Hej, hej! I will be training at the Erlang User Conference 2013 in Stockholm, Sweden.
Looking forward to see you all there.

For the third year in a row, Erlang Solutions will be present at Codemotion, one of the biggest IT conferences in Italy which focuses on innovative programming languages.This year, we propose a one day hands-on workshop on the Erlang programming language. I will hold the workshop in Rome on the 20th March. The workshop is titled”Erlang: multi-core and massive scalability” and it consists of a practical overview of the Erlang programming language.

You can register to the workshop here.

./efind.sh cover
tools

Well, here is a little script which might allow you to save some time:

Enjoy.

Enjoy.

A special edition of the Codemotion conference will be held this year in Venice on Saturday the 17th November. The event is free to attend.

I will give a talk at 15.40, titled “Erlang and the Cloud”. I will be discussing the suitability of the Erlang programming language for scenarios such as cloud computing and multi-core, explaining how the concurrency model of Erlang maps to multicore architectures and what principles should be kept in mind when designing a scalable application. The Twitter hashtag for my talk is #lang06.

The talk should be interesting on its own - well, I’ll do my best - but, in case you’re still dubious about attending, let me give you three extra reasons why you should join us:

1. Erlang Solutions is hiring

We have many positions open for Erlang enthusiasts in Sweden, UK, Poland and USA. I will be able to provide you more information about our hiring process. Also, feel free to leave me a copy of your CV.

2. Free Erlang E-learning

Erlang Solutions, in collaboration with the University of Kent, has developed an e-learning platform dedicated to Erlang. The system tries to deliver, at a distance, the same high-quality interactive experience that is delivered in our face-to-face training courses. During the conference, I will give away 25 e-learning vouchers which will give you free access to our online Erlang Express course, featuring 6 hours of video lectures, exercises, quizzes and more.

3. Giveaways

Giveaways are always a pleasant surprise. Ask me for pens, stickers and weird white stuff, before I run out of stock!

See you all in Venice.

It’s possible to instruct git to fetch pull requests together with the other project branches. Simply open the .git/config file for your project and add the following line under the [remote "origin"] section:

fetch = +refs/pull/*/head:refs/remotes/origin/pr/*

To enable this behaviour for all of your git projects, simply run:

git config --global --add remote.origin.fetch "+refs/pull/*/head:refs/remotes/origin/pr/*"

To fetch all the pull requests for a project:

git fetch origin

To checkout a specific pull request (say, #53):

git checkout pr/53

Enjoy!

When I was a child, I was told:

“Study, or you’ll go nowhere.”

So I’ve studied.

After completing my academic career, I’ve been told:

“Why did you spend so much time on a degree? Don’t you know that’s a useless piece of paper? You’d better to learn a trade.”

I’ve learned a trade. Then, I’ve been told:

“What a shame. You’ve studied so many years for that trade?”

I moved ahead, and I left my job. I became penniless.

One day I was too young and inexperienced. The day after I was too old, with too much experience and too many titles.

I finally found a job. Well, not a permanent one. A temporary one, with no paid leave, no insurance, no pension, no bonuses, no severance, no rights. And I had to fight hard to keep that not-a-job. I decided not to have children, because of some sense of responsibility, and I grew up. Then I’ve been told, by someone who got his job in the 60s, when it was easy to get a job, despite of your education level:

“You are a fool, a dupe who didn’t want to grow up and raise a family”.

In the meantime, I was paying his very own pension, saying a final goodbye to mine. Tired and grown up, I decided to have a baby. I’ve been told that:

“Only an irresponsible person would have a child without a proper job and without a good economical background”.

Given that I could not kill my son, I decided to emigrate. I went somewhere else. I found a safe place, and a good job. I was feeling good. I was feeling home. But one day, when the Italian system went bankrupt, I’ve then been told:

“Why the hell did you flee? Why didn’t you help your Country?”.

