Each year, we get a treat right before end of the year in form of 28C3. This year, I can recommend following lectures as a must-see:

• r0ket++ video
  Very nice ARM Cortex M3 embedded device with Nokia LCD, battery, RF interface and extension headers.
• 802.11 Packets in Packets video
  Drop wifi packet on unsuspecting listeners without access to network segment!
• Defending mobile phones video
  Visit GSMmap.org to see if your GSM networks are protecting you or contribute data!
• Reverse Engineering USB Devices video
  Very similar to my approach to USB examinations.
• How governments have tried to block Tor video
  It's arms race all over again, this time on Internet.
• Reverse-engineering a Qualcomm baseband video
  I can't wait to see release of this tools on code.google.com Available at http://code.google.com/p/qcombbdbg/
• KinectFusion video
  I would love to see something similar in open source code.
• Cellular protocol stacks for Internet video
  Very good overview of cellular stack as it is today
• Implementation of MITM Attack on HDCP-Secured Links video
  NeTv is very interesting ARM/FPGA/Linux device which overlays webkit content over HDMI signal on your TV using chroma key.
• Introducing Osmo-GMR video
  Osmocom got some support for satellite phones
• bup: Git for backups video
  Nice backup system with de-duplication implemented on top of git's pack file

As you might know by now, I was debugging memory related problems on one of my systems recently and concluded that normal output from Linux commands are more or less inaccurate. If you want to know why, take a look at Matt Mackall presentation at ELC2009: Visualizing Process Memory or watch following video:

Convinced? So, hop at smem page, compile user-land part and start really tracking your memory usage, let's compare:

dpavlin@t61p:/rest/cvs/smem$ free
             total       used       free     shared    buffers     cached
Mem:       4081400    3882476     198924          0     142904    2731480
-/+ buffers/cache:    1008092    3073308
Swap:      8209172       7492    8201680

dpavlin@t61p:/rest/cvs/smem$ ./smem -w -t
Area                           Used      Cache   Noncache 
firmware/hardware                 0          0          0 
kernel image                      0          0          0 
kernel dynamic memory       2927016    2845456      81560 
userspace memory             954900     119368     835532 
free memory                  199484     199484          0 
----------------------------------------------------------
                            4081400    3164308     917092 

• needs kernel 2.6.27 or newer
• it can work on archived data (from cron in my example usage)
• userspace cache is backed by file on disk
• it's a python script which requires matplotlib to create graphs so it's for local reporting

Ovaj vikend bili smo u Čakovcu na Slobodnom Festivalu 3 veoma zanimljivom druženju u Čakovcu.

Ovo je lista linkova je na neke nije moguće kliknuti jer je sladeshare strgan i lijeva/desna margina prekiraju kratke linkove na kraju:

• Portmon for Window serial sniffer koji sam koristio
• Izvorni kod onoga što ja zovem driver, a zapravo je perl skripta koja je istovremeno mali HTTP JSONP server i priča RFID protokol preko serijskog porta
• CCITT checksum pitanje na koje sam dobio odgovor!
• Meteor Comet server with RFID - blog post koji opisuje prvu implemetaciju
• Hitchhiker's guide to RFID - opisuje moja dosadašnja iskustva sa ovom RFID implementacijom
• prva najava koda koji donekle radi
• cijela povijest projekta sprekidana na komadiće raznim drugim stvarima...

Generally we just like to bitch about state of X. However, I would like to point you towards two presentations from linux.conf.au 2009:

Introducing the Re-Built Linux Desktop by Keith Packard

You will find out what is GEM and why do we have it and now it influenced Linux kernel development. Also explained are DRI2 and KMS. So now you can run non-root X servers, multiple X servers with acceleration and other fun stuff. Look, glxgears on compiz sphere!

