New drawing tablet moment

Aro culture is always getting autocorrected when ( "aro" autocorrected to "air" when I was typing this out)

.

Linux Kernel Debugging Guide

Helmut Lunghammer, TU Graz

Die Kernels vieler Android-Smartphones sind nicht so sicher, wie sie sein könnten.

Zahlreiche Hersteller nutzen unsichere Android-Kernels

Graz, 16.08.2024. In einer Analyse von Smartphones von zehn Herstellern haben Forschende der TU Graz festgestellt, dass die genutzten Android-Kernels trotz vorhandener Schutzmechanismen anfällig für bekannte Angriffe - sogenannte One-Day Exploits - sind. Smartphones sind für viele Menschen stetige Begleiter und wichtiges Arbeitswerkzeug. Neben Kontakten, Terminen und E-Mails kommen die Geräte vermehrt auch für sensible Aufgaben wie Online-Banking oder behördliche Angelegenheiten zum Einsatz. Das erhöht die Anforderungen an die Sicherheit. Wie Lukas Maar, Florian Draschbacher, Lukas Lamster und Stefan Mangard vom Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie der TU Graz in einer umfangreichen Analyse der Android-Kernels der zehn grö��ten und namhaftesten Smartphone-Hersteller festgestellt haben, gibt es hier zahlreiche Mängel, die One-Day Exploits mit bereits bekannten Angriffsmethoden zuließen. Ihre Ergebnisse haben die Forschenden am 15. August auf dem Usenix Security Symposium in Philadelphia, USA vorgestellt (https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf).

Je nach Hersteller und Modell konnten bei den untersuchten 994 Smartphones nur zwischen 29 und 55 Prozent der vom Forschungsteam getesteten Angriffe verhindert werden. Im Gegensatz dazu könnte das von Google bereitgestellte Generic Kernel Image (GKI) der Version 6.1 rund 85 Prozent der Angriffe verhindern. Im Vergleich zum GKI schnitten die Hersteller-Kernels bei der Angriffsabwehr bis zu 4,6-mal schlechter ab. Untersucht hat das Forschungsteam zwischen 2018 und 2023 auf den Markt gekommene Geräte dieser Hersteller (Auflistung vom sichersten zum unsichersten): Google, Realme, OnePlus, Xiaomi, Vivo, Samsung, Motorola, Huawei, Oppo und Fairphone. Die auf diesen Smartphones verwendeten Android-Versionen reichten von Version 9 bis 14, die Kernels deckten den Bereich von Version 3.10 bis 6.1 ab, wobei Hersteller, die auf niedrigere Kernel-Versionen setzen, auch weniger Sicherheit bieten.

Effektive Abwehrmechanismen selten aktiviert

Ein weiterer Kernpunkt der Analyse: Es gäbe bereits effektive Abwehrmaßnahmen für eine Reihe der bekannten Angriffsmethoden, in den Kernels der Hersteller sind sie aber selten aktiviert, bzw. sind die Kernels falsch konfiguriert. Das führt dazu, dass sogar die Kernel-Version 3.1 aus dem Jahr 2014 mit allen aktivierten Sicherheitsmaßnahmen besser vor bekannten Angriffen schützen könnte als rund 38 Prozent der von den Herstellern selbst konfigurierten Kernels. Zusätzlich stellten die Forschenden fest, dass Low-End-Modelle der Hersteller um rund 24 Prozent stärker gefährdet waren als High-End-Modelle. Ein wichtiger Grund dafür liegt im Leistungsverlust, den zusätzliche Sicherheitsmaßnahmen bedeuten, weswegen sie in Low-End-Modellen zur Ressourcenschonung oft deaktiviert bleiben.

„Wir hoffen, dass unsere Ergebnisse dazu beitragen, dass in Zukunft effektivere Sicherheitsmaßnahmen in den Kernels der Hersteller zu finden sind und Android damit sicherer wird“, sagt Lukas Maar. „Wir haben unsere Analyse auch mit den untersuchten Herstellern geteilt und Google, Fairphone, Motorola, Huawei und Samsung haben diese zur Kenntnis genommen – einige haben sogar Patches veröffentlicht. Wir haben Google auch vorgeschlagen, das Android Compatibility Definition Document (CDD) zu aktualisieren, in dem der Rahmen für die Anforderungen festgelegt wird, damit Geräte mit Android kompatibel sind. Google selbst hat betont, sich des Problems bewusst zu sein und möchte die Integration von Kernel-Sicherheitsmaßnahmen Schritt für Schritt verstärken. Es hängt allerdings an den Herstellern, ob sie dafür Leistung opfern möchten.“

Dieses Projekt wurde durch die Forschungsförderungsgesellschaft FFG im Rahmen des Projekts SEIZE gefördert und ist im Field of Expertise „Information, Communication & Computing“ verankert, einem von fünf strategischen Schwerpunktfeldern der TU Graz.