At that point, There was only one very reply:

“Fuck off!”.

tryerlang.org is an interactive Erlang Shell which allows users to try the power of Erlang directly in a browser, without requiring them to install an Erlang runtime system on their machine. Even if intended for Erlang newbies, tryerlang.org has been subjected to a countless number of attacks conducted by Erlang experts who wanted to circumvent its sandboxing mechanism and to bring down the Erlang node running the application. I must admit that going through the tryerlang.org’s logs is being an highly interesting and constructive experience.

In this blog post I will present one of the most elaborated attacks performed on tryerlang.org. The attack, which exploits the Erlang External Term Representation, has been performed by a former Erlang Solutions’ employee who had access to the tryerlang.org source code. To understand how the attack works, we need to introduce the Erlang External Term Representation.

External Term Representation

In Distributed Erlang, terms can be transferred from an Erlang node to another one using the so-called binary format. Generic terms are encoded in binary from the sender using the built-in function term_to_binary/1 and restored from the receiver using the complementary function binary_to_term/2. A binary message looks like this:

<<131,100,0,6,112,105,103,101,111,110>>

Which, as you can see, represents the binary encoding of the atom pigeon.

1> term_to_binary(pigeon).
<<131,100,0,6,112,105,103,101,111,110>>
2> binary_to_term(<<131,100,0,6,112,105,103,101,111,110>>).
pigeon

The External Term Representation of Erlang terms is extensively documented in the official Erlang Documentation. Let’s see how the attacker used this concept in his own interest.

Halting the Erlang Node

To stop the Erlang node running tryerlang.org, the attacker tries at first the following command:

> erlang:halt().

This function, documented here, is supposed to halt an Erlang runtime system, indicating a normal exit to the calling environment. The function has been disabled in tryerlang.org for security reasons, so the only result the user get is the following annoying message:

"This functionality has been disabled for security reasons in tryerlang.org.".

So, the Erlang node is still up and attacker prepares himself a good cup of Swedish coffee. After a couple of minutes playing with the tryerlang.org shell, the attcker notices that tryerlang.org allows you to define custom funs. Then, the intuition. A fun, as any other Erlang term, can be encoded using the External Terms Representation. The encoded fun could then be executed. This could hopefully fool the sandboxing mechanism protecting the tryerlang.org and could open a world of possibilities to the attacker.

According to the documentation, the external representation of the fun (in the fun M:F/A format) is the following:

113 | Module | Function | Arity

Where Module and Function are atoms and Arity is an integer.

Atoms themselves can be encoded using the ATOM_EXT format:

100 | Len | AtomName

Where Len is the length of AtomName, expressed using two bytes.

For the atom erlang, which is composed of 6 characters (the letters e, r, l, a, n and g) we obtain:

100 | 0, 6 | 101, 114, 108, 97, 110, 103

Where the integers in the third section are the ASCII codes for each of the letters composing the word “erlang”.

Applying the same reasoning to the atom halt, we obtain:

100 | 0, 4 | 104, 97, 108, 116

Finally, the arity (an integer) can be encoded using the SMALL_INTEGER_EXT format:

97 | Int

So, in our case (arity = 0) we obtain:

97 | 0

Putting all the pieces together and considering that, in the External Term Representation, the byte 131 needs to be prepended to the final term, we can encode the erlang:halt/0 function into binary, obtaining:

<<131,113,100,0,6,101,114,108,97,110,103,100,0,4,104,97,108,116,97,0>>

Let’s verify that we didn’t do any mistake:

> binary_to_term(<<131,113,100,0,6,101,114,108,97,110,103,100,0,4,104,97,108,116,97,0>>).
> #Fun<erlang.halt.0>

Since tryerlang.org doesn’t support copy-and-paste from the clipboard, we need to insert the sequence above by hand.

We can bind the binary to a new variable:

> B = <<131,113,100,0,6,101,114,108,97,110,103,100,0,4,104,97,108,116,97,0>>.

