Over the last few months I have been working in Ceph, a free unified distributed storage system, in order to implement some missing features in RADOS gateway, help some customers with Ceph clusters in production and fixing bugs.
This effort is part of my daily work here in Igalia working in upstream projects. As you could know, Igalia works in the Cloud arena providing services on development, deployment and orchestration around interesting open projects.
My goal with this first post is introducing Ceph in a simple and easy way to understand this marvelous piece of software. I will cover the design and main innovations in Ceph together with its architecture, major use cases and relationship with OpenStack (a well-known free and open-source software platform for cloud computing).
The SDK was designed to support the AWS lifecycle so any possible solution using this SDK will require valid Amazon endpoints or regions to get the things working.
With this post I will have a look in the current Boto3 implementation to know how endpoints and regions are supported in S3, and how it would be possible to use Boto3 with compatible S3 REST interfaces if needed.
I will also comment on setting up new and compatible regions with Boto3 to consume compatible S3 API, and how the current region constraints can be enabled or disabled.
My quick notes and configurations to debug the Windows 10 Kernel on QEMU...
Several weeks ago I received a phone call coming from Juan. Andy was looking for some mate ready to jump in a new opportunity related to high performance networking, hypervisors, packet filtering and LuaJIT. Hey! this mix sounded great so I joined Andy and we went ahead.
Six weeks later, and with Diego joining the project too, one first implementation (Pflua) of the libpcap packet filtering language (pflang), together with the proper testing code and benchmarking (Pflua-bench) went live.
Along those weeks, I hacked in bindings/FFI implementation, performance/benchmarking, testing stuff and kernel-space to user-space code adaptation (Linux BPF JIT wrapped as a dynamic library!). With this post I will share a quick overview of the project and the proper links to explore it in detail.
As you may know, the mission of the National Institute for Communication Technologies (INTECO), located in León (Spain), is to strengthen cybersecurity, trust, and the protection of privacy with respect to services offered within the information society, providing value to the public, businesses, the Spanish Government, the Spanish academic and research network, the information technology sector and strategic sectors in general. It is a huge responsibility though.
Those last weeks I was really busy here in Igalia. We were hacking in Chromium/Blink broadly, attending to BlinkOn 2, held our Assembly, enjoyed one of our summits and so on. On the top of all these things we started to collaborate with the Carnegie Mellon Software Engineering Institute (SEI) around browsers security too. Great news!
On the other hand, Robert commented on the SEI's blog about the importance of having in mind secure coding practices to prevent vulnerabilities while coding, and how the CERT Secure Coding Initiative at the SEI is supporting this approach with completed standards for C and Java. By the way, coding standards for C++, Perl and other languages are under development too.
CERT coding standards are valuable resources for the programmer taking care of Information Security. As Robert highlights, secure coding standards itemize coding errors that are the root causes of current software vulnerabilities, prioritizing them by severity, likelihood of exploitation, and remediation costs. Each rule in the standard includes examples of insecure code, as well as secure alternative implementations.
If you are interested about our collaboration with SEI and the research project to evaluate the costs of producing a CERT-conforming implementation of the Chromium browser you should not skip his post. It introduces the rest of lines and colleagues collaborating in this project too.
In the '90s, a lot of active exploration and research got done around self-replicating code with the aim of pushing software infection limits and crafting some proof of concept virus in PC platforms. In that period malware was primitive and simple, but seminal in papers and applied techniques.
Those days, while reversing malware and reading dead listings for some of the most recent sophisticated and aggresive virus and worms, I needed to implement some support code to verify as the infections were happening and how hosts could be uninfected. I used OCaml to implement some antivirus routines and I spent some time observing the impact and consecuences of using functional programming in this arena.
Along this post I am going to write about virus signature matching, bit string abstractions and the blending of both worlds using OCaml. In order to understand the beauty of pattern matching in this domain, this post will comment on antivirus architectures and signature scanners too. A real Win32 virus will be shredded to explore how functional programming could be used to detect/disinfect malware.
As a result of our work in the Kernel and Virtualization team here in Igalia, Samuel and I were invited to take part at the first conference on control system's technologies used by High Energy Physics facilities. This event was hosted in the National Center of Scientific Research NCSR DEMOKRITOS, the biggest and most acclaimed research center in Greece.
After our talk titled Driving and virtualizing control systems: the Open Source approach used in WhiteRabbit, we joined the round table to discuss about the future of controls for accelerators and detectors. It was great sensing how the open hardware makes its way in this community.
One of the most extended definitions about Continuous integration (CI) is the practice, in software engineering, of merging all developer working copies with a shared mainline several times a day. This approach reduces long periods between build and test runs while simplifying automatic tasks.
Recently, I wrote some lines in Go language to watch like a concurrent Personal Continuous Integration (PCI) code, exporting a REST API over HTTP, could look. Landscape in computing has evolved from desktop computer and client-server architectures to more diverses computing devices and architectures (clusters, cloud, embedded devices ...) Nowadays, running some kind of build bot in your multi-core smartphone or personal device makes sense in some scenarios.
With this post I am releasing my last snippets of code exploring VAX architecture. Those snippets of code contain the required code developed from scratch to bootstrap a simple kernel supporting an interactive shell. Among the goals for programming this simple kernel were checking the minimal bootstrapping code, MMU programming, interrupt handling, I/O (console support) and multitasking on VAX.
