Peace and chow,

Jacob

To get started, start up the Erlang shell (erl) with a name, I will use -sname foo in the following examples. Below is a transcript of starting up and creating a disk-based

ranok@orion:~/Desktop$ erl -sname foo
Erlang R13B01 (erts-5.7.2) [source] [smp:2:2] [rq:2] [async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.7.2  (abort with ^G)
(foo@orion)1> mnesia:create_schema([node()]).
ok
(foo@orion)2> mnesia:start().
ok

The most important call made here, create_schema, takes a list of nodes to replicate the schema table to on disk. You can add additional disk-based nodes or ram-based copies later (we’ll get to the details later). After you’ve created the schema (this will make a folder for all the Mnesia table data), you can start the application with the start function.

Now that we have the database running, we need at least one table to store the data in, we will start with a very simple record to just store simple key/value data. The nice thing about Mnesia, is that the data we store can be pretty much anything, from a simple atom to a function. We will start learning the basics from the mnesia_test module, which I have uploaded here.

The first few lines of the module start off like any Erlang code, a module declaration, what functions to export, including the QLC (Query List Comprehensions) include file (you may need to find it for your system) and a record definition:

-record(data, {key, value}).

Which will define our record for the table also named data. In the function setup_and_start/0, we tie in what we already went over with the create_table function, which in our case looks like

mnesia:create_table(data, [{disc_copies, [node()]}, {attributes, record_info(fields, data)}])

The create_table function has a number of options, the most basic of which we will deal with at the moment: the name of the new table, where and how the table will be stored and what fields the table has (this code used the record_info() function to pull those out of the data record for us). Now that we have our table, we need a way to get the data in and out of it.

Many databases provide the ability for multiple queries to be joined into one transaction to be executed atomically. Mnesia is no different, but for the most part, all queries are executed through the transaction manager (there is a dirty interface which will be discussed later), this makes working in a distributed environment much easier. The way to perform a transaction in Mnesia is to pass a fun to the mnesia:transaction() function that will atomically run.

The actual function to enter data (both insert and update) is write(Record). We wrap this into the mnesia_test:insert(Key, Val) function displayed below:

insert(Key, Val) ->
Record = #data{key = Key, value = Val},
F = fun() ->
mnesia:write(Record)
end,
mnesia:transaction(F).

To now retrieve this data back from the database, the read function is now used, the read function takes two arguments: the table name (in this case, data) and the key to retrieve. The mnesia_test retrieve function wraps this nicely for us, and is shown below:

retrieve(Key) ->
F = fun() ->
mnesia:read({data, Key})
end,
{atomic, Data} = mnesia:transaction(F),
Data.

mnesia:transaction will either return {aborted, Reason} or {atomic, Rows}, where Rows is a list of all the retrieved data. If the key we tried to retrieve could not be found, then it will return an empty list.

Say however, we want to search the table for certain values that are not the index of the table. For that there is the matching functions, the simplest of them is the match_object whose usage can be seen here:

search(Val) ->
F = fun() ->
mnesia:match_object(#data{key = '_', value = Val})
end,
{atomic, Data} = mnesia:transaction(F),
Data.

As you can see, simply fill in all the values that are known and that you want to search for, and use the ‘_’ unmatched value for all the other values. This transaction will return the same forms as the read transaction.

There is another method for filtering through Mnesia tables, which is very similar to the list comprehensions builtin to Erlang which is called QLC. The QLC version of the above function is below:

search_qlc(Val) ->
F = fun() ->
qlc:eval(
qlc:q(
[X || X <- mnesia:table(data), X#data.value == Val]
))
end,
{atomic, Data} = mnesia:transaction(F),
Data.

What the query here is doing is is returning a list of Xs where every possible X comes from our data table, and X#data.value == Val. This should be very intuitive for those of you who are familiar with list comprehensions. What qlc:q() does is form a query handle (much like a function object) which gets evaluated by qlc:eval() inside of our transaction object. Again, this will return the same values from mnesia:transaction.

