@@ -12,8 +12,8 @@ # latest posts ([see all](/blog))
 
 |     |     |
 | :-- | --: |
+| [Nullcon 2020](/blog/nullcon-2020) | 2020-03-09 |
 | [Setting up Prosody for XMPP](/blog/prosody) | 2020-02-18 |
 | [Status update](/blog/2020-01-18) | 2020-01-18 |
 | [Vimb: my Firefox replacement](/blog/mnml-browsing) | 2020-01-16 |
 | [Five days in a TTY](/blog/five-days-tty) | 2020-01-13 |
-| [2019 in review](/blog/2019-in-review) | 2020-01-02 |

@@ -9,6 +9,7 @@ ## Computers, security & computer security.
 
 |     |     |
 | :-- | --: |
+| [Nullcon 2020](/blog/nullcon-2020) | 2020-03-09 |
 | [Setting up Prosody for XMPP](/blog/prosody) | 2020-02-18 |
 | [Status update](/blog/2020-01-18) | 2020-01-18 |
 | [Vimb: my Firefox replacement](/blog/mnml-browsing) | 2020-01-16 |

@@ -11,7 +11,103 @@ <link>https://icyphox.sh/blog/</link>
     </image>
     <language>en-us</language>
 	<copyright>Creative Commons BY-NC-SA 4.0</copyright>
-    <item><title>Setting up Prosody for XMPP</title><description><![CDATA[<p>Remember the <a href="/blog/irc-for-dms/">IRC for DMs</a> article I wrote a while
+    <item><title>Nullcon 2020</title><description><![CDATA[<p><strong>Disclaimer</strong>: Political.</p>
+
+<p>This year&#8217;s conference was at the Taj Hotel and Convention center, Dona
+Paula, and its associated party at Cidade de Goa, also by Taj.
+Great choice of venue, perhaps even better than last time. The food was
+fine, the views were better.</p>
+
+<p>With <em>those</em> things out of the way&#8212;let&#8217;s talk talks. I think
+I preferred the panels to the talks&#8212;I enjoy a good, stimulating
+discussion as opposed to only half-understanding a deeply technical
+talk&#8212;but that&#8217;s just me. But there was this one talk that I really
+enjoyed, perhaps due to its unintended comedic value; I&#8217;ll get into that
+later.</p>
+
+<p>The list of panels/talks I attended in order:</p>
+
+<p><strong>Day 1</strong></p>
+
+<ul>
+<li>Keynote: The Metadata Trap by Micah Lee (Talk)</li>
+<li>Securing the Human Factor (Panel)</li>
+<li>Predicting Danger: Building the Ideal Threat Intelligence Model (Panel)</li>
+<li>Lessons from the Cyber Trenches (Panel)</li>
+<li>Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk)</li>
+<li>Taking the guess out of Glitching by Adam Laurie (Talk)</li>
+<li>Keynote: Cybersecurity in India &#8211; Information Assymetry, Cross Border
+Threats and National Sovereignty by Saumil Shah (Talk)</li>
+</ul>
+
+<p><strong>Day 2</strong></p>
+
+<ul>
+<li>Keynote: Crouching hacker, killer robot? Removing fear from
+cyber-physical security by Stefano Zanero (Talk)</li>
+<li>Supply Chain Security in Critical Infrastructure Systems (Panel)</li>
+<li>Putting it all together: building an iOS jailbreak from scratch by
+Umang Raghuvanshi (Talk)</li>
+<li>Hack the Law: Protection for Ethical Cyber Security Research in India
+(Panel)</li>
+</ul>
+
+<h2 id="re-closing-keynote">Re: Closing keynote</h2>
+
+<p>I wish I could link the talk, but it hasn&#8217;t been uploaded just yet. I&#8217;ll
+do it once it has. So, I&#8217;ve a few comments I&#8217;d like to make on some of
+Saumil&#8217;s statements.</p>
+
+<p>He proposed that the security industry trust the user more, and let them
+make the decisions pertaining to personal security / privacy.
+Except&#8230;that&#8217;s just not going to happen. If all users were capable
+of making good, security-first choices&#8212;we as an industry don&#8217;t
+need to exist. But that is unfortunately not the case.
+Users are dumb. They value convenience and immediacy over
+security. That&#8217;s the sad truth of the modern age.</p>
+
+<p>Another thing he proposed was that the Indian Government build our own
+&#8220;Military Grade&#8221; and &#8220;Consumer Grade&#8221; encryption.</p>
+
+<p><em>&#8230;what?</em></p>
+
+<p>A &#8220;security professional&#8221; suggesting that we roll our own crypto? What
+even. Oh and, to top it off&#8212;when
+<a href="https://twitter.com/tame_wildcard">Raman</a>, very rightly countered
+saying that the biggest opponent to encryption <em>is</em> the Government, and
+trusting them to build safe cryptosystems is probably not wise, he
+responded by saying something to the effect of &#8220;Eh, who cares? If they
+want to backdoor it, let them.&#8221; </p>
+
+<p>Bruh moment.</p>
+
+<p>He also had some interesting things to say about countering
+disinformation. He said, and I quote &#8220;Join the STFU University&#8221;.</p>
+
+<p>¿wat? Is that your best solution? </p>
+
+<p>Judging by his profile, and certain other things he said in the talk, it
+is safe to conclude that his ideals are fairly&#8230;nationalistic. I&#8217;m not
+one to police political opinions, I couldn&#8217;t care less which way you
+lean, but the statements made in the talk were straight up
+incorrect.</p>
+
+<h2 id="closing-thoughts">Closing thoughts</h2>
+
+<p>This came out more rant-like than I&#8217;d intended. It is also the first
+blog post where I dip my toes into politics. I&#8217;ve some thoughts on more
+controversial topics for my next entry. That&#8217;ll be fun, especially when
+my follower count starts dropping. LULW.</p>
+
+<p>Saumil, if you ever end up reading this, note that this is not
+a personal attack. I think you&#8217;re a cool guy.</p>
+
+<p>Note to the Nullcon organizers: you guys did a fantastic job running the
+conference despite Corona-chan&#8217;s best efforts. I&#8217;d like to suggest one
+little thing though&#8212;please VET YOUR SPEAKERS more!</p>
+
+<p><img src="/static/img/nullcon_beach.jpg" alt="group pic" /></p>
+]]></description><link>https://icyphox.sh/blog/nullcon-2020</link><pubDate>Mon, 09 Mar 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/nullcon-2020</guid></item><item><title>Setting up Prosody for XMPP</title><description><![CDATA[<p>Remember the <a href="/blog/irc-for-dms/">IRC for DMs</a> article I wrote a while
 back? Well&#8230;it&#8217;s safe to say that IRC didn&#8217;t hold up too well. It first
 started with the bot. Buggy code, crashed a lot&#8212;we eventually gave up
 and didn&#8217;t bring the bot back up. Then came the notifications, or lack

