Things move fast in the realm of DevOps and containers, and serious system administrators need to keep up. The best way to do so may be to attend a conference or other tech event. This list helps you decide which ones are worth your time and money.
One way or the other, the world of enterprise software is changing and evolving. If you’re an IT professional, that means you need to keep a careful eye on trends, techniques, and technologies that can either help or hinder your career.
To help you stay in front of the looming tidal wave of changes sweeping across our industry, we compiled this list of conferences, summits, and events dedicated to DevOps and other critical elements of the rapidly transforming enterprise IT landscape.
Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
Hooking is a powerful programming technique for monitoring software behavior or extending functionality without altering the original code.The idea is to intercept certain events or system calls and use them to initiate your own custom code.
Hook splicing for Unix-like systems.
At Apriorit, we use hooking all the time when creating solutions for our clients, particularly in the areas of cybersecurity, data acquisition, and systems control. As part of our development efforts for Unix-like systems, we’ve created a custom solution for hooking based on the Linux splice technique (you can find decent description and splice Linux example here). We want to share it with you in this brief article.
Custom splice hooking technique for Unix-like systems
Our custom hooking technique for Unix-like systems was inspired by the popular Mhook library, the source code for which can be found on GitHub. This library is powerful for hooking, but supports only Windows platforms and includes surplus modules that aren’t acceptable for *nix.
To implement hooking in Unix, we took ideas from Mhook and modified them, increasing the flexibility and functionality of our tool in the process.
Splicing algorithm for *nix kernel
The general splicing hooking algorithm for *nix kernel hooks can be described as follows:
Store the memory from the required function pointer to the memory buffer (the size of stored memory should be equal to or greater than the jump instruction size). To get the identifier for a specific function in Linux, for example, you can use kprobes internals.
Rewrite the required function pointer with a jump instruction that contains a pointer to the hook function (“hook call” in Figure 1).
This stored buffer will be used for the original call, allowing to restore original call on the module removal or pause.
Executing an original call
Typically, we use the original function’s wrapping when replacing a function with a hook. But if an original call needs to be executed inside the hook or anywhere else, the algorithm’s approach should be modified to handle a larger buffer size.
After the original function pointer, analyze the memory via the disassembler. As a result of this analysis, you should retrieve the aligned instructions offset (the offset should be greater than the size of the jump instruction).
The memory buffer must have an executable flag (PAGE_KERNEL_EXEC). The size of the memory buffer should be calculated based on two parts: the calculated offset and the size of the jump back instruction to the memory from the original call, which stays after the inserted jump (“original call” in Figure 1).
Finally, the original function can be called by casting the stored buffer to the function’s signature and executing it.
This algorithm is visualized in Figure 1 for an x64 platform.
Advantages of this technique
Compared to existing solutions, this approach provides several advantages in terms of functionality:
Allows hooking of all available symbols in the kernel – this is especially useful if the kernel module in question works with internal kernel functions
Less noticeable to malware detectors – hooking can be used to create malware, and thus many Windows, macOS and Linux rootkit detection solutions often flag them as harmful, even if they are used legitimately. Since it’s impossible to test your hooks with all anti-malware software on the market, hooking techniques that don’t prompt false positives are all the more valuable.
Disadvantages of this technique
When we talk about disadvantages of this approach, we’re not talking about any flaws or limitations in terms of functionality, but rather about difficulties that arise in actual implementation. In this regard, there are two main disadvantages:
This technique requires a reliable disassembler, since libraries aren’t acceptable for *nix kernels.
This technique is architecture dependent, since each architecture has its own jump instructions.
Conclusion
We actively use the Unix splice hooking approach described above in projects we create for our clients here at Apriorit, particularly in the area of cybersecurity. We’ve implemented this hook type for a variety of architectures and kernel versions, including x86_64, x86, and ARM in Linux 2.6.32 to 4.10.
We hope that you find this approach useful and that you’ll be able to use some of the ideas presented in this article for your own hooking needs.
DevOps is a set of practices that automates the processes between software development and IT teams so they can build, test, and release software more quickly and reliably. The concept of DevOps is founded on building a culture of collaboration between IT and business teams, which have historically functioned in relative siloes. The promised benefits include increased trust, faster software releases, and the ability to solve critical issues quickly.