From click to pixel: A tour of the Linux graphics pipeline by Carl Worth

Video file contains only first half hour of presentation, but here are interesting highlights from slides:

• Visually inspecting GTK+ updates

  ./configure --enable-debug=yes # for GTK+
  GTK_DEBUG=updates ./my-program
  

• Tracing cairo calls

  Install cairo 1.9 or later

  cairo-trace ./my-program

  See results in my-program.$PID.trace

• Inspecting Render protocol

  xtrace -D :5 > my-program.xtrace
  DISPLAY=:5 my-program
  

• Finding software fallbacks in EXA

  Edit xserver/exa/exa_priv.h:

  #define DEBUG_TRACE_FALL 1

  Recompile xserver and examine Xorg.0.log file

• Finding software fallbacks in xf86-video-intel

  In "device" section of xorg.conf:

     Option   "FallbackDebug"     "true"

  Examine Xorg.0.log file

• Inspecting 3D state (for Intel)

  INTEL_DEBUG=fall,batch,sync

  fall: Show software fallbacks
  batch: Show decoded batchbuffers
  sync: Wait for idle after each batchbuffer
  (see intel_context.c debug_control[] for more)

• Inspecting GEM state

  cat /proc/dri/0/gem_objects
  cat /proc/dri/0/i915_gem_interrupt
  

Good stuff, well worth two hours of your time to get to know your X, stop bitching and start reporting bugs...

I have been watching videos from linux.conf.au 2009 and stumbled upon Conrad Parker's Ogg Chopping: techniques for programming correctness and efficiency which is great lecture if you want to know something about current state of video on the web, Ogg or Haskell.

I have been thinking about poor state of Linux video for quite some time (bear in mind that I do have real-life experience with U-matic type equipment) but it seems that things are moving in right direction. Here is a quick comilation of useful links from this presentation:

• We have deep linking into videos now using something like: http://ia331343.us.archive.org/2/items/night_of_the_living_dead/night_of_the_living_dead.ogv?t=00:09:51/00:10:14
• Pad.ma in interesting project with source available which enables usable cut-edit video over the web if you are using browser with <video> tag support like Firefox 3.5.

This is very cool! Only problem for me right now is that server side is written in python with which I haven't have good experience (it's just my bias). But, than again Pad.ma JavaScript API seems easy enough to roll out own server implementation if I find time to play with it.

Update: Are we there yet?

After a bit more of watching, I also stumbled upon Collaborative Video for Wikipedia by Michael Dale which introduces following tools related to video editing:

• Mv_Embed allows support of browsers without <video> tag with annotation editor
• MetaVidWiki offers another interface, but I couldn't find any good demo to link from here

   25C3: Nothing to hide
   25th Chaos Communication Congress
   December 27th to 30th, 2008
   bcc Berliner Congress Center, Berlin, Germany

This year, I was for third time at Berlin for Chaos Communication Congress and concluded that predictions for 2009 and beyond shouldn't be based on magic ball - you can just extrapolate from things that was presented at 25C3. So, I borrowed William Gibson's quote for title of this post.

Digital hacking

PowerLineCommunications (PLC, or ethernet-over-powerlines) is really coming. There are devices available in MediaMart and/or Saturn, and IEEE is in process of standardization. Face it: we are moving towards world in which we will have just one cable between device and wall for both power and ethernet (up to 200Mb/s).
FAIFA: A first open source PLC tool is good introduction to field and example of tool to see parts of network.

Chip Reverse Engineering is easier than ever. If you are designing hardware system and depend on security through obscurity (hope that nobody will be able to read your chip design) this is just no longer truth. We know that from last year's 25C3 Mifare presentation, but this year we saw that it's getting so easy that you really have to have enough silicon to provide real security.
Watch Chip Reverse Engineering for overview of tools which we have available today.

RF fingerprinting enables us to detect hardware differences between devices which is result of small imperfections in manufacturing which enables us to identify devices from same manufacturing run.
Watch RF fingerprinting of RFID to find out how that works for 802.11 devices and RFID passports.

While we are on security topics, it seems that php is getting taint support if only for security analysys. Vulnerability discovery in encrypted closed source PHP applications provides fascinating step-by-step introduction into php reverse engineering from php opcodes back to source code. I can't wait for release of tools mentioned in talk!

Hacking telecommunications

Although I'm not really interested in hacking of iPhone (because I don't believe in closed devices) it was interesting that only single weak link in security (even before boot loader) can bring whole system down.
Hacking the iPhone explains how they did it, and interesting part is that they have some knowledge of broadband part (needed to implement sim unlock) which might be also useful for other devices.