@@ -0,0 +1,100 @@ 
+---
+template:
+url: nullcon-2020
+title: Nullcon 2020
+subtitle: An opinion-filled review of Nullcon Goa, 2020
+date: 2020-03-09
+---
+
+**Disclaimer**: Political.
+
+This year's conference was at the Taj Hotel and Convention center, Dona
+Paula, and its associated party at Cidade de Goa, also by Taj.
+Great choice of venue, perhaps even better than last time. The food was
+fine, the views were better.
+
+With _those_ things out of the way---let's talk talks. I think
+I preferred the panels to the talks---I enjoy a good, stimulating
+discussion as opposed to only half-understanding a deeply technical
+talk---but that's just me. But there was this one talk that I really
+enjoyed, perhaps due to its unintended comedic value; I'll get into that
+later.
+
+The list of panels/talks I attended in order:
+
+**Day 1**
+
+- Keynote: The Metadata Trap by Micah Lee (Talk)
+- Securing the Human Factor (Panel)
+- Predicting Danger: Building the Ideal Threat Intelligence Model (Panel)
+- Lessons from the Cyber Trenches (Panel)
+- Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk)
+- Taking the guess out of Glitching by Adam Laurie (Talk)
+- Keynote: Cybersecurity in India -- Information Assymetry, Cross Border
+    Threats and National Sovereignty by Saumil Shah (Talk)
+
+**Day 2**
+
+- Keynote: Crouching hacker, killer robot? Removing fear from
+    cyber-physical security by Stefano Zanero (Talk)
+- Supply Chain Security in Critical Infrastructure Systems (Panel)
+- Putting it all together: building an iOS jailbreak from scratch by
+    Umang Raghuvanshi (Talk)
+- Hack the Law: Protection for Ethical Cyber Security Research in India
+  (Panel)
+
+## Re: Closing keynote
+
+I wish I could link the talk, but it hasn't been uploaded just yet. I'll
+do it once it has. So, I've a few comments I'd like to make on some of
+Saumil's statements.
+
+He proposed that the security industry trust the user more, and let them
+make the decisions pertaining to personal security / privacy.
+Except...that's just not going to happen. If all users were capable
+of making good, security-first choices---we as an industry don't
+need to exist. But that is unfortunately not the case.
+Users are dumb. They value convenience and immediacy over
+security. That's the sad truth of the modern age.
+
+Another thing he proposed was that the Indian Government build our own
+"Military Grade" and "Consumer Grade" encryption.
+
+_...what?_
+
+A "security professional" suggesting that we roll our own crypto? What
+even. Oh and, to top it off---when
+[Raman](https://twitter.com/tame_wildcard), very rightly countered
+saying that the biggest opponent to encryption _is_ the Government, and
+trusting them to build safe cryptosystems is probably not wise, he
+responded by saying something to the effect of "Eh, who cares? If they
+want to backdoor it, let them." 
+
+Bruh moment.
+
+He also had some interesting things to say about countering
+disinformation. He said, and I quote "Join the STFU University".
+
+¿wat? Is that your best solution? 
+
+Judging by his profile, and certain other things he said in the talk, it
+is safe to conclude that his ideals are fairly...nationalistic. I'm not
+one to police political opinions, I couldn't care less which way you
+lean, but the statements made in the talk were straight up
+incorrect.
+
+## Closing thoughts
+
+This came out more rant-like than I'd intended. It is also the first
+blog post where I dip my toes into politics. I've some thoughts on more
+controversial topics for my next entry. That'll be fun, especially when
+my follower count starts dropping. LULW.
+
+Saumil, if you ever end up reading this, note that this is not
+a personal attack. I think you're a cool guy.
+
+Note to the Nullcon organizers: you guys did a fantastic job running the
+conference despite Corona-chan's best efforts. I'd like to suggest one
+little thing though---please VET YOUR SPEAKERS more!
+
+![group pic](/static/img/nullcon_beach.jpg)

