Posts Tagged ‘talk’

FOSS.in 2012 \o/

Thursday, July 5th, 2012

FOSS.IN

After it didn’t happen last year, it will this year! I’m talking about FOSS.in, the premier Free Software conference in India, if not Asia. I’m very pleased to see that this event managed to pull it off again. Also, everything seems to be very much in time this year, so I expect things to go down smoothly.

If you have something cool to share and want to attract a highly motivated audience, which doesn’t only want to listen, but also to do something, then you should consider submitting something. The FOSS.in 2012 takes place, again, in Bangelore, India, from 2012-11-29 until 2012-12-01.

FOSS.IN

The Call for Papers is closing soon, so hurry up!

GNOME.Asia 2012 in Hong Kong

Wednesday, June 20th, 2012

I had the great pleasure to be invited to GNOME.Asia taking place in Hong Kong and to give a talk there.

The first day started off with a very nice introduction by the local organizing committee. It is amazing how much energy they invest in Free Software, especially in GNOME. I think it’s outstanding given that I don’t see that many contributers from eastern Asia and that I was told several times that the attitude in Free Software communities is discomforting, at best, to people from eastern Asian cultures. But maybe it’s because of GNOME’s rather friendly community these people feel comfortable in GNOME. Let’s keep it that way.

The organizers greeting us

The main talks were given by westerners and I hope we (the westerners) could encourage the audience to believe in themselves and in GNOME. We, I and my old GNOME friend Andre Klapper, were talking about how to start contributing to GNOME as a member of the Bugsquad. We already talked together a couple of GUADECs back. Our slides can be found here. With probably 75% of the conference attendees the talk was comparately well attended and I think it went well, too. We had a good and very unexpected discussion afterwards, too. That was very refreshing.

The crowd for our talk

The second day was filled with talks, too, although I didn’t find it as interesting as the first one. Mainly because I couldn’t understand many talks. The language barrier was quite high for me as my Chinese isn’t all too good ;-) While I do appreciate the Free Software communities for enabling everyone to have access to computing, i.e. by translating the software into every language in the universe. I do sometimes wonder whether we actually fragment ourselves and should rather concentrate on improving the actual code. Especially since we are an international community having interational conferences. If there were isolated communities, it is crystal clear that translating everything into these languages is a major bonus. But since we eventually want to talk to each other and support each other, the translations are a bit of a hurdle to overcome. But this point is very moot because these people probably wouldn’t even know about Free Software, not to mention want to exchange thoughts, if the software wasn’t translated in first place.

Allan Day talking about Every Detail Matters

There was actually one talk about Asian Women’s participation in Free Software Projects. But the talk disqualified itself quite early by bringing the common biological argument of different brains and that thus women could not code (sic!).

The *Woman are too stupid to code* talk

I enjoyed the stay in Hong Kong so much that I decided to append two weeks of traveling through China. It was very hot and humid and next time I’ll try to carry less things with me (although I do travel very lightly already).

Thanks a lot to the GNOME Foundation for making this possible for me. I also think that it helped to foster Free Software and GNOME in Hong Kong, China and Asia.

LinuxCon Brazil 2011

Thursday, December 22nd, 2011

I was lucky to be invited to LinuxCon Brazil, taking place in *drumroll* Brazil! Sao Paulo to be precise. The conference centre was very spacious and the conference itself seemed to be much bigger than in Japan.

My talk on GNOME 3 (actually 3.2 and 3.x) was well received and I hope I was able to entertain a bunch of people and make some of them try the new GNOME. Fortunately, our friends from OpenSuSE just released their new version a couple of days ago and brought some machines and media to try it out. Needless to say that it features the latest and greatest GNOME release. We had a good discussion during the talk and I talked to many people after the talk. There was more interest that I expected. I was told that even Linus and Dirk Hohndel commented on it in the speaker’s room when I was not there.

I couldn’t really attend the other talks as I wanted because they were held in Portuguese :-\ There was translation but only for the foreign speakers not talking in Portuguese. So sadly I had to stick to talks that I either knew or didn’t interest me that much. But there were a couple of interesting ones, nonetheless :-) My favourite was Jan Kiszka talking about “Developing Linux inside QEMU/KVM Virtual Machines” because I learned how to actually be able to pass data from my host system into my guest QEMU machine.

