nemozone

Adjusting Audio Levels in Videos with ffmpeg: A Step-by-Step Guide

January 16, 2023

If you are experiencing an audio-video mismatch on Ubuntu 22.04 when using VLC media player, you can use the tools in VLC to adjust the audio synchronization. To do so, open VLC Player > Menu > Tools > Preferences > Advanced Preference. Click the Audio tab from the left list, make sure you have choose the All in the Show settings at the bottom-left corner. Check the settings of Audio desynchronization compensation and you can put a value in seconds to sync audio. Additionally, you can use the Equalizer feature in VLC to enhance and customize the sound of your digital music library. To do this, go to Window > Tools > Effects and Filters, click the check box next to the Enable option and select a preset, or adjust the frequency band sliders to adjust the sound manually.

If you want to further normalize the loudness of the file, you can use the loudnorm filter which implements the EBU R128 algorithm. To do this, run the command ffmpeg -i input.wav -filter:a loudnorm output.wav. Automating the normalization processes with ffmpeg without having to do two passes is possible with the ffmpeg-normalize Python program. This script defaults to EBU R128 normalization but peak and RMS normalization are also supported.

To change the sound volume, you can use FFmpeg's volume audio filter. If you want your volume to be half of the input volume, run the command ffmpeg -i input.wav -filter:a “volume=0.5” output.wav. To increase the volume by 10dB, run the command ffmpeg -i input.wav -filter:a “volume=10dB” output.wav. To reduce the volume, use a negative value.

Finally, to set or otherwise normalize the volume of a stream, peak and RMS normalization can be used. To normalize the volume to a given peak or RMS level, the file first has to be analyzed using the volumedetect filter. Read the output values from the command line log, then calculate the required offset, and use the volume filter as shown above.

You can use the ffmpeg tool to adjust the audio levels of a video. One way to do this is to use the volume filter, which allows you to increase or decrease the volume of the audio in a video. For example, to decrease the volume of the audio by 6 dB, you can use the following command:

ffmpeg -i input.mp4 -filter:a "volume=-6dB" output.mp4

You can also use other ffmpeg filter such as 'equalizer', 'compand' , 'pan' to adjust the audio level, balance and stereo. It's recommended to play with the filter option and see which one works best for your video.

ffmpeg -i input.mp4 -filter_complex "[0:a]equalizer=f=1000:t=h:width_type=h:w=1000[a0];[0:a]equalizer=f=1000:t=h:width_type=h:w=1000,compand=attacks=.01:decays=1:points=-90/-90|-40/-20|-20/-10|0/-3|20/3[a1];[a0][a1]pan=stereo|c0=c0|c1=c1" output.mp4

There are many other options and filters available in ffmpeg for adjusting audio levels and other aspects of the audio in a video. For example, you can use the 'amplify' filter to increase or decrease the volume of specific audio frequencies, or the 'compand' filter to adjust the dynamic range of the audio. Additionally, you can use the 'pan' filter to adjust the balance between left and right channels in stereo audio, or the 'equalizer' filter to adjust the levels of different frequency bands.

It's important to note that it's best to adjust audio levels on the separate audio track before merging it back with the video. That way you can have more control over the audio and make sure it's in the right level and quality.

Citations :

D-Bus

January 14, 2023

D-Bus is an inter-process communication (IPC) protocol used in the Linux, Windows and BSD operating systems. It allows multiple applications to exchange data and signals in a standardized way.

D-Bus has several layers: a library, libdbus, which allows two applications to connect to each other and exchange messages; a message bus daemon executable, built on libdbus, which multiple applications can connect to; and native objects and object paths. Native objects are objects that the application owns and manages and object paths allow applications to access those native objects.

Applications that use D-Bus are either servers or clients. A server listens for incoming connections and a client connects to a server. Once the connection is established, it is a symmetric flow of messages. D-Bus provides its own marshaling and language bindings for different languages like Glib, Qt, Python, etc.

Using D-Bus should feel more like object-oriented programming than like communication. Bus names can be used to coordinate single-instance applications. Addresses are also used to identify connections. The idea is to fit the D-Bus API into the native language and libraries as naturally as possible.

