MagicalTux in Japan

Geekness brought me to Japan!

Xilinx Virtex 7 (VC707 board) first steps

May 8

Posted by MagicalTux in Geek Attitude, Hacking | No Comments

FPGA are an option I see the best for our future in terms of computing. Right now programming a FPGA is still a pain, but it’ll be easier with time, and enables developers access to a power they do not usually get to touch. I decided to give FPGA programming a try and acquired the Xilinx VC707 test board. That board has a lot of ports, making it perfect for a wide range of things.

The first step is, of course, to get the included software to run on Linux. Being a Linux Gentoo user (and this kind of software being usually targeted at outdated RedHat releases) I was ready for some trouble.

Strangely enough, the installer actually worked (mostly) and installed almost all the files in /opt/Xilinx. The drivers didn’t install (some not at all, some a bit) but the soft was mostly running fine. At first I was troubled because this seemed to require a thing called WinDriver. Someone made an opensource implementation of this, but in the end the VC707 does not use this at all, so I didn’t need to get it working.
What the VC707 is using is Digilent hardware, and the driver on Linux segfaults instantly when you try to use it. Searching on Google finally led me to someone with the same issue who had a really simple – and working – fix.

To run Xilinx ISE, you need first to setup the environment on Linux, and the fix for Digilent driver is part of the env, so I’ve put everything in the same file.

export LD_PRELOAD=/usr/local/lib64/digilent/adept/libdpcomm.so.2
source /opt/Xilinx/13.4/ISE_DS/settings64.sh >/dev/null

This makes ISE working just fine on Linux Gentoo. I had a lot of trouble getting Digilent’s lib working fine, and I’m considering writing a Gentoo ebuild for this, as it’ll make it much easier…

Anyway I was able to compile my first VHDL program (something as easy as GPIO_LED_0 <= GPIO_SW_N and GPIO_SW_S) and run it on the board, so now I’m ready for more complex stuff!

Tags: , , , ,

Dell iDRAC6 troubles with a R410

Feb 14

Posted by MagicalTux in Geek Attitude | No Comments

Today I’ve been busy with many things. One of those things was to get a new Dell PowerRack R410 working. Everything went fine, except the iDRAC/IPMI interface was not working at all.

After a lot of research I found people having the same kind of troubles in US, and usually with responses such as “try to restart it” or “get Dell to change the motherboard”.

Being in Japan, asking Dell to change the motherboard would take time (we’re talking about ~2 weeks delivery for a server, since Dell has no hardware in Japan, I don’t even want to know how long it’d take to replace a piece of hardware). Since I don’t think Dell sent us a broken piece of harware, I tried searching more, and finally found something!

The issue is that the management firmware option is not enabled on the Broadcom network adapter!

A French user had the same user, and Dell France gave him a much more interesting answer than Dell US. It’s made for Windows, but I got it to work on Linux by having their image tool create a hard disk image file and dd it to a USB key. I guess using an existing USB MSDOS disk would work just fine too, I was just too lazy to search more once I saw the Dell diagnostics tools were not used.

  1. Download the Dell diagnostics image creator
  2. Download the Broadcom DOS utility
  3. Run the Dell diagnostics image creator and create a (writable) device (such as a USB disk, it’ll be just fine).
  4. Extract the Broadcom DOS utility, and copy the DosUtils\Userdiag\NetXtremeII folder contents (except install.zip) on your USB stick
  5. Reboot the Dell server on your USB disk, which is now a USB boot disk
  6. When it boots, the Dell diagnostics disk offers you a menu, choose 4 to be dropped to the MSDOS console
  7. By default you are on D: (the virtual disk where the disk decompressed some tools). Type “C:” to switch back to your USB key
  8. Run: uxdiag -t abcd -mfw 1
  9. You’re done. You can reboot normally and format the USB key (or keep it in case you have to do that again). Enjoy your finally working iDRAC!

Note: those instructions are to be used on Dell PowerRack R410. It could or could not work on other Dell servers. My guess is it’ll work on all Dell servers using Broadcom NetXtremeII adapters. For other Broadcom devices, see the other folders on the Broadcom DOS utility archive. If your server asks you if it’s OK to self destruct, you’ll most likely want to say “no”. Always consult your Dell customer support if you are unsure of what you are doing.

