Wednesday
This commit is contained in:
parent
24bec880e2
commit
5f4ff441b8
19
Wednesday/00-Fail_frequently_to_avoid_disaster.md
Normal file
19
Wednesday/00-Fail_frequently_to_avoid_disaster.md
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Fail frequently to avoid disaster
|
||||
|
||||
- A talk about mistakes
|
||||
- The example of MISP, a software to share threat intelligence and to build internal communities
|
||||
- Used by wide organizations, like CERTs, military organizations, etc...
|
||||
- Dictatorship in a democracy works well to build FLOSS, not fake democracies
|
||||
- Write standards from code, not the other way
|
||||
- Don't expect perfect implementation at first: build a small part, and improve iteratively
|
||||
- "Programming, Motherfucker" -> No scrum, Kanban, XP, just code!
|
||||
- Don't hesitate to code, fail, thus trash the code and write it back differently
|
||||
- Scoping is important, especially for formats: don't try to build the perfect format, just adapt it to your model, or use other existing ones
|
||||
- Don't use free-text tagging: humans are too creative
|
||||
- Their format is well-defined, but not bound to the data it encapsulate, thus can be extended at will
|
||||
- "Theory and practice sometimes clash. And when that happens, theory loses. Every single time" Linus Torvalds
|
||||
- Go back to code!
|
||||
|
||||
## Personal feeling
|
||||
A great talk, lot of interesting advices. A fine speaker, dynamic and
|
||||
|
11
Wednesday/01-The_story_of_Greendale.md
Normal file
11
Wednesday/01-The_story_of_Greendale.md
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Greendale has been pwnd
|
||||
|
||||
- The story of Greendale university doing forensic
|
||||
- GRR: agent-based artifacts scavenger
|
||||
- Plaso: timeline everything
|
||||
- timesketch: timeline visualization
|
||||
- dfTimewolf: the glue between the other tools: put a "request", then browse the results in a web UI
|
||||
- turbinia: Automation of forensic analysis tools in the cloud
|
||||
|
||||
## Personal feeling
|
||||
A really cool guy doing story-telling well, with nice tools in virtual real-life cases.
|
11
Wednesday/02-Internals_of_Landlock.md
Normal file
11
Wednesday/02-Internals_of_Landlock.md
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Internals of Landlock
|
||||
|
||||
- Goal: protect users from bug exploitation
|
||||
- Landlock is a userspace sandbox
|
||||
- eBPF: in-kernel VM, used to execute code in the kernel at run time
|
||||
- Fine control upon ACL though BPF filesystem, with evolution capability!
|
||||
|
||||
## Personal feeling
|
||||
As expected, an in-kernel dive into landlock's implementation, but still some
|
||||
useful demos showing the userland features.
|
||||
|
13
Wednesday/03-Performance_and_security.md
Normal file
13
Wednesday/03-Performance_and_security.md
Normal file
|
@ -0,0 +1,13 @@
|
|||
# Performance and security
|
||||
|
||||
- The story of the speaker writing fast and secure code for Suricata.
|
||||
- Goal: write a very secure program.
|
||||
- Even if you try to be careful, you'll still fail.
|
||||
- Choose a language: Rust is good choice, but it's slow.
|
||||
- Need to optimize, and so to benchmark. Lot of tools come at help.
|
||||
- Don't try to write optimized code, just give hints to compiler.
|
||||
- Check both the source code and the produced machine code.
|
||||
- Showing some tricks to write fast code.
|
||||
|
||||
## Personal feeling
|
||||
A nice experience feedback from a guy who needed real-time performance (networking). Many cool tricks and hints.
|
14
Wednesday/04-Designing_your_system_for_resilience.md
Normal file
14
Wednesday/04-Designing_your_system_for_resilience.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Immutable infrastructure and zero trust networking: designing your system for resilience
|
||||
|
||||
- Web hosting being pwned, you need resilience.
|
||||
- The idea is to never touch a running server.
|
||||
- Automate and standardize everything, so that building a new server is cheap.
|
||||
- Use very short lived VMs: on update, trash and replace.
|
||||
- Stateless applications work better.
|
||||
- Exherbo: a Gentoo based distribution, highly customizable, patchable.
|
||||
- Big build server, to produce the VM images.
|
||||
- Share them via bittorrent.
|
||||
- Specific load-balancer able to update configuration at runtime.
|
||||
|
||||
## Personal feeling
|
||||
Super interesting infrastructure. Those guys are pushing automation and continuous delivery really far!
|
Loading…
Reference in a new issue