Mounting QEmu qcow2 Image using NBD

For some reason, I had to mount a QEmu qcow2 image in the host system. I googled around and found some post on the qemu-dev list. Also, the QEmu FAQ answers whether one can mount any QEmu image, but it’s not very verbose. So I went and tried and voila: It works :)

muelli@xbox:~$ qemu-nbd --read-only --partition=1  --snapshot  winxp.img &
muelli@xbox:~$ sudo nbd-client localhost 1024 /dev/nbd0
Negotiation: ..size = 31447206KB
bs=1024, sz=31447206
muelli@xbox:~$ sudo mount /dev/nbd0 -oloop  ~/empty/
muelli@xbox:~$ ls -l /home/muelli/empty/
total 1744981
-rwxrwxrwx 1 root root         0 2009-03-13 18:35 AUTOEXEC.BAT
-rwxrwxrwx 1 root root      4952 2008-04-14 09:00 bootfont.bin
-rwxrwxrwx 1 root root       207 2009-03-13 18:27 boot.ini
-rwxrwxrwx 1 root root         0 2009-03-13 18:35 CONFIG.SYS
drwxrwxrwx 1 root root      4096 2009-03-13 19:17 Dokumente und Einstellungen
drwxrwxrwx 1 root root         0 2009-03-13 22:02 Driver
-rwxrwxrwx 1 root root 536399872 2009-04-04 14:37 hiberfil.sys
-rwxrwxrwx 1 root root         0 2009-03-13 18:35 IO.SYS
-rwxrwxrwx 1 root root         0 2009-03-13 18:35 MSDOS.SYS
drwxrwxrwx 1 root root      4096 2009-03-13 22:29 nlite
-rwxrwxrwx 1 root root     47564 2008-04-14 09:00 NTDETECT.COM
-rwxrwxrwx 1 root root    251712 2008-04-14 09:00 ntldr
-rwxrwxrwx 1 root root 805306368 2009-04-04 14:37 pagefile.sys
drwxrwxrwx 1 root root         0 2009-03-13 19:03 Postinstall
drwxrwxrwx 1 root root      4096 2009-03-13 20:59 Programme
drwxrwxrwx 1 root root      4096 2009-03-13 19:06 System Volume Information
drwxrwxrwx 1 root root     32768 2009-04-04 14:40 WINXP

It uses a technology I’ve never heard of: Network Block Device (NBD). Now I’m a bit smarter. And I hope you can make use of this information :)

WTFOTM: ISO 3103 or Howto make tea

Another sequel in the series WTF of the month: It’s a standard, namely ISO 3103 that clarifies …*drumroll*… how to make tea…

I somehow came across ISO 3103 and my initial thought was: WTF?!

The method consists in extracting of soluble substances in dried tea leaf, containing in a porcelain or earthenware pot, by means of freshly boiling water, pouring of the liquor into a white porcelain or earthenware bowl, examination of the organoleptic properties of the infused leaf, and of the liquor with or without milk or both.

Admittedly, the: (from Wikipedia)

[…] standard is not meant to define the proper method for brewing tea, but rather how to document tea brewing procedure so sensory comparisons can be made. An example of such test is a taste-test to establish which blend of teas to choose for a particular brand in order to maintain a consistent tasting brewed drink from harvest to harvest.

So now go and fix your tea making process to be standard compliant…

Bossa Conference 2010

I’ve just attended Bossa Conference 2010 in Manaus, Amazonas, Brazil. Thanks again to the Instituto Nokia de Tecnologia (INdT) for holding this amazing conference. I’d say it’s somewhat like, but with less people and a more relaxed atmosphere.

I gave a talk about “Security in Mobile Devices” and went very well although I refactored my slides just shortly before I gave it and I expected more fuckups. But the people apparently enjoyed it and I got lots of interesting feedback. You can find my slides here.

If you’ve been there and want to follow-up, you might find the Maemo Wiki on Security interesting. I recommend to read through the stuff that Collin Mulliner did, on i.e. NFC or the iPhone. Also the things that he did together with Charlie Miller are worth reading, basically fuzzing the Operating System by pretending to be the modem which produced interesting results. But there is more work to be done which I am convinced will give more interesting results in the future. Maemo on the N900 apparently doesn’t talk via a serial line to the modem but rather via PhoNet, making it even more interesting to fiddle around with the low level GSM stack.

As for policies and statistics,  Symantecs Ollie Whitehouse wrote some interesting articles such as this or that. Other, more technical papers include Yves Younans Filter Resistant ARM Shellcode or some guys proposing Kirin to extend the Android security model. For a more general overview, have a loot at a good Android link list.

As for the rest of the conference, I felt that it was a bit shallow content-wise probably because of all that Qt stuff that was presented. But in fairness, they had to bring it since it’s going to be used by Maemo Meego. Anyway, I enjoyed it pretty much, because the people were all open and interested and I had good conversations. And good food ;-)

MSN Shutdown in 2003

During CA640 I was made to write an ethical review which I was supposed to hand in using a dodgy webservice. Since it got 90% people mugged me to make it available ;-) Of course, I don’t have a problem with that, so people now have a reference or know what to expect when they enter the course.

You can find the PDF here and its abstract reads:

At the end 2003 Microsoft closed the public chat-rooms of its Internet service called MSN.
MSN was pushed by Children’s Charities because they feared an abuse of these chat-rooms.
In some countries, however, the service was still available but subject to a charge.
This review raises ethical questions about Microsoft’s and the Children’s Charities’ behaviour because making the people pay with the excuse of protecting children is considered ethically questionable.
Also the Children’s Charities pushed for closure of a heavily used service although there is absolutely no evidence that children would be safer after closing down a chat-room.

If you are not interested in the non-technical details you might be interested to know that I use a Mercurial Hook on the server side to automatically compile the LaTeX sources one I push changes to the server:

$ cat .hg/hgrc
changegroup.compile = export FILE=paper && hg up -C && pdflatex --interaction=batchmode $FILE && bibtex $FILE && pdflatex --interaction=batchmode $FILE && pdflatex --interaction=batchmode $FILE

And then I just symlink that resulting PDF file to my public_html directory.

Subverting (Soft) Quota

My home directory  in my university has some restrictions, one of them being a ridiculously small 100 megabyte and 5000 files (soft) quota… How could you ever study with that?! My Firefox instance (with e.g. Zotero) uses 4393 files already:

$ find  ~/.mozilla/firefox/*.default/ -type f | wc -l
$ du -hs ~/.mozilla/firefox/*.default/  | awk '{print $1}'

So these restrictions don’t even allow me to run my research tools. Let alone checking out stuff from a Git/Mercurial repository and working on anything.

Needless to say that I am pretty annoyed by these restrictions. Fortunately, quotas will forget about you as soon as you fall below the limit so that you only need to fall below the limit every now and then. So let’s do this automatically then:

cp -ar "$BACKUP" "$TARGET" && rm -rf "$BACKUP" && cp -ar "$TARGET" "$BACKUP" && rm -rf "$TARGET" && echo "Finished successfully" || echo "Failure :("

And let cron run it once a week:

42 23 * * Sun       ~/bin/