all repos — site @ d8c12a93a0c3e4711e9c3a21b909da22c79aa81c

source for my site, found at icyphox.sh

Nullcon 2020 post

Signed-off-by: Anirudh Oppiliappan <x@icyphox.sh>
Anirudh Oppiliappan x@icyphox.sh
Tue, 10 Mar 2020 19:03:13 +0530
commit

d8c12a93a0c3e4711e9c3a21b909da22c79aa81c

parent

614d6dcd975391dffa4e234fe9c6358956c81c97

M pages/_index.mdpages/_index.md

@@ -12,8 +12,8 @@ # latest posts ([see all](/blog))

| | | | :-- | --: | +| [Nullcon 2020](/blog/nullcon-2020) | 2020-03-09 | | [Setting up Prosody for XMPP](/blog/prosody) | 2020-02-18 | | [Status update](/blog/2020-01-18) | 2020-01-18 | | [Vimb: my Firefox replacement](/blog/mnml-browsing) | 2020-01-16 | | [Five days in a TTY](/blog/five-days-tty) | 2020-01-13 | -| [2019 in review](/blog/2019-in-review) | 2020-01-02 |
M pages/blog/_index.mdpages/blog/_index.md

@@ -9,6 +9,7 @@ ## Computers, security & computer security.

| | | | :-- | --: | +| [Nullcon 2020](/blog/nullcon-2020) | 2020-03-09 | | [Setting up Prosody for XMPP](/blog/prosody) | 2020-02-18 | | [Status update](/blog/2020-01-18) | 2020-01-18 | | [Vimb: my Firefox replacement](/blog/mnml-browsing) | 2020-01-16 |
M pages/blog/feed.xmlpages/blog/feed.xml

@@ -11,7 +11,103 @@ <link>https://icyphox.sh/blog/</link>

</image> <language>en-us</language> <copyright>Creative Commons BY-NC-SA 4.0</copyright> - <item><title>Setting up Prosody for XMPP</title><description><![CDATA[<p>Remember the <a href="/blog/irc-for-dms/">IRC for DMs</a> article I wrote a while + <item><title>Nullcon 2020</title><description><![CDATA[<p><strong>Disclaimer</strong>: Political.</p> + +<p>This year&#8217;s conference was at the Taj Hotel and Convention center, Dona +Paula, and its associated party at Cidade de Goa, also by Taj. +Great choice of venue, perhaps even better than last time. The food was +fine, the views were better.</p> + +<p>With <em>those</em> things out of the way&#8212;let&#8217;s talk talks. I think +I preferred the panels to the talks&#8212;I enjoy a good, stimulating +discussion as opposed to only half-understanding a deeply technical +talk&#8212;but that&#8217;s just me. But there was this one talk that I really +enjoyed, perhaps due to its unintended comedic value; I&#8217;ll get into that +later.</p> + +<p>The list of panels/talks I attended in order:</p> + +<p><strong>Day 1</strong></p> + +<ul> +<li>Keynote: The Metadata Trap by Micah Lee (Talk)</li> +<li>Securing the Human Factor (Panel)</li> +<li>Predicting Danger: Building the Ideal Threat Intelligence Model (Panel)</li> +<li>Lessons from the Cyber Trenches (Panel)</li> +<li>Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk)</li> +<li>Taking the guess out of Glitching by Adam Laurie (Talk)</li> +<li>Keynote: Cybersecurity in India &#8211; Information Assymetry, Cross Border +Threats and National Sovereignty by Saumil Shah (Talk)</li> +</ul> + +<p><strong>Day 2</strong></p> + +<ul> +<li>Keynote: Crouching hacker, killer robot? Removing fear from +cyber-physical security by Stefano Zanero (Talk)</li> +<li>Supply Chain Security in Critical Infrastructure Systems (Panel)</li> +<li>Putting it all together: building an iOS jailbreak from scratch by +Umang Raghuvanshi (Talk)</li> +<li>Hack the Law: Protection for Ethical Cyber Security Research in India +(Panel)</li> +</ul> + +<h2 id="re-closing-keynote">Re: Closing keynote</h2> + +<p>I wish I could link the talk, but it hasn&#8217;t been uploaded just yet. I&#8217;ll +do it once it has. So, I&#8217;ve a few comments I&#8217;d like to make on some of +Saumil&#8217;s statements.</p> + +<p>He proposed that the security industry trust the user more, and let them +make the decisions pertaining to personal security / privacy. +Except&#8230;that&#8217;s just not going to happen. If all users were capable +of making good, security-first choices&#8212;we as an industry don&#8217;t +need to exist. But that is unfortunately not the case. +Users are dumb. They value convenience and immediacy over +security. That&#8217;s the sad truth of the modern age.</p> + +<p>Another thing he proposed was that the Indian Government build our own +&#8220;Military Grade&#8221; and &#8220;Consumer Grade&#8221; encryption.</p> + +<p><em>&#8230;what?</em></p> + +<p>A &#8220;security professional&#8221; suggesting that we roll our own crypto? What +even. Oh and, to top it off&#8212;when +<a href="https://twitter.com/tame_wildcard">Raman</a>, very rightly countered +saying that the biggest opponent to encryption <em>is</em> the Government, and +trusting them to build safe cryptosystems is probably not wise, he +responded by saying something to the effect of &#8220;Eh, who cares? If they +want to backdoor it, let them.&#8221; </p> + +<p>Bruh moment.</p> + +<p>He also had some interesting things to say about countering +disinformation. He said, and I quote &#8220;Join the STFU University&#8221;.</p> + +<p>¿wat? Is that your best solution? </p> + +<p>Judging by his profile, and certain other things he said in the talk, it +is safe to conclude that his ideals are fairly&#8230;nationalistic. I&#8217;m not +one to police political opinions, I couldn&#8217;t care less which way you +lean, but the statements made in the talk were straight up +incorrect.</p> + +<h2 id="closing-thoughts">Closing thoughts</h2> + +<p>This came out more rant-like than I&#8217;d intended. It is also the first +blog post where I dip my toes into politics. I&#8217;ve some thoughts on more +controversial topics for my next entry. That&#8217;ll be fun, especially when +my follower count starts dropping. LULW.</p> + +<p>Saumil, if you ever end up reading this, note that this is not +a personal attack. I think you&#8217;re a cool guy.</p> + +<p>Note to the Nullcon organizers: you guys did a fantastic job running the +conference despite Corona-chan&#8217;s best efforts. I&#8217;d like to suggest one +little thing though&#8212;please VET YOUR SPEAKERS more!</p> + +<p><img src="/static/img/nullcon_beach.jpg" alt="group pic" /></p> +]]></description><link>https://icyphox.sh/blog/nullcon-2020</link><pubDate>Mon, 09 Mar 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/nullcon-2020</guid></item><item><title>Setting up Prosody for XMPP</title><description><![CDATA[<p>Remember the <a href="/blog/irc-for-dms/">IRC for DMs</a> article I wrote a while back? Well&#8230;it&#8217;s safe to say that IRC didn&#8217;t hold up too well. It first started with the bot. Buggy code, crashed a lot&#8212;we eventually gave up and didn&#8217;t bring the bot back up. Then came the notifications, or lack
A pages/blog/nullcon-2020.md

