31 Jan 2018
Blogs
AUSCERT at linux.conf.au 2018
Hi, I’m David, one of the information security analysts here.
Intro
AUSCERT sent me to the 2018 linux.conf.au conference with a Fairy Penguin sponsorship. It was my second time attending; the previous year, I’d taken a week’s leave and paid my own way, and was so enamoured that I convinced my new employer to send me along this time.
The real strength of the conference, to me, is being surrounded by people much smarter and more experienced than myself. (This is exactly how I pitched it to management.) And the atmosphere is so friendly that knowledge transfers quickly.
The organisers put a strong emphasis on inclusion and diversity. One of these is the “Pac-Man rule”: when standing in a circle talking, shape it like Pac-Man and leave space for someone else to join.
Speaking of speaking, the #lca2018 hashtag was pretty hectic all week. The Australia/NZ FOSS community is great to be involved with, and I’ve found it pays to follow interesting people using the tag.
I also find it’s valuable to connect with people for whom information security is part of their job, but not their core responsibility. Understanding the motivations and needs of people outside the infosec space is important to staying in the loop. Plus, they have some really cool projects.
Recordings to watch
All the talks are recorded and published free on YouTube by Next Day Video. I’m enjoying “week two” of the conference – catching up on the talks I couldn’t attend!
We’ll also replay some talks at the office over lunch. At AUSCERT, we mix infosec with data analysis, technical communication and lightweight development. Current proposals are Understanding git – even the scary parts, What is the most common street name in Australia?, Is the 370 the worst bus route in Sydney? and the Panel on Meltdown, Spectre and the free-software community.
Talks I personally recommend are every single keynote, the Meltdown/Spectre Panel, a home Kubernetes environment, automating WordPress security recovery, Tap On to Reverse Engineering, and Linux system monitoring with the Elastic Stack.
Shoutout to Alistair Chapman for his superb lightning talk on things you can do but shouldn’t with Docker.
Notes from the Spectre/Meltdown Panel
The speculative execution side-channel vulnerabilities had been leaked three weeks before the conference, so a panel was organised (and jammed into the schedule). It was a fascinating session giving perspectives from several stakeholders at several levels of the stack – hardware, kernel, OS, container, SRE and more kernel.
- Some interesting stories about responses to the embargo and patches from different parties.
- FreeBSD weren’t included in the embargo and were left scrambling to patch when it leaked.
- Small PaaS providers are stuck waiting for patches for their OS.
- Hardware vulnerabilities are very hard to resist even with containerised services.
- … but containers will make it easier when you patch.
- Some discussion of the value of embargoes of vulnerabilities.
Give the full session a watch; it’s rare to find so much diverse expertise in one room, talking semi-frankly about this.
Wrapping up
The linux.conf.au conference is a very educational week for anyone IT-adjacent, and I’d strongly recommend it. Hope to see you at #lca2019 in Christchurch!
David Lord, @dal_geek