Mara van der Laan laanwj

Home Assistant on Raspberry Pi 5 (Debian 13) with Podman

Matter + Thread setup with ZBT-2 dongle, using Podman in rootful host-network mode.

Architecture

                     +-----------------+
                     | Home Assistant  |  :8123 (web UI)
 | (container) |

The standard assumption up to now has been that applications that don't have a specific apparmor profile run in the "unconfined" profile, which essentially doesn't forbid anything. However, in 24.04, everything using unprivileged namespaces automatically ends up in the "unprivileged_userns" profile, which does add rules. Disabling this profile doesn't work, because that seems to block use of unprivileged namespaces completely.

What does work is to create a specifc apparmor profile for guix, that is really unconfined and allows user namespaces:

Create a file /etc/apparmor.d/guix:

abi <abi/4.0>,
include <tunables/global>

profile guix /usr/bin/guix flags=(unconfined) {

Moved to a repository: https://github.com/laanwj/k210-sdk-stuff/blob/master/doc/memory_map.md

Alphanumeric shellcode on RISC-V

Although common on x86, it was initially believed that it was not possible to make alphanumeric shellcode for ARM. Later it turned out it was.

Similar to that, I wondered if it was possible to make alphanumeric shell-code for RISC-V.

(Basic shellcode in RISC-V Linux provides a good introduction to shellcode for RISC-V, including how to avoid NUL bytes.)

First, I enumerated all the possible instructions that could be formed from these characters with a little Rust program and generated some statistics.





	CRYPTONOTE STANDARD 001 Nicolas van Saberhagen
	Category: Main Track Johannes Meier
	Antonio M. Juarez
	CryptoNote
	December 2011

	#!/usr/bin/python3
	# Check and report status of joinmarket directory nodes.
	# SPDX-License-Identifier: MIT
	import socket
	import subprocess

	PROXY = ('127.0.0.1', 9050)
	GLYPH = ['❌', '🆗']

	# Nodes to check

	'''
	Convenience utility for connecting to a bitcoind instance through RPC.
	'''
	# W.J. van der Laan 2021 :: SPDX-License-Identifier: MIT
	import base64
	import decimal
	from http import HTTPStatus
	import http.client
	import json
	import logging

	#!/usr/bin/env python3
	import io
	import struct
	import sys
	import pprint

	import macholib.MachO
	from macholib.mach_o import LC_CODE_SIGNATURE
	import asn1crypto.x509
	from asn1crypto.cms import ContentInfo, SignedData, CMSAttributes

	# serial devices
	# get attributes using: udevadm info -a -n /dev/ttyUSBn
	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Flyswatter2", ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="serial/flyswatter-jtag"
	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Flyswatter2", ENV{ID_USB_INTERFACE_NUM}=="01", SYMLINK+="serial/flyswatter-tty"

	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Dual RS232-HS", ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="serial/unleashed-jtag"
	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", ATTRS{product}=="Dual RS232-HS", ENV{ID_USB_INTERFACE_NUM}=="01", SYMLINK+="serial/unleashed-tty"

	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", ATTRS{product}=="Quad RS232-HS", ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="serial/zodiac-jtag0"
	SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", ATTRS{product}=="Quad RS232-HS", ENV{ID_USB_IN

	#!/usr/bin/env python3
	# Distributed under the MIT software license
	import binascii, struct, sys, io, argparse
	from PIL import Image

	IMG_WIDTH = 512 # could be made adaptive...
	MIN_HEIGHT = 4 # minimum height of image; twitter won't let us upload anything smaller
	BYTES_PER_PIXEL = 4 # RGBA, 8 bit

	def div_roundup(x,y):