back to article Linux Beep bug joke backfires as branded fix falls short

Retro programmers may need to reconsider using the Linux beep command as an activity or progress alert. One of the silliest bugs on record emerged late last week, when Debian project leader Chris Lamb took to the distro's security to post an advisory that the little utility had a local privilege escalation vulnerability. The …

  1. fluffybunnyuk
    Megaphone

    and were off and running on a new week of security problems...

  2. Anonymous Coward
    Anonymous Coward

    Amusingly, the man entry for beep contains this wonderful little passage.

    "By default beep is not installed with the suid bit set, because that would just be zany. On the other hand, if you do make it suid root, all your problems with beep bailing on ioctl calls will magically vanish, which is pleasant, and the only reason not to is that any suid program is a potential security hole. Conveniently, beep is very short, so auditing it is pretty straightforward."

    Ah, hindsight.

  3. a_yank_lurker

    Available but not installed

    I check Pamac to see if it was installed, it is not. It is in the extra Arch repository for Arch based distros.

  4. thames

    Almost nobody even has beep installed.

    According to Debian, only 1.88% of users have beep installed. Only 0.31% use it regularly. Apparently "beep" doesn't even work on most hardware. I suspect that the few people who do have it installed used it in a bash script somewhere years ago and forgot it. I checked my PC (Ubuntu), and It is not installed.

    The best solution is probably to check if you have it installed, and if you are one of the few people to who, to simply un-install it. If you are worried about some obscure script failing because it got an error when it tried to call beep, then perhaps symlink some fairly innocuous "do nothing" command, or possibly even a script which will write to a log somewhere to tell you when it was called.

    If I need to have my speakers on my desktop make any noise I use "espeak", which is a text to speech utility. There are other noise making utilities as well which unlike beep actually work on modern hardware.

    1. druck Silver badge
      Facepalm

      Re: Almost nobody even has beep installed.

      Who wants to bet there will be a large spike in downloads of beep now, as people check to see if they have a beep speaker.

    2. Ellipsis
      Windows

      What the *beep*?

      > 1.88% of users have beep installed. Only 0.31% use it regularly

      How do they know this? Does Debian slurp collect telemetry?

      1. Belperite

        Re: What the *beep*?

        Popularity Contest (popcon). You get asked if you want to install it, along with an explanation of exactly what it does, when you install Debian. The default is not to install it.

        https://popcon.debian.org/

        1. rlw
          Linux

          Re: What the *beep*?

          Actually, it will install it but not activate it if you choose no. Note the dpkg dialog immediately after choosing no.

      2. DuncanLarge Silver badge

        Re: What the *beep*?

        "How do they know this? Does Debian slurp collect telemetry?"

        Upon installing debian you are given the option to opt-in to the package popularity survey which reports back to them what packages you have installed so they can determine which packages are the most popular. They use this to put the most commonly wanted packages on the first/second DVD images so simply downloading the first DVD should get you the most popular packages straight away.

        I guess the survey also records how often the package is actually used.

      3. fgeva

        Re: What the *beep*?

        When you install debian, you get asked if you want to install popcon and contribute to those statistics. The default answer is "no", by the way.

      4. JohnFen

        Re: What the *beep*?

        Debian offers a telemetry package that you have to opt-in to. I know a lot of Debian users, but I don't know a single one who allows telemetry.

        1. keithzg

          Re: What the *beep*?

          I always opt in; accurate statistics are important, as cases like this illustrate. And hey, if that means Debian bases packaging decisions based only on people like me, I can love with that ;)

          (More serious answer: statistically speaking, even a very small percentage of Debian users opting into popcon is probably nonetheless quite statistically significant of a sample size, so I bet their numbers are fairly accurate.)

    3. PyLETS

      Re: Almost nobody even has beep installed.

      " ... only 1.88% of users have beep installed. Only 0.31% use it regularly "

      That's a very good example of the reason you shouldn't apt-get dist-upgrade forever (or your package management distribution upgrade of choice equivalent). This process leaves obsolete packages installed which you probably no longer want and which seem destined to come back and bite you when you least expect it. Doing a full and clean install occasionally, apart from maintaining knowledge of how to configure stuff you've become dependent upon, will keep a system in a more sane condition.

