It’s summer time and while most people go on vacation it’s also the time of summer camps and hacker conferences. Last weekend I went to Froscon in Sankt Augustin in Germany for the third time. Close to Cologne and Bonn and not as over-run as Congress in December it’s also a great place to discover new things and get inspired. Back in 2015, for example, I discovered Conversations at the conference, a great XMPP messaging app that I’ve been using ever since. I like to participate rather than to just attend so I was happy to see that the organizers had set up the ‘Angel’-system also used during the CCC congresses for people to sign-up for helping with various tasks during the event. I singed myself up for some video streaming and recording shifts, for looking after hacker kids for a while and also ended up helping to prepare lunch for the team. A nice mix. But besides being part of the conference and talking to people I also went there primarily for the talks. Here are my personal recommendations (most talks are in German, however) from the great choice now online at media.ccc.de:
How to securely and non-destructively wipe SSDs: (Alexander Neumann, in German) So far I always thought there is no good way to do that. The 60 minute talk on the topic went into interesting details and confirmed my opinion that it’s not possible. The only way is to encrypt data before writing it to an SSD. The presenter recommended Linux LUKS for the purpose and presented an extension that stores part of the password to access the encryption key in the TPM module. This way overwriting the partial password in the TPM module instantly makes all encrypted data on the SSD disappear forever without even the user being able to recover the files with his password. A cool idea, it would be nice if this LUKS modification would make it into the repositories.
A 2 hour introduction to LUA: (Uwe Berger) I’ve come across LUA a number of times in the past, for example as a language to write Wireshark extensions with, but never had the time so far to have a closer look. So I went to a 2 hour LUA introduction which proved to be fun. I never heard of the HQ9+ programming language before and if you haven’t either, check it, it’s fun to implement. Unfortunately there is no video recording of the talk. As a follow up, the same presenter also gave a talk on programming the ESP8266 Wifi chip with the LUA based NodeMCU firmware for which a recording (in German) is available. If Wifi (and not Sigfox…) is your connectivity option for a project there’s no need to get an Arduino as the program can be put right into the ESP. For starters, ready to use boards with USB to serial converters and 5V to 3.3V power converters can be bought for around 7-8 euros. Simpler boards without fancy converters and less power consumption are available for around 3 euros. Yes, IoT can be really cheap.
It’s All About the Goto: (Derick Rethans, in English) This talk was about how PHP works on the inside and went down how the syntax is analyzed and converted into byte code. The title of the talk was quite apt as the byte code bears resemblance to how machine code works and hence lots of jumps (i.e. goto’s) are to be found everywhere.
Practical Content Encryption: (Jens Neuhalfen, in German) Perhaps one of the main reasons for data being stolen from companies and later rediscovered on Pastebin is that data in databases is rarely encrypted. The drives itself might be encrypted and the password is stored as a hash with a salt but that doesn’t help much when the drive is mounted, as an attacker can then access the database without having to deal with the device or volume encryption. Jens’ talk focused on how to encrypt data in the database itself to counter various attack scenarios. Big disadvantage: Data encrypted in a database that only the application can decrypt can’t be searched for with SQL commands. And finally on this subject it’s always good to remember that security is not a product, it’s a process!
State of the Union: (Michael Kleinhenz, Oliver Zendel, in German) A must have for a Free Open Source Software conference is to look back to what happened in the past 12 months. Lots of humor and irony is involved but less good news (e.g. O’Reilly backing away from DRM-free books) makes it clear that nothing can be taken for granted. My personal highlight of the talk (in German) was the “Who said it, Trump or Torvalds” part at the end. The quotes the audience were asked to assign to either Trump or Torvalds are in English so this part is also good fun for non-German speakers as well.
Lots of additional great talks to discover in the media archive so head over and enjoy.