- Covid-19: New fear grips Europe as cases top 30m worldwide
- China holds military drill as US envoy visits Taiwan
- Thai national park mails trash back to tourists
- Storm Sally: Floods and destruction as weather system moves north
- Bolivia's interim leader Jeanine Áñez quits presidential race
- Mozambique's jihadists and the 'curse' of gas and rubies
My football team
- August 2020
- June 2018
- May 2018
- January 2018
- August 2017
- April 2017
- September 2016
- June 2016
- November 2015
- June 2015
- December 2014
- September 2014
- August 2014
- July 2014
- November 2013
- September 2013
- May 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- March 2012
- January 2012
- July 2011
- May 2011
- April 2011
- February 2011
- May 2009
- November 2008
- October 2007
A new patch , the Security Update 2018-003, has recently been released on 1st june, which would fix some vulnerabilities afflicting Mac OS X High Sierra, Sierra, El Capitan.
Such vulnerabilities would allow, for example, a local attacker to gain elevated privileges on the system ,another one could allow a local user to bypass security restrictions.
There was also mentioned about of a non-specified validation defect in the kernel that an authenticated user could exploit to perform Ddos attacks.
You can refer to Apple security document HT208849
Do you need to know when your Linux has been installed?
here you have one way
i used tune2fs on Arch linux
basically command is”
sudo tune2fs -l /dev/YOURPARTITION | grep ‘Filesystem created:’
This useful command checking file system data creation and consequently, operating system installation date (unless you are checking an empty partition:-)
In my case, partition is /dev/sda6, where i have installed Arch linux almost one year ago
If you don’t remember your partition , you can execute sudo fdisk-l , partition is obviously “Linux filesystem”
I have just tried on my not so new pc this interesting script: Specter-Meltdown-Checker , as specified also in instructions, it is not a bible, but surely it is something could give you very useful informations – this script give you the possibility to check your pc vulnerability to Spectre (2 variants) and Meltdown.
Intel I5-3470 (ivy bridge) 3.20 GHz
8 GB ram
Nvidia Geforce Gt-630
full Hardware details are here , (i have used lshw command)
i downloaded and extracted .zip file ,
then i applied execute permission to .sh file through chmod +x
Then i have executed the script (Is recommended to execute script being root)
after password insertion, the script can run:below results:
Spectre Variant 1 (CVE-2017-5753 bounds check bypass)
final result is
Spectre Variant 2 (CVE-2017-5715 branch target injection)
as you can see, script try to check if in my machine are some mitigations
final result is
Meltdown (CVE-2017-5754 rogue data cache load)
In that case result was positive, thanks Kernel 🙂
Just for curiosity i have also executed script without root permission (i know, have no sense but i wanted see differences) below you can see what happens:
Obviously script will warn you, then will start
Spectre (Variant 1)
only differences are B^B^B^checking LFENCE while outcome (UNKNOWN) and especially final result (VULNERABLE) are exactly the same you can see executing script as root
Spectre (Variant 2)
during mitigation 1 check there is a read permission error (predictable considering we don’t have root permission) on /dev/cpu/0/msr , so script can’t check cpu microcode
Rest of other checks (IBRS kernel support,kernel space,user space etc) were identical as reported above , included final result (VULNERABLE)
Identical result as reported above (NOT VULNERABLE)
Here how i installed Debian 9 stretch on my old macbook 6,1 (mid 2009)
NB: where you’ll see a # before command, means you should be root or need to use sudo.
Video card NVIDIA GeForce 9400M with 256 MB of SDRAM shared with main memory
Screen size 13″
Wireless card Broadcom BCM4360
Disk 256 Gb Serial ATA (5400 RPM) hard drive
Ram 8 gb SODIMM 1600MHz
Wi-fi controller Broadcom Corporation BCM43224 802.11a/b/g/n (rev 01)
Ethernet controller NVIDIA Corporation MCP79 Ethernet (rev b1)
USB 2.0 ports (2x)
Audio in/out port NVIDIA Corporation MCP79 High Definition Audio (rev b1)
Mini DisplayPort that supports an external display at 2560×1600
1)From mac OS , using utility disk, i resized Osx partition freeing up space for Linux ( i did not format this empty space)
2) i ‘ve downloaded a debian image (i used netinst ) and put in a usb pen (i used unetbootin)
3) i have connected wired cable (wi-fi will not work at first time)
4) inserted usb pen, turned on mac holding down the Option key while booting
5) I have installed Debian – i formatted free space as ext4, i choose Mate as display manager, because is light (Kde would have been unfeasible)- LightDM was selected automatically as login manager.
After reboot, MBR will be overwritten by Grub, so only Debian will start (for now)
Shutdown, suspend and hibernate all work out of the box. For reboots, a modification should be made.
adding “reboot=pci” in GRUB_CMDLINE_LINUX DEFAULT row
if e.g. you have
will become GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash reboot=pci”
Now, on the terminal run sudo update-grub, shutdown macbook and power it on again.
