Friday, July 15, 2016

Secure C/C++ Coding practices

Dear Software Engineers and Amateur Programmers,

In today's scenario, writing secure code is not a choice anymore, it's a necessity.

As a result of me attending Paul Ionescu's webcast "Inside the mind of a Hacker" (https://t.co/YjqiJpn7lE) (where he talks about how crackers crack their way through your code and what loopholes and vulnerabilities they exploit) and being trained overtime with strong review comments from peers laying emphasis on secure programming, I've begun giving a keen eye to best coding practices.

One such link I googled for yesterday and thought of sharing is:

The following usage in the correctly marked answer there:
strncpy(buff, "String 1", BUFFER_SIZE - 1);
buff[BUFFER_SIZE - 1] = '\0';
is actually correct and not incorrect as pointed out by one of the commenters. See for yourself to know why!
(I couldn't add a comment there due to lack of enough points to comment on StackOverflow.)

I found many instances of insecure invocation of strncpy in the open source package I am currently working on like
strncpy(buff, "String 1", sizeof(buf));
and wanted to give a alert to the maintainers/programmers if they are using such lines often in their code so that they stop making this mistake.

Will keep posting updates in this space with more such important links.

Till then,
Cheers and Happy Coding!

Tuesday, November 24, 2015

Fetching and Extending Update Access Key expiry date for IBM's POWER8 Firmware

On IBM's POWER8 systems there was no way to have Update Access Keys updated till now.

After the updated POWER8 firmware, with my commits merged to upstream candidate "next" branch of powerpc-utils's activate_firmware utility last week, and with the ongoing efforts of the Electronic Service Agent team based on my work, it will soon be possible to make the update happen on the fly on provisioning a new update-access-key to the utility.

IBM Power8 customers will also be able to look at the current UAK Expiry date to make a decision as to when to update the system with a new key and verify whether date has been updated after providing the key or not.

Quoting the man page the options added to activate_firmware utility are:

-e [keyfile]
When used with this option, the command either fetches the current Update Access
Key expiry date or sets the Update Access Key expiry date if is
provided.

The activate_firmware utility will not directly be used by the end user but by an update_flash script to view or extend the firmware entitlement date by providing a new update-access-key.


Enjoy!

Sunday, November 8, 2015

Adding as a remote to a local git repository, a pushable remote repository residing on a sshable server

Many people ask me how do I manage my work repositories since it is advisable to do all development on your PC and a headache to trace any change, from local repository to the test machine using scp or rsync each time a change is made. Fortunately, git has a easier way! The alternative is to add as a remote to a local git repository, a pushable remote repository residing on a sshable server. The steps are as follows:

//At the server's ssh
mkdir some_project
cd some_project/
git init
git checkout -b test #as we cannot push to a checked out branch at the server from our laptops.

//On my pc
git clone git/url/to/some_project.git 
cd some_project/
#Add pushable repo. which we inited on the server, as a remote to this local repo.
git remote add remote_name user@remote.server:/path/to/GIT/repo/some_project/
#check if added
git remote -vv
#Clear firewall to remote server, if needed
#push desired branch(es)(say master) to the init-ed blank repo on the remote server.
git push remote_name master 

//At the server ssh prompt to see the changes
git checkout master 
ls

Voila! There's all your work!
Next time, you make any changes, in a separate branch, you just need to perform the push step at your PC and checkout the new branch on your server :D

Virtualization: virsh basic commands


The 
virsh program is the main interface for managing virsh guest domains (or virtual machines). The program can be used to create, pause, and shutdown domains. It can also be used to list current domains. On my PC, I started off with managing new VMs using the Virtual Machine Manager GUI but when it comes to managing VMs on a headless remote server, its easier done using the text-only virsh. I find creating a fresh guest VM is the easiest using a modified xml dump from an existing VM(if one exists)

Following are some basic virsh commands I've been used to using over time-

To execute the following commands 'libvirtd' daemon should be running.

1. To see what guests are there on a particular host
virsh list 
virsh list --all

2. To define the guest
virsh define

3. To start the guest
virsh start
virsh console
or
virsh start --console

4. To shutdown the guest
virsh shutdown
forcefully
virsh destroy

5. Get the libvirt xml
virsh dumpxml > filename.xml

6. Edit libvirt xml, with this command if there are any changes then no need to 'undefine' and 'define' the domain
virsh edit

7. To undefine the guest, CAUTION: if you want your domain back, then have domainxml back up.
virsh undefine


Cues to what basic changes are to be made to create a new VM from an existing xml-dump can be taken from the following sample xml dump:
Changes to be made are highlighted (name and UUID should be changed since they should be unique on a host, UUID tag can also be omitted altogether and a fresh one will be allotted; network highlights should match):
http://pastebin.com/08032vEC

That's all in this primer! More on virsh and other domain commands can be read from virsh man page.

Friday, June 12, 2015

New Job!

Is it related to Android? No! To Java? No! To GNOME then? No, not directly. Did I spin up a company? It could have been possible, but no, it's neither that!

So what am I upto?

It is great pleasure to announce that I now work for IBM, India.

I signed the joining letter on the 12th of May, 2015. Thereafter, I have been busy setting up my work environment on my IBM provided Lenovo ThinkPad and acquainting to the new(not very) city of Bangalore. I stick to Ubuntu for my development Linux distribution there so that I don't waste time on the learning curve. I installed Ubuntu with a bunch of software needed for my official work.

I work in the Linux Technology Centre (IBM-LTC), a part of IBM India Systems and Development Labs and my primary focus would be with the RAS (Reliability, Availability and Serviceability) team on OPAL (OpenPower Abstraction Layer) and related projects.

My first assignment is to build and install the upstream kernel master and boot-test and configure that using a Virtual machine. Sounds exciting, huh? :D
So, I installed my first Ubuntu guest virtual machine on top of my host Ubuntu following these steps and am getting comfortable with using the Virtual Machine Manager. I also had to enable BIOS settings for native KVM acceleration (Virtualization Technology and VT-d feature) for the VM to run at a usable speed. Then I followed simple kernel build steps (which I reserve for some other blog-post) and after some updates to grub configuration file, I could explicitly boot into a freshly built upstream kernel 14.1.0-rc5+.

Though my development machine is an Intel x86 machine but most of my patches are going to be tested on Power 8 machines eg. for enabling some functionality on PPC machines or checking some software compatiblity for PPC architecture, so if you don't have access to those machines, you might have to believe what I have to say.

I will describe my kernel fiddles and contributions to other open source tools/utilities in the coming posts so stay tuned! I'll mostly post patches with the email id: chandni[AT_SPAMFREE]linux.vnet.ibm.com

Saturday, February 28, 2015

Tapped on phone 7 times. Now an Android developer! :D

Nothing has been really tough so far! Just some little tweaks in the build.gradle files I had to make to the sunshine app to make it run, all have been listed in the documentation of the course.

Enabled USB Debugging on my android device and to check if my computer detected the device, ran the following command to obtain some result.

$adb devices