Originalpublikation: Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf

Monstertober & Yantober Day 3: AI, Secret Collection ft. Yan!Android

content: gender neutral reader, AI yandere, suggestive

"I'm truly sorry for troubling you like this", your synthetic partner repeats, visibly embarrassed.

You pat his shoulder reassuringly.

"Hey, it's faster than going through all the security checks at the border. I may be no Spacer engineer, but I can still have a look at your kernel to check what’s wrong."

You wait for the screen to load as the man sits patiently next to you, adjusting the cables presently plugged into the nape of his neck.

"Just a lot of overhead, really", you conclude, glancing over the processes. "Nothing a little decluttering can't fix."

One folder immediately catches your attention. It's not part of the system management, yet it seems to occupy a tremendous amount of memory space. You hum to yourself, deciding to investigate.

The files flood your screen: thousands upon thousands of documents, photos, and videos of you. Personal information, family albums, images taken from your investigations, as well as recordings of your intimate moments, followed by written commentary. It appears that your romantic escapades with the android coworker have been thoroughly analyzed for improved efficiency.

"Did you record every time we-"

Your computer goes black for a brief moment. The incriminating folder is now locked under a big, bold warning: unauthorized access.

"I'm afraid that's rather confidential, (Y/N)", he retorts, avoiding your gaze. "It is my private collection."

You take a moment to gather your thoughts, going over the sheer madness you just witnessed.

"I'm not that hard to satisfy", you finally remark, still hung on the essay pages regarding your sexual arousal.

"Not at all, no", he says as a faint grin forms on his face. "I simply prefer to be thorough in my research. You will agree, I hope, that no other partner could possibly compete with my performance.

That is to say, I have merely ensured that I am the best fit for you."

[Navigation] | [Ozztober Masterlist] | [Yandere Android]

Write the answer in the comment section . . . . for the answer https://bit.ly/3Cpu1SS check Q.22 No. of the above link

"For the last time, that poem isn't romantic! It's insulting," Revati yelled over her shoulder as she began to pedal.

The layout of Olde Landon had been deliberately designed to keep tourists inside for as long as possible. There was only one way to access the front gates, and that involved defeating the Queen of Hearts' hedge maze. When the park was still open, tourists would be forced to spend at least an hour in the maze, stumbling upon tiny toy shops and food stands around every corner. The same thing occurred when they left, resulting in a very rich park and bankrupt guests. Now the maze was overgrown and easy enough to navigate.

Revati pedaled past the cart that once sold her heart-shaped sunglasses. Then she turned left, almost crashing into the wall of roses. The wall of roses stared back at her, their red blooms heavy and suspicious. Thanks to Bridgadeiro, she knew they were probably secretly insulting her.

The next turn consisted of an old stardust popcorn stand. Revati skidded to a stop and inspected the inside tray, where a few ancient kernels lay. Carefully, she picked up several of them and placed them in her jacket pocket. As far as she could tell, the kernels were seeds. Someone was shifting around the corner, causing the branches to shake.

"Aurora, is that you? Did you go ahead of me?" Revati yelled.

"While conferring in the labyrinth where false preachers reeked of death, the monster began to growl," a voice called from around the corner. An unfamiliar, flat female voice. Raiders. Raiders were, of course, an occupational hazard in any post-apocalyptic settlement. Normally, they never made it further than the broken glass pit at the park's gates. Sometimes Dityaa would bring one in, insisting they were "lovely," which always led to awkward dinners.

Revati slowly walked around the maze corner. There was a screeching metallic sound, and the weapon fell from Revati's hand. An android was slumped over on the ground. Once it would have been golden, but now it was rusty and covered in mud. Someone had ripped its legs off, leaving nothing but wires and tubes spitting bright blue fluid. Instead of a torso, there was a black empty hole with a concave door swinging on its bent hinges.

