a zone for no one and everyone :) Btw this blog is only for adults! Dieser Blog ist nur für Erwachsene!
Install nvme-cli open the terminal ctrl+alt+t
Then type:
sudo apt update && sudo apt install -y nvme-cli
After the installation type
sudo nvme list
On the right-hand side, you will find the Firmware Revision
Alternativelly you can also type this
sudo nvme id-ctrl /dev/nvme0n1
You will receive a very long list, and it will be a little bit trickier to determine it is listed at fr
If you are unable to connect to a network and suspect that the router's MAC filter is active, there are a few steps you can take to troubleshoot the issue from your client.
Check the MAC address of your network card: Make sure that the MAC address of your network card is not being blocked by the router. You can check the MAC address of your network card by running the command ip link show or ifconfig on Linux, or getmac on Windows.
Check the router's configuration: If you have access to the router's web interface, you can check the router's configuration to see if MAC filtering is enabled, and if so, check if your MAC address is listed as an allowed device. Bear in mind that Wi-Fi and LAN have different Mac addresses!
Check the router's status lights: Some routers have status lights that indicate if the router is blocking a device's MAC address. Check the router's manual to see if there is a status light that indicates MAC filtering is active.
Try connecting from a different device: If you have access to another device, try connecting to the network with it. If the other device is able to connect, the issue may be specific to your device's MAC address.
Check the router's logs: Some routers have logs that show which devices have been blocked by the router. If the router has this feature, check the logs to see if your device's MAC address has been blocked.
Check for other network issues: Make sure that there are no other network issues that might be preventing you from connecting, such as a weak signal, incorrect network settings, or a malfunctioning router.
It's worth noting that the troubleshooting steps may vary depending on the router's manufacturer and model, also, you may need to have access to the router's web interface or have login credentials to check some of the options like the router's logs.
There may be a way to determine if a router's MAC filter is active from a Linux Ubuntu client using the terminal, but it would likely depend on the specific router and its configuration. Here are a few possible options:
Use the arp command: If the router is configured to block the MAC address, it will not respond to the ARP request for the IP address. You can use the command arp -a to check the ARP table for the IP address of the router, and see if there is a corresponding MAC address.
Use the nmap command: You can use the nmap command to scan the network for open ports and services. If the router is configured to block the MAC address, it may not respond to the nmap scan, and the router's IP address will not be listed in the scan results.
Use the ping command: You can use the ping command to send ICMP echo request packets to the router's IP address. If the router is configured to block the MAC address, it may not respond to the ping request.
Use the tcpdump command: You can use the tcpdump command to capture network traffic. If the router is configured to block the MAC address, you may not see any traffic from the router in the capture.
It's important to note that the availability of these options, and how to check for them, may vary depending on the type of router, its firmware version and configuration, also some commands may not give you a clear answer, but if you see that the router is not responding to the requests, it might be an indication that the MAC filtering is active.
A neat site which playfully elaborates how you can nearly query any OS
Turbostat, a powerful tool for reporting processor topology, frequency, idle power-state statistics, temperature, and power on X86 processors.
In this guide, we'll walk you through the process of installing Turbostat on Ubuntu 22.04, as well as explain how to use it in two different ways.
Installing Turbostat on Ubuntu 22.04
Start by updating your package list with the command:
sudo apt-get update
Next, install the linux-tools-common package by running the following command:
sudo apt-get install linux-tools-common
Alternatively, non-root users can also run Turbostat by setting the
cap_sys_rawio capability with the following command:
setcap cap_sys_rawio=ep ./turbostat
To ensure that Turbostat does not interfere with other programs, including multiple instances of itself, it is necessary to grant read access to the
/dev/cpu/*/msr file with the command:
chmod +r /dev/cpu/*/msr
Using Turbostat
Turbostat can be used in two ways:
Supply a command as an argument which is forked and statistics are printed upon its completion.
Omit the command and Turbostat displays statistics at a certain interval. The interval can be changed using the
--interval option.
Take your Ubuntu 22.04 performance monitoring to the next level with Turbostat. With its extensive range of features and easy-to-use interface, it's the perfect tool for developers and system administrators alike.
To display statistics at a fixed interval of 1 second:
turbostat --interval 1
To display statistics for a specific core:
turbostat --core 3
To display statistics for all cores:
turbostat --all-cores
To display statistics while running a specific command:
turbostat --interval 1 --quiet --all-cores stress --cpu 8 --timeout 60
To display statistics in CSV format:
turbostat --csv --interval 1
To display statistics for a specific socket:
turbostat --socket 1
These are just a few examples of the many options available when using Turbostat. You can also specify different fields to be displayed, such as temperature, power, or frequency, and you can output the statistics to a file for later analysis. You can see more on the man pages or in the documentation.
