Loading…
DevConf.cz 2018 has ended

DevConf.cz 2018 is the 10th annual, free, Red Hat sponsored community conference for developers, admins, DevOps engineers, testers, documentation writers and other contributors to open source technologies such as Linux, Middleware, Virtualization, Storage, Cloud and mobile where FLOSS communities sync, share, and hack on upstream projects together in the beautiful city of Brno, Czech Republic.

When: Friday, January 26 to Sunday, January 28, 2018

Venue: Faculty of Information Technology (VUT FIT - Božetěchova 2, Brno)

Reminders:

  • Friday 17:15: at the venue there will be a surprise show, stick around!
  • Saturday 19:00: the social event starts at Fleda Club. TICKET IS REQUIRED. Tickets will be distributed each day at check-in. First come, first serve.
  • Sunday 17:00: there will be many prizes given away at the closing session.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Security [clear filter]
Friday, January 26
 

10:30am CET

Compliance for containers using SCAP content
Limited Capacity seats available

"SCAP (Security Content Automation Protocol) is a standard designed to support automated configuration, vulnerability checking, and security measurement.
Using OpenSCAP, an open source SCAP scanner, and SCAP Security Guide Project (SSG) a project focused on creating SCAP content for multiple platforms, this session will present how to scan and secure your containers.
However, SCAP was not designed with containers in mind and things don't fit perfectly. We will also discuss some challenges we faced regarding compliance in systems built on containers and future plans."

Speakers
avatar for Gabriel Alford

Gabriel Alford

Member of the Technical Staff, Office of the Chief Technologist, Red Hat Public Sector, Red Hat
Gabriel Alford is a Member of the Technical Staff, Office of the Chief Technologist in Red Hat's Public Sector where he focuses on developing security automation technologies and security standards. He is also one of the upstream maintainers of the ComplianceAsCode and OpenControl... Read More →
avatar for Watson Sato

Watson Sato

Software Engineer, Red Hat, Inc., Red Hat
Watson Sato is a Software Engineer at Red Hat, Inc working on OpenSCAP project. He is involved on development of the OpenSCAP scanner and ComplianceAsCode content.


Friday January 26, 2018 10:30am - 10:53am CET
F-E104 Faculty of Information Technology (VUT FIT)

10:30am CET

The SELinux game ( selinuxgame.org )
Limited Capacity filling up

"Learn SELinux by doing! This is a workshop session to facilitate getting started with ( http://selinuxgame.org/ ). SELinux Game provides several vagrant VMs, each with an SELinux problem. These simulate a sysadmin being called to look into a situation they can’t predict. You’ll investigate and fix these problems or determine that an intruder attempted to get in. Through this interactive workshop you will get hands on experience in working through SELinux issues.

Requirements:
Your own laptop with Vagrant 1.8.5 installed
Either Libvirt or VirtualBox already installed."

Speakers
avatar for Brian Bouterse

Brian Bouterse

Principle Software Engineer
Brian Bouterse is a Principle Software Engineer at Red Hat. He is a developer on Pulp which is written in Python and deploys Python software among other types (rpm, puppet, docker, etc). He also is a contributor to the Kombu project. Brian loves open source.
avatar for Dennis Kliban

Dennis Kliban

Senior Software Engineer at Red Hat
Dennis has been contributing to open source software since 2010. He currently contributes to Pulp (pulpproject.org). Dennis is interested in crafting tools that we all can use to improve the quality of software delivered to our users.


Friday January 26, 2018 10:30am - 11:23am CET
K-A218 Faculty of Information Technology (VUT FIT)
  Workshop, Workshop

11:00am CET

What's new in PKCS #11 3.0
Limited Capacity seats available

"PKCS #11 3.0 is the first new major release of PKCS #11 since 2.0. There are several new features including the ability to add new functions to PKCS #11 in a backward compatible way. This feature is used to add AEAD algorithms (AES GCM, CHACHA/POLY) is a more seamless way. The feature is also used to allow better fork() semantics in PKCS #11 3.0. The talk will go over the new features in 3.0 with the idea of encouraging the adoption of those new features in open source products. The new spec is expected to be final just before dev conf. If it's not, the talk will update when the spec is expected to come out."