      1. Chairman of the Bored

        Re: Almost nobody even has beep installed.

        Totally agree with you; trick is that with production systems a lot of people cannot frequently rebuild as I would, say, my home Linux and windows boxes.

        I do spend a fair amount of time looking over the installed package lists on production boxes and asking, "what is this one... and this one... Do we really use every version of python since the beginning of time or is cruft accumulating?" And so forth. I actually schedule days for in-depth consideration of open ports, services exposed, etc. Sometimes the need for something passes and you get an opportunity to reduce your attack surface.

        I'm sure this tool exists and I'm too dumb to know what it is, but if not here is my proposal: develop a script that crawls around and looks at last access times on files and associates these with installed packages... If all files associated with a package haven't been accessed in <defined> months, inform admin that maybe the package is unnecessary?

        1. Anonymous Coward
          Anonymous Coward

          Re: Almost nobody even has beep installed.

          You only can't rebuild production systems from cold if you either don't have enough redundancy, or you don't have any reliable way of reconstructing the things that live on the system from cold.

          Both of those things are often true of course, sadly.

      2. Anonymous Coward
        Anonymous Coward

        Re: Almost nobody even has beep installed.

        apt-get doesn't remove obsolete packages because you may be using software from outside of the official repos that depend upon them and for which there may be no later releases or alternatives.

        A 'full and clean install occasionally' (when, and on what basis?) is a non-starter if you're doing work on a system and is a very poor way to maintain a system - there is a choice of package managers and utilities that will flag obsolete packages, identify orphaned (unused) dependencies and allow you to selectively remove them.

        I the last full clean install I've done was more than ten years ago - new systems get cloned and then modified as needed. Cloning on Linux is relatively quick and easy using standard utils and fwiw I install multiple clones, each in their own small partition, on each system so if a problem, for what ever reason, occurs on the 'running' or currently booted system I have a number of fall-back systems I can boot. Personally, I tend to rotate them as major upgrades occur, so I preserve the last good known working version and perform the upgrade on a new clone in its own partition.

      3. JohnFen

        Re: Almost nobody even has beep installed.

        "Doing a full and clean install occasionally"

        Why would you want to do this? It's highly disruptive and gains you nothing. I would, instead, recommend just going through your installed packages every so often and removing the ones you no longer need.

        1. Mage Silver badge

          Re: "Doing a full and clean install occasionally"

          Shirley that's a Windows thing. Pretty much mandatory going to a new release of windows. Usually on Linux you don't have to, though if VERY ancient, you might want to do clean install or you'd need an intermediate version.

    4. JohnFen

      Re: Almost nobody even has beep installed.

      "According to Debian, only 1.88% of users have beep installed. Only 0.31% use it regularly."

      I have beep installed, and use it regularly, but there's no way that Debian could know that -- so I'm not reflected in those stats. I expect that most people who use beep are developers of a certain type, and that type is precisely the sort that does not allow telemetry.

      So, while I have no problem believing that a very small minority of Debian users have and use beep, I would be very surprised if the numbers were as low as Debian is reporting.

  5. JakeMS
    Happy

    Eh..

    Every system of mine still has one of those little "PC Speakers" - They almost always come with the motherboard. When I'm building the systems I put them in because, well just because.

    They can also be useful in the event of hardware failure as sometimes a motherboard can beep the problem to you[1] - I've fixed a few machines using beep codes for diagnostics.

    So I wouldn't call those little speakers useless. For the most part if you don't want your OS beeping at you, you can simply not load the pcspkr kernel module[2] and it won't function from the OS thus leaving it for bootup checks only.

    I'm guessing these days when everyone is putting all their PC/Server components together they don't bother putting those little speakers in? Well, that's fine but I still do... maybe I'm just old :-D.

    [1] For example: https://www.computerhope.com/beep.htm (First duckduckgo result)

    [2] Most of the time when the "beep" command does not work it is because this module is not loaded

    1. bolac

      Re: Eh..