Reference Links: https://manpages.ubuntu.com/manpages/bionic/man8/turbostat.8.html https://manpages.ubuntu.com/manpages/xenial/man8/turbostat.8.html https://www.kernel.org/doc/Documentation/cpu-freq/boost.txt https://ubuntu.pkgs.org/22.04/ubuntu-updates-main-amd64/linux-tools-common_5.15.0-30.31_all.deb.html https://askubuntu.com/questions/37618/is-turbo-boost-working https://www.mankier.com/8/turbostat
Citations:
https://manpages.ubuntu.com/manpages/bionic/man8/turbostat.8.html https://ubuntu.pkgs.org/22.04/ubuntu-updates-main-amd64/linux-tools-common_5.15.0-30.31_all.deb.html https://www.mankier.com/8/turbostat https://manpages.ubuntu.com/manpages/xenial/man8/turbostat.8.html https://www
GrapheneOS is an open source mobile operating system based on the Android Open Source Project (AOSP). Developed in March 2022, it is a privacy-focused OS designed to protect users from tracking and data collection. It focuses on enhancing the security and privacy of the existing Android operating system, while still offering great usability and compatibility with a large number of apps.
GrapheneOS offers a number of features that make it more secure than Android. For instance, it uses file-based encryption, which generates a unique, random key each time the device is turned on and destroys the key after every session. This means that even if a hacker were to gain access to the device, they would not be able to access the user's data. Additionally, GrapheneOS uses metadata encryption to protect personal data stored in user profiles, and applies the EFF's privacy-friendly Do Not Track (DNT) policy to all users of its publicly available services. This helps protect users from online tracking and targeted advertising.
GrapheneOS also has improved the existing Android sandboxing system, making it more difficult for attackers to exploit vulnerabilities in apps. The OS also has added anti-persistence/detection measures to verify boot, which helps prevent malware from persistently remaining on the device after a reboot.
GrapheneOS does not bundle any Google apps or services into the OS, unlike other operating systems. Instead, users can install a sandboxed version of Google Services from the 'Apps' app, which comes pre-installed with GrapheneOS. This allows users to still have the apps they need while keeping the security of their device intact. The developers are also working on filling the gaps left by not bundling Google apps with the OS and focused on robust and secure implementations.
GrapheneOS is currently only officially supported on Pixel devices, but the developers plan to expand support to other devices in the future. This is because Pixel devices offer superior hardware capabilities, particularly their security chipsets, and the developers have official production support for the Pixel series. This allows users to get the latest software updates as soon as they become available.
However, it's worth noting that GrapheneOS is a new operating system and it's not widely used yet, so it may have limited app compatibility and a smaller user community compared to more popular mobile operating systems. Additionally, because the OS is focused on privacy and security, it may not have the same level of convenience and user-friendliness as other operating systems.
Overall, GrapheneOS is an excellent choice for those who are looking for a secure and private operating system for their mobile devices and are willing to trade off some convenience for added security. It provides a strong baseline of security and privacy, while still offering great functionality and usability. For more information about GrapheneOS, please visit their official
In summary, GrapheneOS is a promising open-source mobile operating system that provides a strong baseline of security and privacy. However, as with any new technology, it would be important to consider the limitations and drawbacks, as well as the community and development behind the project before making a decision to switch.
website https://grapheneos.org/
If you are experiencing an audio-video mismatch on Ubuntu 22.04 when using VLC media player, you can use the tools in VLC to adjust the audio synchronization. To do so, open VLC Player > Menu > Tools > Preferences > Advanced Preference. Click the Audio tab from the left list, make sure you have choose the All in the Show settings at the bottom-left corner. Check the settings of Audio desynchronization compensation and you can put a value in seconds to sync audio. Additionally, you can use the Equalizer feature in VLC to enhance and customize the sound of your digital music library. To do this, go to Window > Tools > Effects and Filters, click the check box next to the Enable option and select a preset, or adjust the frequency band sliders to adjust the sound manually.
If you want to further normalize the loudness of the file, you can use the loudnorm filter which implements the EBU R128 algorithm. To do this, run the command ffmpeg -i input.wav -filter:a loudnorm output.wav. Automating the normalization processes with ffmpeg without having to do two passes is possible with the ffmpeg-normalize Python program. This script defaults to EBU R128 normalization but peak and RMS normalization are also supported.