Speakers
avatar for Robert Relyea

Robert Relyea

Principal Programmer, OASIS PKCS #11 co-chair., Red Hat
Bob Relyea is a principal programmer at Red Hat working on the Network Security System Library. Bob is also the co-chair for the OASIS PKCS #11 technical committee, having worked with PKCS #11 and PKCS #11 integration into NSS since 1995.



Friday January 26, 2018 11:00am - 11:23am CET
F-E104 Faculty of Information Technology (VUT FIT)
  Security & IdM, Presentation

11:00am CET

Next-gen container images
Limited Capacity filling up

This presentation is an overview of the tooling and techniques to produce next-gen container images! More details:

* containerized services which can be easily configured
* maintaining dockerfiles for multiple versions and distributions
* container testing
* automation of the delivery


Speakers
avatar for Tomáš Tomeček

Tomáš Tomeček

Principal Software Engineer, Red Hat
packit, containers, automation, and having all the fun


Friday January 26, 2018 11:00am - 11:53am CET
C-D0207 Faculty of Information Technology (VUT FIT)

11:30am CET

libnftables: Status Quo
Limited Capacity seats available

"When it comes to integrating nftables support into firewall-managing applications such as firewalld, in the past developers were presented with merely two options: either using the very low-level nftnl library or calling 'nft' utility and parsing its output. The latter is disapproved by the maintainer since 'nft' utility really is designed for human interaction. Making use of libnftnl on the other hand will lead to partial reimplementation of 'nft' utility internals - so not really an alternative either.

A new library named libnftables aims to solve this. The presenter will give an overview of past, current and future development as well as a status report of integration into firewalld as alternative backend to the previous combination of iptables, ebtables and ipset."

Speakers
avatar for Phil Sutter

Phil Sutter

Red Hat developer, maintaining nftables packages in RHEL., Red Hat
Long-time Linux user, studied computer scientist, software engineer at Red Hat.


Friday January 26, 2018 11:30am - 11:53am CET
B-D0206 Faculty of Information Technology (VUT FIT)

11:30am CET

Autonomous Security Agents
Limited Capacity seats available

"Computer attacks are basically driven by scripts. The reconnaissance, exploitation, collection of interesting material, and lateral movement can happen in seconds. As demonstrated at DARPA's Cyber Grand Challenge this year, computer security will have to match the speed at which attacks move through these phases. A way to do this is with autonomous security agents that monitor the system and perform actions to deal with threats. This talk will outline how this can be achieved using the audit system and machine learning techniques."

Speakers
avatar for Steven Grubb

Steven Grubb

Security Architect, Red Hat
Steve Grubb is a Senior Principal Engineer whose role in Red Hat Engineering is as a Security Architect with a focus on Security Certifications (such as Common Criteriai, SCAP, and FIPS-140) and configuration Guidance (such as DISA STIG, USGCB, and the CIS RHEL Benchmark). He also... Read More →


Friday January 26, 2018 11:30am - 12:23pm CET
A-D105 Faculty of Information Technology (VUT FIT)

11:30am CET

Unleashing the Underworld: Kerberos for Developers
Limited Capacity seats available

"Kerberos has long been a demand of the enterprise environment, and there's a
lot for security-conscious developers to like that we often don't talk about.

I'll touch on what makes Kerberos nice from a security perspective, but the
focus of the talk will be on enablement: how can you use these cool features
in your software?

Some features, time permitting, that will be discussed include: OTP and second
factor support, public key authentication, SAML/SPNEGO and web logins, python
bindings, and, of course, the more traditional authentication/encryption
routes. Expect canned demos!

Very basic familiarity with Kerberos is expected (i.e., the first two
paragraphs of the Wikipedia article), but this talk won't go very far into how
Kerberos works internally."

Speakers
avatar for Robbie Harwood

Robbie Harwood

Kerberos maintainer and development lead @ Red Hat, Red Hat
Kerberos and Kerberos accessories; iteroperability, systems programming, and strong typing. Very excited about music recording and playback.