The seventh White Rabbit workshop took place in CDTI, the Spanish Centre for Industrial Technological Development in Madrid on 27 and 28 November 2012. If you don't know about this project you might be interested in my last technical entry about White Rabbit project.
In this workshop Igalia reported on FMC TDC experience and some of the new technical ways used to fuel the project while developing and testing low level software using virtualization techniques.
Working in open projects is always a great experience and this time is not an excepction. Along this year we were collaborating and working with CERN, the European Organization for Nuclear Research, in several projects.
One the these projects goes under the name White Rabbit. But, what is White Rabbit? and how we are partnering with some of major European accelerators and research institutions to support it?
They were two days talking about Erlang and OTP framework, an open-source general-purpose programming language and runtime environment developed by Ericsson to build distributed and reliable soft real-time concurrent systems.
In the previous edition, I was among the speakers where I talked about self-replicating computer code, infection techniques and how security software was handling all this stuff.
This year, Ross Anderson was among the speakers. Good news having one world-class security expert talking about cryptology and security. If you don’t know Ross maybe you would like to check his personal web page on Cambridge. Ross is professor of Security Engineering at the Cambridge’s Computer Laboratory where he runs serious and pragmatic research on topics resolving global security issues.
Just blogging a quick post after caming back from Root3d CON in Madrid. This year I have to congratulate speakers again. They shared another year interesting ideas and good technical hacks. I would say this CON speaks loud and clear about the global security scene and the industry around it too. Congrats guys!
Related to technical work I would like to highlight some hot topics covered in talks such as banking attacks, loading malware in Domain Name Servers (DNS), subverting domotic facilities, cracking industrial embedded devices or bouncing along IP videos and on-line weather stations across the globe.
This past weekend I ended my lessons on our Master Software Libre.
If you follow this blog you will know I usually write down the topics I teach along these lessons. It is always good thing getting feedback and getting in touch with persons reading these lines.
By the way, this year our Master runs its fifth edition. I am proud to watch how it is working and how old and new students, teachers, collaborators, community advisors and all our friends build this knowledge community daily.
These lessons were the first ones happening before my usual lessons on Networking, Security Networking and Linux Kernel.
On Physical Security time we worked on well-know physical system security methodologies, together with two new relevant topics: environmental design and design and evaluation of physical protection systems.
It was a lesson covering broad and detailed topics; ranging from designing defensible spaces, where you are able to use different elements and aspects to get natural social control and crime prevention, till a full description of technology and sensor availability to protect different facilities. Security standards or some notes to understand social behaviour (The Bronx study case) were worked out too.
On Cryptography, we walked along its history and development in order to understand cryptographic models and current crytographic systems, free/open software tooling, integration and usual use cases. At the end, everybody got their crypto stuff in place, ready to take part in keysigning parties and next social community events.
Ah! I almost forgot. This year, students will elaborate on the right design to build a safe and secure physical protection system for one embassy.
First patch adds the new PCI PM in order to let the PCI core code handling the PCI-specific details of power translations. It was tested in kernel version 2.6.38, including standby and hibernation support. I would like to thank to Wu Zhangjin. He was kind enough to run this testing.
Second patch implements dynamic framebuffer mode setting support. Previous code works with mode setting in a hard code way. It was tested with SM712 supporting 1024x600x16 as default hardware resolution.
Several months ago I faced an interesting project around eInk technology. Basically, it had several clear goals about porting GNOME technologies to get a better stack that the hardware manufacturer's. You know ... better development tools, better testbed and finally ... better user experience :)
With this project I played with the Hanlin v5 device as a test gadget. If you check the original specs about the product, you will realize the gadget runs a Samsung Arm 9 400MHz processor with SDRAM 32MB and main display eInk Vizplex (5" diagonal, 800x600 and 8 level grayscale) so ... what about getting some proof of concept to check possibilities! ;)
Root3d CON is gone. March 3th, 4th and 5th were hot days in Madrid where CON took place in Castellana Street ... funny watching a lot of grey hats walking along the street where major banks and financial companies are located :) ...
Regarding this second edition live hacking sessions became an usual practice with a lot of members of the community showing their black and white skills in short periods of time.
Far from commercial slots where some well known companies showed their products, services and so on some concrete talks attracted my attention:
This weekend I taught the second part of Security Networking at Master on Free Software. After studying networking foundations, enjoying some practical labs and going on Linux networking stack in depth we finished with practical attacks and defenses as usual.
By the way, I coincided with MSWL students and several students of previous editions at Brussels attending to FOSDEM too. Drinking some beers and chatting about free and open technology was nice. This shot catched some students while sharing their keys at the FOSDEM's keysigning event :)
Maybe you wonder about numbers related this event ... I only can say they are really impressive. You may think about 5000 visitors enjoying for two days of keynotes, speeches and lightning talks covering many FOSS projects. It is a demanding but really gratifying event!
This year I came back to Brussels in order to track some old projects and having a look in emergent and innovative ideas. FOSDEM is always a good place to take the community's pulse and this year was not an exception.
They are here :) ... we will start our distributed cross-compiling experiments based on ARM soon!
"Take the first step in faith. You don't have to see the whole staircase, just take the first step" -- Dr. Martin Luther King, Jr.