So the conference could have made more effort to actually indicate whether the talks were held in English or not. Other than that, it was a good conference which was held in a pretty good conference centre. As the other South American conference I attended a couple of weeks ago, it slipped behind schedule. But only for half an hour ;-)

It wasn’t all too easy to get to Brazil though. I had flight troubles in Amsterdam with KLM again. The security at the gate wanted to search my bag but I refused. I was told to either let them search the bag or wait for the supervisor. I chose to wait as I had quite a bit of newspaper left. Eventually one of the security guys called me out and told me to go out of the gate area to talk to the supervisor. We talked and came back to the gate where I was about to put my stuff into the xray machine. But then the guy came and told me that the flight attendant told him that I couldn’t fly. So I asked the woman directly whether I was denied boarding. She said yes because I caused a queue. I demanded a list of my rights because I was denied boarding and she sent me to the Transfer desk. Then she left… When I went to the transfer desk, I figured out that I was not referenced as being denied boarding but No-Show, i.e. I just wasn’t present. But that’s ridiculous as I sat in the gate except for three minutes when the supervisor called me out. For that reason, I wasn’t provided a list of my rights and the transfer agent wasn’t friendly at all. A second transfer agent managed to get me on the next flight though. I thought I’d like KLM, at least for them flying to South America not crossing the US. But I probably have to go with Iberia the next time.

I’m looking foward to come back to Brazil, either for GNOME Forum or for LinuxCon :-)

Ekoparty 2011

Tuesday, November 8th, 2011

I was invited to Ekoparty in Buenos Aires, Argentina. It all went very quickly, because when I was accepted for my talk on Virtualised USB Fuzzing using QEMU and Scapy, I couldn’t read email very well. I was abroad and had only a replacement laptop (which we got at MeeGo Summit in Dublin) at hand because my laptop broke down :-( And of top of that I wasn’t very well connected. Anyway, I got notice exactly two weeks before the conference and actually I had other plans anyway. But since it was in Argentina and I haven’t been there yet, I was very eager to go.

I was going from Hamburg via Amsterdam and Sao Paulo to Buenos Aires. And back from Buenos Aires via Charles de Gaule to Berlin. After my first fight I had a good break at Shiphol but when I wanted to board the next flight, I was denied at first. After a couple of minutes, some officials came and I was interrogated. Because my itinerary looked suspicious, they said. So I was asked and searched and the information I gave was promptly checked by they woman and her smart-phone. Weird stuff. The next flights and airports were fortunately much better.

The very first day of the conference was reserved for the keynote and workshops. Unfortunately, the workshops were held in Spanish only so I couldn’t really follow anything. But I still attended some folks playing around with an USRP. It was interesting enough despite the Spanish. They decoded normal FM radio, pager messages and other (analogue) radio messages flying through the ether. The keynote was held in Spanish, too, but two translators simultaneously translated the talk into English. It’s the first time that *I* am the one needing a translation device ;-) I didn’t fully get the keynote because the there was a lot of noise in the radio of the Spanglish :-/

The first talk by Agustin Gianni from Immunity was about Attacking the Webkit Heap and was, well, very technical. A bit too detailed for me as I don’t have much desire to exploit memory issues in Webkit, but it’s good to know that there people looking into that. Just after that, there was a talk about security of SAP products. The message I got was, to read the SAP advisories and documentation. Because he was showing exploits that used vulnerabilities that were either known and fixed or documented. It was still a bit interesting for me as I didn’t know much about SAP systems and could see what it’s actually about.

I don’t have much to say about the iOS forensic talk, because you can find the things he mentioned with a one liner: find / -name '*.db'.
Ryan McArthur talked about Machine Specific Registers which I didn’t even know what it was. But apparently CPUs have special registers that you usually don’t use. And these have special capabilities such as offering debug facilities. Also you can issue a simple instruction to detect whether you are in a virtual machine or not. That sounds damn interesting. With Intel it’s called Last Branch Recording. And he implementing something that would be able to trace programs like Skype. I wonder though what difference to PaiMai is. An implementation using these facilities apparently exists for Linux as well.

A bit off the wall was Marcos Nieto talking about making money with Facebook. So he realised that he could send the AJAX request, which some Flash game sends to the game server, himself. He didn’t think about writing a bot playing the game for him though. Instead, he used a proxy to capture the HTTP traffic his Flashplayer was generating and replaying that traffic with the proxy software. And the money part would then be to sell the account that had all the experience points on eBay. I hope it was just the translation and the crappy quality of the radio that made it seem so lame.

