Techie-Jim.net

Blog

  • Deactivating Troublesome Devices in Linux

    Deactivating Troublesome Devices in Linux

    Sometimes you may run into a situation where a device may not act right. In most cases you can just disable a driver and that works. In other situations, it’s on a controller that handles multiple devices. Disabling a driver will disable multiple devices. So how do you only disabled one specific device without affecting others?

    This happened to me on Linux. My touchpad works fine on Windows, but on Linux… not so much. It works, but I noticed some strange slowness in my system. Looking at top I noticed there were no individual processes using a lot of resources, but one of the CPU’s cores was pegged between 80-98% usage. Ouch.

    I scoured the internet and just got a whole bunch of “find the driver that’s causing the problem and blacklist it” results. I tried that but it also disabled the touchscreen. The touchscreen was not causing a problem… but it was attached to the same serial controller hub.

    Looking at the interrupts I could see that the touchpad, an ELAN (unknown more recent model) was spewing interrupts like a fountain and eating up an entire CPU core:

    Bash
    $ cat /proc/interrupts
CPU0       CPU1       CPU2       CPU3       CPU4       CPU5       CPU6       CPU7
1:          0          0          0          0          0          0          0      18400  IR-IO-APIC    1-edge      i8042
8:          0          0          0          0          0          0          0          0  IR-IO-APIC    8-edge      rtc0
9:          0         46          0          0          0          0          0          0  IR-IO-APIC    9-fasteoi   acpi
14:         0          0          0          0          0          0          0          0  IR-IO-APIC   14-fasteoi   INT34C5:00
16:         0          0          0          0          0       1964          0          0  IR-IO-APIC   16-fasteoi   intel_ish_ipc, i801_smbus
27:         0       1317          0          0          0          0          0          0  IR-IO-APIC   27-fasteoi   i2c_designware.0, idma64.0
28:         0         91     392167          0          0          0          0          0  IR-IO-APIC   28-fasteoi
29:         0          0          0          0          0          0          0          0  IR-IO-APIC   29-fasteoi   i2c_designware.2, idma64.2
30:         0          0          0          0          0          0          0          0  IR-IO-APIC   30-fasteoi   i2c_designware.3, idma64.3
43:         0          0          0          0       2212          0          0          0  IR-IO-APIC   43-fasteoi   ELAN9009:00
57:         0          0          0          1          0          0          0          0  IR-IO-APIC   57-fasteoi

    You can see that IRQ 28 was spamming CPU3 with interrupts prior to it being disabled.

    After a lot of digging I found that these ELAN touchpads are notorious for requiring “passcodes” to function properly. Apparently they have a specific “knock” that needs to occur so that they will stop spamming interrupts. The Windows drivers apparently have these knocks. Linux developers either have to guess or try to reverse engineer. Not a high priority for obvious reasons. Linux builders just avoid such devices in computers that will be running Linux.

    How do you match up an interrupt to an address? Not figured that out yet so you might have to do some trial and error on a few devices (it’s pretty easy using the echo function later in this post). If anyone knows how to match an interrupt port to a device address, let me know so I can update this post.

    Bash
    $ lspci -mm
...
00:15.0 "Serial bus controller" "Intel Corporation" "Tiger Lake-LP Serial IO I2C Controller #0" -r20 -p00 "ASUSTeK Computer Inc." "Device 1402"
00:15.1 "Serial bus controller" "Intel Corporation" "Tiger Lake-LP Serial IO I2C Controller #1" -r20 -p00 "ASUSTeK Computer Inc." "Device 1402"
00:15.2 "Serial bus controller" "Intel Corporation" "Tiger Lake-LP Serial IO I2C Controller #2" -r20 -p00 "ASUSTeK Computer Inc." "Device 1402"
00:15.3 "Serial bus controller" "Intel Corporation" "Tiger Lake-LP Serial IO I2C Controller #3" -r20 -p00 "ASUSTeK Computer Inc." "Device 1402"
...

    Afer some trial-and-error I determined that IRQ 28 was associated with device 00:15.1.

    There had to be a way to disable it while keeping the touchscreen working. After a lot of digging I finally found a 1-line command to disable a specific device by it’s address. But how would I get it to disable every boot? Turns out you can do that via the crontab (you need to be the root user):

    Bash
    $ sudo su
[sudo] password:
[root] $ crontab -e
    Bash
    @reboot echo "0000:00:15.1" > /sys/bus/pci/devices/0000:00:15.1/driver/unbind

    However…

    This is not the best solution. It does run every time the computer is started/restarted, but it happens very late in the boot process. That allows the boot to still get stuck while the part of the CPU is busy trying to handle a flood of interrupts. I needed a way to have it run earlier in the boot process. I discovered an easy way to do just that using a target unit. 💡 The following process is for systemd, if you are using another service manager the process will be different, but should be a similar way to hook into the boot process.

