DevConf.cz 2018 has ended

DevConf.cz 2018 is the 10th annual, free, Red Hat sponsored community conference for developers, admins, DevOps engineers, testers, documentation writers and other contributors to open source technologies such as Linux, Middleware, Virtualization, Storage, Cloud and mobile where FLOSS communities sync, share, and hack on upstream projects together in the beautiful city of Brno, Czech Republic.

When: Friday, January 26 to Sunday, January 28, 2018

Venue: Faculty of Information Technology (VUT FIT - Božetěchova 2, Brno)


  • Friday 17:15: at the venue there will be a surprise show, stick around!
  • Saturday 19:00: the social event starts at Fleda Club. TICKET IS REQUIRED. Tickets will be distributed each day at check-in. First come, first serve.
  • Sunday 17:00: there will be many prizes given away at the closing session.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Security & IdM [clear filter]
Friday, January 26

10:30am CET

Compliance for containers using SCAP content
Limited Capacity seats available

"SCAP (Security Content Automation Protocol) is a standard designed to support automated configuration, vulnerability checking, and security measurement.
Using OpenSCAP, an open source SCAP scanner, and SCAP Security Guide Project (SSG) a project focused on creating SCAP content for multiple platforms, this session will present how to scan and secure your containers.
However, SCAP was not designed with containers in mind and things don't fit perfectly. We will also discuss some challenges we faced regarding compliance in systems built on containers and future plans."

avatar for Gabriel Alford

Gabriel Alford

Member of the Technical Staff, Office of the Chief Technologist, Red Hat Public Sector, Red Hat
Gabriel Alford is a Member of the Technical Staff, Office of the Chief Technologist in Red Hat's Public Sector where he focuses on developing security automation technologies and security standards. He is also one of the upstream maintainers of the ComplianceAsCode and OpenControl... Read More →
avatar for Watson Sato

Watson Sato

Software Engineer, Red Hat, Inc., Red Hat
Watson Sato is a Software Engineer at Red Hat, Inc working on OpenSCAP project. He is involved on development of the OpenSCAP scanner and ComplianceAsCode content.

Friday January 26, 2018 10:30am - 10:53am CET
F-E104 Faculty of Information Technology (VUT FIT)

11:00am CET

What's new in PKCS #11 3.0
Limited Capacity seats available

"PKCS #11 3.0 is the first new major release of PKCS #11 since 2.0. There are several new features including the ability to add new functions to PKCS #11 in a backward compatible way. This feature is used to add AEAD algorithms (AES GCM, CHACHA/POLY) is a more seamless way. The feature is also used to allow better fork() semantics in PKCS #11 3.0. The talk will go over the new features in 3.0 with the idea of encouraging the adoption of those new features in open source products. The new spec is expected to be final just before dev conf. If it's not, the talk will update when the spec is expected to come out."

avatar for Bob Relyea

Bob Relyea

Principal Programmer, OASIS PKCS #11 co-chair., Red Hat
Bob Relyea is a principal programmer at Red Hat working on the Network Security System Library. Bob is also the co-chair for the OASIS PKCS #11 technical committee, having worked with PKCS #11 and PKCS #11 integration into NSS since 1995.

Friday January 26, 2018 11:00am - 11:23am CET
F-E104 Faculty of Information Technology (VUT FIT)
  Security & IdM, Presentation

11:30am CET

Unleashing the Underworld: Kerberos for Developers
Limited Capacity seats available

"Kerberos has long been a demand of the enterprise environment, and there's a
lot for security-conscious developers to like that we often don't talk about.

I'll touch on what makes Kerberos nice from a security perspective, but the
focus of the talk will be on enablement: how can you use these cool features
in your software?

Some features, time permitting, that will be discussed include: OTP and second
factor support, public key authentication, SAML/SPNEGO and web logins, python
bindings, and, of course, the more traditional authentication/encryption
routes. Expect canned demos!

Very basic familiarity with Kerberos is expected (i.e., the first two
paragraphs of the Wikipedia article), but this talk won't go very far into how
Kerberos works internally."

avatar for Robbie Harwood

Robbie Harwood

Kerberos maintainer and development lead @ Red Hat, Red Hat
Kerberos and Kerberos accessories; iteroperability, systems programming, and strong typing. Very excited about music recording and playback.