As for my presentation, I wasn’t too lucky with the MeeGo laptop I used, because it only has an Atom processor which doesn’t have KVM support. That is very bad if you want to do something with QEMU :-( But I tried to prepare my things well enough to not have many problems. But what happened then was really embarrassing. I prepared demos and I did that very thoroughly. I even recorded some videos as second line of defence in case something fails. But I didn’t expect anything to fail because my demos were simple enough, and just a few copy&paste jobs. That’s what I thought and Murphy proved me wrong. I hate him. So my demos did not work, of course. I still don’t really know why, but I guess that I left a QEMU instance running due to the nervousness. And that instance would still mess around with the pipes that I was using. So lessons learnt: Whenever you think it’s simple enough, think harder.

Demo-Video. If it doesn’t play inline (stupid wordpress) please download yourself.

The rest of the conference was relaxed and the talks were much better than the day before. I feel that the second day was saved for the big things while the first was thought of as a buffer for the people to arrive. There was the SSL talk which caught a lot of attention in international media even before the conference. For reference: The issue was assigned CVE-2011-3389. I was astonished, really, to hear *the* talk being held in Spanish. I absolutely expected that thing to go off in English. Unfortunately, I couldn’t understand much of the things that were told. It took me quite a while to understand that the “navigator” the translatress was constantly referring to is actually the browser… So I was disappointed by that talk, but the expectations were high so it was easy to be disappointed.

http://www.youtube.com/watch?v=lauFlKi56aM

So all in all it went fine. It’s a nice enough conference, really relaxed, maybe even too relaxed. Given that there was one track only, it didn’t really matter that things bent the schedule by two hours. I felt that generally things went off the radar of the organising folks, most likely due to organising a conference being very stressful ;-) But well, it would still have been nice if they actually provided the facilities they promised to give a talk, like a USB cable or a demo laptop ;-) I barely got a T-Shirt :D

LinuxCon Japan 2011

Thursday, June 30th, 2011

Thanks to the Linux Foundation I was able to attend LinuxCon 2011 in Japan.

I used the opportunity to distribute GNOME 3 DVD Images and leaflets during my talk about GNOME 3 which was well enough received I’d say. While I collected a lot of experience approaching people and telling them about all the niceties that GNOME 3 offers over the last few month, I really had too little time to tell all the brilliant things about our new GNOME. Anyway, it was nice to be on the very same schedule as the very important Linux people like Greg KH, Linus or Lenny.

The conference itself was hosted in a very spacious building: The Pacifico in Yokohama. One could see that impressive building from our hotel room. Just nice. The conference was well organised and the provided amenities such as food and drinks were good enough. I was particularly impressed by the simultaneous translations that were done by two elderly men.

The talks were generally interesting, probably because I haven’t been to a kernel focused conference and I found it interesting to get new input. My favourites were the Kernel Developer Panel were one could pose question onto the Kernel people face to face and the talks about the social aspect of Kernel development.

Despite all the trouble in Japan, we had a very good time and in fact, there weren’t many indicators to the earthquake or the nuclear catastrophe. The most annoying inconveniences probably were the turned off elevators. Other than that, we didn’t really see any disrupted services or chaos or problems at all. Traveling in Japan is a real pleasure as the train system is gorgeous and the cities are very well mapped. You encounter a city map just about every other corner and it’s very detailed and helpful. Japanese people are extraordinarily friendly and although there is a language barrier, they try to understand and help you. The downside is, that Japan is quite expensive. Especially the train system, but also lodging and food. However, the quality is very good, so it’s probably worth the money.

I’m looking forward to attend the next LinuxCon, maybe even in Japan :-)

RFID Workshop at CampusGruen’s Datenschutzkongress

Tuesday, April 5th, 2011

I was asked to give a workshop about RFID for the CampusGruen Datenschutzkongress in Hamburg. So I did :-)

I used the opportunity to introduce the audience to the basics of RFID, i.e. what technologies exist and what they are used for. Also, I took arguments from pro and anti RFID groups to have them discussed.

You can have a look at the slides altough I doubt that they make much sense without actually having heard what was to be said. We spend good two hours talking and discussing over my twenty-something slides. Thanks again to the interested audience.

Afterwards, we had a small hacking session. I brought some RFID readers, tags, a passport, etc. and we used all that to play around. We also scanned some wallets to find out whether anybody had unwanted chips in their wallet.

FOSS.in last edition 2010

Saturday, January 15th, 2011

I had the pleasure to be invited to FOSS.in 2010. As I was there to represent parts of GNOME I feel obliged to report what actually happened.

The first day was really interesting. It was very nice to see that many people having a real interest in Free Software. It was mostly students that I have talked to and they said that Free Software was by far not an issue at colleges in India.

Many people queued up to register for the conference. That’s very good to see. Apparently, around 500 people showed up to share the Free Software love. the usual delays in the conference setup were there as expected ;-) So the opening ceremony started quite late and started, as usual, with lighting the lamp.