    Target units are scripts that run at a specific point in the boot process. In this case, I run it after sysinit.target, which is the earliest you can run within the boot process. How you do this is by creating a .target file and enable it:

    Bash
    [root] $ edit /usr/lib/systemd/system/disable.device.target

    Of course, by edit I mean to use your favorite editor. vim, nano, or any other terminal or graphical editor you wish. Add the following into the file:

    INI
    [Unit]
Description=Disable Device
Before=basic.target
After=local-fs.target sysinit.target
DefaultDependencies=no

[Service]
Type=oneshot
ExecStart=/etc/disable.device.sh

[Install]
WantedBy=basic.target

    You can change where the actual script file is located, I simply picked /etc but you can put it anywhere you wish. Next you need to add the contents of the script. Again, use your favorite editor on /etc/disable.device.sh:

    Bash
    #! /bin/sh
echo "0000:00:15.1" > /sys/bus/pci/devices/0000:00:15.1/driver/unbind

    Then, make sure the script can be executed by the root user:

    Bash
    [root] $ chmod 744 /etc/disable.device.sh

    Finally, enable your service:

    Bash
    [root] $ systemctl enable disable.device

    That’s it. On the next boot (and every boot after), the device will automatically be disabled early in the boot process.

  • AVIF Preview Image Example

    AVIF Preview Image Example

    A common feature of web image formats is to display something – anything – while a large image is being downloaded. Progressive rendering allows the user to see that an image is being loaded and potentially start understanding the contents of the image. However, AVIF, being a video format, does not come with this feature.

    What About AVIF?

    AVIF developers debated including something similar to what I describe below, however, they tabled the idea. Including a preview image in the header would add complexity with little gain. Adding full progressive rendering this late would require a large change to the code & specification.

    Developed for low-bitrate situations, they expect images should load quickly. It’s not being properly promoted for its expected use case. I will add a more detailed article covering this in the future.

    Preview Image Example

    This example shows how an AVIF image can display a lower quality preview while the larger image is loading. CSS restrictions require the use of a parent <picture> tag. If anyone knows a way to fold this into a single <img> tag, preferably without JavaScript, please let me know.

    It uses no JavaScript for the actual image or loading portion. The script is only to add a more appealing transition effect that occurs when the large image has completed downloading. Browsers without JS will still load and display the image, but the large image will pop in instantly overtop of the inferior quality version with no transition animation.

    Other image formats (WebP/WebP2, HEIF, GIF, PNG, etc) can also use this technique, but probably wouldn’t be necessary for types that support progressive encoding/rendering (such as JPEG and JPEG XL) as they will provide a similar effect without the use of an extra image or code.

    Lets take a look at the HTML structure…

    HTML
    <picture id="avif-cats" class="block" style="background-image: url('https://assets.techie-jim.net/path-to/preview-image.avif');">
    <img class="block" width="4032" height="3024" style="display:none;" src="https://assets.techie-jim.net/path/to/preview-image.avif" decoding="async">
    <img class="block" width="4032" height="3024" onload="this.imageIsLoaded();" src="https://assets.techie-jim.net/path/to/large-image.avif" decoding="async">
</picture>

    Wait… why are there 2 img tags? Some browsers will try to load the large image first which can block loading of the preview image until it is done. Yikes! That is not what we would want. The first one is linking to the same preview image that is set as the background of the picture tag. Note the display is also none making it invisible. This is specifically so that it will prioritize it above the larger image when loading resources.

    Take a look at the code. (It’s recommended you run the code after the DOM has finished loading [DOMContentLoaded event]):

    JavaScript
    // This part can be anywhere inside or outside your event listener.
HTMLImageElement.prototype.imageIsLoaded = function() {
    this.parentElement.style.filter='';
    this.style.opacity=1;
}

(() => {
    let afterLoaded = function() {
        let isLoaded = false;
        let picElemCol = document.getElementsByTagName('picture');
        let imgElemCol = false;
        for(let picElem of picElemCol) {
            imgElemCol = picElem.getElementsByTagName('img');
            for(let imgElem of imgElemCol) {
                isLoaded = imgElem.complete && imgElem.naturalHeight !== 0;
                if(!isLoaded) {
                    picElem.style.filter = "blur(3px)";
                    imgElem.style.opacity = 0;
                }
            }
        }
    };

    if(/complete|interactive|loaded/.test(document.readyState)) {
        afterLoaded();
    } else {
        document.addEventListener('DOMContentLoaded', afterLoaded, {"once": true});
    }
})();

    The script is only used to blur the preview image until the large image has loaded, providing a more pleasing and interlaced JPEG-like appearance. Feel free to add a CSS animation to it, if you like.

  • RTX 4090s Can Crack Your Password! What does it mean for you?

    RTX 4090s Can Crack Your Password! What does it mean for you?

