mintCast 341 – GRUB Breaks the Internet

Download

1:38 Wanderings
45:15 News
53:22 Check This Out
1:08:21 Outro

First up, in our Wanderings, I’ve been browsing, Joe’s been fixing docks, Moss has been slowly filling up his machine, and Tony Watts gets a new axe

Then, our news Linux Mint gets stats, Gnome squashes a memory bug, and Ubuntu hits its first 20.04 point release.

In security, Intel pulls an Intel

BI-WEEKLY WANDERINGS:

  • Leo
    • Configuring GPU rendering on Firefox
      • In about:config , change “gfx.webrender.all” to “true”
      • Great on the desktop where I have a discrete card. Not so much on the laptop where it’s integrated and can get choppy at higher loads.
    • One thing I keep running into in other distributions besides Mint is odd color profiles in anything Chromium based. 
      • My eyes aren’t good enough to see if it’s absolutely everything, but I can certainly see a red hue on links which turn them purple.
      • This includes electron apps like Discord. The links and my profile picture look funny.
      • I can fix it in Chrome and Chromium by changing the Force Color Profile option in chrome://flags from “default” to “sRGB”
      • This doesn’t work in Electron apps cause I don’t know how to do this! Is there a command line addition? In flatpak? Curious and annoying.
    • Got a windscreen for my PodMic. 
      • I was noticing a lot of air in my P’s and B’s in the recordings. This should cut it down a little.
      • It was a non standard size, and since it already has an internal pop filter, there weren’t many choices. $12 later, I have one.
  • Moss
    • I added Manjaro Cinnamon to my Desktop PC last week, and last night I burned a USB stick with the latest Feren OS and installed it. I then reburned the stick for Gecko ROLLING, but it was too late to start another installation. And you have no idea how much willpower it took to not install it just before the show.. This means I have at least one variant of every base Linux distro except Red Hat and Slackware (unless you count that SuSE was the first variant of Slackware). I also do not have any independents such as Solus. I have not quite finished configuring everything I have installed, but I did make up a neat checklist to make sure I was getting everything. I will still have 2 free partitions on my desktop and 1 on my laptop… gotta get serious and do more hopping!
    • I got my new Raspberry Pi 4, a gift from Firecat which I previously mentioned, working with Ubuntu MATE 20.04. I even got Mullvad working on it. The only software I can’t load are SoftMaker Office (or FreeOffice) and PySolFC, neither of which apparently come in ARM64 versions. I discovered that the sound features of the Pi are a bit on the weak side; at no more than 80% of the normal loudness of my desktop, using the same powered speakers, the sound is a bit on the fuzzy side. I have ordered a USB sound “card” from eBay, and it should be here soon.
    • I also just received some new Bluetooth earbuds, AMZLAB Gmbh T16. It’s weird having something just “sit comfortably in your ear” and not be actually affixed with rubber earplugs. For the most part, they sit. I’ve had them drop out a couple times, and accidentally turn off when I pick them up. Still learning the ins and outs of these, but they seem cool. I decided to order them with the last of my covid-19 money when the nice LG headset Joe had sent me started having the right ear go in and out. And of course they are having trouble working with my desktop and Mumble, so I’m still wearing my old wired earbuds for this show.
    • My wife’s T430 messed up running Mint 20 Cinnamon. After trying a few things, I wound up replacing the SSD with another one and doing a clean install of Mint 20 MATE. I also attempted to put KDE neon on it, but that would not boot AND messed up the Mint boot. I put Ubuntu Unity in the second partition and ran Grub Customizer, and now Mint boots. That was 3 hours of a whole lot of not fun, but I got the job done.
    • I’m finding a few more jobs to apply for. I have yet to get an actual response except for the one two months ago, and they also had their own employment section for seniors but I haven’t heard from them either. There have been a few online tests, but I haven’t heard the results from those either; you rarely do, except for possibly getting an interview or a next step.
    • Ubuntu Unity 20.04.1 was released on the 6th. I did a complete new installation, and used the same partition I previously had installed Unity 20.04. I got everything set up the way I wanted it, and then returned control of GRUB to OpenMandriva, (because nobody does a beautiful GRUB screen like OM4). I immediately discovered that I could not boot into Ubuntu Unity but all my other distros worked. DUH. OM4 had not been updated for the new installation and was still looking for the old one. Back into OM4: sudo update-grub2. 
    • We finished reading Death Masks, the 5th book in the Dresden Files series, and have started the 6th, Blood Rites. Still don’t think it’s as good as Demon Squad, but we’re enjoying it.
  • Joe
    • I know Josh and I discussed it before but I am going to make my own macro keyboard
      • I have ordered a solderable 12 key keyboard and an arduino pro micro