Reboot should works at the end.
Refind Bootloader installation
Since i have Mac Osx in the other partition, i need to install Refind boot manager, that will allow to choose between Debian/Mac during system startup, therefore :
# apt-get install refind
After installation, at startup time you will have in addition to Mac, 2 (?) Debian icons, each of which respectivaly run initrd (initial ramdisk) and vmlinuz (kernel).
Leaving aside initrd/vmlinuz explanation, (is not the scope of this post) , important thing to know is that if we will boot using initrd we’ll use Grub, while if we will boot choosing kernel we’ll not use Grub
/boot/initrd.img-126.96.36.199-amd64 –> start with grub
/boot/vmlinuz-4.9.03-amd64 –> start without grub
Since as i described in Grub section, reboot works thanks to grub modification (reboot=pci); therefore clearly we need to start image that uses grub (unless you want to reboot the macbook by turning it off and then turning it back on with the button 🙂
Only option is to use initrd.img, so we have to modify refind configuration in order to hide vmlinux image in refind startup menu:
# nano /boot/efi/EFI/refind/refind.conf
and we add:
Save and Exit.
i am not a nouveau lover:basically, in my opinion Nvidia drivers working better, so i don’t see any reason to not use them; furthermore, i needed to have possibility to work also with an external monitor and this is perfectly working using nvidia drivers
Therefore i installed nvidia-drivers (340) and nvidia-settings (optional but strongly suggested)
# apt-get install nvidia-legacy-340xx-driver nvidia-settings-legacy-340xx
Nvidia-settings-legacy is a GUI with all settings, useful especially if you need to use an external monitor (but not only, as you can see later).
After reboot you will see nvidia logo before login-manager (obviously you can remove it).
NB i tried to install drivers with version > 340 but did’nt work out , so don’t waste your time:-)
At first boot,Wi-fi will be not recognized
we have to install broadcom drivers
# apt-get install linux-image-$(uname -r|sed ‘s,[^-]*-[^-]*-,,’) linux-headers-$(uname -r|sed ‘s,[^-]*-[^-]*-,,’) broadcom-sta-dkms
let’s avoid that other wifi modules would be in conflict with my broadcoam
# modprobe -r b44 b43 b43legacy ssb brcmsmac bcma
now we add our wl module
# modprobe wl
at reboot you should have your working Wi-fi.
Work out of the box, Nvidia audio card was recognizes, however checking alsamixer*configurations i noticed that pulseaudio was present as additional sound card, so i decided to remove it
# apt-get remove pulseaudio
After reboot , default card will be HDA Nvidia
Headphone as default are set to zero volume; with alsamixer you can active them (headphone section)
*i strongly suggest to install alsamixer and alsamixer-gui
Work out of the box , i suggest to make a first check doing (being root) dmesg | grep iSight
to see cam in action you can also install cheese, and guvcview to change settings.
# apt-get install cheese guvcview
Optional ( isight-firmware-tools)
this part is optional (if cam works, skip this part)
i installed isight-firmware-tool
I wanted to try isight-firmware tool extracting original firmware directly from Mac Osx partition : In order to avoid boring useless permission problems, instead to specify Mac Osx path in tool i prefered to copy in advance the file AppleUSBVideoSupport from Mac Osx partition to my Desktop , so path was /home/fafa/Scrivania/AppleUSBVideoSupport
Then i have execute command:
ift-extract -a /home/fafa/Scrivania/AppleUSBVideoSupport
** Message: Found firmware signature at offset 0x1998.
** Message: Firmware extracted successfully in /lib/firmware/isight.fw
** Message: Firmware patched successfully
Now, looking in /lib/firmware you can see isight.fw
I must say i did’nt notice any difference after installation of this firmware, so if your webcam will immediatly works , you can avoid to install isight-firmware-tools
NB: Scrivania is Desktop in italian language :-).
f1-f2 buttons( backlights)
At beginning will not work, i fixed problem adding in /etc/X11/xorg.conf following row, under Device section
Option “RegistryDwords” “EnableBrightnessControl=1”
if xorg.conf is not present, you can easily edit/save it trough nvidia-settings tool:
Go to Server Display Configuration , then on the bottom right corner clickbutton “save toX configuration file” , before save, click “show preview” and addOption “RegistryDwords” “EnableBrightnessControl=1” under Device section
After reboot , f1-f2 should work – in order to preserve backlight level after reboot, i strongly suggest to add string in grub
then in GRUB_CMDLINE_LINUX_DEFAULT section i added
so (if you followed my previous suggestion ) will have situation below
NB: i have also removed from grub “quiet-splash ” cause i like to see loading services (of course you can leave it.
f10-f12 buttons (sound level regulation )
Work out of the box.
It seems working; i wrote “seems” because i did not tested it with other bluetooth devices.
as default is enabled, to disable it:
# nano /etc/bluetooth/main.conf
Then look for a row named Initially powered =true and replace “true” with “false”
Save, exit and reboot: Afterthat Bt should be off.
