LinuxCon Brazil 2011

I was lucky to be invited to LinuxCon Brazil, taking place in *drumroll* Brazil! Sao Paulo to be precise. The conference centre was very spacious and the conference itself seemed to be much bigger than in Japan.

My talk on GNOME 3 (actually 3.2 and 3.x) was well received and I hope I was able to entertain a bunch of people and make some of them try the new GNOME. Fortunately, our friends from OpenSuSE just released their new version a couple of days ago and brought some machines and media to try it out. Needless to say that it features the latest and greatest GNOME release. We had a good discussion during the talk and I talked to many people after the talk. There was more interest that I expected. I was told that even Linus and Dirk Hohndel commented on it in the speaker’s room when I was not there.

I couldn’t really attend the other talks as I wanted because they were held in Portuguese :-\ There was translation but only for the foreign speakers not talking in Portuguese. So sadly I had to stick to talks that I either knew or didn’t interest me that much. But there were a couple of interesting ones, nonetheless πŸ™‚ My favourite was Jan Kiszka talking about “Developing Linux inside QEMU/KVM Virtual Machines” because I learned how to actually be able to pass data from my host system into my guest QEMU machine.

So the conference could have made more effort to actually indicate whether the talks were held in English or not. Other than that, it was a good conference which was held in a pretty good conference centre. As the other South American conference I attended a couple of weeks ago, it slipped behind schedule. But only for half an hour πŸ˜‰

It wasn’t all too easy to get to Brazil though. I had flight troubles in Amsterdam with KLM again. The security at the gate wanted to search my bag but I refused. I was told to either let them search the bag or wait for the supervisor. I chose to wait as I had quite a bit of newspaper left. Eventually one of the security guys called me out and told me to go out of the gate area to talk to the supervisor. We talked and came back to the gate where I was about to put my stuff into the xray machine. But then the guy came and told me that the flight attendant told him that I couldn’t fly. So I asked the woman directly whether I was denied boarding. She said yes because I caused a queue. I demanded a list of my rights because I was denied boarding and she sent me to the Transfer desk. Then she left… When I went to the transfer desk, I figured out that I was not referenced as being denied boarding but No-Show, i.e. I just wasn’t present. But that’s ridiculous as I sat in the gate except for three minutes when the supervisor called me out. For that reason, I wasn’t provided a list of my rights and the transfer agent wasn’t friendly at all. A second transfer agent managed to get me on the next flight though. I thought I’d like KLM, at least for them flying to South America not crossing the US. But I probably have to go with Iberia the next time.

I’m looking foward to come back to Brazil, either for GNOME Forum or for LinuxCon πŸ™‚

Ekoparty 2011

I was invited to Ekoparty in Buenos Aires, Argentina. It all went very quickly, because when I was accepted for my talk on Virtualised USB Fuzzing using QEMU and Scapy, I couldn’t read email very well. I was abroad and had only a replacement laptop (which we got at MeeGo Summit in Dublin) at hand because my laptop broke down πŸ™ And of top of that I wasn’t very well connected. Anyway, I got notice exactly two weeks before the conference and actually I had other plans anyway. But since it was in Argentina and I haven’t been there yet, I was very eager to go.

I was going from Hamburg via Amsterdam and Sao Paulo to Buenos Aires. And back from Buenos Aires via Charles de Gaule to Berlin. After my first fight I had a good break at Shiphol but when I wanted to board the next flight, I was denied at first. After a couple of minutes, some officials came and I was interrogated. Because my itinerary looked suspicious, they said. So I was asked and searched and the information I gave was promptly checked by they woman and her smart-phone. Weird stuff. The next flights and airports were fortunately much better.