D-Bus is non-transactional and behaves like an RPC mechanism. Semantics are similar to the existing DCOP system, allowing KDE to adopt it more easily. It is also tailored to meet the needs of the desktop projects in particular.

To get started with using D-Bus, one should refer to the D-Bus specification, Doxygen reference documentation, and look at some examples of how other apps use D-Bus. An example of an application that uses D-Bus is ØMQ, an open source messaging middleware.

To query D-Bus from the terminal, you can use the dbus-send command.

Example 1: Get the current volume level of the PulseAudio server:

dbus-send --print-reply --dest=org.pulseaudio.Server /org/pulseaudio/server_lookup org.freedesktop.DBus.Properties.Get string:'org.pulseaudio.Server' string:'Volume'

Example 2: Change the volume level of the PulseAudio server:

dbus-send --print-reply --dest=org.pulseaudio.Server /org/pulseaudio/server_lookup org.freedesktop.DBus.Properties.Set string:'org.pulseaudio.Server' string:'Volume' variant:double:0.5

Example 3: Get the current time from the system bus:

dbus-send --print-reply --system --dest=org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.DBus.Properties.Get string:'org.freedesktop.timedate1' string:'TimeUSec'

Note: in above examples, the --dest flag specifies the destination service and the /org/pulseaudio/server_lookup or /org/freedesktop/timedate1 specifies the object path. The org.freedesktop.DBus.Properties.Get or org.freedesktop.DBus.Properties.Set specifies the interface and the method you want to call.

You can also use gdbus command which is a command-line tool for interacting with D-Bus objects.

You can get more information about dbus-send and gdbus from their man pages.

References: [1] https://www.freedesktop.org/wiki/IntroductionToDBus/ [2] https://dbus.freedesktop.org/doc/dbus-tutorial.html [3] https://en.wikipedia.org/wiki/D-Bus [4] https://www.cardinalpeak.com/blog/using-dbus-in-embedded-linux [5] https://stackoverflow.com/questions/482681/d-bus-equivalent-for-windows [6] https://alternativeto.net/software/d-bus/

Citations :

Wake-On-LAN (WOL) on Ubuntu 22.04

January 14, 2023

Wake-On-LAN (WOL) is a technology that allows one computer to remotely Wake Up another computer on a local area network (LAN). It requires the support of the computer's network card and motherboard. To configure WOL on Ubuntu 22.04, you will need to use the ethtool command to enable it.

First, you need to find out where ethtool is installed. This terminal command will do that:

foc@ubuntu22:~$ sudo --preserve-env systemctl edit --force --full wol-enable.service

[Unit] Description=Enable Wake-up on LAN [Service] Type=oneshot ExecStart=/sbin/ethtool -s enp2s0 wol g

[Install] WantedBy=basic.target

Replace enp2s0 value with the computer's network interface name. Next, install the ethtool package:

foc@ubuntu22:~$ sudo apt install ethtool -y

Then check if the network card supports wake-on-LAN using this command:

foc@ubuntu22:~$ sudo ethtool enp2s0

Settings for enp2s0: ... Supports Wake-on: pumbg Wake-on: d Link detected: yes

The expression “Wake-on:d” indicates that the wake-on-lan feature of the network card is supported but deactivated. To enable it, run the following command:

foc@ubuntu22:~$ sudo ethtool -s enp2s0 wol g

Settings for enp2s0: ... Supports Wake-on: pumbg Wake-on: g Link detected: yes

Some motherboard manufacturers require you to change the settings in the BIOS to enable this feature.

Finally, create a systemd service to enable WOL at startup:

foc@ubuntu22:~$ sudo --preserve-env systemctl edit --force --full wol-enable.service

[Unit] Description=Enable Wake-up on LAN [Service] Type=oneshot ExecStart=/sbin/ethtool -s enp2s0 wol g

[Install] WantedBy=basic.target

After creating the service, reload and enable it:

foc@ubuntu22:~$ sudo systemctl daemon-reload foc@ubuntu22:~$ sudo systemctl enable wol-enable.service Created symlink /etc/systemd/system/basic.target.wants/wol-enable.service → /etc/systemd/system/wol-enable.service

Enabling Wake-on-Lan on Ubuntu 22.04 is relatively easy once you know the steps. First you need to find out which network interface you are using, then you need to install the ethtool package and use the command to check if your network card supports wake-on-Lan. Once it is confirmed, you need to run the command to enable WOL. Finally, create a systemd service to enable WOL at startup. After completing these steps, you should be able to use Wake-on-Lan on your Ubuntu 22.04 machine.