Anatomy of smartphone hardware is great introduction into smart phone class devices.

Harald Welte who did this lecture and who we know from iptables, Openmoko and Sputnik is now moving to Running his own GSM network by attaching Siemens BS-11 microBTS (base transciver station, that park on telco poole) to Linux using A-bis telco protocol.
Running your own GSM network and presentation files are essential material to understand why it's bad idea to forget that device needs to (cryptographically secure) verify is it connecting to right network. If you put all your intelligence and trust in network itself, you will get 3000+ pages of documentation but not security.

DECT network and phones are designed after GSM, and they can check for validity of network. Unfortunately, with cheap 23 EUR card, you can be your own base station and ask phone to ignore encryption if you want to. This involved reverse engineering chip's encryption (I told you it's easy tease days) and writing linux driver for PCMCIA card, Hardware part of lecture is in german, but slides are in english, and even without that part it's really interesting.

Advanced memory forensics: The Cold Boot Attacks provided overview of technique and special attention to crypto keys recovery from partially decayed memory. video

Console Hacking 2008: Wii Fail once more reinforced my feeling that you can't really design completely secure system. video
On the other hand, I really liked idea that Play Station 3 is only console which hasn't been hacked just because it can run Linux natively. As we all know from MD5 considered harmful today where researchers created MD5 collision for CA which got enough mention already.

coreboot: Beyond The Final Frontier is nice introduction to free bios replacement which includes utility to flash bios on most motherboards under linux called Flashrom which I must give a try. video

Scalable Swarm Robotics sometimes it really important to make real robots to test in real world. video

State of the world

One of benefits of CCC is that you can also hear a lot of topics unrelated to digital hacking.

Climate Change - State of the Science which provides great overview and points to possible solutions giving us at least some hope.
I bet you didn't know that half of people in Berlin doesn't own car...
Since there isn't official recording of lecture, I'm providing mirror of Climate Change - State of the Science stream dump for future reference.

Flying for free introduced me to wonderful world of gliders which reminded me a lot to boat sailing but in 3D.
Mirror of stream dump from Flying for free will introduce you to bits of magic that birds knew all along...

Not Soy Fast: Genetically Modified, Resource Greedy, and coming to a Supermarket Near You explains a lot about soy that we or our animals eat. video

Life is a Holodeck! is one of rear lectures that I would really like to see myself because streams of holograms can't bring you real 3D feeling...
Although presenter HoloClaus is somewhat stiff at beginning it is nice overview of technologies used and current state of art which involves computer rendering of 3D objects in full color with resolution of 500 lines per millimeter. Of course, you can also make holograms from real objects if you want to have 2 tons heavy stand for it, special laboratory and SOP which includes:

• put object on 2T stand
• go to coffee for 20 minutes so it can sattle
• press button to take H1 hologram

Back to somewhat computer related topic, All your base(s) are belong to us provided me with update on current state of the art in DNA sequencers. video

Wikileaks is archival side for whistleblowers. video

See you at CCC next year?

All in all it was well spend time (and much more interesting that OSCON 2008, at least for me. Conference was very crowded, and I ended up listening to all lectures over stream and/or recording. However, being in Berlin is unique experience, but it doesn't make sense for less than 10 days, so I won't make this mistake again (hopefully) :-)

Few years ago, at our local Croatian Linux User Conference I said: "we won, it's over". However, since then I have been noticing that all interesting problems are already solved.

There are few strange people (like me) who like to do stuff which is needed (and for which people are willing to pay money regardless if it's open source or not) but aside from that it seems that there is more interest it writing third twitter or one hundred twenty fourth wiki than solving some of open problem with open source software.

Having said that, OSCON 2008 is near end, and I just left keynote speech in which Microsoft announced donation to Apache foundation. It really seems that new leadership in Microsoft will change this company in same way that IBM changed and embraced Open Source. I should have anticipated that when we got lecture about open standards from Microsoft on our last CLUC conference, but it didn't occurred to me that this is a global thrend in Microsoft.