That said, implementing a successful DevOps organization requires IT leaders to think more broadly about how to spur a cultural and organizational shift within both their team and the broader organization, as opposed to simply deploying new technologies. A successful DevOps strategy requires a merged focus from both development teams and operational teams on what the company needs to meet its digital transformation objectives. Thus, it is about breaking down siloed groups of people and responsibilities, and—in their place—building teams that can multitask on technical issues and goals.
For most enterprise IT departments, using and contributing to open source projects is now a part of everyday life.
In Black Duck’s 2017 Open Source 360° Survey, 77 percent of enterprises surveyed said they use open source to build internal applications, 69 percent said that they use it to create customer applications and 69 percent said that open source powers their infrastructure. And 48 percent of those surveyed said that the number of people in their organizations contributing to open source is increasing.
A serious security memory problem in all Intel chips has led to Linux’s developers resetting how to deal with memory. The result will be a more secure, but — as Linux creator Linus Torvalds says — slower operating system.
How bad will it really be? I asked Linux’s creator Linus Torvalds, who said: “There’s no one number. It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation.”
In reviewing the top-performing articles published on Linux.com in 2017, it’s easy to see that readers are interested in articles covering various Linux distributions, event recaps, and basic command-line how-tos.
To find the best articles, we looked at the following four categories: most-read overall, most popular on our social channels, most popular event-related articles, and most-read tutorials. The top 20 list includes several distro roundups from Jack Wallen and Swapnil Bhartiya, video interviews with Linus Torvalds, and some introductions to useful Linux commands. If you missed these articles the first time, be sure to check them out now.
Submit your proposal now to speak at Embedded Linux Conference + OpenIoT Summit in Portland, Oregon, March 12 – 14, 2018. Share your expertise with 900+ technologists in the embedded Linux and IoT space.
Sign up for ELC/OpenIoT Summit updates to get the latest information:
We’re seeking a wide range of talks, from Real-Time Linux to Security; Industrial Automation to Public Infrastructure; and Linux in Automotive and IoT. Proposals are due Sunday, January 7 by 11:59 p.m. PST.
Suggested Topics for Embedded Linux Conference:
Audio, Video, Streaming Media and Graphics
Security
System Size, Boot Speed
Real-Time Linux – Performance, Tuning and Mainlining
SDKs for Embedded Products
Flash Memory Devices and Filesystems
Build Systems, Embedded Distributions and Development Tools
Linux in Devices such as Mobile Phones, DVRs, TV, Cameras, etc.
Use of Linux in Automotive
Drones and Robots
Linux in the Internet of Things
Practical Experiences and War Stories
Standards
Public Infrastructure
Industrial Automation
Suggested Topics for OpenIoT Summit:
Real-Time OS (Zephyr, RIOT, MyNewt, FreeRTOS, NuttX, mbed and others)
Certifications – Lessons Learned Taking Devices to Product
Have a great idea, case study, or technical tutorial you’d like to share? Learn more about the CFP process and submit your speaking proposal before the CFP closes on January 7.
The movement to encrypt the web reached milestone after milestone in 2017. The web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol. All web servers use one of these two protocols to get web pages from the server to your browser. HTTP has serious problems that make it vulnerable to eavesdropping and content hijacking. By adding Transport Layer Security (or TLS, a prior version of which was known as Secure Sockets Layer or SSL) HTTPS fixes most of these problems. That’s why EFF, and many like-minded supporters, have been pushing for web sites to adopt HTTPS by default.
If you go to GitHub, the most popular developer platform today, and search for a piece of code, it is a plain-text search.
“It’s like how we used to search on the web in 1996,” said Eiso Kant, CEO and co-founder at source{d}, a startup focused on applying machine learning on top of source code.
“We have been writing trillions of lines of source code across the world, but none of the systems or developer tools or programming languages we’ve designed actually learn from all the source code we have written.”
A compiler that translates a programming language into machine code that executes on the device uses a large set of rules that never take into account actual language, he said.