Citations :

Intel ME background information

January 14, 2023

The Intel Management Engine (ME) is a component embedded within Intel CPUs which is separate from the main processor, BIOS and Operating System. It has been criticized for its security risk and possibility of being a backdoor for various groups, including the NSA.

In response to these claims, Intel has denied any backdoors or providing access to computing systems without the explicit permission of the end user. However, Intel does acknowledge that it sometimes explores modification or disabling certain features at the request of equipment manufacturers supporting their customer's evaluation of the US government's “High Assurance Platform” program.

To mitigate the Intel ME on their devices, the NSA has implemented a High Assurance Platform (HAP) disable bit. This was discovered by Positive Technologies experts, who confirmed the HAP disable bit with Intel. They have warned that this method might be dangerous as it was not thoroughly tested and could potentially damage or destroy a computer.

The Intel ME also has full access to memory and the TCP/IP stack, as well as being signed with an RSA 2048 key. It can send and receive network packets even if the OS is protected by a firewall, making it difficult to disable without compromising the boot-up process. Furthermore, the health of the ME firmware cannot be audited and no one outside of Intel has seen the code for the ME.

Despite Intel denying any malicious intent, many experts still believe that the ME is a backdoor and should be disabled. To learn more about the Intel ME and how to disable it, please refer to the references listed below.

Well this is uncool, but what about the HAP?

The High Assurance Platform (HAP) is a secure computing platform program run by the US National Security Agency (NSA) in coaction with the tech industry. It was designed to develop the 'next generation' of secure computing platforms, allowing secure data movement between domains. Interestingly, it was discovered that the NSA had implemented an undocumented bit called “reserve-hap” which when set to “1”disabled Intel ME. This was apparently done at the request of equipment manufacturers and customers evaluating the HAP program, and the modifications underwent a limited validation cycle.

Some PCs use Intel ME to initialize or manage certain system peripherals and/or provide silicon workarounds, which means the user may lose functionality by disabling it.

The idea behind High Assurance systems is to make claims about the system's behavior and provide evidence that it will behave as described. This is achieved through a combination of formal software verification methods, third-party expert evaluation, security testing and analysis. Typically, these systems are more constrained than traditional cybersecurity products, such as signature-based malware detection and AI-based anomaly detection. This means they can be more effectively quantified and mitigated.

The Intel Management Engine (ME) is an embedded program, which cannot be completely wiped from the system. However, it can be disabled by setting the “reserve-hap” bit to “1”. This can be done by disabling Intel Active Management Technology (AMT) in BIOS. Depending on the Hewlett-Packard (HP) model, users should go to BIOS Advanced > Remote Management Options > Active Management / Unconfigure AMT on next boot and set Intel AMT (Enabled, disabled). Some HP models require pressing CTRL+P to access the AMT Menu and set Intel ME Control State (Enabled, disabled). Once these steps are completed, the Intel ME tool will be disabled and any associated components will be uninstalled.

Conclusion, am I forked? 🤔

We'll yes and no, there is for some devices the possibility to partially disable the Inte ME. Even if this wasn't intended by the manufacturer. E.g., via Coreboot.

But the best method to avoid this would be to buy a device which is already corebootified or allows to partially disabled it from the bios. Keep in mind, this nasty son of a feature can't be disabled completely.

tuxedocopmuters.com offer some devices also puri.sm, system76 and some other vendors too.