@@ -0,0 +1,100 @@

+--- +template: +url: nullcon-2020 +title: Nullcon 2020 +subtitle: An opinion-filled review of Nullcon Goa, 2020 +date: 2020-03-09 +--- + +**Disclaimer**: Political. + +This year's conference was at the Taj Hotel and Convention center, Dona +Paula, and its associated party at Cidade de Goa, also by Taj. +Great choice of venue, perhaps even better than last time. The food was +fine, the views were better. + +With _those_ things out of the way---let's talk talks. I think +I preferred the panels to the talks---I enjoy a good, stimulating +discussion as opposed to only half-understanding a deeply technical +talk---but that's just me. But there was this one talk that I really +enjoyed, perhaps due to its unintended comedic value; I'll get into that +later. + +The list of panels/talks I attended in order: + +**Day 1** + +- Keynote: The Metadata Trap by Micah Lee (Talk) +- Securing the Human Factor (Panel) +- Predicting Danger: Building the Ideal Threat Intelligence Model (Panel) +- Lessons from the Cyber Trenches (Panel) +- Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk) +- Taking the guess out of Glitching by Adam Laurie (Talk) +- Keynote: Cybersecurity in India -- Information Assymetry, Cross Border + Threats and National Sovereignty by Saumil Shah (Talk) + +**Day 2** + +- Keynote: Crouching hacker, killer robot? Removing fear from + cyber-physical security by Stefano Zanero (Talk) +- Supply Chain Security in Critical Infrastructure Systems (Panel) +- Putting it all together: building an iOS jailbreak from scratch by + Umang Raghuvanshi (Talk) +- Hack the Law: Protection for Ethical Cyber Security Research in India + (Panel) + +## Re: Closing keynote + +I wish I could link the talk, but it hasn't been uploaded just yet. I'll +do it once it has. So, I've a few comments I'd like to make on some of +Saumil's statements. + +He proposed that the security industry trust the user more, and let them +make the decisions pertaining to personal security / privacy. +Except...that's just not going to happen. If all users were capable +of making good, security-first choices---we as an industry don't +need to exist. But that is unfortunately not the case. +Users are dumb. They value convenience and immediacy over +security. That's the sad truth of the modern age. + +Another thing he proposed was that the Indian Government build our own +"Military Grade" and "Consumer Grade" encryption. + +_...what?_ + +A "security professional" suggesting that we roll our own crypto? What +even. Oh and, to top it off---when +[Raman](https://twitter.com/tame_wildcard), very rightly countered +saying that the biggest opponent to encryption _is_ the Government, and +trusting them to build safe cryptosystems is probably not wise, he +responded by saying something to the effect of "Eh, who cares? If they +want to backdoor it, let them." + +Bruh moment. + +He also had some interesting things to say about countering +disinformation. He said, and I quote "Join the STFU University". + +¿wat? Is that your best solution? + +Judging by his profile, and certain other things he said in the talk, it +is safe to conclude that his ideals are fairly...nationalistic. I'm not +one to police political opinions, I couldn't care less which way you +lean, but the statements made in the talk were straight up +incorrect. + +## Closing thoughts + +This came out more rant-like than I'd intended. It is also the first +blog post where I dip my toes into politics. I've some thoughts on more +controversial topics for my next entry. That'll be fun, especially when +my follower count starts dropping. LULW. + +Saumil, if you ever end up reading this, note that this is not +a personal attack. I think you're a cool guy. + +Note to the Nullcon organizers: you guys did a fantastic job running the +conference despite Corona-chan's best efforts. I'd like to suggest one +little thing though---please VET YOUR SPEAKERS more! + +![group pic](/static/img/nullcon_beach.jpg)
A pages/txt/nullcon-2020