@@ -0,0 +1,102 @@ 
+---
+date: '2020-03-09'
+subtitle: 'An opinion-filled review of Nullcon Goa, 2020'
+title: Nullcon 2020
+url: 'nullcon-2020'
+---
+
+**Disclaimer**: Political.
+
+This year's conference was at the Taj Hotel and Convention center, Dona
+Paula, and its associated party at Cidade de Goa, also by Taj. Great
+choice of venue, perhaps even better than last time. The food was fine,
+the views were better.
+
+With *those* things out of the way---let's talk talks. I think I
+preferred the panels to the talks---I enjoy a good, stimulating
+discussion as opposed to only half-understanding a deeply technical
+talk---but that's just me. But there was this one talk that I really
+enjoyed, perhaps due to its unintended comedic value; I'll get into that
+later.
+
+The list of panels/talks I attended in order:
+
+**Day 1**
+
+-   Keynote: The Metadata Trap by Micah Lee (Talk)
+-   Securing the Human Factor (Panel)
+-   Predicting Danger: Building the Ideal Threat Intelligence Model
+    (Panel)
+-   Lessons from the Cyber Trenches (Panel)
+-   Mlw 41\#: a new sophisticated loader by APT group TA505 by Alexey
+    Vishnyakov (Talk)
+-   Taking the guess out of Glitching by Adam Laurie (Talk)
+-   Keynote: Cybersecurity in India -- Information Assymetry, Cross
+    Border Threats and National Sovereignty by Saumil Shah (Talk)
+
+**Day 2**
+
+-   Keynote: Crouching hacker, killer robot? Removing fear from
+    cyber-physical security by Stefano Zanero (Talk)
+-   Supply Chain Security in Critical Infrastructure Systems (Panel)
+-   Putting it all together: building an iOS jailbreak from scratch by
+    Umang Raghuvanshi (Talk)
+-   Hack the Law: Protection for Ethical Cyber Security Research in
+    India (Panel)
+
+Re: Closing keynote
+-------------------
+
+I wish I could link the talk, but it hasn't been uploaded just yet. I'll
+do it once it has. So, I've a few comments I'd like to make on some of
+Saumil's statements.
+
+He proposed that the security industry trust the user more, and let them
+make the decisions pertaining to personal security / privacy.
+Except...that's just not going to happen. If all users were capable of
+making good, security-first choices---we as an industry don't need to
+exist. But that is unfortunately not the case. Users are dumb. They
+value convenience and immediacy over security. That's the sad truth of
+the modern age.
+
+Another thing he proposed was that the Indian Government build our own
+"Military Grade" and "Consumer Grade" encryption.
+
+*...what?*
+
+A "security professional" suggesting that we roll our own crypto? What
+even. Oh and, to top it off---when
+[Raman](https://twitter.com/tame_wildcard), very rightly countered
+saying that the biggest opponent to encryption *is* the Government, and
+trusting them to build safe cryptosystems is probably not wise, he
+responded by saying something to the effect of "Eh, who cares? If they
+want to backdoor it, let them."
+
+Bruh moment.
+
+He also had some interesting things to say about countering
+disinformation. He said, and I quote "Join the STFU University".
+
+¿wat? Is that your best solution?
+
+Judging by his profile, and certain other things he said in the talk, it
+is safe to conclude that his ideals are fairly...nationalistic. I'm not
+one to police political opinions, I couldn't care less which way you
+lean, but the statements made in the talk were straight up incorrect.
+
+Closing thoughts
+----------------
+
+This came out more rant-like than I'd intended. It is also the first
+blog post where I dip my toes into politics. I've some thoughts on more
+controversial topics for my next entry. That'll be fun, especially when
+my follower count starts dropping. LULW.
+
+Saumil, if you ever end up reading this, note that this is not a
+personal attack. I think you're a cool guy.
+
+Note to the Nullcon organizers: you guys did a fantastic job running the
+conference despite Corona-chan's best efforts. I'd like to suggest one
+little thing though---please VET YOUR SPEAKERS more!
+
+![group pic](/static/img/nullcon_beach.jpg)