The very first day of the conference was reserved for the keynote and workshops. Unfortunately, the workshops were held in Spanish only so I couldn’t really follow anything. But I still attended some folks playing around with an USRP. It was interesting enough despite the Spanish. They decoded normal FM radio, pager messages and other (analogue) radio messages flying through the ether. The keynote was held in Spanish, too, but two translators simultaneously translated the talk into English. It’s the first time that *I* am the one needing a translation device πŸ˜‰ I didn’t fully get the keynote because the there was a lot of noise in the radio of the Spanglish :-/

The first talk by Agustin Gianni from Immunity was about Attacking the Webkit Heap and was, well, very technical. A bit too detailed for me as I don’t have much desire to exploit memory issues in Webkit, but it’s good to know that there people looking into that. Just after that, there was a talk about security of SAP products. The message I got was, to read the SAP advisories and documentation. Because he was showing exploits that used vulnerabilities that were either known and fixed or documented. It was still a bit interesting for me as I didn’t know much about SAP systems and could see what it’s actually about.

I don’t have much to say about the iOS forensic talk, because you can find the things he mentioned with a one liner: find / -name '*.db'.
Ryan McArthur talked about Machine Specific Registers which I didn’t even know what it was. But apparently CPUs have special registers that you usually don’t use. And these have special capabilities such as offering debug facilities. Also you can issue a simple instruction to detect whether you are in a virtual machine or not. That sounds damn interesting. With Intel it’s called Last Branch Recording. And he implementing something that would be able to trace programs like Skype. I wonder though what difference to PaiMai is. An implementation using these facilities apparently exists for Linux as well.

A bit off the wall was Marcos Nieto talking about making money with Facebook. So he realised that he could send the AJAX request, which some Flash game sends to the game server, himself. He didn’t think about writing a bot playing the game for him though. Instead, he used a proxy to capture the HTTP traffic his Flashplayer was generating and replaying that traffic with the proxy software. And the money part would then be to sell the account that had all the experience points on eBay. I hope it was just the translation and the crappy quality of the radio that made it seem so lame.

As for my presentation, I wasn’t too lucky with the MeeGo laptop I used, because it only has an Atom processor which doesn’t have KVM support. That is very bad if you want to do something with QEMU πŸ™ But I tried to prepare my things well enough to not have many problems. But what happened then was really embarrassing. I prepared demos and I did that very thoroughly. I even recorded some videos as second line of defence in case something fails. But I didn’t expect anything to fail because my demos were simple enough, and just a few copy&paste jobs. That’s what I thought and Murphy proved me wrong. I hate him. So my demos did not work, of course. I still don’t really know why, but I guess that I left a QEMU instance running due to the nervousness. And that instance would still mess around with the pipes that I was using. So lessons learnt: Whenever you think it’s simple enough, think harder.

Demo-Video. If it doesn’t play inline (stupid wordpress) please download yourself.

The rest of the conference was relaxed and the talks were much better than the day before. I feel that the second day was saved for the big things while the first was thought of as a buffer for the people to arrive. There was the SSL talk which caught a lot of attention in international media even before the conference. For reference: The issue was assigned CVE-2011-3389. I was astonished, really, to hear *the* talk being held in Spanish. I absolutely expected that thing to go off in English. Unfortunately, I couldn’t understand much of the things that were told. It took me quite a while to understand that the “navigator” the translatress was constantly referring to is actually the browser… So I was disappointed by that talk, but the expectations were high so it was easy to be disappointed.

http://www.youtube.com/watch?v=lauFlKi56aM

So all in all it went fine. It’s a nice enough conference, really relaxed, maybe even too relaxed. Given that there was one track only, it didn’t really matter that things bent the schedule by two hours. I felt that generally things went off the radar of the organising folks, most likely due to organising a conference being very stressful πŸ˜‰ But well, it would still have been nice if they actually provided the facilities they promised to give a talk, like a USB cable or a demo laptop πŸ˜‰ I barely got a T-Shirt πŸ˜€

LinuxCon Japan 2011

Thanks to the Linux Foundation I was able to attend LinuxCon 2011 in Japan.

I used the opportunity to distribute GNOME 3 DVD Images and leaflets during my talk about GNOME 3 which was well enough received I’d say. While I collected a lot of experience approaching people and telling them about all the niceties that GNOME 3 offers over the last few month, I really had too little time to tell all the brilliant things about our new GNOME. Anyway, it was nice to be on the very same schedule as the very important Linux people like Greg KH, Linus or Lenny.