Like to feel your pulse rising? :D

Aight open your sweet terminal mostly ctrl+alt+t

git clone --depth=1 https://review.coreboot.org/coreboot 

cd coreboot/util/intelmetool/ 

sudo apt install -y libpci-dev zlib1g-dev 

make

sudo ./intelmetool -m

And got any warnings? :D If so…

Alt text

Good, good proceed…

On Ubuntu 22.04, you can check if Intel AMT is active using the terminal. First, you need to clone the mei-amt-check repository from GitHub:

$ git clone https://github.com/mjg59/mei-amt-check.git Once cloned, change directories into the new mei-amt-check folder and run the make command to build the program:

$ cd mei-amt-check
$ make

Next, run the mei-amt-check program with sudo:

$ sudo ./mei-amt-check

This command will output whether or not Intel AMT is enabled and provisioned on your machine. If it is enabled, the output should look something like this:

AMT present: true
AMT provisioning state: provisioned
Flash: 9.1.42
Netstack: 9.1.42
AMTApps: 9.1.42
AMT: 9.1.42
Sku: 8
VendorID: 8086
Build Number: 3002
Recovery Version: 9.1.42
If the output instead reads “Intel AMT: DISABLED”, then Intel AMT is disabled on the system.

Alternatively, you can use the Nmap tool to scan for Intel AMT. Download the script http-vuln-cve2017-5689.nse with wget or curl:

$ wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5689.nse

Run nmap against the target IP address with the script:

$ nmap -p 16992 --script http-vuln-cve2017-5689 <target_ip>

If Intel AMT is enabled and provisioned, the output should indicate that the port is open and that it is vulnerable to CVE-2017-5689.

Annotation of 2nd editor:

What about AMD, then? Well… Still forked :D

“Fun fact: AMD has similar criticism for their CPUs, their ME equivalent is called PSP. Maybe in the future I will write an article about it too.” 😉

Reference Links:

https://www.cyberciti.biz/faq/how-to-check-whether-amt-is-enabled-and-provisioned-under-linux/

https://manpages.ubuntu.com/manpages/trusty/man7/amt-howto.7.html

https://www.intel.com/content/www/us/en/support/articles/000054916/technologies.html

https://virtualizationreview.com/articles/2020/01/13/configuring-intel-amt.aspx

https://www.cyberciti.biz/faq/remotely-access-intel-amt-kvm-linux-desktop/

Citations :

References: https://github.com/corna/me_cleaner/wiki/Get-the-status-of-Intel-ME

Citations :

References:

https://www.bleepingcomputer.com/news/hardware/researchers-find-a-way-to-disable-much-hated-intel-me-component-courtesy-of-the-nsa/

https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/

https://en.wikipedia.org/wiki/Intel_Management_Engine

https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Install_Guide/Disabling_the_Intel_Management_Engine

https://hackaday.com/2017/12/11/what-you-need-to-know-about-the-intel-management-engine/

https://en.wikipedia.org/wiki/Intel_Management_Engine

https://puri.sm/learn/intel-me/

https://www.quora.com/Is-the-Intel-Management-Engine-one-of-the-backdoors-that-NSA-uses-to-spy-on-citizens

Citations :

youtubetranscript

January 13, 2023

YouTube Transcript is a neat site to generate auto transciptions of YT Videos :)

Citations :

https://youtubetranscript.com/

https://github.com/jdepoix/youtube-transcript-api/

Metafragen

January 13, 2023

Eine Metafrage ist eine Frage über eine Frage, wie beispielsweise „Darf ich etwas fragen?“ oder „Kennt sich jemand mit Computern aus?“.

In der Regel wird der Begriff Metafrage aber verallgemeinert und damit alle Fragen bezeichnet, die keine direkte Frage zum Problem des Hilfesuchenden sind. Der Hilfesuchende fragt also zunächst allgemein, ob jemand helfen kann. Gerade Neulinge oder unerfahrene Benutzer lassen sich zu Metafragen hinreißen, um einen kompetenten und hilfsbereiten Ansprechpartner zu finden. Meistens werden Metafragen ignoriert oder der Fragende wird rüde darauf hingewiesen, dass ihm niemand bei seinem Problem helfen könne, ohne dies zu kennen. Grundsätzlich folgt auf eine Meta-Frage eine weitere Frage…

http://www.metafrage.de/