Well, that about covers the basics of Mnesia, you now should be able to setup Mnesia on your computer, create a table and insert/retrieve data from it. In the next installment, we will look at distributed Mnesia and the dirty interface, which provides faster queries by bypassing the transaction manager. After that we will put all of what we’ve learned into creating a system that will take advantage of Mnesia and give a pseudo real-world problem a fitting solution. Please check back soon for the next installment!

Peace and chow,

Ranok

For a solution to the peg board problem, I found this site that documents the author’s process and a code listing. If you’re interested in the game as much (or more) than that the programmatic solution, there are also a number of statistics for possible solutions on the site.

Peace and chow,

Ranok

int foo(int a, int b) {
return a + b;
}

int main() {
return foo(3, 4);
}

Still has many layers underneath the obvious, the one I want to mention briefly today is the calling conventions. I was curious what happens when you call a function, and looking on wikipedia, I found an article that very nicely shows how many possible things could happen.

Normally in with gcc, when you call a function, the generated code pushes the arguments to the function onto the stack in reverse order, that is, last argument first, and then pushes the address of the next instruction to execute and jumps to the function. That function then can access the arguments and put it’s return value in EAX and jump back to the pushed instruction address. The caller must then clear the stack and use the EAX return value.

However, a way to optimize your code with gcc is the -mregparm=N command, which will put the N < 4 first arguments in registers EAX, EDX, and ECX respectively and push the rest onto the stack. This is much quicker since it requires less memory access. However, you must make sure to compile all your code this way, otherwise you’ll have some strange interactions when the conventions are mixed.

Peace and chow,

Ranok

The simplest way to start serving web content with Erlang is to use the inets server and the httpd service. This is a HTTP/1.1 server built into the Erlang distribution that supports some more advanced features, most interesting of all, the ability to use Erlang to dynamically generate content. It is however very poorly documented, and there are a few very annoying things I came across that I’m posting to hopefully help anyone else trying to get it working.

1. The order of modules in the {modules, []} directive matters, if you want to have mod_dir work, it needs to be specified *AFTER* the mod_alias.
2. The logging is rather horrid, the transfer.log will not log anything except for HTTP 200 for every request, even if it failed.
3. You must specify {bind_address, any} in the configuration to use the httpd:reload_config function, otherwise it will return {error, not_started}
4. If you just want to server static content, you will need at a minimum the following modules: mod_get, mod_head, mod_log, mod_actions and mod_range. However, adding mod_alias is recommended along with the {directory_index, ["index.html"]} directive to stop it from failing (HTTP 500) on a directory request.
5. To use dynamic content, create a module that exports callbacks of the form: function(SessionID, _Env, _Input). To write Str back to the client, use the mod_esi:deliver(SessionID, Str) function.

I hope that this helps out!

Peace and chow,

Ranok

Improvements:

• Added replication nodes to increase fail-safe reliability
• Added commands to the administration console to stop and live migrate applications
• Can use configuration files to assist in the start up of OSP
• Many bug fixes and documentation updates
• The HTTPd servlet example now supports large files and the HEAD command

So, please check it out and let me know what you think!

Peace and chow,

Ranok

In the new git setup, I have two branches (aside from master, which follows the SVN repository): otp and no-otp. The no-otp version is currently the stable code that runs just fine, but doesn’t take advantage of Erlang’s OTP framework. The otp branch is the more cutting edge OTP aware version, which I hope to fully migrate to soon. With full support for OTP, I should be able to use an already existing distribution platform, and more battle tested redundancy.

This evening, I fixed a long standing bug in the example HTTPd where the server would crash when opening large files due to a shortcut I took with first implementing the server. Originally, the server would read the entire file into a string and then send that to the client, as you can probably see, there is a problem when the server tries to read in a 3.9 GB file (my test file). Now, my servlet takes a much more sane approach, read in the file 1 kilobyte at time, sending that to the client before reading more. This new approach works perfectly, though I had to add some messiness for handling CGI/PHP files and different MIME types. I also added support for the HTTP HEAD command.

Peace and chow,

Ranok

One thing I like about putting your code on a site like GitHub is that it guilts you into cleaning it up. If you hope that people are going to see it, then you feel slightly pushed to make an effort to clean it up. That pressure lead me to add some installation instructions and a make file for the Firefox extension, and clean up some code.