      But you can use them without setuid by printing the ASCII "BELL" character. You only need Root if you want to do crazy things like change the frequency (i.e. tone).

    2. Jaap Aap

      Re: Eh..

      I don't know what kind of motherboard you buy, but all the ones I have recently seen come with a little on-board speaker. So absolutely no need to connect the one from the case.

    3. Steve the Cynic

      Re: Eh..

      They can also be useful in the event of hardware failure as sometimes a motherboard can beep the problem to you[1] - I've fixed a few machines using beep codes for diagnostics.

      I've done this twice. The last time was a machine with a tendency to overheat, and it would beep out "CPU not running" when it rebooted. Cleaning the heatsink and fans resolved that one.

      The other was about twenty years ago, when I flashed the BIOS on a machine and the process evidently failed. It rebooted and beep beep beep... with the black screen of nothing. I read the manual, and found out why, and how to fix it.

      I got a blank floppy and downloaded the new BIOS onto it (using a different machine, duh). Then I put the floppy in the paperweight's A: drive, powered it up and waited. Beepty beep, drive seeking clunk clunk clunk ... Beep. Reboot. Machine alive.

      Ever since that day I have been leery of upgrading the BIOS...

      1. John Brown (no body) Silver badge

        Re: Eh..

        "Ever since that day I have been leery of upgrading the BIOS..."

        You really shouldn't be. I've replaced 1000's of motherboards over the years and a BIOS update is pretty much the first step after powering up and never had a failure. BIOS upgrade failures are incredibly rare and most often caused by another underlying fault, dirty power or using an incorrect firmware file in error. My experience covers desktops, servers and laptops of various brands too, so anyone concerned by the "scare" stories really shouldn't be. Just be careful to use the correct tools and firmware versions.

    4. Loyal Commenter Silver badge

      Re: Eh..

      Every system of mine still has one of those little "PC Speakers" - They almost always come with the motherboard. When I'm building the systems I put them in because, well just because.

      Exactly. Every MoBo I've ever come across has a jumper for a speaker, and they are a godsend for diagnosing boot-time issues such as poorly seated components.

      If you have children, they're also useful for letting you know when small fingers have pressed the power button when you're in another room.

    5. DuncanLarge Silver badge

      Re: Eh..

      Agreed, my latest AMD Ryzen motherboard from ASUS came with the standard front panel header, which includes the speaker pins, and a speaker.

      However those little speakers that you just plug into the board and leave hanging are annoyingly quiet sometimes!

      Without a PC beep upon boot I automaticaly wonder if there is something wrong. A successful POST must beep at you even if its via the on-board audio.

      Also I frequently use the beep program withing my commandlines.

    6. Cuddles

      Re: Eh..

      "They can also be useful in the event of hardware failure as sometimes a motherboard can beep the problem to you"

      Most motherboards also have an LED 7-segment display that gives boot and error information in a much more readable format though. Trying to figure out a pattern of beeps is a lot more difficult than just reading an error number. Unless the fault you're trying to diagnose turns out to be that the LEDs aren't working, there's really little use for the speaker.

      1. JohnFen

        Re: Eh..

        "Most motherboards also have an LED 7-segment display that gives boot and error information"

        I must be buying really oddball computers, then (not unlikely), because not one of the ones I own has such a display.

        1. DropBear

          Re: Eh..

          Motherboards with 7-segment LED displays do exist, but they're by far the exception, not the rule.

        2. John Brown (no body) Silver badge

          Re: Eh..

          "I must be buying really oddball computers, then (not unlikely), because not one of the ones I own has such a display."

          Ditto. We supply three major brands of motherboard as well as a couple of major brand desktop systems and at most there may be one, possibly two status LEDs on the motherboard (or none at all)

      2. JakeMS

        Re: Eh..

        Cuddles wrote:

        Most motherboards also have an LED 7-segment display that gives boot and error information in a much more readable format though.

        Huh? Not come across a motherboard with one of those yet. Generally I'm dealing with SuperMicro, Asus, AsRock (basically, Asus again) and Gigabyte.

        Would be interested to see one of those though :-).

        1. Jaap Aap

          Re: Eh..

