Daily Archives: 2021-02-16

Fuzix: Unix on a Raspberry Pi Pico #RaspberryPiPico #Unix @hjalfi

Source: adafruit industries blog

Article note: Fuckin' cool. An only slightly feeble V7 clone on the Pico. Also, I find their notes about the Pico's C SDK very promising - I've been thinking about where I'd like to move UK's intro embedded lab long term and the quality and simplicity of documentation makes the Pico suddenly kind of appealing. We're on Keil in legacy mode which is foul + TI TivaC Cortex M4 right now because there is a good, cheap book for it, major contenders ST CubeIDE + STM32 or TI CCS + TivaC, but maybe I should be looking at the Pico.

David Given blogs about porting Fuzix, a small V7 Unix clone, to the new Raspberry Pi Pico microcontroller:

Working with the Pico was an experience: the documentation is excellent, as is the C SDK. The SDK provides a set of libraries which are thin wrappers around the underlying hardware, making most features utter simplicity to use. Unlike the ESP8266’s libraries, the Pico SDK is unopinionated and doesn’t require you to use any of its features: if you want to talk directly to the hardware, you can (and in fact there’s library support for doing just this).

There are some high-level features like a heap, stdio emulation, multicore primitives, etc which I’m not using, but if you don’t use them you don’t pay for them. For my embedded-systems brain it’s the ideal ratio of functionality to complexity.

The Fuzix port provides:

  • user binaries using up to 64kB of code and data each (this could be expanded, as there’s plenty of spare RAM)
  • up to 15 processes
  • a proper Unix filesystem
  • SD card support, used for both the filesystem and swap space
  • serial console on UART0
  • the full set of Fuzix core binaries work — fsck, Bourne shell, the standard Unix tools, a vi clone, etc, plus some simple games

If you’re looking for the source code, I’m currently upstreaming it piece by piece to the main FUZIX repository. Until that’s done, look in my own fork.

If you just want a binary to flash and try for yourself, here’s one: Raspberry Pi Pico Fuzix binaries

Poorly put-together, bugridden and unsupported Fuzix binaries for the Raspberry Pi Pico. Instructions are enclosed, more or less.

See more in the post here.

Posted in News | Leave a comment

New type of supply-chain attack hit Apple, Microsoft and 33 other companies

Source: Ars Technica

Article note: Oh this is super dumb. Automatic dependency management tools, which are always a clusterfuck, automatically matching malicious packages uploaded in the public namespace over top of internal company-use packages whose names are easily inferred.
New type of supply-chain attack hit Apple, Microsoft and 33 other companies

Enlarge (credit: Getty Images)

Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far.

The technique was unveiled last Tuesday by security researcher Alex Birsan. His so-called dependency confusion or namespace confusion attack starts by placing malicious code in an official public repository such as NPM, PyPI, or RubyGems. By giving the submissions the same package name as dependencies used by companies such as Apple, Microsoft, Tesla, and 33 other companies, Birsan was able to get these companies to automatically download and install the counterfeit code.

Automatic pwnage

Dependencies are public code libraries or packages that developers use to add common types of functionality to the software they write. By leveraging the work of thousands of their open source peers, developers are spared the hassle and expense of creating the code themselves. The developer’s code automatically downloads and incorporates the dependency, or any update to it, either from the developer’s local computer or from a public repository.

Read 14 remaining paragraphs | Comments

Posted in News | Leave a comment