Metaspora☄⁂

Fiedka the Firmware Editor

Advancing from CLIs to GUIs

This talk presents the birth of Fiedka out of utk-web, a proof of concept firmware exploration tool that runs on web platforms using WebAsseambly.
Leveraging Fiano's utk, Fiedka supports firmware developers and analysts through quick navigation and ideas from the web development world, organizing the many different views on the same image in a concise manner. For example, when looking at a typical AMD platform OEM image, there are UEFI and PSP parts. Walking through the challenges of building a suitable graphical interface with a great experience and dealing with specifics, the talk concludes with where Fiedka is at right now and what the next milestone will be, what users can do and try out already, and how to contribute on the various layers of back-end and front-end work as well conceptual ideas and feature requests.

webboot

The LinuxBoot way of multi distro ISO booting

With the growing demand and support for LinuxBoot in firmware, new approaches to booting operating systems have become possible, based on the Linux kexec mechanism. This talk walks through the process of creating an environment for booting a large set of different ISOs from various distributions, covering different methods tried and ideas that came up, concluding with how webboot eventually offers a decent and easy to use interface that can be deployed on a USB stick, tried out in a VM, or even run straight from a mainboard's firmware.

Repurposing Gadgets

In this talk, I will show you how you can approach gadgets running Linux based embedded systems, such as IP cameras, network video recorders (NVRs), wireless USB storages, and more. We will look at what typical boot flows are, ways to repurpose the devices, and go beyond what the vendors got you stuck with.

Look at ME!

Intel ME Investigation

With Intel's Firmware Support Package (FSP) and the recent release of a redistributable firmware binary for the Management Engine, it has become possible to share full firmware images for modern x86 platforms and potentially audit the binaries. Yet, reverse engineering, decompilation and disassembly are still not permitted. However, thanks to previous research, we can have a closer look at the binary data and come to a few conclusions.
This talk briefly summarizes the fundamentals of developing custom and open source firmware, followed by a quick guide through the process of analyzing the binaries without actually violating the terms to understand a few bits, and finally poses a statement on the political issues that researchers, repair technicians and software developers are facing.

LinuxBoot

Let Linux do it

Instead of proprietary UEFI firmware or other projects maintained outside a user's control, they can apply the Linux kernel to develop modern firmware based on well-tested drivers. That is the idea behind LinuxBoot.
This talk explains what this means a demonstrates application examples.

Open-Source Firmware

Firmware is found in all computing devices, including PCs, laptops, networking equipment, printers, embedded devices such as IoT and industrial controllers, mobile phones, tablets, and more. The community around open source firmware has grown over the last years, allowing for more exchange in the development and granting freedom to end users. Prominent projects like U-Boot, Tianocore, coreboot and others teach how firmware works and welcome contributions.
This talk provides an overview of the current state, an end user report, and a summary of the first Open Source Firmware Conference.

A JavaScript GraphQL Stack Built With Apollo

This talk provides a quick introduction to the GraphQL language itself, the pub-sub and request-response RPC architectures behind it, as well as schema exploration and visual documentation through GraphQL Playground.
While enumerating some use cases, the slides suggest a possible integration with existing services and showcase a set of tooling all based on JavaScript, featuring static analysis through linting, both unit and integration tests, as well as a proposal for logging and performance monitoring.

Build, Package, Distribute

Damit Services skalieren können, wird heutzutage Infrastruktur automatisiert. Doch das ist nur die halbe Miete. Wie sieht es mit der Verteilung der Software aus? Für UNIX-artige Systeme stehen seit vielen Jahren Paketmanager und Paketquellen (Repositories) bereit. Damit kann Software auf Zielsystemen schnell und einfach installiert werden, beispielsweise auf dem eigenen Rechner, aber auch beim Deployment von Services. Für manche Software sind jedoch keine Pakete vorhanden oder Anpassungen nötig, insbesondere bei eigenen Anwendungen. Deshalb stellen viele Systeme die nötigen Werkzeuge bereit, um Pakete anzupassen oder neu zu generieren.

Fail fast and succeed!

Test-Driven JavaScript Application Development

Over time, besides many libraries, lots of development tools were created for JavaScript.
This talk provides a detailed overview of the different kinds of tests, lists the applicable tools for each of them, and points out a selection for test-driven development (TDD) to allow a structured onboarding.