          Supermicro C7Z170-SQ has one of those 7-segment displays onboard.

          I ran into a weird issue where boot took about 45 minutes. At least I could see something was going on. After a bios update it was fine again.

          Either way, not buying something from that range again. Stupid graphical bios.

    7. Anonymous Coward
      Anonymous Coward

      Re: Eh..

      I had to disable the beep in my laptops.

      My cat would wake me at all hours standing on the keyboard.

    8. JohnFen

      Re: Eh..

      " I wouldn't call those little speakers useless."

      Me neither. I find them every bit as useful today as they were 30 years ago.

    9. John Brown (no body) Silver badge

      Re: Eh..

      "They can also be useful in the event of hardware failure as sometimes a motherboard can beep the problem to you[1] - I've fixed a few machines using beep codes for diagnostics."

      Most laptops I've worked on in recent years will do a beep code or equivalent power LED flash code, but most desktops nowadays only ever seem to have a single beep code of "failed to complete POST". Most often it's a catastrophic RAM failure. If they even beep at all. Probably because for most users purposes, it doesn't matter what the failure is if POST fails before the video is initialised. It's the same bit you need to replace, ie the whole motherboard. Multiple beep codes indicating failed ports/controllers when most I/O were separate add-on cards made sense.

    10. david 12 Silver badge

      Re: Eh..

      I was reading that wondering if somebody, in the chain or reporting, was confusing "very few computers have beep hardware" with "very few people have beep installed".

  6. arctic_haze

    Who actually has beep installed?

    No beep on my Fedora boxes. You really needed to actively install the package to have this problem.

    In my opinion, this is one of the least important security problems ever.

    1. bolac

      Re: Who actually has beep installed?

      The same is true for Redhat, Ubuntu and even Debian in cluding ancient versions. SuSE has an alias called "beep", which has nothing to do with the "beep" program discussed here.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who actually has beep installed?

      "In my opinion, this is one of the least important security problems ever."

      Me too , which is why it makes me sad that so much effort has been put into that HoleyBeep web page... Just leave the distros (that include it) to patch it in their own time, I can't imagine any automated scripts are using 'beep' rather than 'mail'.

    3. DuncanLarge Silver badge

      Re: Who actually has beep installed?

      Well I wouldnt be surprised its not installed because nothing generally depends on the beep package so it wont get installed. The only stuff installed are the selected packages and their dependancies and beep is unlikley to be useful by itself unless you need it whihc is when you end up installing it.

      Packages that I also dont expect to auto-install include OpenSSH server, Midnight Commander, mutt, emacs (default install for most distros is nano) etc etc. Of course I manually install those first thing as I must have them ;)

  7. Anonymous Coward
    Anonymous Coward

    Of course it's not an important security issue

    It's not on Windows.

    If this was on Windows this thread would be full of linux zealots explaining how simple this was to fix and how outrageous it is that this bug exists....

    1. kryptylomese

      Re: Of course it's not an important security issue

      The difference is that the security implications were detailed in the man pages and you can fix this yourself very easily whereas with Windows you would have wait for Microsoft to provide a fix if a) they found the issue in the first place and b) they actually decide to fix it rather than logging as "won't fix".

      1. Anonymous Coward
        Anonymous Coward

        Re: Of course it's not an important security issue

        The difference is that the security implications were detailed in the man pages and you can fix this yourself very easily whereas with Windows you would have wait for Microsoft to provide a fix if a) they found the issue in the first place and b) they actually decide to fix it rather than logging as "won't fix".

        That's no different to Linux though. The average user (I.e., pretty much everyone if Linux were to ever become more than a fringe OS) wouldn't ready the man pages, certainly wouldn't know how to fix it themselves, and would have to wait for their distro provider to ship an update.

        In fact that very attitude of "you can fix this yourself" very nicely illustrates exactly why Linux never will gain widespread adoption on the desktop.

        1. JohnFen

          Re: Of course it's not an important security issue

          "The average user (I.e., pretty much everyone if Linux were to ever become more than a fringe OS) wouldn't ready the man pages, certainly wouldn't know how to fix it themselves, and would have to wait for their distro provider to ship an update."

