FOSSLC is a non-profit organization that specializes in technology and know-how to record conferences with excellent quality. Click on the icons below to view great videos from communities we are actively involved with:

 

Security

Content related to information security.

Software speaks - are you listening?

in Education, Legal, Programming, SC2010, Security, Programming
Speaker: 
David Maxwell
Event: 
Summercamp2010
Abstract: 

Since the beginnings of writing, people have criticized each other's
written creations. Literary, Art, and Movie critics find full time
employment detailing the shortcomings of an author's work - or praising
it, as the case may be.

A lot of software has avoided receiving the same kind of treatment. A
relatively smaller number of people are literate in programming
languages, and the texts are often kept as corporate secrets - only the
machine-executable binaries are released to the public.

Open Source is an exception to this rule. Open Source code is published
for all to see.

Coverity is a company in the business of making tools to help people
write better software. Our tools analyze source code, looking for
coding errors, and also gathering information about the architecture
and build environments that make software systems work.

A recent ACM article entitled 'A few billion lines of code later'
describes some of Coverity's findings in the commercial environment,
and the company's open source report publications describe the results of
work done for the US Department of Homeland Security.

This talk will cover what can be learned from looking at source code.
We can discover quite a bit about the tendencies of programmers, the
limitations of their work environment, and the risks that result when
code controls critical systems like cars, medical devices, and heavy
machinery...

This talk is suitable for a general track. While the content of
the paper is somewhat technical, the talk will approach it from
a general 'what does this mean', 'why is this important' point of view.

problems does it solve? When is it not appropriate to use?

Level: 
Beginner
Time: 
2010-05-31T17:12

The NetBSD Way

in BSD, Community, NetBSD, Security, Sysadmin, BSD, Misc
Speaker: 
David Maxwell
Event: 
Summercamp2010
Abstract: 

The origins of BSD and Open Source predate the modern Linux renaissance by a decade and a half, and BSD derived codebases are still going strong. What makes a BSD community different from a Linux community? What technological decisions are given more priority in the BSD world? Why should you care, and why should you use BSD? Come and hear a new perspective. The first BSD Unix-derivative operating system was developed in 1977. Shared as Open Source from the beginning, it provided many people's first exposure to the Open Source concept - especially through its use as the basis for the original SunOS, or the reuse of its TCP/IP stack on widely varied systems (including MS Wi ndows). More recently, whole generations of Open Source developers have grown familiar with Linux as an operating system and community structure, and they've had limited, or no, exposure to BSD. The two cultures have similarities, but also many differences in their approach to community building, code maintenance, design and development, and project man agement. Many OSCON conference attendees may only have exposure to The Linux Way. Come and hear about The BSD Way, and you'll find out why BSD is still going strong, the benefits it can offer you as a user or as a developer, and why us BSD folks don't just drop it all and contribute to Linux instead.

Level: 
Beginner
Time: 
2010-05-31T16:36

Secure PostgreSQL Deployment

in PGCon, PGCon2010, Programming, Security, PostgreSQL
PostgreSQL

Location

Ottawa, ON
Canada
45° 24' 41.6592" N, 75° 41' 53.4984" W
See map: Google Maps

PostgreSQL supports several options for securing communications and access when deployed outside the typical webserver/database combination. This talk will discuss the features that make this possible, with some extra focus on the changes in 8.4 and 8.5.

PostgreSQL supports several options for securing communications when deployed outside the typical webserver/database combination. This talk will go into some details about the features that make this possible, with some extra focus on the changes in 8.4. The main areas discussed are:

    * Securing the channel between client and server using SSL, including an overview of the threats and how to secure against them
    * Securing the login process with methods including LDAP, Kerberos or SSL certificates

The talk will not focus on security and access control inside the database once the user is connected and authenticated.

Event: 
PGCon2010
Speaker: 
Magnus Hagander

Everything you need to know about cryptography in 1 hour

in BSDCan, BSDCan2010, Networking, Programming, Security, BSD, Programming

Location

Ottawa, ON
Canada
45° 24' 41.6592" N, 75° 41' 53.4984" W
See map: Google Maps

Cryptography is hard. It usually takes many years of study before it is possible to make any serious contribution to the field; and even expert cryptographers often have flaws discovered in their work.

However, merely using cryptography requires far less expertise. In this talk, I will cover everything most software developers will ever need to know about cryptography -- starting from the very beginning -- along with (time allowing) some of the reasons behind the recommendations I provide.

Specific topics covered will include symmetric vs. asymmetric encryption; symmetric vs. asymmetric signatures; block ciphers; block cipher modes; key lengths; message authentication codes; hash algorithms; password handling; padding for asymmetric encryption; padding for asymmetric signing; Diffie-Hellman groups; and side channel attacks. Specific attacks will be discussed only to the extent of mentioning that they exist and explaining how cryptography-using systems should be designed to thwart them.

Event: 
Summercamp2010
Speaker: 
Colin Percival