To change the sound volume, you can use FFmpeg's volume audio filter. If you want your volume to be half of the input volume, run the command ffmpeg -i input.wav -filter:a “volume=0.5” output.wav. To increase the volume by 10dB, run the command ffmpeg -i input.wav -filter:a “volume=10dB” output.wav. To reduce the volume, use a negative value.
Finally, to set or otherwise normalize the volume of a stream, peak and RMS normalization can be used. To normalize the volume to a given peak or RMS level, the file first has to be analyzed using the volumedetect filter. Read the output values from the command line log, then calculate the required offset, and use the volume filter as shown above.
You can use the ffmpeg tool to adjust the audio levels of a video. One way to do this is to use the volume filter, which allows you to increase or decrease the volume of the audio in a video. For example, to decrease the volume of the audio by 6 dB, you can use the following command:
ffmpeg -i input.mp4 -filter:a "volume=-6dB" output.mp4
You can also use other ffmpeg filter such as 'equalizer', 'compand' , 'pan' to adjust the audio level, balance and stereo. It's recommended to play with the filter option and see which one works best for your video.
ffmpeg -i input.mp4 -filter_complex "[0:a]equalizer=f=1000:t=h:width_type=h:w=1000[a0];[0:a]equalizer=f=1000:t=h:width_type=h:w=1000,compand=attacks=.01:decays=1:points=-90/-90|-40/-20|-20/-10|0/-3|20/3[a1];[a0][a1]pan=stereo|c0=c0|c1=c1" output.mp4
There are many other options and filters available in ffmpeg for adjusting audio levels and other aspects of the audio in a video. For example, you can use the 'amplify' filter to increase or decrease the volume of specific audio frequencies, or the 'compand' filter to adjust the dynamic range of the audio. Additionally, you can use the 'pan' filter to adjust the balance between left and right channels in stereo audio, or the 'equalizer' filter to adjust the levels of different frequency bands.
It's important to note that it's best to adjust audio levels on the separate audio track before merging it back with the video. That way you can have more control over the audio and make sure it's in the right level and quality.
Citations :
D-Bus is an inter-process communication (IPC) protocol used in the Linux, Windows and BSD operating systems. It allows multiple applications to exchange data and signals in a standardized way.
D-Bus has several layers: a library, libdbus, which allows two applications to connect to each other and exchange messages; a message bus daemon executable, built on libdbus, which multiple applications can connect to; and native objects and object paths. Native objects are objects that the application owns and manages and object paths allow applications to access those native objects.
Applications that use D-Bus are either servers or clients. A server listens for incoming connections and a client connects to a server. Once the connection is established, it is a symmetric flow of messages. D-Bus provides its own marshaling and language bindings for different languages like Glib, Qt, Python, etc.
Using D-Bus should feel more like object-oriented programming than like communication. Bus names can be used to coordinate single-instance applications. Addresses are also used to identify connections. The idea is to fit the D-Bus API into the native language and libraries as naturally as possible.
D-Bus is non-transactional and behaves like an RPC mechanism. Semantics are similar to the existing DCOP system, allowing KDE to adopt it more easily. It is also tailored to meet the needs of the desktop projects in particular.
To get started with using D-Bus, one should refer to the D-Bus specification, Doxygen reference documentation, and look at some examples of how other apps use D-Bus. An example of an application that uses D-Bus is ØMQ, an open source messaging middleware.
To query D-Bus from the terminal, you can use the dbus-send command.
Example 1: Get the current volume level of the PulseAudio server:
dbus-send --print-reply --dest=org.pulseaudio.Server /org/pulseaudio/server_lookup org.freedesktop.DBus.Properties.Get string:'org.pulseaudio.Server' string:'Volume'
Example 2: Change the volume level of the PulseAudio server:
dbus-send --print-reply --dest=org.pulseaudio.Server /org/pulseaudio/server_lookup org.freedesktop.DBus.Properties.Set string:'org.pulseaudio.Server' string:'Volume' variant:double:0.5
Example 3: Get the current time from the system bus:
dbus-send --print-reply --system --dest=org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.DBus.Properties.Get string:'org.freedesktop.timedate1' string:'TimeUSec'
Note: in above examples, the --dest flag specifies the destination service and the /org/pulseaudio/server_lookup or /org/freedesktop/timedate1 specifies the object path. The org.freedesktop.DBus.Properties.Get or org.freedesktop.DBus.Properties.Set specifies the interface and the method you want to call.