That brings us, Open Source community, into interesting position: we no longer have clear external enemy (and comming from former Yugoslavia let me tell you how important external enemy is :-)

This situation puts me in interesting position: I could ask myself do I want to work for Microsoft (that question until now was easily answered with big bold NO). I don't have such clear answer any more (no, I'm not leaving for Microsoft any time soon :-)

It seems that people don't care any more about freedom (in FSF sense of free software) and any "open" license is just good enough. That model worked well for BSD folks for quite some time, but I do believe that critical component of Linux success was GPL license.

All in all, OSCON 2008 was good, but traveling half way around the world doesn't give me same pleasure as it once was. It might be that podcasts from lectures turned out to be good enough for me to consume conference materials or that OSCON is not right conference for me (I loved YAPC last year, and I'm not going this year which is a bit shame).

First of all, we had first ever Croatian perl workshop. Thanks to all the people who showed up, we had attendance of about ten.

Organizing a workshop event turned out to be much more work then I anticipated, and various other tasks stopped me from preparing for it as good as I should. Also, small number of people force me to re-consider my lectures about perl. On one hand, I really, really, tried to spread perl (and had good fortune of being at right place at right time to get Zagreb.pm off the ground), but with such low attendance, I must conclude that perl is used only by about 20 people in Zagreb. This seems somehow disturbing. Comparing size of Zagreb with Moscow turned out to show about same proportion, so I was just overly optimistic.

I also gave half an hour presentation about Jifty, based on Building a Jifty app in a jiffy by Kevin Falcone and showed some examples of my jifty apps (I actually didn't talk about last one, just mentioned it as integration of external javascript -- CodePress in this example).

I also have to thank to Andrew Shitov from Moscow.pm who have managed to prepare several very interesting topics which, in my opinion, made this event worthwhile. If it wasn't free I would ask my money back :-\

Ako se pitate zašto koristi Xen, razmislite o slijedećoj priči:

Miro je hacker, jedan od posljednjih ljudi koji još uvijek razumije način na koji funkcionira ovaj novi svijet 2030.

Računala su postala sveprisutna, i zapravo je nemoguće povući crtu između "prave" stvarnosti i one koju naša osjetila primaju, bilo preko implantata ili preko stvarnih fizičkih objekata kreiranih nano-tehnologijom.

To jutro počelo je kao i bilo koje drugo. Nakon polaganog buđena, šalica kave vrlo se praktično materijalizirala u Mirovoj ruci nekoliko trenutaka nakon što je otvorio oči.

Sve oko njega, sve što vidi ili osjeća, uvelike je posljedica programiranih agenata koji marljivo rade u pozadini izvršavajući se na računarskoj matrici.

Oni upravljaju svim aspektima svijeta: od grijanja i hlađena prostorija do materijalizacije novih objekata korištenjem milijunima nano-botova u zraku.

Tog jutra osjetio je lagano peckanje na zapešću ruke što je moglo značiti samo jedno: njegov novi implantat funkcionira i pokušava mu reći da su njegovi agenti preopterećeni.

Ustajući iz kreveta, blagim pokretom ruke pretvorio je zid u veliki ekran na kojem je bilo jasno vidljivo da su njegovi agenti upravo u pokretu preko računarske matrice u potrazi za slobodnim resursima.

Do trenutka kada je progutao poslijednji gutljaj kave, peckanja je nestalo. Agenti su pronašli mirniji dio matrice u kojem je bilo dovoljno slobodnih resursa. Jednom riječi, nano-mašine koje su stvorile njegovu šalicu kave trenutno su bile kontrolirane iz dijela matrice na drugom kraju svijeta.

U svijetu u kojem su svi računarski resursi dijeljeni među mobilnim agenatima, veoma je važno da postoji mogućnost migracije programa koji se izvršavaju sa jednog računarskog resursa na drugi. Početak tog trenda vidjeli smo 2005 sa prvim slobodno dostupnim virtualizatorom koji je omogućio migraciju resursa bez prekida izvršavanja: Xen.

Xen je zapravo napravljen sa otprilike takvom vizijom, a ne kao vmware killer. Nadam se da Vam je bilo lijepo na DORS/CLUC 2006!