Danese from the Wikimedia Foundation started the conference with her keynote on the technical aspects of Wikipedia.

She showed that there is a lot of potential for Wikipedia in India, because so far, there was a technical language barrier in Wikipedia’s software. Also, companies like Microsoft have spent loads of time and money on wiping out a free (software) culture, hence not so many Indians got the idea of free software or free content and were simply not aware of the free availability of Wikipedia.

According to Danese, Wikipedia is the Top 5 website after companies like Google or Facebook. And compared to the other top websites, the Wikimedia Foundation has by far the least employees. It’s around 50, compared to the multiple tens of thousands of employees that the other companies employ. She also described the openness of Wikipedia in almost every aspect. Even the NOC is quite open to the outside world, you can supposedly see the network status. Also, all the documentation is on the web about all the internal process so that you could learn a lot about the Foundation a lot if you wanted to.

She presented us several methods and technologies which help them to scale the way the Wikipedia does, as well as some very nerdy details like the Squid proxy setup or customisations they made to MySQL. They are also working on offline delivery methods because many people on the world do not have continuous internet access which makes browsing the web pretty hard.

After lunch break, Bablir Singh told us about caching in virtualised environments. He introduced into a range of problems that come with virtualisation. For example the lack of memory and that all the assumption of caches that Linux makes were broken when virtualising.
Basically the problem was that if a Linux guest runs on a Linux host, both of them would cache, say, the hard disk. This is, of course, not necessary and he proposed two strategies to mitigate that problem. One of them was to use a memory balloon driver and give the kernel a hint that the for the caching allocated pages should be wiped earlier.

Lenny then talked about systemd and claimed that it was Socket Based Activation that made it so damn fast. It was inspired by Apples launchd and performs quite well.

Afterwards, I have been to the Meego room where they gave away t-shirts and Rubix-cubes. I was told a technique on how to solve the Rubix-cube and I tried to do it. I wasn’t too successful though but it’s still very interesting. I can’t recite the methods and ways to solve the cube but there are tutorials on the internet.

Rahul talked about failures he seen in Fedora. He claimed that Fedora was the first project to adopt a six month release cycle. He questioned whether six month is actually a good time frame. Also the governance modalities were questioned. The veto right in the Fedora Board was prone to misuse. Early websites were ugly and not very inviting. By now, the website is more appealing and should invite the audience to contribute. MoinMoin was accused of not being as good MediaWiki, simply because Wikipedia uses MediaWiki. Not a very good reasoning in my opinion.

I was invited to do a talk about Security and Mobile Devices (again). I had a very interested audience which pulled off an interesting Q&A Session. People still come with questions and ideas. I just love that. You can find the slides here.

As we are on mobile security, I wrote a tiny program for my N900 to sidejack Twitter accounts. It’s a bit like firesheep, but does Twitter only (for now) and it actually posts a nice message. But I’ve also been pnwed;-)

But more on that in a separate post.


Unfortunately, the FOSS.in team announced, that this will be the last FOSS.in they organise. That’s very sad because it was a lot of fun with a very interesting set of people. They claim that they are burnt out and that if one person is missing, nothing will work, because everyone knew exactly what role to take and what to do. I don’t really like this reasoning, because it reveals that the Busfactor is extremely low. This, however, should be one of the main concerns when doing community work. Hence, the team is to blame for having taken care of increasing the Busfactor and thus leading FOSS.in to a dead end. Very sad. But thanks anyway for the last FOSS.in. I am very proud of having attended it.

mrmcd1001b Impressions

Wednesday, September 8th, 2010

I had the pleasure to be invited to the MetaRheinMain ChaosDays 1001b (mrmcd1001b) in Darmstadt. This years motto was “Beyond Science Fiction” and ~250 people gathered together to discuss “Society and Technology in 20th century fiction and 21th century reality”.  

The presented talks were mostly interesting, although I didn’t attend that many. I spent most of the time talking to people or giving (two) talks myself: Security in Mobile Devices and Virtualised USB Fuzzing.

The first one went as expected and I think the attendees enjoyed it very much. Again, talking about technical details that a buffer overflow on x86 involves is not that much fun but I think it went at least alrightish. Slides can be found here.

The second talk was kind of a rehearsal for my final thesis presentation. So I took the chance to prepare myself for Dublin and present brand new stuff^tm. I started off crashing a Linux PC with my N900 and went then to the talk. It was a bit confusing, I guess. But in fairness: It was very late in every sense of the word ;-) But I got positive feedback nonetheless so it’s better if you make up your own mind with the slides. Although I don’t think the slides alone are that interesting.

