Archive for the ‘Webtechnology’ Category

« Older Entries Newer Entries »
Comments Off on Firefox and Wayland support on Ubuntu snaps and the user-agent

Firefox and Wayland support on Ubuntu snaps and the user-agent

Friday, January 6th, 2023

Ubuntu 22.04 is shipping with Wayland as the default communication protocol for the display server, replacing the old and X11 (X Window System).

Interestingly although Firefox is supporting Wayland natively, the default stable Firefox snap package doesn’t use it. I is still using XWayland as compatibility layer.

How to check if Firefox is using Wayland or X11?

Open:

about:support

and search for `Window protocol`

Window Protocol xwayland

That is intentional, see

https://bugzilla.mozilla.org/show_bug.cgi?id=1631462#c21

So what about Firefox Beta? To install Firefox Beta snap next to Firefox stable, see the earlier blog-post Install seperate Fiefox Beta snap.

Open

about:support

And search for `Window protocol`

Window Protocol wayland

Note the missing X, that means Wayland is used as the communication protocol.

Why doesn’t show Wayland in the User-Agent header of Linux browsers?

To check the the User-Agent in Firefox Beta, navigate to something like a ip-address checker:

Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0

Although X11 is not used, it still shows X11. I wonder if that is intentional? Probably that is. User-Agent strings are hampered by historical mistakes, like browser-sniffing.

And setting a detailed User-Agent is also a privacy and security risk. Giving to much and unnecessary information about your system. So it is about limiting exposure to browser-fingerprinting.

Be aware this sucks, once you’re aware there is market-power in user-agents. The major players make the rules of the game.

Tags: , , ,
Posted in Webtechnology | Comments Off on Firefox and Wayland support on Ubuntu snaps and the user-agent

Comments Off on How to check your CPU is vulnerable for Retbleed?

How to check your CPU is vulnerable for Retbleed?

Friday, December 16th, 2022

On Linux checking for known vulnerabilities is quite easy.

grep -r . /sys/devices/system/cpu/vulnerabilities

On a Zen2 processor  you’ll get these results:


/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Retpolines, IBPB: conditional, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/retbleed:Mitigation: untrained return thunk; SMT enabled with STIBP protection
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected

On a Zen3 processor you’ll get these results:

/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/retbleed:Not affected
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected

As you can see a Zen2 (Ryzen <5000 series) is vulnerable for Retbleed, why the newer generations are not (Ryzen >=5000 series).

Tags: , ,
Posted in Webtechnology | Comments Off on How to check your CPU is vulnerable for Retbleed?

Comments Off on Fixing the Annoying Pending Update of Snap Store in Ubuntu, get rid of it.

Fixing the Annoying Pending Update of Snap Store in Ubuntu, get rid of it.

Sunday, September 18th, 2022

Ubuntu is my default OS since Windows XP/MS Explorer crashed to often around 2004, and I’m quite happy with it most of the time. Compared to Windows it is a breath to have and use just open-source software, no more installation, backup, upgrade of hardware or license problems.

You always know that if you buy another computer you can run the same software.

But it’s not only heaven, there are changes and choices made in the infrastructure and they involve wins and losses.

One of the problems I had lately on 20.04LTS is a message that I should update the snap-store app. As it seems the snap-store-app snap is Ubuntu”s new version of the old ubuntu-software package, which on it self is a fork of gnome-software.

Although in Gnome Activities the software program is advertised as Ubuntu-Software, on the command line it is called snap-store. That is confusing. And that cloaking is for a reason I suppose.

Most users aren’t charmed of snaps.

Firefox has moved to snap packaging (+21.10) and in the beginning it was really slow starting and it broke major things like native-messaging for extensions. The latter is still not fixed (both snaps and flatpaks), only in the Firefox Beta channel. (also for Flatpak versions of Firefox)

And AFAICS there is no support for Flatpaks in the snap-store.

That did it.

So I took these bold steps:

sudo snap remove snap-store

sudo apt install --install-suggests gnome-software

Now I have a software app that is call `software` in the Activities and `gnome-software` on the CLI.

It does support debs, snaps and flatpaks.

What do I want more?

Posted in Webtechnology | Comments Off on Fixing the Annoying Pending Update of Snap Store in Ubuntu, get rid of it.

Comments Off on Adding events to elements the simple way, using optional chaining

Adding events to elements the simple way, using optional chaining

Thursday, August 11th, 2022

On modern JavaScript driven or enhanced sites the HTML DOM is sprinkled with events.

Since the birth of HTML5, (and decline of the worst (most expensive) browser ever: Microsoft Explorer) the appropriate way of attaching events is using AddEventListener()

document.querySelector('selector').addEventListener('click', function () { console.log("Hi, you clicked") });

This works only if the queried element does exists. Otherwise you”ll get an error and further execution of the script will fail.

So you’ll need to add a conditional check, the querySelector function returns null when the element can’t be found:

if (document.querySelector('selector'))
 document.querySelector('selector').addEventListener('click', function () {
console.log("Hi, you clicked")
});

Modern JavaScript is developing

But functionality to JavaScript is added every year and now there is a optional chaining and that feature is exactly what we need.