          True. But that sort of user would never have installed beep to begin with, so it doesn't matter.

          1. Mage Silver badge
            Coat

            Re: Of course it's not an important security issue

            "The program 'beep' is currently not installed. You can install it by typing:

            sudo apt install beep"

          2. Anonymous Coward
            Anonymous Coward

            Re: Of course it's not an important security issue

            But that sort of user would never have installed beep to begin with, so it doesn't matter.

            Well, that sort of user would most probably be at the mercy of their distro provider to install software that they would deem "necessary" for the smooth operation of the OS. While this might be a relatively unlikely/benign utility, it wouldn't take too long for something more necessary to be exploited. Most probably in the form of an unpatched/out of date library.

            1. JohnFen

              Re: Of course it's not an important security issue

              I am not aware of any distro that installs beep as part of a standard installation. It would be weird if one did, as the utility is not useful except for fairly specialized situations, and distros tend to avoid automatically installing anything that isn't useful to a wide range of users.

    2. Baldrickk

      Re: Of course it's not an important security issue

      But also it would be installed by default on Windows, and likely couldn't be disabled through the control panel settings some combination of two different control/settings interfaces...

    3. thames

      Re: Of course it's not an important security issue

      @Anonymous Coward said: "It's not on Windows."

      Oh look, someone trolling anonymously. What a surprise.

      Well guess what, it's not normally installed on Linux either, as you would know if you had actually read the story. It's a third party program that an administrator can install if he or she wants to, but very, very , few actually do.

  8. jake Silver badge

    A stand-alone program to ...

    ... send ^G to the terminal? New one on me. I guess somebody thought it'd be useful. But who? And when? And more to the point, why?

    Then again, curses has the ability to beep and flash. man curs_beep

    If your terminal supports it, that is. At a shell prompt, try echo ^G to see if your terminal will beep. Might have to escape the ^G with ^V ... Do they even teach this stuff to newbies anymore?

    1. Anonymous Coward
      Anonymous Coward

      Re: A stand-alone program to ...

      Just tried

      echo "\007"

      .... and the front doorbell rang! Coincidence ... I think not.

      (N.b. ever since I realized that "^G" was octal 007 I've been hopiong for James Bond film where he encounters an elderly programmer who looks up ands say "ah, James Bond 007 ... that's a name tro used to ring a bell")

      1. jabuzz

        Re: A stand-alone program to ...

        Yeah except if you want echo to interpret backslash escape sequences you need to use the -e option (at least on all my Linux machines) so the command needs to be echo -e "\007" though echo -e "\07" works, as does echo -e \\07 which is a even fewer characters. However instead of using random octal why not use \a which is the alert backslash sequence so echo -e \\a is the shortest variant.

    2. Baldrickk

      Re: A stand-alone program to send ^G to the terminal?

      Well I believe it provides the ability to change the and duration. Something that I used to great effect at college, writing a little app that played a little tune, then proceeded to warble out a sort of siren, slowly rising and falling in pitch. (This was on windows though, not using the beep app here).

      Somehow, I managed to make it (purely by accident) continue running even after the user logged off unless they killed it first.

      Probably inevitably, having shared it with a friend, it ended up daisy-chaining around the college.

      IT ended up going round all of the computer rooms (and this was a big college) disconnecting all the internal speakers from each and every machine, all thanks to me. Whoops.

    3. Anonymous Coward
      Anonymous Coward

      Re: A stand-alone program to ...

      "I guess somebody thought it'd be useful. But who? And when? And more to the point, why?"

      I would guess for daemon programs that don't have a controlling terminal but want to audibly signal that there's a serious problem to the operator (for back in the day when someone would actually be sitting in the machine room).

      1. Destroy All Monsters Silver badge
        Windows

        Re: A stand-alone program to ...

        "I guess somebody thought it'd be useful. But who? And when? And more to the point, why?"

        Because teleprinter Bell, you Forum Barbarians.

        https://en.wikipedia.org/wiki/Bell_character

        IT is full of stuff like this.

    4. Ellipsis

      Re: A stand-alone program to ...