You can also use gdbus command which is a command-line tool for interacting with D-Bus objects.
You can get more information about dbus-send and gdbus from their man pages.
References: [1] https://www.freedesktop.org/wiki/IntroductionToDBus/ [2] https://dbus.freedesktop.org/doc/dbus-tutorial.html [3] https://en.wikipedia.org/wiki/D-Bus [4] https://www.cardinalpeak.com/blog/using-dbus-in-embedded-linux [5] https://stackoverflow.com/questions/482681/d-bus-equivalent-for-windows [6] https://alternativeto.net/software/d-bus/
Citations :
Wake-On-LAN (WOL) is a technology that allows one computer to remotely Wake Up another computer on a local area network (LAN). It requires the support of the computer's network card and motherboard. To configure WOL on Ubuntu 22.04, you will need to use the ethtool command to enable it.
First, you need to find out where ethtool is installed. This terminal command will do that:
foc@ubuntu22:~$ sudo --preserve-env systemctl edit --force --full wol-enable.service
[Unit] Description=Enable Wake-up on LAN [Service] Type=oneshot ExecStart=/sbin/ethtool -s enp2s0 wol g
[Install] WantedBy=basic.target
Replace enp2s0 value with the computer's network interface name. Next, install the ethtool package:
foc@ubuntu22:~$ sudo apt install ethtool -y
Then check if the network card supports wake-on-LAN using this command:
foc@ubuntu22:~$ sudo ethtool enp2s0
Settings for enp2s0: ... Supports Wake-on: pumbg Wake-on: d Link detected: yes
The expression “Wake-on:d” indicates that the wake-on-lan feature of the network card is supported but deactivated. To enable it, run the following command:
foc@ubuntu22:~$ sudo ethtool -s enp2s0 wol g
Settings for enp2s0: ... Supports Wake-on: pumbg Wake-on: g Link detected: yes
Some motherboard manufacturers require you to change the settings in the BIOS to enable this feature.
Finally, create a systemd service to enable WOL at startup:
foc@ubuntu22:~$ sudo --preserve-env systemctl edit --force --full wol-enable.service
[Unit] Description=Enable Wake-up on LAN [Service] Type=oneshot ExecStart=/sbin/ethtool -s enp2s0 wol g
[Install] WantedBy=basic.target
After creating the service, reload and enable it:
foc@ubuntu22:~$ sudo systemctl daemon-reload foc@ubuntu22:~$ sudo systemctl enable wol-enable.service Created symlink /etc/systemd/system/basic.target.wants/wol-enable.service → /etc/systemd/system/wol-enable.service
Enabling Wake-on-Lan on Ubuntu 22.04 is relatively easy once you know the steps. First you need to find out which network interface you are using, then you need to install the ethtool package and use the command to check if your network card supports wake-on-Lan. Once it is confirmed, you need to run the command to enable WOL. Finally, create a systemd service to enable WOL at startup. After completing these steps, you should be able to use Wake-on-Lan on your Ubuntu 22.04 machine.
Citations :
The Intel Management Engine (ME) is a component embedded within Intel CPUs which is separate from the main processor, BIOS and Operating System. It has been criticized for its security risk and possibility of being a backdoor for various groups, including the NSA.
In response to these claims, Intel has denied any backdoors or providing access to computing systems without the explicit permission of the end user. However, Intel does acknowledge that it sometimes explores modification or disabling certain features at the request of equipment manufacturers supporting their customer's evaluation of the US government's “High Assurance Platform” program.
To mitigate the Intel ME on their devices, the NSA has implemented a High Assurance Platform (HAP) disable bit. This was discovered by Positive Technologies experts, who confirmed the HAP disable bit with Intel. They have warned that this method might be dangerous as it was not thoroughly tested and could potentially damage or destroy a computer.
The Intel ME also has full access to memory and the TCP/IP stack, as well as being signed with an RSA 2048 key. It can send and receive network packets even if the OS is protected by a firewall, making it difficult to disable without compromising the boot-up process. Furthermore, the health of the ME firmware cannot be audited and no one outside of Intel has seen the code for the ME.
Despite Intel denying any malicious intent, many experts still believe that the ME is a backdoor and should be disabled. To learn more about the Intel ME and how to disable it, please refer to the references listed below.
Well this is uncool, but what about the HAP?