      • I will set it up along with hotkeys to run programs that are already setup or to kick off bash scripts in a specific locations
    • Ended up with 12 of the Lenovo docks in the set of 10 that I ordered to see if I could fix.
      • All of them worked but 3 were missing some of the outer casing
        • Was able to 3D print some mounts that cover the missing parts and I will be keeping those for myself to use in future projects
      • This is probably also the right time of year to be selling with school about to start
      • Still need to buy some power supplies for them, which I think I can get for around 7 dollars a piece
      • That means the total cost will be around 9 dollars each and I am going to try and sell 9 of them for 30 dollars each (which is 10 dollars less than you can find them anywhere else)
    • Started playing around with X2Go screen mirroring instead of the usual spinning off a new desktop and I have to say that it works really well.
      • It used to be that you would have to install a whole new application specific for the task but now it is built into the server application and it works awesome.  
      • Using it with the 7140 in conjunction with the dock until I get some more HDMI cables
      • I do see some occasional latency but nothing insurmountable and only on the wifi in the garage.  I should put a wifi access point out there and see if that helps
    • Small problem with the 7130 and the 7140 with the dock.  They heat up and dont charge worth a darn.  Not sure what the issue is at this point.  I could try modding the dock so that it has a cooling fan in the back that blows against the tablet but that won’t fix the underlying issue.  Why is it heating up?  It doesn’t do that when connected to the keyboard dock or when connected to the other power supply. 
    • Borderlands 3 on mint with proton
      • Worked after reinstalling Vulkan
      • Slow to start but runs smooth after the first few seconds  *ACO 
    • Made it to book 12 in the Drizzt collection and decided to take a break so I don’t get burned out on it with 24 left to go
    • M.R. Forbes Ghost and Magic books
      • 4 book series
    • Son of the Blacksword books 1 and 2
    • Steve McHugh Death Unleashed one of the Hellequin novels
    • Stephen Blackmoore’s Eric Carter novel 1-3
    • Headphones fun
      • Found a really good deal on 6 broken Skullcandy Hesh 3’s which are not as good as the Crushers but have some really good things going for them.  Like passthrough power. And the fact that all the electronics are on one side.  Which makes them better for building my own bluetooth dongles
      • Already have two different types of female connectors that I can use but I will only do it to the ones that I cannot get back in good working order.
      • My other Hesh 3’s that I had sitting around ended up with a bloated battery but I was able to replace it with one from one of the 2 Crushers that I was not able to get working. The battery size was a little different but there was plenty of room to work and they are all the same 3.7 volts.
      • Someone asked me to fix a PS3 headset that their kid was using for school and I agreed.  Cechya 0080
        • Loaned them one of the Crushers with the 3D printed hinges and a couple of extra hinges just in case
        • Bad battery and some broken plastic around the mic and some occasional static on the mic
        • Replaced the battery easy enough with one with a lot more capacity.  It turns on but takes a super long time to charge fully
        • Used Gorilla Glue to reseat the plastic for the mic but my son then broke it again so I ended up gluing it to the side at full extension.  
  • Tony W
    • Beverage sampling
    • I gots me a NEW ELECTRIC GUITAR Y’ALL!!
    • GIGS!
      • Played at Ironshield Brewing Friday night.  New brewery right in my backyard, serving up German lagers and Belgian ales.  Lovely place, great crowd, and everyone really seemed to enjoy the music.  I met a couple of the owners.  Owners and staff were very pleased with the live music and I’ll be back again in September, and hopefully regularly after that.  
      • Played Lucky’s in Brookhaven (near Atlanta) Saturday night, last minute pickup gig to fill in for a musician who injured his hand.
    • New gaming headset for my kid
      • JBL Quantum 200
    • Chromebook exchange
      • Bought a 2020 Acer Chromebook 314 Open Box on Ebay
      • This was to replace the 2018 Chromebook I bought a couple weeks ago that didn’t last 24 hours (wouldn’t charge)
        • That model had a puny barrel connection for power and seemed like the charge port had broken loose – newer model uses USB C (yay)
        • Bought for my kid who is special needs and it’s simple enough for him to use – it’s very similar in operation to his Android phone (Myself I’d be interested in used Thinkpad for a personal laptop).  But I actually really enjoy using the Chromebook
        • Some features 
          • 64GB storage
          • 4GB Ram
          • Celeron N4000
          • Battery lasts about 12 hours
          • Able to run linux apps as well as Android apps – available to launch just like any other ChromeOS app
          • Sync with android phone, smartlock etc
          • Family Link 
          • Stadia works well!
          • Have not yet tried Linux via Crouton yet but I will!