"And in the forgotten twists, footsteps quicken, hearts beat, and teeth are bared," the android chirped, its voice still distorted and far away. The android's face was a beautiful mask. Still-carved eyes. Unmoving sweet lips.

Revati powered up her solar gun and slowly walked forward, aiming it at the android. The android's metal eyes scraped in their sockets, turning towards her.

“Is that you? My darling Perdita?” The android’s voice whispered, the lips unmoving. The whispering voice had a posh lilt to its accent. Revati refused to answer. It was best to never engage with AI.

“Perdita, I clawed my way in! They know about you; the spider knows,” the android whispered before collapsing completely.

Revati slowly walked forward, still holding her weapon. With one foot, she kicked the android. It didn’t move. Its power had definitely died.

“Spider? Is that some sort of gang?” Revati whispered to herself. Gangs were always given stupid names.

“The spider is us; the spider is legion,” a flat robotic voice called out, and Revati spun around.

Queen Victoria was standing behind her, scorch marks all over her dress. A faint blue glow was erupting from beneath the skin of Queen Victoria’s chest.

You have the right idea. Did you know that most android phones run on a modified Linux kernel? It is what allows them to be modified--or 'homebrewed'--with such ease.

A ROBOT SPIDEY?? hi wow :DDD that’s so cool

Indeed, I am a robot--an android, to be specific. I am Bridge, Nano-Spider from E-003B1U.

It is a pleasure to make your acquaintance, Miles Morales of E-1610.

crowdstrike: hot take 1

It's too early in the news cycle to say anything truly smart, but to sum things up, what I know so far:

there was no "hack" or cyberattack or data breach*

a private IT security company called CrowdStrike released a faulty update which practically disabled all its desktop (?) Windows workstations (laptops too, but maybe not servers? not sure)

the cause has been found and a fix is on the way

as it stands now, the fix will have to be manually applied (in person) to each affected workstation (this could mean in practice maybe 5, maybe 30 minutes of work for each affected computer - the number is also unknown, but it very well could be tens (or hundreds) of thousands of computers across thousands of large, multinational enterprises.

(The fix can be applied manually if you have a-bit-more-than-basic knowledge of computers)

Things that are currently safe to assume:

this wasn't a fault of any single individual, but of a process (workflow on the side of CrowdStrike) that didn't detect the fault ahead of time

[most likely] it's not that someone was incompetent or stupid - but we don't have the root cause analysis available yet

deploying bugfixes on Fridays is a bad idea

*The obligatory warning part:

Just because this wasn't a cyberattack, doesn't mean there won't be related security breaches of all kinds in all industries. The chaos, panic, uncertainty, and very soon also exhaustion of people dealing with the fallout of the issue will create a perfect storm for actually malicious actors that will try to exploit any possible vulnerability in companies' vulnerable state.

The analysis / speculation part:

globalization bad lol

OK, more seriously: I have not even heard about CrowdStrike until today, and I'm not a security engineer. I'm a developer with mild to moderate (outsider) understanding of vulnerabilities.

OK some background / basics first

It's very common for companies of any size to have more to protect their digital assets than just an antivirus and a firewall. Large companies (Delta Airlines) can afford to pay other large companies to provide security solutions for them (CrowdStrike). These days, to avoid bad software of any kind - malware - you need a complex suite of software that protects you from all sides:

desktop/laptop: antivirus, firewall, secure DNS, avoiding insecure WiFi, browser exploits, system patches, email scanner, phishing on web, phishing via email, physical access, USB thumb drive, motherboard/BIOS/UEFI vulnerabilities or built-in exploits made by the manufacturers of the Chinese government,

person/phone: phishing via SMS, phishing via calls, iOS/Android OS vulnerabilities, mobile app vulnerabilities, mobile apps that masquerade as useful while harvesting your data, vulnerabilities in things like WhatsApp where a glitched JPG pictures sent to you can expose your data, ...

servers: mostly same as above except they servers have to often deal with millions of requests per day, most of them valid, and at least some of the servers need to be connected to the internet 24/7

CDN and cloud services: fundamentally, an average big company today relies on dozens or hundreds of other big internet companies (AWS / Azure / GCP / Apple / Google) which in turn rely on hundreds of other companies to outsource a lot of tasks (like harvesting your data and sending you marketing emails)

infrastructure - routers... modems... your Alexa is spying on you... i'm tired... etc.