Optional chaining was introduced in ES2020. It’s supported by all modern updated browsers.

Optional chaining

Simply add a ? to a object property or method to check if it is existing.

book.author?.name

This will not cause an error if book.author is nullish (not existing)

Using this syntax and arrow functions the new code for attaching an event to an element is:

document.querySelector('selector')?.addEventListener('click', ()=>console.log("Hi, you clicked"));

If the element doesn’t exist, it will not do anything (document.querySelector('selector') is nullish). It won’t cause an error.

Exactly what we need!

UPDATE

What I miss though is something like this:

document.querySelector("#menu-comments a")?.href += "?comment_status=moderated";

Above oneliner is my simple solution to set the default Comments-link in WordPress to show the pending or new comments by default. Most (99%) are SPAM unfortunately, so this way it’s safer to select all and do a bulk action delete permanently or mark as spam.

But above onliner gives an JS error:

Uncaught SyntaxError: invalid assignment left-hand side

To my surprise there was a proposal in the spec to allow this. I would welcome that change, hopefully it will come one day.

I hate writing this verbose conditional:

if (document.querySelector("#menu-comments a"))
document.querySelector("#menu-comments a").href += "?comment_status=moderated";

Maybe I should start writing CoffeeScript or use Babel by default. 😉

Tags:
Posted in HTML5, Javascript, Webtechnology | Comments Off on Adding events to elements the simple way, using optional chaining

Comments Off on Install separate Firefox (Beta) Snap on Ubuntu 22.04

Install separate Firefox (Beta) Snap on Ubuntu 22.04

Wednesday, August 3rd, 2022

To try out a beta version of Firefox snap, you have to enable the experimental – read developer options – of parallel instances install of snap.

sudo snap set system experimental.parallel-instances=true

Them you can install a beta version of Firefox next to the stable version

sudo snap install --beta firefox_beta

But that doesn’t work, you will probably get some error/warning message like this:

error: cannot perform the following tasks:
- Set automatic aliases for snap "firefox_beta" (cannot enable alias "geckodriver" for "firefox_beta", already enabled for "firefox")

As it seems you’ll need to add  --unaliased when installing firefox_beta

sudo snap install --beta --unaliased firefox_beta

See the snap forum thread

That does work.

How to install Firefox Beta snap parallel to Firefox

sudo snap install --beta --unaliased firefox_beta
firefox_beta (beta) 104.0b5-1 from Mozilla✓ installed

To my surprise it copied the profile directory, I had all the same extensions and bookmarks installed and available.

Different profile directories

Firefox stable profiles path:

~/snap/firefox/common/.mozilla/firefox/…

Firefox Beta profiles path:

~/snap/firefox_beta/common/.mozilla/firefox/…

Tags:
Posted in browser, Webtechnology | Comments Off on Install separate Firefox (Beta) Snap on Ubuntu 22.04

3 Comments

Scanning the WiFi network with the Raspberry Pi Pico W

Friday, July 22nd, 2022

Let’s try the Wifi features of the new Raspberry Pi Pico W.

The Pico W has two Wifi interfaces:

  • network.STA_IF, the station interface
  • network.AP_IF, the access-point interface

network.STA_IF

The station (or standard) interface, can be used to connect the Pico W to another 2.4GHz WiFi access point. This seems to be the default.

network.AP_IF

The access-point interface can be used to turn your Pico W into a WiFi access-point that can connect up to 4 devices at the moment.

Use the Pico W to scan access points

Let’s try out the station interface, network.STA_IF.

Using micropython it’s really a breeze:


import network
import binascii
wlan = network.WLAN() #  network.WLAN(network.STA_IF)
wlan.active(True)
networks = wlan.scan() # list with tupples with 6 fields ssid, bssid, channel, RSSI, security, hidden
i=0
networks.sort(key=lambda x:x[3],reverse=True) # sorted on RSSI (3)
for w in networks:
      i+=1
      print(i,w[0].decode(),binascii.hexlify(w[1]).decode(),w[2],w[3],w[4],w[5])

In most example code you need to specify the interface, but apparently it defaults to the standard station network.STA_INF interface.

The output is a list with tupples that according to the docs should contain six fields ssid, bssid, channel, RSSI, security, hidden.

The bssid is the same as the hardware unique MAC-address.

There are five values for security:

  1. open (0)
  2. WEP (1)
  3. WPA-PSK (2)
  4. WPA2-PSK(3)
  5. WPA/WPA2-PSK (4)

and two for hidden:

  1. visible (0)
  2. hidden (1)

The docs states that for hidden 0 = visible and  1 = hidden, but actually the output I get, some twenty networks(!?) gives no 0, but several undocumented values for hidden: 1,2,3,4,5,7.

Twenty WiFi-networks? Yes, I do work in a city. And that’s only the 2.4GHz band. 🙁

So what does those values mean, what is there more than visible or hidden?

Also the security results differ with outputs from 0 (=open), most 5, but some report 7.

What do those values for security mean?

Is it a bug or a (undocumented) feature?

Tags: ,
Posted in raspberrypi, Webtechnology | 3 Comments »

« Older Entries Newer Entries »