For some reason, people were interested in the commands that I’ve used for the demo:

  1. Boot Ubuntu
    /opt/muelli/qemu/bin/qemu-system-x86_64 -enable-kvm -hda ubuntu.img -cdrom ~/ISOs/ubuntu-10.04.1-desktop-amd64.iso -monitor stdio -serial vc -m 1G -loadvm 1
  2. Setup Filter
  3. usb_filter_setup /tmp/filter
    export PYTHONPATH=~/hg/scapy-com/
    python recordingfilter.py /tmp/filter /tmp/phonet.dump

  4. Attach device
  5. info usbhost
    usb_add host:0421:01c8
    sudo chown muelli /dev/bus/usb/002/004

    usb_filter_remove
    usb_del 0.2

  6. Replay
  7. usb_add emul:full:/tmp/filter
    cat /tmp/filter.in &
    cat /tmp/phonet.dump.out > /tmp/filter.out

    usb_del 0.0
    kill %%

  8. Fuzz (didn’t really work because of a Heisenbug)
  9. python emulator.py --relaxed /tmp/filter /tmp/phonet.dump.combined
    python fuzzingemulator.py /tmp/filter webcam.dump
    usb_del 0.0

  10. Fully Virtualise

  11. usb_add emul:full:/tmp/filter
    python usbmachine.py /tmp/filter.in /tmp/filter.out
    usb-devices

Chaos BBQ 2010

Tuesday, July 20th, 2010

Over the weekend, I had the opportunity to attend ChaosBBQ in Dortmund, Germany. It’s a small yet interesting gathering of hackers and it is a very relaxed conferency happening. With a BBQ ;-)

This years motto was “contruct, desctruct!” and I was more on the destructing side: I presented two topics: Security in Mobile Devices and a Magnetic Stripe Card workshop.

The Security in Mobile Devices talk went quite well and I think I encouraged people to start hacking their devices :) It’s funny though: I almost see blood coming out of the people ears when I go through the very technical part about buffer overflows. 2/3 seems to be bored or overwhelmed. The other 1/3 seems to be very interested and crave for more details. But I get everybody back when I have more pictures and videos about funny exploits and when I’m able to slander about Apple ;-) Again, I talked about a mixture of Hardware and Platform security and gave examples of previous hacks and how to actually start breaking your gadget.

The magnet card workshop was interesting, too. I presented how magnetic stripe technology actually works. And because we were curious hackers, we explored how it’s been used and how we can hack stuff. I told a few warstories that will hopefully be able to expand on in the future (although I don’t know whether DCU will like it ;-) ). Since it was more of a workshop, people contributed with technical details (thx to the guys from das Labor :-) ) or other interesting facts.

I had a nice weekend in Dortmund and I can recommend attending the ChaosBBQ if you’re looking for a tiny yet open gathering of interested geeks and hackers.

Bossa Conference 2010

Monday, March 15th, 2010

I’ve just attended Bossa Conference 2010 in Manaus, Amazonas, Brazil. Thanks again to the Instituto Nokia de Tecnologia (INdT) for holding this amazing conference. I’d say it’s somewhat like FOSS.in, but with less people and a more relaxed atmosphere.

I gave a talk about “Security in Mobile Devices” and went very well although I refactored my slides just shortly before I gave it and I expected more fuckups. But the people apparently enjoyed it and I got lots of interesting feedback. You can find my slides here.

If you’ve been there and want to follow-up, you might find the Maemo Wiki on Security interesting. I recommend to read through the stuff that Collin Mulliner did, on i.e. NFC or the iPhone. Also the things that he did together with Charlie Miller are worth reading, basically fuzzing the Operating System by pretending to be the modem which produced interesting results. But there is more work to be done which I am convinced will give more interesting results in the future. Maemo on the N900 apparently doesn’t talk via a serial line to the modem but rather via PhoNet, making it even more interesting to fiddle around with the low level GSM stack.

As for policies and statistics,  Symantecs Ollie Whitehouse wrote some interesting articles such as this or that. Other, more technical papers include Yves Younans Filter Resistant ARM Shellcode or some guys proposing Kirin to extend the Android security model. For a more general overview, have a loot at a good Android link list.

As for the rest of the conference, I felt that it was a bit shallow content-wise probably because of all that Qt stuff that was presented. But in fairness, they had to bring it since it’s going to be used by Maemo Meego. Anyway, I enjoyed it pretty much, because the people were all open and interested and I had good conversations. And good food ;-)