      > somebody thought it'd be useful. But who? And when? And more to the point, why?

      One could ask the same of the vast majority of software packages and features, and never receive a satisfactory answer…

      1. Doctor Syntax Silver badge

        Re: A stand-alone program to ...

        "One could ask the same of the vast majority of software packages and features, and never receive a satisfactory answer,"

        It depends who you ask. Ask most people who thought, say QGIS (what's that, you've never heard of it?) was for and you'd receive blank looks. But there are enough people who need a GIS (never heard of that either?) to develop it originally and to continue with that.

    5. JohnFen

      Re: A stand-alone program to ...

      "I guess somebody thought it'd be useful. But who? And when? And more to the point, why?"

      If you're doing low-level programming, the ability to beep can be incredibly useful. When something goes wrong or you are debugging and the system isn't in a state where you can do high-level I/O, or the code you're working with is at a level where high-level I/O is difficult to do, beeping the speaker is an easy way to get status and debugging information.

      It's less useful if you have to go through the terminal to do it, though. Better to have code that just beeps all by itself.

    6. Lee D Silver badge

      Re: A stand-alone program to ...

      I used to use it all the time (I know the jonath domain by heart).

      It was a great tool for PC systems that weren't full desktops for everything from identifying machines to indicating problems via a series of tones. Not always was a ^G able to be sent, or sufficient, for such purposes. It's much easier to break out to shell and run a specific program, if for no other reason than echoing scripts that do the same will also beep even though you're only viewing the script, not to mention what's the controlling terminal nowadays with everything from virtual terminals to SSH, containers to virtual machines, etc. - where does the ^G actually play the sound? Beep played out of the hardware of the physical machine you were executing on (hence why it liked to have root).

      For instance, a home machine that controlled the Internet connection has no screen or speakers except the internal speaker and used to have a set of rising or falling tones if the Internet came up or went down. I literally never had a graphics card in that machine, so it was very handy, and just a ^G is insufficient to convey that.

      However, to tell you how long ago that was, it was a 386 running Freesco on a 2.0.38 kernel, and the Internet was a modem connection which I used to have to turn-off to let my dad make a phone call and it was useful to know that the modem was stopped from dialling out (the falling tones) and when it had managed to restart the PPP session after resuming (the rising tones). If you kept hearing both, it was still trying to dial out.

      I know that a lot of embedded hardware still has the same kind of things in them - everything from firewalls to NVR servers - to let you know when they've completed booting. Not to mention that I don't think I've ever owned a computer that WOULDN'T output the sound from beep if you installed it. It might be a PC speaker passthrough header on a sound-card or motherboard, but it usually still works, I believe.

      That said, it's probably a long-abandoned bit of software given that it's been 20 years since then, and all it does it beep, and that's pretty much everything you wanted it to do even 20 years ago. It should have been audited, it should have been caught, and being setuid (or suggesting so), it should have been subject to a higher level of scrutiny.

      I bet there are a million machines out there with it on, just for those rising-tone power-up notifications in embedded devices, if they're not using some busybox equivalent.

  9. Zog_but_not_the_first
    IT Angle

    Junk DNA

    I wonder how much "junk DNA" exists in software (bios through to large software packages and their supporting code)? I remember being able to trick a PC into prompting for "Press play, then any key" long after the era of cassette tape loading had passed.

    1. Dan 55 Silver badge

      Re: Junk DNA

      GUI icons - floppy disk to save.

      UNIX - lp0 on fire.

    2. Mage Silver badge

      Re: Junk DNA

      Some of these DOS devices can't be used as filenames on Win10

      AUX 1st serial port

      PRN 1st parallel port

      COM1 thru COM4 Serial ports (NT had /has Com1 to Com255, TTY is UNIX/Linux equivalent)

      LPT1 thru LPT3 Parallel ports (Don't know how many NT had)

      CON Keyboard and screen

      NUL Dummy (for testing)

      Wasn't there also a punch and reader device in early DOS? (names?) or was that CP/M?

    3. Orv Silver badge

      Re: Junk DNA

      While it's dead now, the COM executable format in MS-DOS existed to make porting CP/M software easier, and persisted well into the Windows era.