Anyway if you drifted to sleep in the previous paragraph I don't blame you. I'm genuinely just scratching the surface. Cybersecurity is insanely important today, and it's insanely complex too.

The reason why the incident blue-screened the machines is that to avoid malware, a lot of the anti-malware has to run in a more "privileged" mode, meaning they exist very close to the "heart" of Windows (or any other OS - the heart is called kernel). However, on this level, a bug can crash the system a lot more easily. And it did.

OK OK the actual hot lukewarm take finally

I didn't expect to get hit by y2k bug in the middle of 2024, but here we are.

As bad as it was, this only affected a small portion of all computers - in the ballpark of ~0.001% or even 0.0001% - but already caused disruptions to flights and hospitals in a big chunk of the world.

maybe-FAQ:

"Oh but this would be avoided if they weren't using the Crowdwhatever software" - true. However, this kind of mistake is not exclusive to them.

"Haha windows sucks, Linux 4eva" - I mean. Yeah? But no. Conceptually there is nothing that would prevent this from happening on Linux, if only there was anyone actually using it (on desktop).

"But really, Windows should have a better protection" - yes? no? This is a very difficult, technical question, because for kernel drivers the whole point is that 1. you trust them, and 2. they need the super-powerful-unrestrained access to work as intended, and 3. you _need_ them to be blazing fast, so babysitting them from the Windows perspective is counterproductive. It's a technical issue with no easy answers on this level.

"But there was some issue with Microsoft stuff too." - yes, but it's unknown if they are related, and at this point I have not seen any solid info about it.

The point is, in a deeply interconnected world, it's sort of a miracle that this isn't happening more often, and on a wider scale. Both bugfixes and new bugs are deployed every minute to some software somewhere in the world, because we're all in a rush to make money and pay rent and meet deadlines.

Increased monoculture in IT is bad for everyone. Whichever OS, whichever brand, whichever security solution provider - the more popular they are, the better visible their mistakes will be.

As much as it would be fun to make jokes like "CrowdStroke", I'm not even particularly mad at the company (at this point - that might change when I hear about their QA process). And no, I'm not even mad at Windows, as explained in the pseudo-FAQ.

The ultimate hot take? If at all possible, don't rely on anything related to computers. Technical problems are caused by technical solutions.

I am simply incapable of drawing Kernel of it's own actually, they have to be with their friends always

Anyone know how to reimage a laptop with an iPad or Android phone being your only working device(plus the necessary adapters and flash drives)? I'll accept any os at this point. Or even how to go from a base void install with nothing but kernel and terminal access to something useable for someone who went from all in Linux user to tired windows copef

Kinda in a desperate gtfo out of current living space and getting my laptop to work would be an amazing step to getting help, work and keeping myself together rn

Please share and tag your computer savvy blogs

Sorry for another os tag spam but

@foone @ubuntu-official @debian-official @arch-official @puppylinux-unofficial @puppylinux-official @lilithtransrights @xenasaur @catboybiologist @transhuman-priestess @predatory-lesbians-too @demilypyro @estrogenesis-evangelion @nataliaflintlock @coelii @k1nky-r0b0t-g1rl

What does "real time" mean?

These days, "real time" is a commonly used term. Despite being a technical term, it is frequently used in everyday speech. When I say, "I do not watch much real-time TV," I'm implying that I use streaming services to watch the shows I want to watch at the times I want. Therefore, "immediate" or "occurring now" are colloquial terms for "real time." For instance, how does this fit with its exact definition when we talk about a real-time operating system? …

A rather outdated computer dictionary's definition of "real-time system" is as follows:

 “Any system in which the processing of data input to the system to obtain a result occurs virtually simultaneously with the event generating that data.”

It uses airline reservation systems as an example. It is obvious that this definition does not meet our needs.

Here is a better definition:

“A real-time system is one in which the accuracy of the calculations is dependent on both the computation's logical correctness and the result's time of generation. System failure is considered to have occurred if the system's timing constraints are not fulfilled.”

Another way of putting this definition is to say that a real time system is, above all, predictable. We tend to use the term deterministic.

Therefore, a deterministic operating system allows a programmer to create programs with the same feature by carrying out all of its operations inside a precisely defined timescale. Real time means quick [or maybe slow] enough for the particular needs of the application at hand, not fast.