Friday January 26, 2018 11:30am - 12:23pm CET
F-E104 Faculty of Information Technology (VUT FIT)

12:30pm CET

HW Root of Trust - Trust Me, It’s Real This Time!
Limited Capacity filling up

"Secure systems are built on a layered model. You ultimately have to trust something - but what?

TPM 2.0 is a Hardware RoT (Root of Trust), including the TPM 2.0 module, the TCG Software Stack (TSS), operations it can perform, and userspace tools that simplify using TPM 2.0. We also cover the TPM 2.0 Resource Manager, a new feature that is critical to enabling multiple users and applications to use the TPM. In addition we will go over the implementation of TPM in Fedora and RHEL.

We will demo TPM using Clevis to automatically unlock an encrypted root volume on boot with the master key secured by TPM.

Beyond Clevis we will explore other uses of TPM 2.0 including Trusted Boot, secure systems identity, protected keyring, and protected certificates."

Speakers
avatar for Javier Martinez Canillas

Javier Martinez Canillas

Software Engineer at Red Hat
Javier is a Software Engineer in the Desktop Hardware Enablement team at Red Hat. Lately he has been working to improve the TPM2 support for Fedora and Red Hat Enterprise Linux.
avatar for Russell Doty

Russell Doty

Russell Doty is a Technology Product Manager at Red Hat., Red Hat
Russell Doty is a Technology Product Manager at Red Hat focusing on the requirements of Internet of Things (IoT), High Performance Computing, and AI/ML - all with a strong focus on security.


Friday January 26, 2018 12:30pm - 12:53pm CET
F-E104 Faculty of Information Technology (VUT FIT)
  Security & IdM, Presentation

12:30pm CET

OpenShift - Access Denied
Limited Capacity filling up

"Containers are becoming the de facto standard for running applications in a cloud, which creates a growing need for a container orchestrator. This paradigm shift enables to run large and often distributed clusters efficiently. However, operators are still exposed to operating-system-level settings. Understanding how the container orchestrator works with the operating system is critical for the operation of a cluster, especially when talking about security.

In this workshop, we will briefly introduce OpenShift, persistent volumes, security context constraints, file permissions, SELinux, and how they all work together. Attendees will gain hands-on experience with genuine issues, and learn how to debug and find solutions to those issues. A laptop capable of running a VM is recommended."

Speakers
avatar for Josef Karasek

Josef Karasek

-, Red Hat
At Red Hat, Josef works on a scalable aggregated logging solution for OpenShift.
avatar for Jan Wozniak

Jan Wozniak

Software Engineer
YAMOL (yet another member of OpenShift Logging)


Friday January 26, 2018 12:30pm - 1:53pm CET
J-M104 Faculty of Information Technology (VUT FIT)
  Workshop, Workshop

1:00pm CET

Why I seldom file bugs against SELinux policy
Limited Capacity seats available

From time to time, especially with new version of operating system, new errors may show up, and sometimes they are accompanied by AVC denials, pointing to errors in SELinux policy. When that happens for example in Fedora, as a good community member you might be inclined to just file bug against selinux-policy.
That might however leave the package maintainer out of the loop and not lead to proper fix. Enforcing SELinux sometimes discovers real bugs, real regressions, and it should ideally be embraced by all maintainers.
We will look at real-life examples when AVC denials have actually helped to uncover real bugs.

Presentation slides: https://www.adelton.com/docs/security/selinux-uncovers-bugs

Speakers
avatar for Jan Pazdziora

Jan Pazdziora

Sr. Principal Software Engineer, Red Hat
As a member of Security Engineering Special Projects group, Jan focuses on making security features seamlessly consumable by admins and users. Lately he's been working with software identities and SWID.


Friday January 26, 2018 1:00pm - 1:23pm CET
F-E104 Faculty of Information Technology (VUT FIT)

2:00pm CET

Secure your Kubernetes cluster with CRI-O
Limited Capacity seats available

"Simple Signing (https://access.redhat.com/articles/2750891) is a new and simple way to sign your containers images and enforce policies around image pulls. CRI-O (cri-o.io) is a new Kubernetes container runtime which seamlessly integrates Simple Signing, thus having the ability to secure your Kubernetes nodes in a cluster.
In this talk Antonio is going to explain how containers images Simple Signing (https://access.redhat.com/articles/2750891) works. He will dive into how you can sign your containers images with GPG keys using skopeo, serve containers signatures and actually enforce policies around image pulls in your Kubernetes cluster running CRI-O as its container runtime. The talk includes a demo to recap everything explained as well."