THE NEWS: 

  • Linux Mint Monthly News July 2020
    • Lots of donations as expected a month after a release
    • Most of the user base, a little more than half,  is on some version of 19
      • Most of those are on 19.3, just slightly edging out 20.
      • But, a little under a quarter of the user base are already on 20.
      • Coming in slightly under LM20 is LM 19.1, Tessa
      • Next in line is LM 18.3, Sylvia
    • The chart shows about half the Linux Mint users surveyed use the most recently or close-to-recent versions of Linux Mint.
    • However, the chart leaves out anybody that has changed their default Linux Mint Firefox start page, which is probably, a very sizable chunk.
  • <Moss>Gnome software memory bug: Rudra Saraswat of Ubuntu Unity writes: Thanks for reporting this issue [memory getting eaten up in UUE]. gnome-software seems to be the main culprit in this memory hogging issue. There is an open High priority issue in Launchpad for this. This started with 17.04, and the issue still exists in Focal Fossa. Even on fresh boot of Gnome, people have reported 500-600 MB of ram usage (some even reported 22 GB and above). Also, check – https://www.reddit.com/r/gnome/comments/gn5an6/gnome_software_memory_bug/ (This should be fixed in the 20.04.1 release.)
  • Ubuntu 20.04.1 released

SECURITY UPDATE:

  • Whoops! Intel “Misplaces” 20GB of Data
    • Till Kottman, an IT consultant that has helped break other data dumps in the past, linked to a trove of 20GB of Intel proprietary information named “Intel exconfidential Lake Platform Release ;)” 
    • Kottman says the anonymous source claims to have breached Intel’s security, while Intel claims this is false.
    • Here’s some of the chat log
      • Anon: They have a server hosted online by Akam[a]i CDN that wasn’t properly secure. After an internet wide nmap scan I found my target port open and went through a list of 370 possible servers based on details that nmap provided with an NSE script. {reconnaissance / port scanning}
      • Anon: I used a python script I made to probe different aspects of the server including username defaults and unsecure file/folder access. {enumeration}
      • Anon: The folders were just lying open if you could guess the name of one. Then when you were in the folder you could go back to root and just click into the other folders that you didn’t know the name of. {directory traversal attack}
      • Anon: Best of all, due to another misconfiguration, I could masqu[e]rade as any of their employees or make my own user. {privilege escalation}
      • Anon: Another funny thing is that on the zip files you may find password protected. Most of them use the password Intel123 or intel123.
    •  
    • None of that is confirmed, so grain of salt.
    • The initial posting was done in an effort to have people download the data dump and scour it for interesting or useful information.
    • If the titles are to be believed, there’ll be Intel ME flash tools (oh no), Intel dev and debugging tools, roadmaps, schematics, Intel Snowridge Process Simulator dev kit, among other things.
  • GRUB Breaks the Internet
    • Researchers at Eclypsium identified a buffer overflow that happens in GRUB2 as it goes through the grub.cfg file allowing an attacker to gain arbitrary code execution. Dubbed Boothole. For those playing along at home, that means game over.
    • What would happen is that an attacker would configure grub.cfg to run malware of her choosing before handing off the boot sequence to the OS.
    • If administrative privileges on the box are available to the attacker, this exploit can even be used on SecureBoot enabled systems without altering the vendor shim, which is the bit that actually boots the system while still being recognized as “secure”. While that makes this attack a bit harder, surely there are no shortage of additional attacks that can grant this privilege.
    • So here’s the rub. Every. Single. Version. Of. Linux. Needs. An. Update.
    • With the exception of one, unnamed, vendor.
    • What needs to happen to actually fix this once and for all
      • An update to GRUB2
      • Distros need to update their installers, shims and bootloaders
      • Microsoft needs to sign off on all of the new shims
      • Users and Admins need to be aware of this exploit and use only the newest, patched versions of install and recovery media
      • Firmware updates on affected hardware to prevent this attack

Announcements:

Our next episode will be Sunday, August 23, 2020 at 2 pm Central US time, 7 pm UTC and 8 pm British Summer Time. Time conversions are available at Calculator.net should you need to determine your time.

Wrap-up:

Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible … 

  • Hobstar for his work on the new logo
  • Josh for all his work on the website
  • Hacker Public Radio for the Mumble server we are using to record
  • Bytemark Hosting for hosting mintcast.org and our Mumble server
  • Archive.org for hosting our audio files
  • The Linux Mint development team for the fine distro we love to talk about.

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive.org Hosting

We currently host our podcast at archive.org. If you had considered donating to mintCast, redirect those funds here.

Audacity

As an alternative we also use Audacity as our main audio editing tool so if you would prefer you can donate to them at:

https://www.audacityteam.org/donate/

mintCast on the Web

Episode Archives