Friday January 26, 2018 11:30am - 12:23pm CET
F-E104 Faculty of Information Technology (VUT FIT)

12:30pm CET

HW Root of Trust - Trust Me, It’s Real This Time!
Limited Capacity filling up

"Secure systems are built on a layered model. You ultimately have to trust something - but what?

TPM 2.0 is a Hardware RoT (Root of Trust), including the TPM 2.0 module, the TCG Software Stack (TSS), operations it can perform, and userspace tools that simplify using TPM 2.0. We also cover the TPM 2.0 Resource Manager, a new feature that is critical to enabling multiple users and applications to use the TPM. In addition we will go over the implementation of TPM in Fedora and RHEL.

We will demo TPM using Clevis to automatically unlock an encrypted root volume on boot with the master key secured by TPM.

Beyond Clevis we will explore other uses of TPM 2.0 including Trusted Boot, secure systems identity, protected keyring, and protected certificates."

avatar for Javier Martinez Canillas

Javier Martinez Canillas

Software Engineer at Red Hat
Javier is a Software Engineer in the Desktop Hardware Enablement team at Red Hat. Lately he has been working to improve the TPM2 support for Fedora and Red Hat Enterprise Linux.
avatar for Russell Doty

Russell Doty

Russell Doty is a Technology Product Manager at Red Hat., Red Hat
Russell Doty is a Technology Product Manager at Red Hat focusing on the requirements of Internet of Things (IoT), High Performance Computing, and AI/ML - all with a strong focus on security.

Friday January 26, 2018 12:30pm - 12:53pm CET
F-E104 Faculty of Information Technology (VUT FIT)
  Security & IdM, Presentation

1:00pm CET

Why I seldom file bugs against SELinux policy
Limited Capacity seats available

From time to time, especially with new version of operating system, new errors may show up, and sometimes they are accompanied by AVC denials, pointing to errors in SELinux policy. When that happens for example in Fedora, as a good community member you might be inclined to just file bug against selinux-policy.
That might however leave the package maintainer out of the loop and not lead to proper fix. Enforcing SELinux sometimes discovers real bugs, real regressions, and it should ideally be embraced by all maintainers.
We will look at real-life examples when AVC denials have actually helped to uncover real bugs.

Presentation slides: https://www.adelton.com/docs/security/selinux-uncovers-bugs

avatar for Jan Pazdziora

Jan Pazdziora

Sr. Principal Software Engineer, Red Hat
As a member of Security Engineering Special Projects group, Jan focuses on making security features seamlessly consumable by admins and users. Lately he's been working with software identities and SWID.

Friday January 26, 2018 1:00pm - 1:23pm CET
F-E104 Faculty of Information Technology (VUT FIT)

1:30pm CET

Managing the Desktop profiles of your fleet!
Limited Capacity seats available

"This talk will go through what Fleet Commander is (and, consequently, what Fleet Commander is *not* intended for), which are the solutions proposed by the project, how Fleet Commander interacts with SSSD and FreeIPA and, plans for the future and finally provide a Demo of the current state of the project."

avatar for Fabiano Fidêncio

Fabiano Fidêncio

Senior Software Engineer, Red Hat
I'm an immigrant working as a virtualization developer, with a penchant for music, abstract tattoos, open source, old games, pigs, and goats.
avatar for Oliver Gutierrez

Oliver Gutierrez

Red Hat Software Engineer
Oliver Gutierrez is the main developer of Fleet Commander project in upstream. He lives at Canary Islands and has presented in Brno Desktop Meetup on Nov 2016 and DevConf 2017 and other local events and groups like DevOps Las Palmas. He was in love with free software and opensource... Read More →

Friday January 26, 2018 1:30pm - 1:53pm CET
F-E104 Faculty of Information Technology (VUT FIT)