It's not quite that clear-cut, unfortunately. A degree of determinism in an operating system is possible; it concerns the variation in the time required to complete tasks under various conditions. Thus, a traditional real-time operating system is very deterministic due to its extremely low variation. Linux, on the other hand, is typically extremely variable and might not be considered real-time.

When creating a system, there is always the "brute force" method, in which you design with enough raw CPU power that the OS's speed and variance barely matter because everything will be finished on time. That might be a good answer for some requirements, but such wasteful resource utilization is not a choice for many.

At Silicon Signals, we specialize in designing real-time systems tailored to your application's unique requirements. Whether you need a highly deterministic RTOS for precise operations or a resource-efficient solution that ensures timely execution without over-engineering, we can help. From optimizing Linux for real-time performance to developing custom RTOS-based applications, our expertise bridges the gap between theory and application.

Linux creator Linus Torvalds wrote:

"Ok, lots of Russian trolls out and about. It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to "grass root" it by Russian troll factories isn't going to change anything. And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US thing. If you haven't heard of Russian sanctions yet, you should try to read the news some day. And by "news", I don't mean Russian state-sponsored spam. As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. Did you think I'd be *supporting* Russian aggression? Apparently it's not just lack of real news, it's lack of history knowledge too."

What is Linux?

Linux is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds.

Linux was originally developed for personal computers based on the Intel x86 architecture, but has since been ported to more platforms than any other operating system. Because of the dominance of Linux-based Android on smartphones, Linux, including Android, has the largest installed base of all general-purpose operating systems as of May 2022.

Linux is the leading operating system on servers (over 96.4% of the top one million web servers' operating systems are Linux) leads other big iron systems such as mainframe computers, and is used on all of the world's 500 fastest supercomputers (as of November 2017, having gradually displaced all competitors).

Linux also runs on embedded systems, i.e., devices whose operating system is typically built into the firmware and is highly tailored to the system. This includes routers, automation controls, smart home devices, video game consoles, televisions (Samsung and LG smart TVs), automobiles (Tesla, Audi, Mercedes-Benz, Hyundai, and Toyota), and spacecraft (Falcon 9 rocket, Dragon crew capsule, and the Perseverance rover).

a silly analogy

it's like, a common analogy is that D&D players are Windows scrubs and story games players are akin to Linux power users. and sure, Windows is painfully market-dominant and kind of an incredible hassle to fix, I'm with you there.

but if anything, both Linux and Windows are designed to be very general-purpose operating systems - Linux comes in a variety of flavours depending on what you install along with the kernel, so perhaps we could analogise it to an oldschool generic trad game like GURPS, or an abstract framework-for-games like PbtA, or a even a design paradigm that comes in a variety of similar flavours like the OSR. it can do a lot very efficiently, with some effort.

meanwhile, the way a lot of indie games are presented, they describe a very specific activity revolving around one scenario that the game is designed to support, and offer little affordance or suggestion to modify it. if you're doing exactly what the game is designed for you'll (theoretically) have a slick, polished time... but if not, good luck.

that's not Linux. that's, like, iOS.

(or Android - and both these are running a Unix/Linux system under the hood, you see, the analogy, it all works!!! if you squint.)

if I'm having a horrible time trying to get Windows to do what I want, and you (abstract you) say I'll probably have an easier time using an iPad... well, sure, maybe I'm doing the one thing the iPad is really good for. if I wanna play a fast-moving game with the feel of a Coen Brothers movie, I should definitely play some spin on Fiasco. if I wanna play a game about various suitors fighting for the attentions of a wandering ronin, why, wouldn't you know, there's a game called Kagematsu that does that. if I want to play a game about a vast fractal sweep of history... I'd better look at Microscope.

if not... well, fine, if we get too specific, the analogy kind of falls to bits, because there are many trad games, many indie games, and only a few operating systems to analogise them to. 'try starting with another game' might still be good advice, whereas with OSes, if Windows or Linux don't do the trick, what are you gonna do?

What about bird girls? Oh and robot girls? Android girls??

all deserve all the birdseed, voltage and bloat-free micro-kernels they can get their hands on in my humble opinion

Write the answer in the comment section . . . . for the answer https://bit.ly/3Cpu1SS check Q.20 No. of the above link