Tags: , , , , ,

EU Business Register: “We will f*** you, you signed for it!”

May 10

Posted by MagicalTux in IRL | No Comments

I already saw this spam a lot of times, but this time I decided to look a bit more into it. Some “Spanish” company (with its domain registered with a Chinese domain provider and a site hosted in Romania) is sending “update forms” for people to fill, sign and send back. They make the payment part non-obvious by stating in bold “updating is free of charge”, but in the small print, you’ll see that “by signing you subscribe for 3 years”, “subscription is automatically renewed every year” and “it costs 995€/year”.

So, if you are dumb enough to just look at the document, fill and sign (hey, it’s free), you’ll receive a nice invoice soon after (hey nice, you signed to pay 995€/year, we got your acceptance here!).

I’m not a lawyer, however I guess they can’t legally do anything as the document is misleading, sent as spam and does not clearly state the company handling it (neither do their website), so if you signed it, you are most likely safe not paying them (it should be possible to sue them for misleading offer or something in front of an EU court, but most likely not in Spain anyway).

In the meantime you can browse http://www.eubusinessregister.com/ and laugh at those who were dumb enough to sign and get their company inserted in there for 995€/year.

Tags: , ,

New VPS service: AutoVPS

Jan 22

Posted by MagicalTux in Tibanne | No Comments

We have finally launched AutoVPS, which acts as a VPS service providing hosts in Europe (other countries will come around april).

We have been trying various VPS solutions for the past year or so, and have found that “virtual VPS” (which I’ll call VVPS) with solutions like OpenVZ are absolute bullshit. Memory limitations are hard to understand for users, stuff like tunnels won’t work fine, and only linux is possible (no BSD or Windows)… It has many advantages however: we can dynamically change the available memory, hard disk, etc… After a lot of thoughts we have decided the advantages were not worth the problems to our customers, and went for a more traditional approach.

All the operations there are 100% automated, and the VPS servers are available a few minutes after the order (time required to copy over the debian image and boot it). Implementation is currently via Xen/QEmu, however the VPS we’ll launch in April will have a different structure (it will be possible to migrate from the current offers to the new ones).

To install other OSes than Debian (or Debian + Froxlor) you can use the virtual CD-ROM loader to “insert” one of the CD-ROMs we provide in the VPS, then reboot on the vps (usually you have to stop, then start again the VPS for this to work). Fedora, OpenSuse, CentOS and others are available in the list. We also have Windows 2008 R2, and will be selling licenses shortly (you can already get one by asking the support).

Anyway to see for yourself, visit AutoVPS now!

Tags: , ,

Facebook Hacker Cup 2011 Qualification Round: the PHP code

Jan 11

Posted by MagicalTux in Hacking, PHP | No Comments

I wrote about how I completed the 3 exercices of Facebook’s Hacker Cup 2011 qualification round in my previous posts (Double Squares, Peg Game and Studious Student) and now I’ll provide the code I wrote. Since the Facebook qualification round ended, I guess it’s safe to post, and will allow people who have kept their input and output to really confirm if they won or not (it seems some people receive mails saying they do, then saying they don’t… looks like the Hacker Cup was hacked together a bit too quickly).

As I said previously in the Double Squares post, the concept was not to make nice code or think for a long time, but complete the exercices as fast as possible to have a correct output before everyone else. Instead of optimizing the code and write nice long comments, I wrote code that would provide the correct output with the minimal amount of coding efforts (which was achieved by being brutal). Because of this the code is almost not commented. If you want to understand what you see, you’d better look at the appropriate posts.

The code is meant to be run from PHP command line, using the php interpretor, or using php’s cgi binary (with flag -q). It should work with PHP 5.1+ (I use PHP 5.3) and will produce the output for the .txt file with the same name.

Instead of reading the number of entries in the file (first line) I ignored it and will just read each file until I reach EOF, ignoring empty lines (like the final line). There might be some ugly hacks, but it wouldn’t be a Hacker Cup without some hacks.

The code, in a 23kB .zip file

Remember that this was written as fast as possible. The goal was not to make nice code, but to make code quickly. It will work and produce correct output given any valid input data.

I’ll be back next week!