Speakers
avatar for Antonio Murdaca

Antonio Murdaca

Senior Software Engineer, Red Hat, Inc.
Senior Engineer at Red Hat, CRI-O and Docker Core Maintainer


Friday January 26, 2018 2:00pm - 2:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)

3:00pm CET

Open Source in the US Public Sector
Limited Capacity seats available

"I propose to lead a discussion on how Open Source software is acquired, used, and talked about, within the US government. The attitudes that I will reveal are particularly those of the procurement, healthcare and military sectors of the government. Also covered will be:
- Presenting a fair case for commercial subscriptions to Open Source
- How security in Open Source software is perceived
- Challenges of non-Internet-connected hosts
- Why is government-run software always out-of-date?"

Speakers
avatar for Gabriel Alford

Gabriel Alford

Member of the Technical Staff, Office of the Chief Technologist, Red Hat Public Sector, Red Hat
Gabriel Alford is a Member of the Technical Staff, Office of the Chief Technologist in Red Hat's Public Sector where he focuses on developing security automation technologies and security standards. He is also one of the upstream maintainers of the ComplianceAsCode and OpenControl... Read More →
avatar for J. Alexander Jacocks

J. Alexander Jacocks

Sr. Solutions Architect
I've spent my entire career working with Linux. From student intern to systems administrator to my current role as a sales engineer, my love affair with Red Hat Linux/Fedora has never waned, and it powers almost everything that I do.
avatar for Martin Preisler

Martin Preisler

Sr. Software Engineer, Red Hat, Inc., Red Hat
Martin Preisler works as a Software Engineer at Red Hat, Inc. He is working in the Security Technologies team, focusing on security compliance using Security Content Automation Protocol. He is the principal author of SCAP Workbench, a frequent contributor to OpenSCAP and SCAP Security... Read More →
avatar for Derek Thurston

Derek Thurston

Sr. Solutions Architect, DoD
Derek has been using Linux and Open Source software since the mid 90's


Friday January 26, 2018 3:00pm - 3:53pm CET
A-D105 Faculty of Information Technology (VUT FIT)

4:00pm CET

Can developers use OpenSSL?
Limited Capacity seats available

"Last year, we asked 90 developers to generate/validate certificates using the command line OpenSSL. Why didn't they succeed? What do people think of the interface? What's wrong with the manual page and what do online tutorials lack? And what can be changed to improve the situation?

In our research, we focused on API of OpenSSL, a widely-known cryptographic library. We'll present multiple insights from the DevConf 2017 research booth, answering the questions from the previous paragraph.

We use OpenSSL as a real-world example to spark conversation on usable security. How to make products that are not only computationally secure but also usably secure for the end-users (be it your system administrator or your granny)?"

Speakers
avatar for Martin Ukrop

Martin Ukrop

researcher, teacher, Masaryk University
Passionate about usable security, user experience, teaching and experiential learning. Actively organizing educational events in the community "Instruktoři Brno". Ceaselessly fascinated by the world.


Friday January 26, 2018 4:00pm - 4:53pm CET
F-E104 Faculty of Information Technology (VUT FIT)
 
Saturday, January 27
 

10:30am CET

Changes in Java release process uncovered
Limited Capacity seats available

"Java is language, which turned from rapid development and innovation, to stagnation, which escalated with JDK6 being stable JDK for 6 years.
With JDK7 come an promise to speed up the development with feature-focused cycle of 2-3 years. JDK8 was in edge, and JDK9 come wrong.
Based on this experience, JDK will no longer be feature driven, and will try to release every half an year with LTS releases in 2-3 years.
This change is forcing in many interesting subjects like complete fade-in of OpenJDK (as reference implementation) with OralcleJDK. RedHat had its part in this whole process, and I will try to highlight major impacts of the new release cycle."