The conference itself was hosted in a very spacious building: The Pacifico in Yokohama. One could see that impressive building from our hotel room. Just nice. The conference was well organised and the provided amenities such as food and drinks were good enough. I was particularly impressed by the simultaneous translations that were done by two elderly men.

The talks were generally interesting, probably because I haven’t been to a kernel focused conference and I found it interesting to get new input. My favourites were the Kernel Developer Panel were one could pose question onto the Kernel people face to face and the talks about the social aspect of Kernel development.

Despite all the trouble in Japan, we had a very good time and in fact, there weren’t many indicators to the earthquake or the nuclear catastrophe. The most annoying inconveniences probably were the turned off elevators. Other than that, we didn’t really see any disrupted services or chaos or problems at all. Traveling in Japan is a real pleasure as the train system is gorgeous and the cities are very well mapped. You encounter a city map just about every other corner and it’s very detailed and helpful. Japanese people are extraordinarily friendly and although there is a language barrier, they try to understand and help you. The downside is, that Japan is quite expensive. Especially the train system, but also lodging and food. However, the quality is very good, so it’s probably worth the money.

I’m looking forward to attend the next LinuxCon, maybe even in Japan πŸ™‚

RFID Workshop at CampusGruen’s Datenschutzkongress

I was asked to give a workshop about RFID for the CampusGruen Datenschutzkongress in Hamburg. So I did πŸ™‚

I used the opportunity to introduce the audience to the basics of RFID, i.e. what technologies exist and what they are used for. Also, I took arguments from pro and anti RFID groups to have them discussed.

You can have a look at the slides altough I doubt that they make much sense without actually having heard what was to be said. We spend good two hours talking and discussing over my twenty-something slides. Thanks again to the interested audience.

Afterwards, we had a small hacking session. I brought some RFID readers, tags, a passport, etc. and we used all that to play around. We also scanned some wallets to find out whether anybody had unwanted chips in their wallet.

FOSS.in last edition 2010

I had the pleasure to be invited to FOSS.in 2010. As I was there to represent parts of GNOME I feel obliged to report what actually happened.

The first day was really interesting. It was very nice to see that many people having a real interest in Free Software. It was mostly students that I have talked to and they said that Free Software was by far not an issue at colleges in India.

Many people queued up to register for the conference. That’s very good to see. Apparently, around 500 people showed up to share the Free Software love. the usual delays in the conference setup were there as expected πŸ˜‰ So the opening ceremony started quite late and started, as usual, with lighting the lamp.

Danese from the Wikimedia Foundation started the conference with her keynote on the technical aspects of Wikipedia.

She showed that there is a lot of potential for Wikipedia in India, because so far, there was a technical language barrier in Wikipedia’s software. Also, companies like Microsoft have spent loads of time and money on wiping out a free (software) culture, hence not so many Indians got the idea of free software or free content and were simply not aware of the free availability of Wikipedia.

According to Danese, Wikipedia is the Top 5 website after companies like Google or Facebook. And compared to the other top websites, the Wikimedia Foundation has by far the least employees. It’s around 50, compared to the multiple tens of thousands of employees that the other companies employ. She also described the openness of Wikipedia in almost every aspect. Even the NOC is quite open to the outside world, you can supposedly see the network status. Also, all the documentation is on the web about all the internal process so that you could learn a lot about the Foundation a lot if you wanted to.

She presented us several methods and technologies which help them to scale the way the Wikipedia does, as well as some very nerdy details like the Squid proxy setup or customisations they made to MySQL. They are also working on offline delivery methods because many people on the world do not have continuous internet access which makes browsing the web pretty hard.

After lunch break, Bablir Singh told us about caching in virtualised environments. He introduced into a range of problems that come with virtualisation. For example the lack of memory and that all the assumption of caches that Linux makes were broken when virtualising.
Basically the problem was that if a Linux guest runs on a Linux host, both of them would cache, say, the hard disk. This is, of course, not necessary and he proposed two strategies to mitigate that problem. One of them was to use a memory balloon driver and give the kernel a hint that the for the caching allocated pages should be wiped earlier.