Tags: , , ,

Facebook Hacker Cup 3/3: Studious Student

Jan 11

Posted by MagicalTux in Hacking | 8 Comments

After talking about Double Squares and Peg Game, here is the last of the serie: Studious Student.

At first it may look like the easiest problem, however there is a trap here. Reading the problem quickly may let you think “oh, I just do alphabetical order and stick the words together”, but no. If you think that you’re doomed. I say that because I saw an example code on internet (in Java) which does exactly that while claiming to provide the right answer for this Facebook puzzle.

Facebook helped you a lot by putting this special case in the examples provided in the page (if it was me, I wouldn’t give it out that easily). Let’s have a look at this example:

5 jibw ji jp bw jibw

If you just order this in alphabetical order, you get “bw ji jibw jibw jp”, but this is not the right answer. The right answer would be “bw jibw jibw ji jp”. That’s because alphabetical order will count a word which is equal to the beginning of the next word as having precedence. This rule is irrelevant here since all the words are concatenated into a single string.

At this third problem I was still feeling brutal, so I wrote another bruteforcing code. I noticed the maximum of word count was rather low (9 words) which makes bruteforcing a viable solution again. Going through all the possible permutations for a given set is easy (with some recursive function calls) and with only 9 elements to play with, the maximum number of values I would have to test was 362880. Of course it’ll take some time, but not that much (actually it took 30 seconds to run in PHP).

I just generate every single possible permutation, and I compare it with my “current lowest”. If the new one is lower I replace the “current lowest”, then continue to the next value. Simple. And provides the expected result.

~

As I said my only regret here is having Facebook include the trap in the example values given on the page. But still, it must have cleared a lot of the “I never read exercice texts” guys.

So, that’s all for now. I’ll be doing this again next week after the first round!

Tags: , , ,

Facebook Hacker Cup 2/3: Peg Game

Jan 11

Posted by MagicalTux in Hacking | 2 Comments

Continuing my previous post, let me explain the second game now: Peg Game.

The concept is simple: there is a board with pegs, and a ball falls from the top. Each time it hits a peg, it has 50% chances of going to the left, and 50% chances going to the right, except if one of the directions is not available (the peg is on the side of the board). Sometimes pegs are missing (the board is old) and in this case the ball has nothing to hit, and has 100% chances of falling (gravity helping). The first and last lines of pegs are guaranteed intact. Also the board size is variable (but the first and last lines will always be wide lines).
The goal is to find the entry point with the most chances of arriving to a given exit.

Since I’m still in my “let’s be brutal” mood, I’ll be using a brutal way of solving this problem. I’ll be tracking chances from each entry point (holes between pegs on the first line), processing line after line until I reach the end, then I’ll check probability at goal point for each entry point and take the best one.

By checking the examples provided by Facebook I noticed that if two entry point have the same highest probability of win, the left-most one is to be taken.

For example a 5×5 board looks likes this:

 | | | |
x x x x x
>x x x x<
x x x x x
>x x x x<
x x x x x
 | | | |

On this 5×5 board, we have 4 entry points, and 4 exit points, indexed starting at zero. Missing peg coordinates ignore empty space.

For this exercices too I decided to go with PHP, and have some fun bruteforcing every possible outcome for all the entry points, in order to then select the outcome most fitting for our need (best chances of reaching goal).

The first step is to create a in-memory representation of the board (including missing pegs). I decided to use two dimentional arrays, and use the value to know what I have in a given place: nothing (false), a peg (true) or the board limits (NULL). A 5×5 board will be represented as a 9×5 array (I take empty spaces into account).
I then initialize my “probability” array for the first line, in which the probability of my ball being in column 1 when dropped in column 1 is 100%, etc. (probability of ball being in column 0 is 0 anyway, I coded that to avoid doing a special case for those).

I then iterate each line of my peg board through a function that will generate the new ball position probability for each initial position based on the line being analyzed. By default previous probability is inherited. If I hit a false (nothing) then nothing happens. If I hit a true (peg) in middle of board, half of the value is added to left and right cells, and current cell is set to zero, and if the peg is on the side of the board, probability is moved in the opposite direction. I shouldn’t hit NULL with a non-zero probability, but I coded it anyway (moves probability one or two cells toward the middle based on the existance of a peg or not in the next cell).