Speakers
avatar for jiri vanek

jiri vanek

OpenJDK contributor, RedHat
From here and there, anchoring myself in RedHat OpenJDK tea,


Saturday January 27, 2018 10:30am - 10:53am CET
E-G202 Faculty of Information Technology (VUT FIT)

10:30am CET

Future of signatures in RPM
Limited Capacity seats available

"RPM's ideas about signatures are still from the last century. In this workshop we will collect and discuss ideas and use cases for a more modern approach to package signing. A signature should not just verifying that the package was not modified since the signature was applied.

A signature could indicate that a package
* was build properly
* has passed automatic testing
* passed QA
* belongs to a distribution, release or update
* was tested by the user's QA
* passed staging
* ...

So there are many areas where such signatures could be added or checked and we hope for feedback from all these areas.

Goal of the workshop is to come up with a more clear view on the topic
and being able to design and implement a new frame work for handling
signatures in RPM."

Speakers
avatar for Florian Festi

Florian Festi

RPM upstream developer, Red Hat
RPM upstream developer
avatar for Panu Matilainen

Panu Matilainen

RPM upstream developer
Red Hat engineer since 2007
avatar for Pavlina Moravcova Varekova

Pavlina Moravcova Varekova

RPM upstream developer
Red Hat engineer since 2016


Saturday January 27, 2018 10:30am - 11:53am CET
I-M103 Faculty of Information Technology (VUT FIT)

12:30pm CET

Scalable cloud IDE with Eclipse Che and OpenShift
Limited Capacity seats available

"Eclipse Che is a browser-based IDE providing on-demand workspaces that include runtimes and IDEs. It is powered by a RESTful workspace server (with Docker, OpenShift of Kubernetes as underlying infra), plug-ins for languages, framework, and tools.


In this session, we will demonstrate how to boost the power of Eclipse Che with Keycloak to build a collaborative developer environment. We will also discuss how to manage teams, groups, organizations, and permissions for fine-grained access to APIs and resources.


[1] https://www.eclipse.org/che/
[2] http://www.keycloak.org/
[3] https://www.openshift.com/"

Speakers
SK

Sergii Kabashniuk

Principal Software Engineer at RedHat, RedHat
Principal Software Engineer at RedHat


Saturday January 27, 2018 12:30pm - 1:23pm CET
E-G202 Faculty of Information Technology (VUT FIT)

2:00pm CET

An introduction to kernel hardening
Limited Capacity seats available

"Kernel developers have always been concerned with fixing bugs, especially when those bugs have security implications. There's been an effort recently towards more proactive security efforts to eliminate the severity of certain types of bugs. This effort has been given the name the Kernel Self Protection Project (KSPP). The goal of this talk is to give a brief introduction to kernel security and discuss both the technical and non-technical challenges to making the kernel more secure, including why this hasn't happened sooner."

Speakers
avatar for Laura Abbott

Laura Abbott

Fedora Kernel Engineer, Red Hat
Laura is currently employed Red Hat as a Fedora Kernel Engineer. She thinks kernels are really cool, even when they crash. Her day-to-day work involves bug fixes, tending the Fedora kernel releases, and other development work for the benefit of Fedora.


Saturday January 27, 2018 2:00pm - 2:23pm CET
B-D0206 Faculty of Information Technology (VUT FIT)
  Kernel, Presentation

2:00pm CET

Qemu Sandboxing for dummies.
Limited Capacity seats available

"Qemu sandbox is a security feature that filters system calls from the guest to the host avoiding possible malicious exploits. The filter uses libseccomp that uses the in-kernel seccomp filter. The main goal of this talk is to spread the feature to a broader audience, expecting them to use, test and improve the security of virtualization when using Qemu."

Speakers
avatar for Eduardo Otubo

Eduardo Otubo

Senior Software Engineer, Red Hat
Eduardo works and uses Linux for over a decade. Worked for 6 years for the Linux Technology Center at IBM and now works for Red Hat.