Peace and chow,

Ranok

In the morning, Dan Kaminsky gave a brief review of the DNS exploit he found last year, and the current status of the source port randomization patch. The estimate for patch coverage was about 60% of DNS servers, though the unpatched servers are being pretty actively exploited. He also clarified his stance on DNSSEC, that he’s neutral to the technology, but feels that it can provide end to end trust, something that DNSCurve cannot do, and has a higher chance of being accepted on the root since it doesn’t require pre-operation cryptography. A big implementation hurdle that he sees is for the deployment of DNSSEC servers to be turn-key and not require extra maintenance or knowledge to use.

The following presentation was an interesting one that provided a technical solution to a political problem, how to share data without compromising the data privacy, and without letting the data sharing knowing what is being searched for.

After that, a researcher from Vietnam showed how to break the facial recognition software built into laptops. Simply by taking a photo of the user, and editing it for proper lighting and tones. I got to be the lovely assistant in this presentation, enrolling my face into one of his laptops, then having him take my picture through a Skype chat, then using that picture to unlock the computer. This got the crowd laughing and very impressed with how this technology can actually sell.

The presentation on Tor did very little for me, the research was of marginal value, but the talk after with the presenter and the creator of Tor was eye opening. The most important thing I brought back from that talk was that Tor is not meant to protect you from big brother, but to keep you anonymous from the sites you are browsing, and your ISP. After I saw that shift, I was able to accept the many attacks that have come out of the woodwork over the past few years, and finally put Tor in the proper place in my cyber tool chest.

Finally, the memory snorting presentation was very slick, it seemed to be a very clever way to reuse the signature data already in existence, and be able to both analyze a saved memory dump, and also potentially find malicious code before it hits the wire.

Overall, the show was a blast, and I hope to have the privilege of attending sometime in the future.

Peace and chow,

Ranok

The keynote was very interesting as it wasn’t technical in the least, but more a call for discourse about the tough questions that the country needs to ask about how the government and private sector need to work together to protect the country’s cyber resources. It also brought to light a question regarding cyber weapons, and who is responsible to clean up the online equivalent of a Katrina.

Moxie’s presentation on defeating HTTPS was interesting, but was more leveraging holes in other aspects of the network to gain control of an SSL tunnel. Why clever and very neat to see in action, it didn’t blow me away nor was it particularly ground breaking.

After Moxie’s talk, I spent a while chatting with Dan about the advantages of DNSSEC versus DNSCurve and how take the strengths of each to find a happy medium. I hope to implement his suggestions into LadieBug (which he thought was a bad name to have ‘bug’ in the name).

I left half way through the Mac OSX presentation since it was pretty useless. The presenter assumes you have access to a Mac and can run arbitrary code/modify binaries. From my perspective, one you’ve got that, the game is pretty much over.

After lunch I made my way to the packed room where the gang from the Invisible Things Lab talked about their TXT exploit. This was a highly anticipated talk, and I must say I personally was slightly disappointed. While their findings were interesting, due to their deal with Intel, they basically gave an overview of TXT and then talking about the Q35 hack in more detail, which is old news. Esentially, the summary of their findings were that TXT doesn’t check the SMM handler, and they disassembled the handler and found a number of bugs. The need for Dual Monitor Mode or an STM as they called it seems needed, but perhaps more eyes on the SMM handler code to help find bugs.

Hailing from AFIT, the speaker for the SecureQEMU project gave an overview of using emulation to encrypt and sign code that can’t be modified from the guest. While impressive that they managed to get it working on an unmodified OS, it was slow, and not a very complex concept.

Last, but not least was a just for fun talk on satellite hacking. This one had the room laughing for much of the hour while the speaker showed us a live demo of decoding a stream from a satellite over Africa. He then showed us how laughable the security in the RFID passports is, easily cloning and modifing his son’s passport to have Osama Bin Laden’s face, and doing a MitM attack using two $15 RFID readers/emulators.

That’s all for today, check back tomorrow for a review of the next set of briefings, and as always I’ll be updating regularly on Twitter.

Peace and chow,

Ranok