Lenny then talked about systemd and claimed that it was Socket Based Activation that made it so damn fast. It was inspired by Apples launchd and performs quite well.

Afterwards, I have been to the Meego room where they gave away t-shirts and Rubix-cubes. I was told a technique on how to solve the Rubix-cube and I tried to do it. I wasn’t too successful though but it’s still very interesting. I can’t recite the methods and ways to solve the cube but there are tutorials on the internet.

Rahul talked about failures he seen in Fedora. He claimed that Fedora was the first project to adopt a six month release cycle. He questioned whether six month is actually a good time frame. Also the governance modalities were questioned. The veto right in the Fedora Board was prone to misuse. Early websites were ugly and not very inviting. By now, the website is more appealing and should invite the audience to contribute. MoinMoin was accused of not being as good MediaWiki, simply because Wikipedia uses MediaWiki. Not a very good reasoning in my opinion.

I was invited to do a talk about Security and Mobile Devices (again). I had a very interested audience which pulled off an interesting Q&A Session. People still come with questions and ideas. I just love that. You can find the slides here.

As we are on mobile security, I wrote a tiny program for my N900 to sidejack Twitter accounts. It’s a bit like firesheep, but does Twitter only (for now) and it actually posts a nice message. But I’ve also been pnwed… πŸ˜‰

But more on that in a separate post.


Unfortunately, the FOSS.in team announced, that this will be the last FOSS.in they organise. That’s very sad because it was a lot of fun with a very interesting set of people. They claim that they are burnt out and that if one person is missing, nothing will work, because everyone knew exactly what role to take and what to do. I don’t really like this reasoning, because it reveals that the Busfactor is extremely low. This, however, should be one of the main concerns when doing community work. Hence, the team is to blame for having taken care of increasing the Busfactor and thus leading FOSS.in to a dead end. Very sad. But thanks anyway for the last FOSS.in. I am very proud of having attended it.

mrmcd1001b Impressions

I had the pleasure to be invited to the MetaRheinMain ChaosDays 1001b (mrmcd1001b) in Darmstadt. This years motto was “Beyond Science Fiction” and ~250 people gathered together to discuss “Society and Technology in 20th century fiction and 21th century reality”. Β 

The presented talks were mostly interesting, although I didn’t attend that many. I spent most of the time talking to people or giving (two) talks myself: Security in Mobile Devices and Virtualised USB Fuzzing.

The first one went as expected and I think the attendees enjoyed it very much. Again, talking about technical details that a buffer overflow on x86 involves is not that much fun but I think it went at least alrightish. Slides can be found here.

The second talk was kind of a rehearsal for my final thesis presentation. So I took the chance to prepare myself for Dublin and present brand new stuff^tm. I started off crashing a Linux PC with my N900 and went then to the talk. It was a bit confusing, I guess. But in fairness: It was very late in every sense of the word πŸ˜‰ But I got positive feedback nonetheless so it’s better if you make up your own mind with the slides. Although I don’t think the slides alone are that interesting.

For some reason, people were interested in the commands that I’ve used for the demo:

  1. Boot Ubuntu
    /opt/muelli/qemu/bin/qemu-system-x86_64 -enable-kvm -hda ubuntu.img -cdrom ~/ISOs/ubuntu-10.04.1-desktop-amd64.iso -monitor stdio -serial vc -m 1G -loadvm 1
  2. Setup Filter
  3. usb_filter_setup /tmp/filter
    export PYTHONPATH=~/hg/scapy-com/
    python recordingfilter.py /tmp/filter /tmp/phonet.dump

  4. Attach device
  5. info usbhost
    usb_add host:0421:01c8
    sudo chown muelli /dev/bus/usb/002/004

    usb_filter_remove
    usb_del 0.2

  6. Replay
  7. usb_add emul:full:/tmp/filter
    cat /tmp/filter.in &
    cat /tmp/phonet.dump.out > /tmp/filter.out

    usb_del 0.0
    kill %%

  8. Fuzz (didn’t really work because of a Heisenbug)
  9. python emulator.py --relaxed /tmp/filter /tmp/phonet.dump.combined
    python fuzzingemulator.py /tmp/filter webcam.dump
    usb_del 0.0