3:00pm CET

Samba AD in Fedora
Limited Capacity seats available

"Samba AD is a free software implementation of Microsoft's Active Directory
solution. It took more than five years to port Samba AD to MIT Kerberos and now
it is a part of Fedora 27 release. However, the work does not stop here. Active
Directory is a complex set of technologies and one of driving factors behind
Fedora Server work is to make them easier to deploy and manage. The talk will
go into details what is needed to be done to make Fedora a preferred
distribution to deploy Samba AD."

avatar for Alexander Bokovoy

Alexander Bokovoy

Sr. Principal Software Engineer, Red Hat
Sr. Principal Software Engineer at Red Hat, working on security and identity management. Actively participates in FreeIPA, SSSD, Samba, and many other free software projects targeting an open source enterprise environments.

Friday January 26, 2018 3:00pm - 3:53pm CET
F-E104 Faculty of Information Technology (VUT FIT)

4:00pm CET

Can developers use OpenSSL?
Limited Capacity seats available

"Last year, we asked 90 developers to generate/validate certificates using the command line OpenSSL. Why didn't they succeed? What do people think of the interface? What's wrong with the manual page and what do online tutorials lack? And what can be changed to improve the situation?

In our research, we focused on API of OpenSSL, a widely-known cryptographic library. We'll present multiple insights from the DevConf 2017 research booth, answering the questions from the previous paragraph.

We use OpenSSL as a real-world example to spark conversation on usable security. How to make products that are not only computationally secure but also usably secure for the end-users (be it your system administrator or your granny)?"

avatar for Martin Ukrop

Martin Ukrop

researcher, teacher, Masaryk University
Passionate about usable security, user experience, teaching and experiential learning. Actively organizing educational events in the community "Instruktoři Brno". Ceaselessly fascinated by the world.

Friday January 26, 2018 4:00pm - 4:53pm CET
F-E104 Faculty of Information Technology (VUT FIT)
Sunday, January 28

11:00am CET

SELinux Loves Modularity
Limited Capacity seats available

"The current Fedora approach to delivering SELinux policy is to deliver the
entire distribution policy in a single RPM package. This approach worked well
when SELinux was first introduced, but as the legacy Fedora model starts to
shift towards a decomposed, modular approach so should the Fedora SELinux
policy. This talk will introduce the SELinux Modularity concepts, including
a discussion of why the change is necessary and the advantages of shipping,
and supporting, a modular SELinux policy."

avatar for Paul Moore

Paul Moore

Kernel developer who likes playing with security things
Paul Moore has been involved in various Linux security efforts since 2004, first at Hewlett-Packard and now at Red Hat. He currently maintains the SELinux, audit, and labeled networking subsystems in the Linux Kernel as well as the userspace libseccomp library.

Sunday January 28, 2018 11:00am - 11:23am CET
C-D0207 Faculty of Information Technology (VUT FIT)

11:30am CET

Smart Cards in Linux and why you should care
Limited Capacity seats available

"Do you want to know how Smart Cards can help you improve security and work efficiently?
Smart cards are among us for decades, but they are still not widely used on daily basis by most of us, even though they provide significant advantages for both security and usability and all the tools are open source in Linux. Smart cards are no longer only credit-card sized cards, but also more practical USB dongles which are frequently combined with other features such as OTP or U2F, which can take this even further.
I will go through architecture of smart cards and show you how they can be used to simplify your work."

avatar for Jakub Jelen

Jakub Jelen

Software Engineer, Red Hat
Red Hat crypto team member, contributor to various security technologies including OpenSC and OpenSSH

Sunday January 28, 2018 11:30am - 11:53am CET
C-D0207 Faculty of Information Technology (VUT FIT)

12:00pm CET

Everyday security issues and how to avoid them
Limited Capacity seats available

"Security is hard, yet vital for any software these days. After all you don't want to become the laughing stock on hacker news or cause your company to loose billions in shareholder value. This talk won't turn you into a security specialist over night, but you will learn how to avoid common mistakes in your daily work as developer or administrator. I'm going to take you on a brief tour in secure software design, illustrate various attack vectors, and point you to helpful tools and resources. Topics include threat analysis, deployment, parsing, authentication, TLS/SSL, crypto, and user interaction, with some real life examples from my daily work.