The High Assurance Platform (HAP) is a secure computing platform program run by the US National Security Agency (NSA) in coaction with the tech industry. It was designed to develop the 'next generation' of secure computing platforms, allowing secure data movement between domains. Interestingly, it was discovered that the NSA had implemented an undocumented bit called “reserve-hap” which when set to “1”disabled Intel ME. This was apparently done at the request of equipment manufacturers and customers evaluating the HAP program, and the modifications underwent a limited validation cycle.
Some PCs use Intel ME to initialize or manage certain system peripherals and/or provide silicon workarounds, which means the user may lose functionality by disabling it.
The idea behind High Assurance systems is to make claims about the system's behavior and provide evidence that it will behave as described. This is achieved through a combination of formal software verification methods, third-party expert evaluation, security testing and analysis. Typically, these systems are more constrained than traditional cybersecurity products, such as signature-based malware detection and AI-based anomaly detection. This means they can be more effectively quantified and mitigated.
The Intel Management Engine (ME) is an embedded program, which cannot be completely wiped from the system. However, it can be disabled by setting the “reserve-hap” bit to “1”. This can be done by disabling Intel Active Management Technology (AMT) in BIOS. Depending on the Hewlett-Packard (HP) model, users should go to BIOS Advanced > Remote Management Options > Active Management / Unconfigure AMT on next boot and set Intel AMT (Enabled, disabled). Some HP models require pressing CTRL+P to access the AMT Menu and set Intel ME Control State (Enabled, disabled). Once these steps are completed, the Intel ME tool will be disabled and any associated components will be uninstalled.
Conclusion, am I forked? 🤔
We'll yes and no, there is for some devices the possibility to partially disable the Inte ME. Even if this wasn't intended by the manufacturer. E.g., via Coreboot.
But the best method to avoid this would be to buy a device which is already corebootified or allows to partially disabled it from the bios. Keep in mind, this nasty son of a feature can't be disabled completely.
tuxedocopmuters.com offer some devices also puri.sm, system76 and some other vendors too.
Like to feel your pulse rising? :D
Aight open your sweet terminal mostly ctrl+alt+t
git clone --depth=1 https://review.coreboot.org/coreboot
cd coreboot/util/intelmetool/
sudo apt install -y libpci-dev zlib1g-dev
make
sudo ./intelmetool -m
And got any warnings? :D If so…
Good, good proceed…
On Ubuntu 22.04, you can check if Intel AMT is active using the terminal. First, you need to clone the mei-amt-check repository from GitHub:
$ git clone https://github.com/mjg59/mei-amt-check.git
Once cloned, change directories into the new mei-amt-check folder and run the make command to build the program:
$ cd mei-amt-check
$ make
Next, run the mei-amt-check program with sudo:
$ sudo ./mei-amt-check
This command will output whether or not Intel AMT is enabled and provisioned on your machine. If it is enabled, the output should look something like this:
AMT present: true
AMT provisioning state: provisioned
Flash: 9.1.42
Netstack: 9.1.42
AMTApps: 9.1.42
AMT: 9.1.42
Sku: 8
VendorID: 8086
Build Number: 3002
Recovery Version: 9.1.42
If the output instead reads “Intel AMT: DISABLED”, then Intel AMT is disabled on the system.
Alternatively, you can use the Nmap tool to scan for Intel AMT. Download the script http-vuln-cve2017-5689.nse with wget or curl:
$ wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5689.nse
Run nmap against the target IP address with the script:
$ nmap -p 16992 --script http-vuln-cve2017-5689 <target_ip>
If Intel AMT is enabled and provisioned, the output should indicate that the port is open and that it is vulnerable to CVE-2017-5689.
Annotation of 2nd editor:
What about AMD, then? Well… Still forked :D
“Fun fact: AMD has similar criticism for their CPUs, their ME equivalent is called PSP. Maybe in the future I will write an article about it too.” 😉
Reference Links:
https://www.cyberciti.biz/faq/how-to-check-whether-amt-is-enabled-and-provisioned-under-linux/
https://manpages.ubuntu.com/manpages/trusty/man7/amt-howto.7.html
https://www.intel.com/content/www/us/en/support/articles/000054916/technologies.html
https://virtualizationreview.com/articles/2020/01/13/configuring-intel-amt.aspx
https://www.cyberciti.biz/faq/remotely-access-intel-amt-kvm-linux-desktop/
Citations :
References: https://github.com/corna/me_cleaner/wiki/Get-the-status-of-Intel-ME
Citations :
Citations :
References:
https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://puri.sm/learn/intel-me/
Citations :
YouTube Transcript is a neat site to generate auto transciptions of YT Videos :)
Citations :