Saturday January 27, 2018 2:00pm - 2:23pm CET
G-E105 Faculty of Information Technology (VUT FIT)

2:30pm CET

Synchronizing images with casync
Limited Capacity seats available

"casync is a novel tool for delivering OS images across the Internet. While there are many tools like this around, casync has some features that set it apart. In this talk we'll discuss why it is useful for delivering your IoT, container, application or OS images, and how you can make use of it."

Speakers
avatar for Lennart Poettering

Lennart Poettering

Sr. Software Engineer
Lennart works on systemd


Saturday January 27, 2018 2:30pm - 3:23pm CET
A-D105 Faculty of Information Technology (VUT FIT)

4:30pm CET

Logs/Metrics gathering with OpenShift EFK Stack
Limited Capacity seats available

"OpenShift provides an EFK (Elasticsearch, Fluentd, Kibana) logging service which can be used for non-containerized as well as containerized applications. We will present an introduction to this service, a short how-to get it running, and a description of the openshift-ansible playbooks used to configure it for production purposes.
We will describe a couple of different deployment scenarios to collect logs from infrastructure services like oVirt and OpenStack. We will give a brief demonstration of Kibana, troubleshooting Elasticsearch with Kopf and how to monitor Elasticsearch using Prometheus. We will describe the lessons learned. Finally, we will present some short term and longer term plans for the project."

Speakers
avatar for Josef Karasek

Josef Karasek

-, Red Hat
At Red Hat, Josef works on a scalable aggregated logging solution for OpenShift.
avatar for Jan Wozniak

Jan Wozniak

Software Engineer
YAMOL (yet another member of OpenShift Logging)


Saturday January 27, 2018 4:30pm - 4:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)
 
Sunday, January 28
 

11:00am CET

SELinux Loves Modularity
Limited Capacity seats available

"The current Fedora approach to delivering SELinux policy is to deliver the
entire distribution policy in a single RPM package. This approach worked well
when SELinux was first introduced, but as the legacy Fedora model starts to
shift towards a decomposed, modular approach so should the Fedora SELinux
policy. This talk will introduce the SELinux Modularity concepts, including
a discussion of why the change is necessary and the advantages of shipping,
and supporting, a modular SELinux policy."

Speakers
avatar for Paul Moore

Paul Moore

Kernel developer who likes playing with security things
Paul Moore has been involved in various Linux security efforts since 2004, first at Hewlett-Packard and now at Red Hat. He currently maintains the SELinux, audit, and labeled networking subsystems in the Linux Kernel as well as the userspace libseccomp library.


Sunday January 28, 2018 11:00am - 11:23am CET
C-D0207 Faculty of Information Technology (VUT FIT)

11:30am CET

Smart Cards in Linux and why you should care
Limited Capacity seats available

"Do you want to know how Smart Cards can help you improve security and work efficiently?
Smart cards are among us for decades, but they are still not widely used on daily basis by most of us, even though they provide significant advantages for both security and usability and all the tools are open source in Linux. Smart cards are no longer only credit-card sized cards, but also more practical USB dongles which are frequently combined with other features such as OTP or U2F, which can take this even further.
I will go through architecture of smart cards and show you how they can be used to simplify your work."

Speakers
avatar for Jakub Jelen

Jakub Jelen

Software Engineer, Red Hat
Red Hat crypto team member, contributor to various security technologies including OpenSC and OpenSSH


Sunday January 28, 2018 11:30am - 11:53am CET
C-D0207 Faculty of Information Technology (VUT FIT)

12:00pm CET

Everyday security issues and how to avoid them
Limited Capacity seats available

"Security is hard, yet vital for any software these days. After all you don't want to become the laughing stock on hacker news or cause your company to loose billions in shareholder value. This talk won't turn you into a security specialist over night, but you will learn how to avoid common mistakes in your daily work as developer or administrator. I'm going to take you on a brief tour in secure software design, illustrate various attack vectors, and point you to helpful tools and resources. Topics include threat analysis, deployment, parsing, authentication, TLS/SSL, crypto, and user interaction, with some real life examples from my daily work.