This proved to run quite fast despite using PHP (~60 seconds to run on facebook’s input file, which is less than the alloted 6 minutes) and gave the right results, which is good.

Tags: , , ,

Facebook Hacker Cup 1/3: Double Squares

Jan 11

Posted by MagicalTux in Hacking | 6 Comments

The “2011 Facebook Hacker Cup” is currently happening, and the qualification stage has just finished as I write those lines.

Since I like solving fun problems I took part and solved all 3 problems and will  be progressing to next stage. The goal here is speed (code won’t be reviewed by Facebook staff, but you need to produce results fast) so I decided to trade CPU cycles for development time. It took less time to write the code, but the CPU usage will be a bit more intensive than what it could be if I took time to optimize the code and fine more elegant ways to produce the required output.

So, let me explain the first one, called “Double Squares”. The problem here is quite simple, and revolves around the following equation:

x² + y² = a

Only a is known. x and y are both integer values between 0 and 2147483647 (0x7fffffff, the maximal value for a signed integer). The goal is not to find x or y, but to determine how many values of x and y can yield to the equation being true. And reversing values for x and y do not count as an extra solution.

First, let’s make this equation a bit easier to handle, shall we? What if we write our equation this way:

y = sqrt(a – x²)

We could then cycle through the possible values of x, compute y each time and see if it is integer. The problem makes things even easier:

  • We know the minimal value of y is 0, which means the maximal value for x would be sqrt(a). Since the maximal value for a is 2147483647, this means x will never be over 46340.
  • To avoid duplicate values of x and y we can stop as soon as y goes below x. This also means that in the worst case, we’ll have to test half of all the possibilities (23170 iterations in worst case is viable)

Looks like bruteforce is a viable solution.

My implementation in PHP needed about 200ms with the values from Facebook’s input. I was a bit disappointed it ran this fast (can’t really call it bruteforce) but at least the result is good.

Tags: , , ,

OVH: “The Wikileaks case”

Dec 4

Posted by MagicalTux in Geek Attitude | 2 Comments

Today, Octave (OVH’s founder & CTO) posted an email about Wikileaks…

Original in French:

Bonjour,
Comme vous savez certainement, le site wikileaks est hébergé sur nos infrastructures depuis hier très tôt le matin. Il s’agit d’un client qui a commandé un serveur dédié, avec les blocs RIPE et de protections contre les attaques. Sa facture payée par CB s’élève à moins de 150euro. Et donc il héberge le site wikileaks. Juridiquement parlant Ovh n’est pas l’hébergeur de ce site. Ovh est, juste, le prestataire technique de la solution technique que le client a commandé.
Bref, l’histoire est banale et quotidienne. Le système est totalement automatique et fonctionne 24 heures sur 24. Nous avons découvert comme vous tous que ce site est chez nous hier … dans la presse.
Ovh n’est ni pour ni contre ce site. La question hors sujet pour nous. Ovh est une entreprise qui fournit les infrastructures, le fameux cloud computing disponible en quelques heures …, et notre rôle est d’assurer cette prestation technique. C’est tout. On n’a pas demandé d’héberger ce site ou ne pas l’héberger. Maintenant qu’il est chez nous on assure le contrat. C’est notre boulot. Il est fonctionnel.
Compte tenu de dernières déclarations politiques, et de pressions qui commencent réellement à se sentir, même ici à Roubaix Valley, nous avons décidé de saisir le juge en référé afin qu’il se prononce sur la légalité ou pas de ce site sur le territoire français. Ce n’est pas au monde politique ni à Ovh de demander ou de décider la fermeture ou pas d’un site mais à la justice. C’est comme que ça doit marcher dans un pays de droit.
Nous espérons que le juge donnera sa décision avant ce soir ou demain. Et Ovh appliquera la décision immédiatement.
Amicalement
Octave
Translated into english (in less than 5 minutes, then fixed with the help of mourn on IRC):
Good afternoon,
As you may already know, the wikileaks website is now hosted on our infrastructures since yesterday early in the morning. It’s a normal customer who only ordered a dedicated server, with a RIPE block and protections against attacks. His invoice paid by credit card was less than 150euro. And he is hosting wikileaks. Legally speaking, Ovh is not hosting this site. Ovh is, only, the technical provider of the technical solution ordered by the customer.
Well, the story is usual and happens everyday. The process is fully automated and is working 24 hours a day. We have discovered this with you yesterday… in the press.
Ovh is not for nor against this site. The question is irrelevent to us. Ovh is a company providing infrastructures, such as our famous cloud computing available in a few hours…, and our role is to handle this technical prestation. That’s all. We didn’t ask to host Wikileaks or not. Now that it is here we follow the contract. It’s our work. It’s working.
Following the latest political declarations, and policical pressure that really begins to be felt, even here at Roubaix Valley, we have decided to refer to a judge for summary judgment to have him state the legality of this site on the french territory. It is not up to the political world nor up to Ovh to decide to close a website or not, but up to the legal system. This is how it is supposed to work in a constitutional state where the government is constrained by the law.
We hope the judge will tell us his decision before tonight or tommorow. And Ovh will apply this decision immediatly.
Amically
Octave
The “pressure” mentionned in Octave’s email is already mentionned on Reuters.
Now, I have some doubts about OVH mentionning “wikileaks is just another customer”. As a matter of fact, when ordering a RIPE IP block with OVH, the country choice is limited to some european countries (wikileaks’ ip block is stating “Australia” as a country) and the admin-c/tech-c is always OTC2-RIPE (wikileaks got its own admin-c/tech-c with its own abuse email).
IP Whois:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.
% Information related to '213.251.145.96 - 213.251.145.111'
inetnum:        213.251.145.96 - 213.251.145.111
netname:        WIKILEAKS
descr:          wikileaks.org
country:        AU
admin-c:        WL805-RIPE
tech-c:         WL805-RIPE
status:         ASSIGNED PA
mnt-by:         OVH-MNT
source:         RIPE # Filtered
person:         Wiki leaks
address:        BOX 4080
address:        University of Melbourne Branch
address:        Victoria 3052
address:        Australia
phone:          +33974760185
nic-hdl:        WL805-RIPE
abuse-mailbox:  abusesp@gmail.com
mnt-by:         OVH-MNT
source:         RIPE # Filtered
% Information related to '213.251.128.0/18AS16276'
route:        213.251.128.0/18
descr:        OVH ISP
descr:        Paris, France
origin:       AS16276
mnt-by:       OVH-MNT
source:       RIPE # Filtered

Of course there is no way to tell for sure…

Tags: ,

KDDI in Japan: new routers?

Oct 3

Posted by MagicalTux in Hacking | 1 Comment

KDDI in Japan recently started to provide new routers to people who migrate. The main change when receiving the new router is the fact there is no longer a need for a PPPoE session, which means a larger bandwidth available on the line.

However the nice shiny router provided by KDDI has not enough CPU power to route that much traffic, so like anyone else why not use a small linux box (in this kase a Kurobox Pro) and have it do the routing stuff?

Easier said than done. Our friends at KDDI really want everyone to use their modems (a BL190HW) and have added a few ways to avoid people with normal routers to use their network.

The first thing anyone will notice is the fact the router will only talk to the device with the right MAC address. That’s a quite common protection, and changing the MAC address of a device is trivial. After doing this the network works fine for a few hours then… nothing.

I then connected the router they provided and had a look at the stuff that went through on the network… and I noticed something else.

Our friends at KDDI have decided to add an extra “layer” of security: the modem will login using EAP authentication over ethernet (protocol 0x888e) using the modem’s serial number as login and an unknown secret. Since I do not have access to the modem firmware, it’s difficult to know what the secret is, however I do not want internet to go down every X hours, so I wrote an “EAP relay” which receive EAP-over-ethernet frames on two interfaces and will relay them to the other interface. The program I wrote is ugly but works.

Now I’ll work to get a copy of the firmware (if the modem indeed checks for update, it should be trivial) and analyze it to see if I can either:

  • Find how the secret is stored and/or generated
  • Locate any security exploit that would allow root access on the box
  • Crack/locate the password for the box
  • Push a modified firmware update to the router that would allow access from outside

The router introduces itself as “NetBSD/ovismips” via telnet, however refuses root login over this kind of non-secure channel…

Tags: , , , , ,