off again.

Do remember you need to download a different firmware for the Pico and the Pico W.

RPI Pico firmware link

https://micropython.org/download/rp2-pico/

RPI Pico W (Wifi support) firmware link

https://micropython.org/download/rp2-pico-w/

Posted in Webtechnology | 8 Comments »

« Older Entries
Newer Entries »