Final result (click image below for enlarge)
Debian 9 stretch + Mate+Docky on macbook 6.1
Today, after upgrade to Debian Stretch i was looking startup loaded services and system boot-up performances through systemd-analyze* command.
Looking results , excluding kernel time(4,5 sec), system took 1 minute and 42 seconds for start; OK , i don’t have an SSD, there are a lot of services like tor, virtualbox , Plasma,etc but boot time seems really too long.
This situation deserves a more detailed check, so i executed systemd-analyze blame* for understand if there is a particular slow service or if there are just so many
As you can see , outcome show that racoon.service takes 1minute and 32 secs to start.. this service (ipsec) for my needs it is useless. Therefore i typed (with sudo, or being root) Systemctl disable racoon.service
Afterthat, i restarted system and i typed again command System-analyze to see results:
Nice, we cut 1 minute and 17 seconds ; from 1 minute and 47 sec to .. 30 seconds 🙂
Probably this is a not-standard case, but with this example you can easily understand how even a single service can affect startup time.
In general, making a check to verify and identify which services taking time (and especially if are necessary for our needs) it is something that ,as in this case, is really useful
*Despite my screenshots, you can execute systemd-analyze and systemd-analyze blame whitout root privileges.
I needed a local web server for make some .php experiments whitout transfer data to my website and make them in remote.
I did not have time for install and configure Apache and Php so i was looking for something already configured ready to go application working with few clicks: MAMP
Mac OS X :operating syste, Apache as web server , MySQL – database management system; while P is for PHP, Python or Perl, (applications web developement languages)
MAMP is basically the equivalent of LAMP platform on Linux servers
Installation is very trivial, at the end will have:
, choose MAMP and click
Once opened, it is enough to click on start icon and everything will start.
From here it is possible to change Mamp settings :
You can choose if automatically start server when you’ll start Mamp, if open web start page, if stop service when you’ll quit Mamp
You can modify port number: default port are:Apache : 8888 – Nginx : 7888- MySQL : 8889, but nothing prevents for example to use classic port 80 for Apache (unless it is already used from other service in your machine.
Therefore your website will have this address: https://localhost:8888, clearly if you want use port 80, address will be https://localhost
You can choose which Php version to be used
phpMyAdmin : https://localhost:8888/phpMyAdmin/?lang=en
Web Server section:
You can choose between Apace and Nginx and you can modify root folder (where you have to put your website)
Show Mysql current version
Game time 🙂
I often play at FM16 and i lost so much time looking for the best technical staff (4/5 stars)
Recently I found somewhere nice formulas to calculate, using the parameters, the number of “stars” and therefore, quality of coaching.
Since I did not want to calculate by hand
and even with the calculator i created an excel file to calculate all conveniently.
Then, in the game you can choose coach to check, and insert its parameters in the file; in this way you will know the number of stars for each category of training, of course you can enter all the parameters or only those that interest you.
You can download it – there are 2 version, italian and english
FM16 Coach calculator
I needed to use particular dns and would change them quickly (with a click)
here is how i did it:
First, here command for make modification by terminal:
sudo networksetup -setdnsservers <networkservice> DNS1, DNS2, DNS3
How to obtain a list of your network services:
you will obtain outcome like below:
In my case i have to change Wi-fi dns, so (as example i’ve used Google dns 188.8.131.52 and 184.108.40.206 ), opening terminal and running the following command , DNS will be changed:
“sudo networksetup -setdnsservers Wi-Fi 220.127.116.11 18.104.22.168”
But how to run it with a click ? using Apple script : open it and insert the following commands :
First row executes the command described above , while second line brings up a message that tells us that the command was executed (clearly is optional) .
After that save as application and work is ended; a click will be enough to change your dns
Here is the result after clicking (you will be prompted for the root password )
Looking Dns section we can see that they have been modified
I always used Mirc and its countless scripting functions for more than 10 years; this time I wanted to try Kvirc scripting functions.
Idea is to create an handy menu on Kvirc in order to execute commands xdcc send # ( command used to download data) and xdcc list (command for obtain list from bots) from a menu, instead of writing it in chat – here’s how:
In Kvirc menu, select “Scripting” – “Edit Popups” (CTRL+Shift+P)
Since our command, will run in a channel, select “Channel” from the popup menu
Now click with the right mouse button within the channel menu and choose where you want to place the new element; for example, I chose to put it as last, so I selected the last entry and I clicked “new item below”, which I called XdccSend – you can also enter a number in the entry icon to get an icon (optional)
Finally I set menu dialog (variables are more complicated than on Mirc) for Xdcc send
and for Xdcc List (much more easy)
The result: when you join in a channel and click with the right button the bot from which you want to receive file, new entries will appear:
If you click XdccSend will be asked to enter package number, so insert number and wait for your package.
While if you click Xdcc List (after selecting your bot) will show you the xdcc list of packages contained in bot (if bot is enabled for it)
If you are not a newbie in IRC world , don’t need more info 🙂