Posts by chewitt
-
-
-
Stop being a drama queen and exercise some patience. We know IA changes can be disruptive but we are dependent on upstream IA developers figuring out the issue and then merging fixes to their codebase - and we've merged changes to LE within an hour of those fixes being published. The project runs on people working for $free in their spare time, alegedly for fun. You might want to recalibrate your expectations.
-
I have never booted NOOBS/PINN, but we create tar files for them (still) so see if this works:
https://releases.libreelec.tv/LibreELEC-RPi5.aarch64-12.0.2-noobs.tar
-
Updates for LE12/LE13 have been merged and should appear in the repo over the next 24h.
-
There's nothing printed on the board that returns anything on Google, the spec info is too generic, and the manufacturer page contains no details. Dump/share the Android system/boot log and we can probably see what SoC/chipset is inside.
-
This will be somewhat hard to guess at .. but here's some comments and thoughts:
I'll make an educated guess that you can't SSH to the RPi as the college has implemented guest isolation on the WiFi network. It's a pretty standard restriction in "public" networks to prevent a device from interacting with anything except the gateway. It stops the computer science students from hacking everything (school networks are pretty hostile environments).
RPi boards have no RTC chip so date/time defaults to the libc release date until the network is up and connman makes a successful NTP request to the default pool.0.ntp.org servers (there is normally no need to configure any). TLS certs can be invalidated if time is wrong because e.g. the current date/time is seen to be in the past and the valid-from date for the cert is seen to be in the future so although you have IP connectivity the TLS connection is (correctly) rejected.
So there is probably an issue with NTP. If something blocks external access to pool.0.ntp.org or DHCP does not provide an NTP server (or worst, provides an invalid one) the clock is wrong and services using TLS certs (like repos) may not work. The workaround is to SSH to the device over Ethernet (direct cable) and set the clock to current time. You can also try configuring a local NTP server. If the college doesn't publish anything about their in-network NTP servers, try configuring the IP of the gateway as most will routers will respond to an NTP request.
Another possibility is you need to 'authenticate' to access the Internet? - perhaps the college has a captive portal where you need to enter credentials or click 'go online' to proceed (like a Hotel, Airpot, Coffee Shop). If yes, the two suggestions are:
a) Share the WiFi of a laptop over Ethernet and then connect the RPi to the laptop via Ethernet.
b) Share the WiFi of the RPi over Ethernet and then connect a laptop via Ethernet. This cannot be configured in the GUI, but can be done using connmanctl over SSH; so SSH into the RPi over a directly connected Ethernet cable and then use connmanctl to enable 'tethering' over Ethernet. This will allow you to use a browser on the Laptop to visit the captive portal and complete whatever auth challenge is required.
There's probably other things .. that's just what comes to mind.
-
Hi chewitt, i want to buy a TVBOX with an Amlogic chipset for a good 4K vision: can you recommend me a good device?
In short, no. The 'best' or more accurately 'least worst' supported devices are still S905X/D from the 2015/16 era; I wouldn't really use the word 'good' in the same sentence as Amlogic. Newer hardware has zero support so you're forced to deal with the vendor kernel (we choose not to go there) and their recent technical direction is quite hostile to open-source. I see them as a dead-end for Kodi support on Linux (even with vendor kernels) in the long-term.
The device I use daily and the only one I'll recommend to anyone at the moment is an RPi5.
-
How is this related to LE?
-
The crash log shows https://tv-server.fritz.box is configured. If you disabled TLS it should be http://tv-server.fritz.box ?
The better option is trusting the self-signed cert: https://wiki.libreelec.tv/configuration/ssl-tls-certificates
-
imhotep please boot the image in my share with meson-g12b-dreambox-one.dtb configured in uEnv.ini and paste the log.
-
Is it possible with a manual installer (dd command) to install Libreelec in available space on a disk with a previous media partition?
No, because 'dd' is the wrong tool for that job.