  10. Fully Virtualise

  11. usb_add emul:full:/tmp/filter
    python usbmachine.py /tmp/filter.in /tmp/filter.out
    usb-devices

Chaos BBQ 2010

Over the weekend, I had the opportunity to attend ChaosBBQ in Dortmund, Germany. It’s a small yet interesting gathering of hackers and it is a very relaxed conferency happening. With a BBQ πŸ˜‰

This years motto was “contruct, desctruct!” and I was more on the destructing side: I presented two topics: Security in Mobile Devices and a Magnetic Stripe Card workshop.

The Security in Mobile Devices talk went quite well and I think I encouraged people to start hacking their devices πŸ™‚ It’s funny though: I almost see blood coming out of the people ears when I go through the very technical part about buffer overflows. 2/3 seems to be bored or overwhelmed. The other 1/3 seems to be very interested and crave for more details. But I get everybody back when I have more pictures and videos about funny exploits and when I’m able to slander about Apple πŸ˜‰ Again, I talked about a mixture of Hardware and Platform security and gave examples of previous hacks and how to actually start breaking your gadget.

The magnet card workshop was interesting, too. I presented how magnetic stripe technology actually works. And because we were curious hackers, we explored how it’s been used and how we can hack stuff. I told a few warstories that will hopefully be able to expand on in the future (although I don’t know whether DCU will like it πŸ˜‰ ). Since it was more of a workshop, people contributed with technical details (thx to the guys from das Labor πŸ™‚ ) or other interesting facts.

I had a nice weekend in Dortmund and I can recommend attending the ChaosBBQ if you’re looking for a tiny yet open gathering of interested geeks and hackers.

Bossa Conference 2010

I’ve just attended Bossa Conference 2010 in Manaus, Amazonas, Brazil. Thanks again to the Instituto Nokia de Tecnologia (INdT) for holding this amazing conference. I’d say it’s somewhat like FOSS.in, but with less people and a more relaxed atmosphere.

I gave a talk about “Security in Mobile Devices” and went very well although I refactored my slides just shortly before I gave it and I expected more fuckups. But the people apparently enjoyed it and I got lots of interesting feedback. You can find my slides here.

If you’ve been there and want to follow-up, you might find the Maemo Wiki on Security interesting. I recommend to read through the stuff that Collin Mulliner did, on i.e. NFC or the iPhone. Also the things that he did together with Charlie Miller are worth reading, basically fuzzing the Operating System by pretending to be the modem which produced interesting results. But there is more work to be done which I am convinced will give more interesting results in the future. Maemo on the N900 apparently doesn’t talk via a serial line to the modem but rather via PhoNet, making it even more interesting to fiddle around with the low level GSM stack.

As for policies and statistics,Β  Symantecs Ollie Whitehouse wrote some interesting articles such as this or that. Other, more technical papers include Yves Younans Filter Resistant ARM Shellcode or some guys proposing Kirin to extend the Android security model. For a more general overview, have a loot at a good Android link list.

As for the rest of the conference, I felt that it was a bit shallow content-wise probably because of all that Qt stuff that was presented. But in fairness, they had to bring it since it’s going to be used by Maemo Meego. Anyway, I enjoyed it pretty much, because the people were all open and interested and I had good conversations. And good food πŸ˜‰

FOSDEM 2010

This years FOSDEM involved meeting familiar and new people as well as a lot of beer πŸ˜‰ I can’t understand why the Belgians are so proud of their beer though :> Anyway, I got way too less sleep and spent too much money…
I wished I connected to more new people but I was terribly busy catching up with all the faces that I haven’t seen in a while. Hopefully, I can meet more new people next time. FOSDEM Logo