We now need to convert the binary into an Erlang term. Originally, tryerlang.org was allowing the binary_to_term function in safe mode. This function has been now completely disabled after this attack. If you want to try what follows you will need to do it in your own Erlang shell.

> F = binary_to_term(B, [safe]).

Let’s now try to launch the fun as:

>F().

Well, that didn’t work as expected. tryerlang.org actually realized that the erlang:halt/0 function was going to be called and the sandboxing mechanism managed to block the execution of the command. We need to do something slightly different. For example, we might pass the newly defined fun as an argument (after all, Erlang is a functional language) to a function who would take care of executing it. As an example, we could use the library function lists:map/2. There’s only a little tiny problem with that. The list:map/2 function, in fact, requires that the fun passed as an argument receives exactly one argument. This is not the case of the erlang:halt/0 function, which has arity equal to zero. Fortunately an alternative version of erlang:halt/0 exists, taking exactly one argument. The external representation for the new function differs from the previous one by only the very last byte. Let’s forget the old value of the variable B and let’s bind it to the new binary:

> f(B).
> B = <<131,113,100,0,6,101,114,108,97,110,103,100,0,4,104,97,108,116,97,1>>.

We can now pass the new fun as an argument to the lists:map function:

> f(F).
> F = binary_to_term(B, [safe]).
>lists:map(F, [0]).

And the node dies. Well, in reality the node is almost immediately brought back by heart which is listening for heartbeats from the Erlang node itself but, hey, I have to pay a beer to this guy! :)

I wanted to share this experience with all of you. I consider it highly constructive, since it leads to reflect on several aspects of Erlang. Comments and feedback are more than welcome.

Playing with Macros

In Emacs, you can record a set of actions that you can then apply to a selected region. As an example, let’s transform the following three lines:

First Line
Second Line
Third Line

into a list of items, using a macro:

- First Line
- Second Line
- Third Line

Put your cursor on the First line, then start recording a new keyboard macro by typing:

C-x (

Jump to the beginning of the line (C-a), insert a dash followed by a space (- ) and then move your cursor down one line, so it resides on the Second Line.

Stop recording the macro:

C-x )

Now select the lines Second Line and Third Line and apply the newly recorded macro to the selected region by pressing:

C-x C-k r

You should now see the desired output.

Swapping Words

Say that you want to reverse the order of the parameter for the following function:

foo(Second, First) ->
    ok.

Position the cursor between the words Second and First. Then, press:

M-t

You should obtain the following:

foo(First, Second) ->
    ok.

Swapping Lines

Given the following two lines:

Second Line
First Line

Put the cursor at the beginning of First Line and press:

C-x C-t

You should get:

First Line
Second Line

Version Control

Emacs has support for the most common Version Control systems (e.g. SVN).

To check-in a single file directly from Emacs, simply follow the steps below:

• Press C-x v v
• Write a meaningful change comment
• Press C-c C-c

To revert changes for the current buffer:

C-x v u

To see the differences for a buffer before committing it:

C-x v =

Executing a Shell Command

If you want to execute a shell command within Emacs, you can simply type:

M-!

If you want to include the output into the current buffer, then:

C-u M-!

Clipboard History

Emacs keeps a clipboard history, allowing you to paste old clipboard entries. To utilize this function:

Press the following to paste:

C-y

And then browse the clipboard history by repeatedly typing:

M-y

Create a Numbered List

Say that you have a list of items that you want to convert into a numbered list:

first
second
third

1. first
2. second
3. third

There are many ways to achieve this. One is to use the Emacs Keyboard Macro Counter.

Position the cursor one line above your list and start registering a new macro:

C-x (

Insert a new counter value:

C-x C-k C-i.

A 0 will appear. Append a dot and a space:

. 

Move the cursor to the next line and stop registering the macro:

C-x )

Select the list of items and apply the macro to the selected region:

C-x C-k r

Delete the 0 that you added at the beginning of the list and enjoy your brand new numbered list.