If you know what you're doing with Gparted (under Ubuntu) then it's not that hard to rearranage (shrink/move) existing partitions and filesystems to make space for the TWO partitions LE requires and then perform a manual install. However the method will be dependent on the hardware used and there are intentionally no instructions for this in the wiki; as guiding less experienced users through the process (and the inevitable recovery exercise when things don't go right) is not fun, and we don't support it.
-
Yasai-san thanks for confirming. I've submitted changes:
linux: disable CONFIG_PROVE_LOCKING for Exynos by chewitt · Pull Request #10024 · LibreELEC/LibreELEC.tvThis solves a messy boot splat (see below) visible in kernel logs shared by @ShigeakiAsai after the u-boot defconfig fix was applied. Googling flagged this…github.comlinux: disable CONFIG_PROVE_LOCKING for Exynos by chewitt · Pull Request #10025 · LibreELEC/LibreELEC.tvBackport of #10024github.comI've generated the patches by doing diff -Naurp against projects/Samsung/linux/linux.arm.conf and the .config file the kernel creates in the buildsystem linux build folder.
-
I don't know what llvm en drm means (this is the same drm as in "digital rights management"?
DRM = Direct Rendering Manager. This is a kernel API that allows userspace applications (mesa) to interact with GPU hardware that is managed by the kernel. LLVM = (not an acronymn) provides software rendering capabilities to mesa when hardware accelerated rendering of 2D/3D objects (e.g. the Kodi GUI) is not possible. We compile mesa with LLVM support although AMD cards will use an accelerated code path.
-
I am after true 4k or as close to true 4k as I can get in Linux.
4K is nothing more than the dimensions of the image. Both GLES and GL support 4K output. Current LE releases use GLES and there is nothing wrong with GLES. Future LE images will probably switch to GL, and there's nothing wrong with that either. Two different code-paths that use slightly different technologies to basically achieve the same thing.
If you mean 'HDR' output? HDR is only supported on GBM images (Generic) not X11 (Generic Legacy); and it is supported whether the image is LE12 (GLES) or LE13 (could be GLES or GL) as the rendering method isn't important.
-
Yasai-san For LE12 (or Lakka v6) see if changing CONFIG_PROVE_LOCKING=y to # CONFIG_PROVE_LOCKING is not set removes that locking issue? Ref: https://github.com/home-assistant/operating-system/pull/3158
-
Thanks. Let us know - then if all good we'll merge the LE12 patch too.
-
what's the chance to get it transformed in to a "zombi" machines? To be used it by others for something "bad"?
I've also dropped a couple of LE devices with default passwords into deception/honeypot type environments where red-team staff and/or real attackers are active. Both gained access to the system(s) using password dictionary lists; the attackers were faster than the red-team staff who took some time to figure out what the device was (and thus guessed the password correctly first time) but the attackers using a dictionary list were noisier and easily detected. The red-team folks poked around, but perhaps knowing what the distro was didn't bother to do much. The real attackers dropped exploit tools into /tmp and then failed to do anything because the tools assume Debian or RHEL and fail because a) we're neither of those, b) most of the filesystem is read-only. The attackers spent a little time trying to tweak their scripts based on some wrong assumptions but quickly gave up and moved onto more-promising targets in the environment.
Now, obscurity is not security, but unless someone explicitly writes exploit tools that work on LE, the default (and automated) tools that most attackers use don't work, and LE is niche enough that I doubt someone will make the effort to write ones that do: as the total number of exploitable devices (visible to any attacker with a shodan account) means the 'ROI' of the effort is poor. The possible exception is a nation-state actor who might take the time to develop unique tooling for a campaign. However if you're a person-of-interest for those folks, you're fcuked anyway, and the insecure LE box in your network is the least of your problems. So the real-world risk for the small number of users dumb enough to expose their box to the public internet; is someone deleting some/all of their Kodi config and/or whatever media files exist on /storage.