@@ -0,0 +1,102 @@

+--- +date: '2020-03-09' +subtitle: 'An opinion-filled review of Nullcon Goa, 2020' +title: Nullcon 2020 +url: 'nullcon-2020' +--- + +**Disclaimer**: Political. + +This year's conference was at the Taj Hotel and Convention center, Dona +Paula, and its associated party at Cidade de Goa, also by Taj. Great +choice of venue, perhaps even better than last time. The food was fine, +the views were better. + +With *those* things out of the way---let's talk talks. I think I +preferred the panels to the talks---I enjoy a good, stimulating +discussion as opposed to only half-understanding a deeply technical +talk---but that's just me. But there was this one talk that I really +enjoyed, perhaps due to its unintended comedic value; I'll get into that +later. + +The list of panels/talks I attended in order: + +**Day 1** + +- Keynote: The Metadata Trap by Micah Lee (Talk) +- Securing the Human Factor (Panel) +- Predicting Danger: Building the Ideal Threat Intelligence Model + (Panel) +- Lessons from the Cyber Trenches (Panel) +- Mlw 41\#: a new sophisticated loader by APT group TA505 by Alexey + Vishnyakov (Talk) +- Taking the guess out of Glitching by Adam Laurie (Talk) +- Keynote: Cybersecurity in India -- Information Assymetry, Cross + Border Threats and National Sovereignty by Saumil Shah (Talk) + +**Day 2** + +- Keynote: Crouching hacker, killer robot? Removing fear from + cyber-physical security by Stefano Zanero (Talk) +- Supply Chain Security in Critical Infrastructure Systems (Panel) +- Putting it all together: building an iOS jailbreak from scratch by + Umang Raghuvanshi (Talk) +- Hack the Law: Protection for Ethical Cyber Security Research in + India (Panel) + +Re: Closing keynote +------------------- + +I wish I could link the talk, but it hasn't been uploaded just yet. I'll +do it once it has. So, I've a few comments I'd like to make on some of +Saumil's statements. + +He proposed that the security industry trust the user more, and let them +make the decisions pertaining to personal security / privacy. +Except...that's just not going to happen. If all users were capable of +making good, security-first choices---we as an industry don't need to +exist. But that is unfortunately not the case. Users are dumb. They +value convenience and immediacy over security. That's the sad truth of +the modern age. + +Another thing he proposed was that the Indian Government build our own +"Military Grade" and "Consumer Grade" encryption. + +*...what?* + +A "security professional" suggesting that we roll our own crypto? What +even. Oh and, to top it off---when +[Raman](https://twitter.com/tame_wildcard), very rightly countered +saying that the biggest opponent to encryption *is* the Government, and +trusting them to build safe cryptosystems is probably not wise, he +responded by saying something to the effect of "Eh, who cares? If they +want to backdoor it, let them." + +Bruh moment. + +He also had some interesting things to say about countering +disinformation. He said, and I quote "Join the STFU University". + +¿wat? Is that your best solution? + +Judging by his profile, and certain other things he said in the talk, it +is safe to conclude that his ideals are fairly...nationalistic. I'm not +one to police political opinions, I couldn't care less which way you +lean, but the statements made in the talk were straight up incorrect. + +Closing thoughts +---------------- + +This came out more rant-like than I'd intended. It is also the first +blog post where I dip my toes into politics. I've some thoughts on more +controversial topics for my next entry. That'll be fun, especially when +my follower count starts dropping. LULW. + +Saumil, if you ever end up reading this, note that this is not a +personal attack. I think you're a cool guy. + +Note to the Nullcon organizers: you guys did a fantastic job running the +conference despite Corona-chan's best efforts. I'd like to suggest one +little thing though---please VET YOUR SPEAKERS more! + +![group pic](/static/img/nullcon_beach.jpg)