The 5-Day Boot
Rob McNelly geeks out about Linux 'running' on the world's first microprocessor, shares IBM Support tips and cites another cautionary tech tale
Like a lot of folks in the world of IT, I have a fondness for ancient computer tech, and I'm something of a collector myself. For instance, I'm still in possession of the 386 laptop and 486 desktop I worked on decades ago (see Tech Recollections, July 2024—scroll to the end). But that's nothing compared to Dmitry Grinberg. The programmer and hardware enthusiast not only has an Intel 4004-powered PC, he's running Linux on it.
Of course, “running” may not be the most fitting descriptor here:
“[Grinberg] has shared a video in which he boots and runs commands on an Intel 4004-powered PC running Linux. The video demonstrates the excruciating time to do anything or execute the most straightforward commands. Booting took 4.76 days, for example, and a simple directory listing didn’t hit the screen until 16 hours after inputting the ls command.
“Grinberg booted the machine using the Linux prompt. Thankfully, via the magic of video editing, much of the waiting around between commands gets very fast-forward. An unedited version of the video, running at 120x real-time, exists but takes over one hour and 40 minutes for completists.”
Also, check out Grinberg's own comments:
“I booted Debian Linux on a 4-bit Intel microprocessor from 1971—the first microprocessor in the world—the 4004. It is not fast, but it is a real Linux kernel with a Debian rootfs on a real board whose only CPU is a real Intel 4004 from the 1970s. The video is sped up at variable rates to demonstrate this without boring you. The clock and calendar in the video are accurate.”
A Rundown of Tips and Info From IBM Support
I have a number of IBM Support links to share.
* tcpdump fail/bpf_load error: Why tcpdump fails with error "tcpdump: bpf_load: could not configure driver: Do not specify an existing file" on AIX and VIOS?
For example:
# tcpdump -i en3 port 22
tcpdump: bpf_load: could not configure driver: Do not specify an existing file.
Answer: The tcpdump uses bpf to capture the network packets. The error "bpf_load: could not configure driver: Do not specify an existing file" indicates that another application or driver is holding a lock on bpf that is reserved for tcpdump. To determine who is holding a lock on bpf, run the following steps as root.
The link provides more information about the commands you need to run. It concludes with:
“The lke output shows that Hitachi driver "hitachipcmke" uses major number "37," which is allocated to the bpf device used by tcpdump, and this causes tcpdump to fail. hitachipcmke driver needs to be unloaded to free major number to allow tcpdump to use it. The Hitachi needs to be contacted to resolve this problem. In this case, the bpf major number is used by the "hitachipcmke" driver, but it can be any other driver. If so, an appropriate driver vendor needs to be contacted.”
* Security bulletin/vulnerabilities in Python: “Vulnerabilities in Python could allow a remote attacker to cause a denial of service (CVE-2024-0397) or obtain sensitive information (CVE-2024-4032, CVE-2024-37891). Python is used by AIX as part of Ansible node management automation.”
According to IBM Support, AIX 7.3 and VIOS 4.1 are affected. By running lslpp you can determine whether your fileset is vulnerable. The link offers more instructions and links to fixes.
* What to expect when contacting IBM Support for end of service product versions:
“IBM recommends customers using End of Service versions of products to upgrade to an In Service version as soon as possible in order to receive the most up to date software and hardware features and to minimize the risk and business impacts of using outdated product versions that may no longer be serviced.”
While that may not sound exciting, this is worthwhile information, particularly for anyone who doesn't currently contract with IBM Support. A related item that explains how IBM Support handles technical questions is also worth your time.
* pGraph performance data graphing tool: “pGraph is a Java program designed to read multiple performance data formats and to produce graphs either interactively or in batch mode. There is no limit on input data size and user can view graphs related to the entire timeframe or can select a specific time period. Only requirement is a JRE 1.5 or newer.”
Changes With IBM TechXchange
The IBM TechXchange community is undergoing a major facelift:
“Our goal is to provide you with an enhanced and personalized experience for connecting, collaborating, and learning. By modernizing the design and enhancing features of the platform, we aim to make the IBM TechXchange Community more user-friendly and engaging for everyone.”
Also note that the 2024 TechXchange Conference is Oct. 21-24 in Las Vegas.
Compromising Unmanaged Servers
Yet another reason to patch, monitor, and generally maintain your AIX machines, and be sure that you are not using default passwords:
“Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server.
“... Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer.
“It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks, those with shadow IT deployments, and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.
“And that's not to say AIX is retired or abandoned technology; it is advanced in its design and it still gets updates and support from Big Blue. By legacy we mean it is a child of the 1980s, is used in specialized roles where it can't be easily replaced, and lives on in a world now dominated by Linux and Windows.
“... Three of the victims' AIX development environment servers were exposed unprotected to the open internet, according to Binary Defense. One of them at least was running an Apache Axis admin portal with default administrator credentials, which gave the intruders full access to the IBM system. The server wasn't compatible with the organization's security monitoring tools, which is part of the reason why it took network defenders months to spot malicious activity on company computers, we're told.”
Binary Defense has since reported more details about the attack:
“AIX systems, while not commonly targeted in the same way as Windows or Linux, are by no means immune to attacks. The attackers in this case demonstrated their capability to identify and exploit the vulnerabilities in these systems. By utilizing tools like AXISInvoker webshell and Fast Reverse Proxy (FRP), they effectively turned a relatively obscure system into a beachhead for lateral movement into other systems. This serves as a crucial reminder that security teams must be vigilant about all systems in their network, not just the most obvious targets.
“...This incident highlights the critical importance of comprehensive security monitoring across all systems, not just those that are actively managed or considered high-priority. Without visibility into every corner of the network, even seemingly minor, unmanaged systems can become a persistent source of risk.”