    Sam Croley, a security researcher, posted a benchmark showing just how fast Nvidia’s new flagship GPU was. What was the benchmark? hashcat, a password recovery tool. However, it was used to see just how fast a 4090 could hash every combination of 8 characters (the most common length for passwords), including special characters. However, hashing all these character combinations is not the same as comparing and matching passwords.

    This kind of direct hacking also requires a physical connection – they must have their rig present or a fast, direct connection to the device being hacked. That is likely to raise some eyebrows. Why? You need a beefy (likely heavy) rig and electrical connection.

    Walking into any building with a massive brick of a suitcase is likely to get noticed.

    Show Me The Money!

    Nvidia’s new cards are not cheap. Each one has a manufacturer-suggested retail price (MSRP) of $1,600… so eight of them will total $12,800! That’s assuming supply chain issues don’t cause them to be scalped by third parties on the Internet. At that price, the average Internet user is not likely the intended target (see “Who’s Most At Risk?” below).

    Hungry For Power

    Star Wars meme of Palpatine firing lighting from his hands and yelling 'unlimited power!'

    Nvidia’s RTX 4090 – just a single card – requires 450 watts and they recommend having a minimum 700 watt power supply (though they encourage 800 or more). However, to achieve the speeds tested, you need to overclock (OC) – make the card run commands faster than intended. That requires even more energy. While the researcher didn’t note energy requirements, other articles note seeing OC’ed 4090s claiming 616 watts for a single card.

    Even at those power levels, it is likely to take days to go through all those character combinations with a single GPU. So how much would eight of them need? Well, simple math: eight RTX 4090s multiplied by 616 watts gives us a staggering 4,912 watts just for the cards alone. Add in the rest of a computer and you’re likely looking at roughly a 5,300 watt requirement!

    That kind of power is going to require an isolated 240-volt circuit at 25 amps (about 6,000 total watts), and even then you’re within the cautionary limits of that breaker. While easy to find such a circuit in a data center, if you have to unplug something already present, it’s likely someone is going to notice. If you plug into a circuit that is not isolated, you could trip a breaker or blow a fuse – also likely someone will notice.

    Firewalled

    What about cracking across the internet? An increasing number of websites, small and large, are behind increasingly sophisticated barriers. These firewalls, some even using artificial intelligence (AI), often detect intrusion attempts and will automatically block them.

    Who’s Most At Risk?

    Given the bulk, money, and power requirements, the average Internet netizen is not likely to be a target. Other, higher-profile companies, organizations, governments, and individuals where the likelihood of a return on investment are most at risk. However, this brings up a few current and future concerns.

    Public Figures

    Every day, celebrities, politicians, government officials, executives, and IT professionals of the largest companies receive attacks. Attempts at phishing, malware, and ransomware attacks are common. Acquiring a stolen or improperly disposed of device periodically occurs. Use of common or guessable passwords. Accessing unencrypted networks. These scenarios are common, and faster technology makes it easier for attackers to gain access to personal & sensitive data.

    Infrastructure

    As warfare moves to cyberspace, infrastructure is increasingly a target. Fossil fuel production and electrical generation are required for companies and governments to compete. Making it easier to potentially break into will just put a larger target on them. Lare portions are aging and not kept up to date with the latest technology, which opens up the potential for vulnerabilities to be exploited.

    Encryption Keys & Hashes

    Over time, as technology gets faster, it decreases the effectiveness of encryption keys and hash algorithms. As they become obsolete, they are retired in favor of more complex keys that take greater amounts of processing power to break. Unfortunately, it also takes industries a while to update to more secure keys. This leaves many open to attack.

    Will this advancement lead to algorithms being deprecated or retired? Not even close. Supercomputers just a few years ago would require up to 14 billion years to crack 128-bit AES encryption at 10.51 pentaflops. Today, the fastest supercomputer in the world, at 1.102 exaflops, would take nearly 10 billion years (generously).

    How fast would eight 4090s be? Each one clocks in at 82.58 teraflops. Combined, 660 teraflops. Overclocked, they would be faster, but only to about 100 teraflops. Even combined at 800 teraflops, that is still only slightly more than half (0.8) a pentaflop – or about 7% the performance of supercomputers a few years back.

    Suspects

    Law enforcement attempts breaking into the devices of suspects – either through coercion, encryption-breaking tools, man-in-the-middle, and brute force attacks. Sometimes they ask or attempt to force the manufacturer or software developer of the device to assist. However, having a device capable of breaking into a device faster is just what law enforcement seeks.

    In The End

    Are you at risk? If you’re not a public figure, probably not. That being said, dumps of encrypted or hashed data will probably become a bigger target. Being able to decrypt large caches faster will mean large blocks of stolen information, which can include passwords, will increase everyone’s risk. I recommend updating your passwords (using longer than 8… better yet, longer than 16 characters), not reusing passwords (use a password manager), and enabling multi-factor authentication on accounts that support it.

    Make it a habit to reset the passwords of your major accounts at least once a year. There are already national/international days for changing and enhancing your passwords. Add them to your own calendar.