      Some vestigial chunks of the IBM XT BIOS persisted into the 90s; I remember accidentally powering up an early 386 with no disks attached, and seeing "NO ROM BASIC" in glorious 40-column text.

  10. Anonymous Coward
    Anonymous Coward

    noot noot

    That is all.

  11. countd

    A Brief History of the PC Beep

    Read this the other day - rather interesting on the history of the PC beep and why it survived for so long after the advent of the soundcard (spoiler: disability legislation).

    https://blogs.msdn.microsoft.com/larryosterman/2010/01/04/whats-up-with-the-beep-driver-in-windows-7/

  12. Anonymous Coward
    Anonymous Coward

    Linux: Insecure by design

    LOL, Can you imagine how you penguins would have reacted if such a simple problem existed on windows, and how if anyone came up with the sort of excuses you are using now you'd laugh at them?

    1. JohnFen

      Re: Linux: Insecure by design

      Yes, I can imagine how many: almost none.

  13. Kingstonian

    POST beep

    the POST beeps are (were) one of the most useful basic diagnostic tools where there's no video or other diagnostics on the motherboard.

    Turn on the big red switch.

    Wait.

    Listen.

    One short beep and you're good. Unless you have a COMPAQ clone rather than a genuine IBM PC so you get 2 beeps and think something is wrong until you quickly remember!

  14. Mike 16

    Does the speaker sound driver still exist?

    I recall many years ago when someone (ESR?) published a sound driver (maybe for ALSA?) to allow one to use the PC speaker as a generic audio output device, so you could, for example, play your pirated Duran Duran mp3s _anywhere_ (until the sound stack broke again).

    Compare and contrast to my memory of setting up racks of headless servers where ticking the "Server" install config would load up an impressive collection of audio and video drivers, in case I wanted to watch a movie on the non-existent monitor with 5.1 sound via the non-existent sound card.

    1. Mage Silver badge

      Re: Does the speaker sound driver still exist?

      There was one on win3.x

      I wrote one for DOS. About 5bit resolution as you can only turn pin on/off, so tones are rate using 50:50 and sound uses PWM, aka Class D.

      1. Mike 16

        Re: Does the speaker sound driver still exist?

        Would it run on WfW? I still have a few licensed copies on (formerly) sealed floppies. Raises the question of whether the "Breaking this seal..." contract would apply, as the glue sealing the envelopes rotted away some years ago.

        Anyway, if someone has a set of samples to mimic Votrax. we could combine them with your speaker driver and a text-to-Votrax driver I have around here somewhere. Isn't Science Wonderful?

        1. Mage Silver badge

          Re: Does the speaker sound driver still exist?

          Yes, the Win 3.x speaker sound driver (that was on a cover disk once) does work on WFW3.11. It's possible it works on Win9x as those are basically Win3.x with updated Win32s, updated version of VFW, added Direct X (to allow porting DOS games) and the Win 3.x 32bit disk & network stack all "included". Replacing Progman.exe and winfile.exe with explorer.exe. It was sad that it was so popular and held back NT development and adoption, and ultimately saw programs with broken security on NT that needed you to be the Administrator. The Win9x development and inept win9x programs were responsible for most of the ills of NT 4.0 and NT5.x (Win2K, XP, Server 2003). After 2003 it's been downhill all the way.

    2. Orv Silver badge

      Re: Does the speaker sound driver still exist?

      The phrase "until the sound stack broke again" made me chuckle, because I don't think I've had reliable sound in Linux since they abandoned OSS for ALSA. I recently replaced my Ubuntu media PC setup with Windows 10 because one too many evenings where I wanted to watch a movie ended with me trying to figure out why ALSA's HDMI sound output mysteriously stopped working again.

      1. Dan 55 Silver badge

        Re: Does the speaker sound driver still exist?

        Then PulseAudio came along to make it worse.

  15. DropBear

    I'm puzzled...

    ...How come the first commit to the vulnerability's "Github repo" dates several months back...? How long have they been keeping us in the dark?!? Soylent green is people...!!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like