30 minutes version from PyCon UK: https://speakerdeck.com/tiran/pycon-uk-2017-everyday-security-issues-and-how-to-avoid-them"

Speakers
avatar for Christian Heimes

Christian Heimes

Principal Software Engineer, Red Hat
Christian is a long time Python developer from Hamburg/Germany and contributor to several Open Source projects such as the CPython interpreter. In the past years he has helped to keep Python secure, for example as member of the Python security response te


Sunday January 28, 2018 12:00pm - 12:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)
  Security & IdM, Presentation

1:00pm CET

Using Fedora and OSTree for IoT
Limited Capacity filling up

"OSTree on Fedora can now handle multi platform, and a number of other issues with using Fedora IoT have improved which means we can start to accelerate the IoT SIG and engage in the wider community with usable demos. Where are we and where do we envision being in time for Fedora 28 and what's the short to medium roadmap"

Speakers
avatar for Peter Robinson

Peter Robinson

Principal IoT Architect @ Red Hat, Red Hat
Peter is the lead architect for device edge and IoT at Red Hat. He's focused on industry standardisation and generally trying to improve the IoT space. He's actively involved in the wider Fedora Linux and arm ecosystems. In his spare time he likes to cook and trying to work out how... Read More →


Sunday January 28, 2018 1:00pm - 1:23pm CET
H-E112 Faculty of Information Technology (VUT FIT)

1:00pm CET

User Session Recording for the Enterprise
Limited Capacity seats available

"Government, medical, financial, and other organizations need to track what users and administrators do on critical systems. Up to recording everything they see on the screen, the commands they execute, and files they access.

While there are many capable solutions for session recording, which can centrally collect, search and playback sessions, there is no such open-source code. All we have is script(1), sudo I/O logging, and TTY audit. This presentation will show an approach suitable for the modern enterprise, and will include a demo of centralized recording and playback.

The intended audience is developers, as well as system administrators and security officers responsible for maintaining critical systems and preventing insider attacks.

Short project intro: http://scribery.github.io"

Speakers
avatar for Nikolai Kondrashov

Nikolai Kondrashov

Senior Software Engineer, Red Hat
A self-taught software engineer. Love working on low-level software and dealing with hardware directly. Work on CKI project at Red Hat, maintain DIGImend project, and play with embedded as a hobby.


Sunday January 28, 2018 1:00pm - 1:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)

2:00pm CET

FIPS 140-2 Compliance for Developers
Limited Capacity seats available

"The presentation will start with a short introduction to the FIPS 140-2 US government standard, the reasons why it exists and what are the high level implications it has on the FIPS validated cryptography modules. It will also shortly describe what is the work done by Red Hat as the vendor of multiple FIPS validated modules to be able to obtain the FIPS validation.
The main focus of the presentation will be on developers that wish to use cryptography in applications for various reasons - encryption of data, protection of its integrity through message digests and signatures, secure communication via TLS. In this part it will be shown what are the most important things to follow to be able to claim that the cryptography-using application is FIPS compliant."

Speakers
avatar for Tomáš Mráz

Tomáš Mráz

Principal Software Engineer, Red Hat
Tomáš Mráz is long time developer and package maintainer of security related software in Fedora and Red Hat Enterprise Linux, he also participates in the upstream OpenSSL community as a member of the OpenSSL committers team.



Sunday January 28, 2018 2:00pm - 2:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)

2:30pm CET

How to build modern server infrastructure
Limited Capacity filling up

"In TechFides we implement bigger web applications for demanding customers who wants to have stable enviroments with great on time delivery. That means we need to have strong, stable, secure and fast server infrastructure. I will describe our lessons learned, I will present the most important parts, integrations and tools we are using and I will tell you something more about the big blackout in OVH (The number 3 internet hosting company in the world) which affects thousands IT projects in Europe."

Speakers
avatar for Matouš Kutypa

Matouš Kutypa

Co-founder of TechFides, TechFides
During my studies on FIT VUT I worked in several fast-growing companies, and then I worked as IT consultant. Now, as a co-founder, I am fully committed to TechFides, where we are building new IT projects primarily for global startups.


Sunday January 28, 2018 2:30pm - 2:53pm CET
F-E104 Faculty of Information Technology (VUT FIT)

3:30pm CET

Executable reverse engineering 101 with Radare 2
Limited Capacity seats available

"Suffering from a lack of good free software tools, reverse engineering on Linux never been a very popular activity among hobbyists. However, more tools exist now, and we will discover how to use Radare2, a GPL set of tools to examine a wide range of binaries.
This session will present the very basics concepts behind assembly and low level languages, and show simple commands and the philosophy behind radare 2. In order to be concrete, a very simple binary will be looked at to illustrate the concepts, tools and practices, and let people be ready to tackle more complex challenges either for fun (such as a security CTF) or for more serious reasons (such as malware and exploit dissecting).

No binaries will be harmed during the presentation."

Speakers
avatar for Michael Scherer

Michael Scherer

System administrator
Michael Scherer works on the Open Source and Standards team, focusing on infrastructure issues. He lives in Paris, and he often speaks at events and gives tutorials to help open source communities.


Sunday January 28, 2018 3:30pm - 3:53pm CET
D-C228 Faculty of Information Technology (VUT FIT)

3:30pm CET

Unikernels in Action
Limited Capacity seats available

"Unikernels are a hot and contentious topic.

In this talk we will first introduce the concept of Unikernels, compare them to alternative technologies and look at developments of the last year - no revolution but various projects have advanced well.

We will see some real Unikernel demos of specialized networking applications running on Kubernetes/OpenShift"

Speakers
avatar for Michael Bright

Michael Bright

Cloud Native Solution Architect
Passionate about Serverless, Containers, Orchestration and Unikernels! British, living in Grenoble, France for 25 years. I run a Python User Group, but am more of a polyglotte, passionate about new tech.


Sunday January 28, 2018 3:30pm - 3:53pm CET
B-D0206 Faculty of Information Technology (VUT FIT)

3:30pm CET

Enabling SELinux.
Limited Capacity seats available

"Talk describing how to bring Proactive security to your systems by ensuring that SELinux is enforcing the security policy. This process comprises of steps like relabeling files (i.e. fixing SELinux labels on the system), handling potentional SELinux denials in Permissive mode in which Security policy is not enforced. I'll explain how to have SELinux under control using our userspace tooling. The talk will conclude by showcasing how the changes done during this talk can be distributed to multiple systems using ansible."

Speakers
avatar for Lukas Vrabec

Lukas Vrabec

Senior Software engineer & SELinux technology evangelist, Red Hat
Lukas Vrabec is a Senior Software engineer & SELinux technology evangelist at Red Hat. He is part of Security Controls team working on SELinux projects focusing especially on security policies. Lukas is author of udica, the tool for generating custom SELinux profiles for containers... Read More →


Sunday January 28, 2018 3:30pm - 4:23pm CET
C-D0207 Faculty of Information Technology (VUT FIT)

4:30pm CET

How does Fedora sign that? Automatically?
Limited Capacity seats available

"Over the last year, Fedora has automated the package signing. In this talk, I hope to explain how this is working, how things are secured and the future plans.
For this, I will be starting with a short summary on Sigul (https://pagure.io/sigul/) and Koji, and then discuss how Robosignatory (https://pagure.io/robosignatory) ties it all together, and how it plays with Bodhi."

Speakers
avatar for Patrick Uiterwijk

Patrick Uiterwijk

Software Engineer, Red Hat
Patrick is the Fedora Infrastructure Security Officer, responsible for all things security in the infrastructure. He also helps wherever help is needed, among which has been Bodhi.


Sunday January 28, 2018 4:30pm - 4:53pm CET
H-E112 Faculty of Information Technology (VUT FIT)

4:30pm CET

Smart Card authentication in Identity Management
Limited Capacity seats available

"Authentication is a major component of security, but is often implemented as a password-based solution even though stronger and more secure alternatives exist.
This talk will explain the risks associated to password-based authentication, describe the advantages of two-factor authentication, and demonstrate how open source software such as FreeIPA (http://www.freeipa.org) can help deploy an infrastructure for Smart Card authentication with X509 certificates."

Speakers

Sunday January 28, 2018 4:30pm - 4:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)