Kyle Rankin

Using someone else's cloud to sync photos, calendars and contacts? Proprietary services like iCloud are convenient, but only if you are in the Apple ecosystem. You can get many of the same basic cloud features in a self-hosted Nextcloud instance and sync files, calendars, and contacts on Linux, Mac and mobile devices. This talk discusses how to set up Nextcloud and configure Linux and Mac desktops and iOS mobile devices to use it, especially convenient if your household isn't 100% Linux (or 100% Mac).

A stitch in time in my case, documents 2023. I was inspired by a Hackaday project that featured a clock that knitted a stitch every half hour, a row per day. A scarf extended from the bottom and dropped to the floor at the end of the year.

I wanted one of my own but there were no instructions, so I spent the next few weeks designing and building one. Along the way I took a crash course in stepper motors and 3D design. The result is Tempus Nectit: a clock that documented 2023.

Come along as I explain how I made a Linux-powered clock that knits a scarf throughout the year.

Somewhere between hardware and software, is firmware. It was originally called that precisely because it straddled those two worlds.

Yet most firmware is no longer firm, it's more like tofu and exists in firm, semi-firm, and soft states. Current FSF policy that allows proprietary firmware is based on burned-on-chip, write-once firmware from a few decades ago. Most firmware today is field-upgradable and closer to software. This talk will discuss how the modern state of "firm"ware demands new free software policy, and start a discussion on what that policy could be.

Apps have a bad habit of snitching on their owners. While this is a much bigger problem on Android and iOS, it's still valuable to detect when apps phone home on Linux. Unfortunately most Linux firewall software is designed for servers and focused on inbound connections.

This talk will cover using and tuning OpenSnitch, Linux software that prompts you whenever an app makes outbound connections and allows you to make sophisticated per-app rules to have tight control over your apps' network connections. This adaptive software works both in desktop and mobile Linux.

Having a trustworthy boot process is the foundation of the rest of your system's security. If your BIOS, kernel, or initrd have been tampered with, an attacker can hide their backdoor from the rest of the system. This talk will discuss the security threats against the boot process and briefly cover some other approaches to protect against boot-time attacks but the talk will primarily focus on Heads, an open source project that provides tamper-evident boot. I will discuss how Heads works, how it differs from other secure boot approaches, and demonstrate how it protects against tampering.

This talk is part history lesson and part rallying cry. Proprietary OSes and services aren't dead, they just morphed into the cloud. By remembering why Linux was important in the age of Solaris, we can apply those lessons to cloud services before their proprietary APIs and vendor lock-in risk undoing the freedom, open standards, and overall progress our community has made over the last 20 years.

Capture the Flag tournaments have long been used to test hacker skills but they can also serve as effective security training for developers. I’ll share a case study where I turned teams of developers with no prior security training against each other in a CTF cloud arena featuring their own applications and watched them rack up points as they popped shells in each other’s applications and filed bugs in our bug tracker. I’ll cover rules, scoring, and the preliminary training leading up to the CTF tournament as well as how I set up the arena and the results of my own CTF tournament.

Most of what we've been told over the years about what makes a good password has been wrong, so it's no surprise most people pick bad passwords. This talk covers the history of password policy and cracking from the Golden Age, to the "correct horse battery staple" password renaissance, to modern password cracking and modern defenses.

To understand how Qubes secures your desktop, look to your pantry. The same security by compartmentalization concept that makes Qubes resilient against attack was conceived of over two hundred years ago to protect food against infection.

In this talk Kyle will discuss how to jam strawberries, can green beans, and isolate desktop workflows into a combination of netVMs, proxyVMs, and appVMs. He’ll cover some common threats against your food and data and describe how Mason jars and Qubes can mitigate them.

Server security is more important now than ever, yet many of the hardening guides out there read like they were written a decade ago (probably because they were!). Modern server hardening can be an obscure and complicated subject but it doesn't have to be. There are a number of simple steps you can take to dramatically increase the security of your infrastructure. In this talk Kyle will start with an overview of security best practices and provide a series of current yet simple hardening examples.

With everything we know now about spying and hacking from the hacker next to you in the coffee shop all the way to government surveillance, now’s as good a time as any to learn how to protect your privacy and anonymity. The Tails project provides a live bootable disk that sets up a secure anonymous session on any computer with all traffic routed over Tor. In this talk Kyle will discuss how to download and verify the latest Tails release, and demonstrate some of the more advanced features of Tails including its persistent encrypted storage.