30 minutes version from PyCon UK: https://speakerdeck.com/tiran/pycon-uk-2017-everyday-security-issues-and-how-to-avoid-them"

avatar for Christian Heimes

Christian Heimes

Principal Software Engineer, Red Hat
Christian is a long time Python developer from Hamburg/Germany and contributor to several Open Source projects such as the CPython interpreter. In the past years he has helped to keep Python secure, for example as member of the Python security response te

Sunday January 28, 2018 12:00pm - 12:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)
  Security & IdM, Presentation

1:00pm CET

User Session Recording for the Enterprise
Limited Capacity seats available

"Government, medical, financial, and other organizations need to track what users and administrators do on critical systems. Up to recording everything they see on the screen, the commands they execute, and files they access.

While there are many capable solutions for session recording, which can centrally collect, search and playback sessions, there is no such open-source code. All we have is script(1), sudo I/O logging, and TTY audit. This presentation will show an approach suitable for the modern enterprise, and will include a demo of centralized recording and playback.

The intended audience is developers, as well as system administrators and security officers responsible for maintaining critical systems and preventing insider attacks.

Short project intro: http://scribery.github.io"

avatar for Nikolai Kondrashov

Nikolai Kondrashov

Senior Software Engineer, Red Hat
A self-taught software engineer. Love working on low-level software and dealing with hardware directly. Work on CKI project at Red Hat, maintain DIGImend project, and play with embedded as a hobby.

Sunday January 28, 2018 1:00pm - 1:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)

2:00pm CET

FIPS 140-2 Compliance for Developers
Limited Capacity seats available

"The presentation will start with a short introduction to the FIPS 140-2 US government standard, the reasons why it exists and what are the high level implications it has on the FIPS validated cryptography modules. It will also shortly describe what is the work done by Red Hat as the vendor of multiple FIPS validated modules to be able to obtain the FIPS validation.
The main focus of the presentation will be on developers that wish to use cryptography in applications for various reasons - encryption of data, protection of its integrity through message digests and signatures, secure communication via TLS. In this part it will be shown what are the most important things to follow to be able to claim that the cryptography-using application is FIPS compliant."

avatar for Tomáš Mráz

Tomáš Mráz

Principal Software Engineer, Red Hat
Tomáš Mráz is long time developer and package maintainer of security related software in Fedora and Red Hat Enterprise Linux, he also participates in the upstream OpenSSL community as a member of the OpenSSL committers team.

Sunday January 28, 2018 2:00pm - 2:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)

3:30pm CET

Enabling SELinux.
Limited Capacity seats available

"Talk describing how to bring Proactive security to your systems by ensuring that SELinux is enforcing the security policy. This process comprises of steps like relabeling files (i.e. fixing SELinux labels on the system), handling potentional SELinux denials in Permissive mode in which Security policy is not enforced. I'll explain how to have SELinux under control using our userspace tooling. The talk will conclude by showcasing how the changes done during this talk can be distributed to multiple systems using ansible."

avatar for Lukas Vrabec

Lukas Vrabec

Senior Software engineer & SELinux technology evangelist, Red Hat
Lukas Vrabec is a Senior Software engineer & SELinux technology evangelist at Red Hat. He is part of Security Controls team working on SELinux projects focusing especially on security policies. Lukas is author of udica, the tool for generating custom SELinux profiles for containers... Read More →

Sunday January 28, 2018 3:30pm - 4:23pm CET
C-D0207 Faculty of Information Technology (VUT FIT)

4:30pm CET

Smart Card authentication in Identity Management
Limited Capacity seats available

"Authentication is a major component of security, but is often implemented as a password-based solution even though stronger and more secure alternatives exist.
This talk will explain the risks associated to password-based authentication, describe the advantages of two-factor authentication, and demonstrate how open source software such as FreeIPA (http://www.freeipa.org) can help deploy an infrastructure for Smart Card authentication with X509 certificates."


Sunday January 28, 2018 4:30pm - 4:53pm CET
C-D0207 Faculty of Information Technology (VUT FIT)