Although I was scheduled as the very first in the morning after the official Beer-Event (thx teuf…) my talk in the GNOME devroom went well and I hope I represented GNOMEs Bugsquad well. At least two people wanted to help out πŸ™‚ I hope I was inviting and clear enough. I definitely need to try to hold the people by at least writing to bugsquad-list. I hope I come around doing that, but I also have a huge backlog that wants to be processed. On the todo list is a new bugsquad as well as a membership-committee meeting, so if you are interested, watch out for mails πŸ™‚

If you happen to have seen my talk at FOSDEM and want to look over the slides, please find themΒ  here. If you have been there and want to join the bugsquad fun: Awesome! Join the mailinglist now and wait for the next meeting to be organized. Don’t hesitate to push for it πŸ˜‰
If you haven’t been there but you want to help the Free Software movement or GNOME in particular: Awesome! Consider subscribing the mailinglist or join the IRC Channel and make sure that you’ve read our awesome TriageGuide πŸ™‚

Talks that I have enjoyed at FOSDEM include Maemo6 Platform Security by Elena because Nokia is about to build yet another security for Linux to meet their needs. Apparently the new Maemo devices will come with a TPM to allow DRM like scenarios. But also encrypting data on the device will be possible using an API which in turn uses the built-in keys. These turn out to be recoverable nowadays. If I read this correctly, then the “Open Mode” will not make use of the TPM keys. This means that if your contacts, images, texts, etc…, were encrypted using the above mentioned API, then you couldn’t get hold of this data in Open Mode πŸ™ I thus reckon that stuff like Contacts will not be stored encrypted. Hence you would leak all your data when losing the device. So I don’t expect a real advantage but we’ll see.
Another not very informative yet entertaining talk was done by Greg Kroah-Hartman and dealt with creating a patch for Linux. It actually motivated me so that I put “fixing some random driver in staging” on my Todo-List πŸ˜‰

Note to self for the next FOSDEM: Book accommodation early. Very early! Also, Charleroi might not be worth it, because the Bus from Brussels to CLR is 13 Euro, return 21.

Bugsquad Talk @ FOSS.in

FOSS.in has finally finished and I really enjoyed being invited. It was a real pleasure having all these talented and energetic hackers around me. It’s definitely on my top-conferences list. You could feel a real hacking spirit and it’s really sad that it’s already over.

The closing ceremony featured TRDP, a really really good Indian band playing fancy music. I was told that they are pretty famous in India and that FOSS.in was lucky to have them there. Hence we were all nerds, a Twitter wall companied the band showing recent tweets concerning the event…

Closing and Twitter Party
Closing and Twitter Party

Besides the entertainment, the program itself was pretty good as well. I disliked the keynotes to some extend though. I felt that they were mostly not really relevant to FOSS because the content was obsolete (i.e. one guy basically showing how to do shellscripts) or otherwise out of scope (i.e. a free robot operating system).

I have to thank the organizers of FOSS.in for running that conference and inviting me. Also, I need to thank the GNOME Foundation for subsidizing my trip.

The Bugsquad Talk went pretty well, I’d say. Around 5 people were interested joining the Bugsquad and I hope that they’ll stay around πŸ™‚ Unfortunately, the GNOME project day took place on the last day, making it unattractive to start something new because you can’t ask anyone anymore the next days.

Sponsored by GNOME!

Also, compared to other organisations such as KDE or Fedora, GNOME was highly under-represented. KDE had sweaters to give away. Admittedly, they were not very well designed but hey, it’s sweaters after all! Also, they had very fancy leaflets shortly describing what KDE was, why they rule and how to contribute. Very well done.

(Broken) Fedora stickers
(Broken) Fedora stickers

Srini brought GNOME T-Shirts which was fine but somewhat boring. Seriously, I have gazillions of T-Shirts and think other people do so, too, as nearly every project or company gives away T-Shirts. So doing something new is a smart thing to do. I hope the GNOME marketing team will come up with something fresh and shiny (hoodies? shoes? underwear? “GNOME” Keys for the keyboard instead of Windows Keys?).

Srini giving away GNOMEy T-Shirts
Srini giving away GNOMEy T-Shirts
Creative Commons Attribution-ShareAlike 3.0 Unported
This work by Muelli is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported.