Commit | Line | Data |
---|---|---|
d0f6c3cd AE |
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" |
2 | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
3 | <!--[if lt IE 7]> <html class='no-js ie6' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]--> | |
4 | <!--[if IE 7]> <html class='no-js ie7' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]--> | |
5 | <!--[if IE 8]> <html class='no-js ie8' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]--> | |
6 | <!--[if gt IE 8]><!--> <html lang='en' xmlns='http://www.w3.org/1999/xhtml'> <!--<![endif]--> | |
7 | <head> | |
8 | <title>Fixing trust on the Internet</title> | |
9 | <meta http-equiv='Content-Type' content='text/html; charset=utf-8'/> | |
10 | <meta name='generator' content='Org-mode'/> | |
11 | <meta name='author' content='Tom Marble'/> | |
12 | ||
13 | <link rel='stylesheet' href='deck.js/core/deck.core.css' type='text/css' /> | |
14 | <link rel='stylesheet' href='deck.js/extensions/goto/deck.goto.css' type='text/css' /> | |
15 | <link rel='stylesheet' href='deck.js/extensions/menu/deck.menu.css' type='text/css' /> | |
16 | <link rel='stylesheet' href='deck.js/extensions/navigation/deck.navigation.css' type='text/css' /> | |
17 | <link rel='stylesheet' href='deck.js/extensions/onepage/deck.onepage.css' type='text/css' /> | |
18 | <link rel='stylesheet' href='deck.js/extensions/scale/deck.scale.css' type='text/css' /> | |
19 | <link rel='stylesheet' href='deck.js/extensions/status/deck.status.css' type='text/css' /> | |
20 | <link rel='stylesheet' href='deck.js/themes/style/neon.css' type='text/css' /> | |
21 | <link rel='stylesheet' href='deck.js/themes/transition/fade.css' type='text/css' /> | |
22 | <script src='deck.js/jquery.min.js' type='text/javascript'></script> | |
23 | <script src='deck.js/core/deck.core.js' type='text/javascript'></script> | |
24 | <script src='deck.js/modernizr.custom.js' type='text/javascript'></script> | |
25 | <script src='deck.js/extensions/goto/deck.goto.js' type='text/javascript'></script> | |
26 | <script src='deck.js/extensions/menu/deck.menu.js' type='text/javascript'></script> | |
27 | <script src='deck.js/extensions/navigation/deck.navigation.js' type='text/javascript'></script> | |
28 | <script src='deck.js/extensions/onepage/deck.onepage.js' type='text/javascript'></script> | |
29 | <script src='deck.js/extensions/scale/deck.scale.js' type='text/javascript'></script> | |
30 | <script src='deck.js/extensions/status/deck.status.js' type='text/javascript'></script> | |
31 | ||
32 | <script type='text/javascript'> | |
33 | $(document).ready(function () { $.deck('.slide'); }); | |
34 | </script> | |
35 | ||
36 | <style type='text/css'> | |
37 | #table-of-contents a {color: inherit;} | |
38 | #table-of-contents ul {margin-bottom: 0;} | |
39 | #table-of-contents li {padding: 0;} | |
40 | ||
41 | #preamble, #postamble {left: 5px; width: 100%;} | |
42 | #preamble {position: absolute; top: 10px;} | |
43 | #postamble {} | |
44 | ||
45 | #title-slide h1 { | |
46 | position: static; padding: 0; | |
47 | margin-top: 10%; | |
48 | -webkit-transform: none; | |
49 | -moz-transform: none; | |
50 | -ms-transform: none; | |
51 | -o-transform: none; | |
52 | transform: none; | |
53 | font-size: 2em; | |
54 | } | |
55 | #title-slide h2 { | |
56 | text-align: center; | |
57 | border:none; | |
58 | padding: 0; | |
59 | margin: 5em; | |
60 | font-size: 1.2em; | |
61 | } | |
62 | .fullscreen { | |
63 | position: absolute; | |
64 | left: 0px; | |
65 | top: 0px; | |
66 | width: 100%; | |
67 | height: auto; | |
68 | } | |
69 | .pad-right { | |
70 | margin-right: 1em; | |
71 | } | |
72 | .pad-bottom { | |
73 | margin-bottom: 3em; | |
74 | background: white; | |
75 | } | |
76 | .z0 { z-index: 0; } | |
77 | .z10 { z-index: 10; } | |
78 | .z20 { z-index: 20; } | |
79 | table.myable { | |
80 | background-color: #ffffff; | |
81 | border-collapse: collapse; | |
82 | border-width: 2px; | |
83 | border-color: #ffcc00; | |
84 | border-style: solid; | |
85 | color: blue; | |
86 | } | |
87 | table.mytable td, table.mytable th { | |
88 | border-width: 2px; | |
89 | border-color: #ffcc00; | |
90 | border-style: solid; | |
91 | padding: 3px; | |
92 | } | |
93 | table.mytable thead { | |
94 | background-color: #ffcc00; | |
95 | } | |
96 | table.quiettable, table.quiettable colgroup, table.quiettable tbody, table.quiettable > th, table.quiettable > tr { | |
97 | border-style: none; | |
98 | } | |
99 | table.quiettable td { | |
100 | border-style: none; | |
101 | padding: 0 1em; | |
102 | } | |
103 | table.quiettable thead { | |
104 | border-style: none; | |
105 | } | |
106 | ||
107 | ||
108 | </style> | |
109 | </head> | |
110 | <body> | |
111 | <div id='content' class='deck-container'> | |
112 | ||
113 | <div id='title-slide' class='slide'> | |
114 | <h1>Fixing trust on the Internet</h1> | |
115 | <h2>Tom Marble <<a href="mailto:tmarble@info9.net">tmarble@info9.net</a>></h2> | |
116 | </div> | |
117 | ||
118 | ||
119 | <div id="slide-1" class="outline-2 slide"> | |
120 | <h2 id="sec-1">Meta</h2> | |
121 | <div class="outline-text-2" id="text-1"> | |
122 | </div><div id="slide-1-1" class="outline-3"> | |
123 | <h3 id="sec-1-1">This presentation is <i>already</i> online!</h3> | |
124 | <div class="outline-text-3" id="text-1-1"> | |
125 | </div><div id="slide-1-1-1" class="outline-4"> | |
126 | <h4 id="sec-1-1-1"><a href="https://info9.net/trust">https://info9.net/trust</a></h4> | |
127 | <div class="outline-text-4" id="text-1-1-1"> | |
128 | </div><ul class="org-ul"><li><a id="sec-1-1-1-1" name="sec-1-1-1-1"></a>Navigation<br /><ul class="org-ul"><li><a id="sec-1-1-1-1-1" name="sec-1-1-1-1-1"></a><b>→</b> = forward (swipe right)<br /></li> | |
129 | <li><a id="sec-1-1-1-1-2" name="sec-1-1-1-1-2"></a><b>←</b> = back (swipe left)<br /></li> | |
130 | <li><a id="sec-1-1-1-1-3" name="sec-1-1-1-1-3"></a><b>g</b> = goto slide<br /></li> | |
131 | <li><a id="sec-1-1-1-1-4" name="sec-1-1-1-1-4"></a><b>m</b> = menu of all slides (tap)<br /></li> | |
132 | <li><a id="sec-1-1-1-1-5" name="sec-1-1-1-1-5"></a><b>o</b> = one page<br /></li> | |
133 | <li><a id="sec-1-1-1-1-6" name="sec-1-1-1-1-6"></a><b>s</b> = scrollbars<br /></li></ul> | |
134 | </li> | |
135 | <li><a id="sec-1-1-1-2" name="sec-1-1-1-2"></a>Source (<a href="https://github.com/cybercode/org-slides">org-mode</a>): <a href="Fixing-trust-on-the-Internet.tar.xz">Fixing-trust-on-the-Internet.tar.xz</a><br /></li> | |
136 | <li><a id="sec-1-1-1-3" name="sec-1-1-1-3"></a>Copyright © 2017 Tom Marble<br /><div class="outline-text-5" id="text-1-1-1-3"> | |
137 | <p> | |
138 | Licensed under { <a href="https://www.gnu.org/licenses/gpl-3.0.html">GPLv3+</a> | <a href="http://creativecommons.org/licenses/by-sa/4.0/">CC-by-sa 4.0</a> | <a href="https://github.com/copyleft-next/copyleft-next">copyleft-next</a> } | |
139 | </p> | |
140 | <table border="none" cellspacing="0" cellpadding="6" rules="groups" frame="hsides" class="quiettable"> | |
141 | ||
142 | ||
143 | <colgroup> | |
144 | <col class="left" /> | |
145 | ||
146 | <col class="left" /> | |
147 | ||
148 | <col class="left" /> | |
149 | </colgroup> | |
150 | <tbody> | |
151 | <tr> | |
152 | <td class="left"><img src="./images/gplv3-127x51.png" alt="gplv3-127x51.png" /></td> | |
153 | <td class="left"><img src="./images/CC-by-sa.png" alt="CC-by-sa.png" /></td> | |
154 | <td class="left"><img src="./images/copyleft-next.png" alt="copyleft-next.png" /></td> | |
155 | </tr> | |
156 | </tbody> | |
157 | </table> | |
158 | </div> | |
159 | </li></ul> | |
160 | </div> | |
161 | </div> | |
162 | </div> | |
163 | ||
164 | <div id="slide-2" class="outline-2 slide"> | |
165 | <h2 id="sec-2">Software Freedom & Trust</h2> | |
166 | <div class="outline-text-2" id="text-2"> | |
167 | <p> | |
168 | Software Freedom is essential to trust the core infrastructure | |
169 | that supports our health, safety, and democracy. | |
170 | </p> | |
171 | </div> | |
172 | ||
173 | <div id="slide-2-1" class="outline-3"> | |
174 | <h3 id="sec-2-1">"We need to have confidence in our software, be able to audit it and be able to repair it when we detect vulnerabilities or unwanted functionality like surveillance."</h3> | |
175 | <div class="outline-text-3" id="text-2-1"> | |
176 | <p> | |
177 | – Karen Sandler <sup><a id="fnr.1" name="fnr.1" class="footref" href="#references">1</a></sup> | |
178 | </p> | |
179 | </div> | |
180 | </div> | |
181 | </div> | |
182 | ||
183 | <div id="slide-3" class="outline-2 slide"> | |
184 | <h2 id="sec-3">Evolution of using software</h2> | |
185 | <div class="outline-text-2" id="text-3"> | |
186 | </div><div id="slide-3-1" class="outline-3"> | |
187 | <h3 id="sec-3-1">When we gave each computer a name</h3> | |
188 | <div class="outline-text-3" id="text-3-1"> | |
189 | <p> | |
190 | $ tar zxf code.tar.gz && ./configure && make install | |
191 | </p> | |
192 | </div> | |
193 | </div> | |
194 | <div id="slide-3-2" class="outline-3"> | |
195 | <h3 id="sec-3-2">When we configured computers automatically</h3> | |
196 | <div class="outline-text-3" id="text-3-2"> | |
197 | <p> | |
198 | PXE boot, puppet, apt-get install my-favorite-package | |
199 | </p> | |
200 | </div> | |
201 | </div> | |
202 | <div id="slide-3-3" class="outline-3"> | |
203 | <h3 id="sec-3-3">When we moved to the cloud</h3> | |
204 | <div class="outline-text-3" id="text-3-3"> | |
205 | <p> | |
206 | Use this prebuilt image | |
207 | </p> | |
208 | </div> | |
209 | </div> | |
210 | <div id="slide-3-4" class="outline-3"> | |
211 | <h3 id="sec-3-4">When we started using containers</h3> | |
212 | <div class="outline-text-3" id="text-3-4"> | |
213 | <p> | |
214 | Make slight modifications to a prebuilt image | |
215 | </p> | |
216 | </div> | |
217 | </div> | |
218 | <div id="slide-3-5" class="outline-3"> | |
219 | <h3 id="sec-3-5">Now we are considering lambda functions</h3> | |
220 | <div class="outline-text-3" id="text-3-5"> | |
221 | <p> | |
222 | There isn't an OS image anymore: just a function | |
223 | </p> | |
224 | </div> | |
225 | </div> | |
226 | <div id="slide-3-6" class="outline-3"> | |
227 | <h3 id="sec-3-6">Most software is installed from the app store</h3> | |
228 | <div class="outline-text-3" id="text-3-6"> | |
229 | <p> | |
230 | Just accept the EULA and device permissions | |
231 | </p> | |
232 | </div> | |
233 | </div> | |
234 | </div> | |
235 | ||
236 | <div id="slide-4" class="outline-2 slide"> | |
237 | <h2 id="sec-4">Copyleft isn't enough</h2> | |
238 | <div class="outline-text-2" id="text-4"> | |
239 | </div><div id="slide-4-1" class="outline-3"> | |
240 | <h3 id="sec-4-1">Network services software is not conveyed</h3> | |
241 | <div class="outline-text-3" id="text-4-1"> | |
242 | <p> | |
243 | Our FLOSS licenses (including copyleft licenses) depend on conveyance. | |
244 | </p> | |
245 | </div> | |
246 | <div id="slide-4-1-1" class="outline-4"> | |
247 | <h4 id="sec-4-1-1">AGPL</h4> | |
248 | <div class="outline-text-4" id="text-4-1-1"> | |
249 | <p> | |
250 | AGPL "fixes" this network loophole, but hasn't been adopted | |
251 | for wide use in practice other than proprietary relicensing. | |
252 | </p> | |
253 | </div> | |
254 | </div> | |
255 | </div> | |
256 | <div id="slide-4-2" class="outline-3"> | |
257 | <h3 id="sec-4-2">What about AI "algorithms"?</h3> | |
258 | <div class="outline-text-3" id="text-4-2"> | |
259 | <p> | |
260 | What is the preferred form of modification when software is derived from data (e.g. machine learning)? | |
261 | </p> | |
262 | </div> | |
263 | </div> | |
264 | <div id="slide-4-3" class="outline-3"> | |
265 | <h3 id="sec-4-3">No one picks a license anyway</h3> | |
266 | <div class="outline-text-3" id="text-4-3"> | |
267 | <p> | |
268 | We haven't taught developers to care <sup><a id="fnr.2" name="fnr.2" class="footref" href="#references">2</a></sup> | |
269 | </p> | |
270 | </div> | |
271 | </div> | |
272 | <div id="slide-4-4" class="outline-3"> | |
273 | <h3 id="sec-4-4">Most software is installed from the app store</h3> | |
274 | <div class="outline-text-3" id="text-4-4"> | |
275 | <p> | |
276 | We haven't taught end users to care | |
277 | </p> | |
278 | </div> | |
279 | </div> | |
280 | </div> | |
281 | ||
282 | <div id="slide-5" class="outline-2 slide"> | |
283 | <h2 id="sec-5">The fifth freedom</h2> | |
284 | <div class="outline-text-2" id="text-5"> | |
285 | <p> | |
286 | Freedom 4: The right to deploy your software on someone else's server | |
287 | </p> | |
288 | </div> | |
289 | ||
290 | <div id="slide-5-1" class="outline-3"> | |
291 | <h3 id="sec-5-1">"Even if you had the source code today you don't know how to increase other people's freedoms by letting them modify your website at runtime. All you have is a bag of tricks that let's people modify your source code and gives them no way to deploy it on your infrastructure."</h3> | |
292 | <div class="outline-text-3" id="text-5-1"> | |
293 | <p> | |
294 | – r0ml's LCA keynote <sup><a id="fnr.3" name="fnr.3" class="footref" href="#references">3</a></sup> | |
295 | </p> | |
296 | </div> | |
297 | </div> | |
298 | </div> | |
299 | ||
300 | <div id="slide-6" class="outline-2 slide"> | |
301 | <h2 id="sec-6">Essential infrastructure requirements</h2> | |
302 | <div class="outline-text-2" id="text-6"> | |
303 | </div><div id="slide-6-1" class="outline-3"> | |
304 | <h3 id="sec-6-1">Energy</h3> | |
305 | <div class="outline-text-3" id="text-6-1"> | |
306 | </div><ul class="org-ul"><li><a id="sec-6-1-0-1" name="sec-6-1-0-1"></a>We need energy for computing, yet energy is centralized.<br /></li> | |
307 | <li><a id="sec-6-1-0-2" name="sec-6-1-0-2"></a>Smart meters have an API for the utility, not for end users<br /></li></ul> | |
308 | </div> | |
309 | <div id="slide-6-2" class="outline-3"> | |
310 | <h3 id="sec-6-2">Communications</h3> | |
311 | <div class="outline-text-3" id="text-6-2"> | |
312 | </div><ul class="org-ul"><li><a id="sec-6-2-0-1" name="sec-6-2-0-1"></a>Why isn't there a free phone? It's the proprietary baseband processor.<br /></li> | |
313 | <li><a id="sec-6-2-0-2" name="sec-6-2-0-2"></a>Potential in unlicensed spectrum, Software Defined Radio, Cognitive Radio<br /></li></ul> | |
314 | </div> | |
315 | <div id="slide-6-3" class="outline-3"> | |
316 | <h3 id="sec-6-3">Money</h3> | |
317 | <div class="outline-text-3" id="text-6-3"> | |
318 | </div><ul class="org-ul"><li><a id="sec-6-3-0-1" name="sec-6-3-0-1"></a>Digital forms of money (often) have surveillance opportunities<br /></li> | |
319 | <li><a id="sec-6-3-0-2" name="sec-6-3-0-2"></a>Anonymous transactions (e.g. cash) are increasingly difficult<br /><div class="outline-text-5" id="text-6-3-0-2"> | |
320 | <br/> | |
321 | <br/> | |
322 | <br/> | |
323 | <br/> | |
324 | <br/> | |
325 | <br/> | |
326 | <br/> | |
327 | <br/> | |
328 | </div> | |
329 | </li></ul> | |
330 | </div> | |
331 | </div> | |
332 | <div id="slide-7" class="outline-2 slide"> | |
333 | <h2 id="sec-7">Peer to peer energy <sup><a id="fnr.4" name="fnr.4" class="footref" href="#references">4</a></sup></h2> | |
334 | <div class="outline-text-2" id="text-7"> | |
335 | ||
336 | <div class="figure"> | |
337 | <p><img src="./images/nyt-p2p.jpg" alt="p2p" align="center" /> | |
338 | </p> | |
339 | </div> | |
340 | </div> | |
341 | </div> | |
342 | ||
343 | <div id="slide-8" class="outline-2 slide"> | |
344 | <h2 id="sec-8">Mobile apps</h2> | |
345 | <div class="outline-text-2" id="text-8"> | |
346 | <p> | |
347 | <img src="./images/Dont-trust-your-apps.jpg" alt="Dont-trust-your-apps.jpg" class="pad-right" align="left" /> <sup><a id="fnr.5" name="fnr.5" class="footref" href="#references">5</a></sup> | |
348 | </p> | |
349 | </div> | |
350 | </div> | |
351 | ||
352 | <div id="slide-9" class="outline-2 slide"> | |
353 | <h2 id="sec-9">Where is trust now?</h2> | |
354 | <div class="outline-text-2" id="text-9"> | |
355 | <p> | |
356 | <img src="./images/centralized.jpg" alt="centralized.jpg" class="pad-right" align="left" /> <sup><a id="fnr.6" name="fnr.6" class="footref" href="#references">6</a></sup> | |
357 | </p> | |
358 | </div> | |
359 | ||
360 | <ul class="org-ul"><li><a id="sec-9-0-0-1" name="sec-9-0-0-1"></a>Credit Bureaus<br /></li> | |
361 | <li><a id="sec-9-0-0-2" name="sec-9-0-0-2"></a>eBay (reputation)<br /></li> | |
362 | <li><a id="sec-9-0-0-3" name="sec-9-0-0-3"></a>other walled gardens<br /><div class="outline-text-5" id="text-9-0-0-3"> | |
363 | <p> | |
364 | … | |
365 | </p> | |
366 | ||
367 | <p> | |
368 | Closed and centralized | |
369 | </p> | |
370 | </div> | |
371 | </li></ul> | |
372 | </div> | |
373 | ||
374 | <div id="slide-10" class="outline-2 slide"> | |
375 | <h2 id="sec-10">Shape of the solution (part 1/2)</h2> | |
376 | <div class="outline-text-2" id="text-10"> | |
377 | <p> | |
378 | Network service trust API | |
379 | </p> | |
380 | </div> | |
381 | ||
382 | <div id="slide-10-1" class="outline-3"> | |
383 | <h3 id="sec-10-1">☙ Federated corroboration of assertions</h3> | |
384 | <div class="outline-text-3" id="text-10-1"> | |
385 | <p> | |
386 | Harder to corrupt | |
387 | </p> | |
388 | </div> | |
389 | </div> | |
390 | <div id="slide-10-2" class="outline-3"> | |
391 | <h3 id="sec-10-2">☙ Make and query assertions at the app level</h3> | |
392 | <div class="outline-text-3" id="text-10-2"> | |
393 | <p> | |
394 | libtrust.so, libtrust.js | |
395 | </p> | |
396 | </div> | |
397 | </div> | |
398 | <div id="slide-10-3" class="outline-3"> | |
399 | <h3 id="sec-10-3">☙ Transitive with personal vantage point</h3> | |
400 | <div class="outline-text-3" id="text-10-3"> | |
401 | </div><ul class="org-ul"><li><a id="sec-10-3-0-1" name="sec-10-3-0-1"></a>Deb asserts the software is Free and reproducible<br /></li> | |
402 | <li><a id="sec-10-3-0-2" name="sec-10-3-0-2"></a>Chris trusts Deb to certify software<br /></li> | |
403 | <li><a id="sec-10-3-0-3" name="sec-10-3-0-3"></a>I trust Chris' software certification assessments<br /></li> | |
404 | <li><a id="sec-10-3-0-4" name="sec-10-3-0-4"></a>⇒ I am comfortable installing this software<br /></li></ul> | |
405 | </div> | |
406 | <div id="slide-10-4" class="outline-3"> | |
407 | <h3 id="sec-10-4">☙ Quick transactions</h3> | |
408 | </div> | |
409 | </div> | |
410 | ||
411 | <div id="slide-11" class="outline-2 slide"> | |
412 | <h2 id="sec-11">You think you know what I'm going to say now…</h2> | |
413 | </div> | |
414 | ||
415 | <div id="slide-12" class="outline-2 slide"> | |
416 | <h2 id="sec-12">13</h2> | |
417 | <div class="outline-text-2" id="text-12"> | |
418 | ||
419 | <div class="figure"> | |
420 | <p><img src="./images/tm13.png" alt="tm13.png" class="fullscreen" /> | |
421 | </p> | |
422 | </div> | |
423 | </div> | |
424 | </div> | |
425 | <div id="slide-13" class="outline-2 slide"> | |
426 | <h2 id="sec-13">12</h2> | |
427 | <div class="outline-text-2" id="text-13"> | |
428 | ||
429 | <div class="figure"> | |
430 | <p><img src="./images/tm12.png" alt="tm12.png" class="fullscreen" /> | |
431 | </p> | |
432 | </div> | |
433 | </div> | |
434 | </div> | |
435 | <div id="slide-14" class="outline-2 slide"> | |
436 | <h2 id="sec-14">11</h2> | |
437 | <div class="outline-text-2" id="text-14"> | |
438 | ||
439 | <div class="figure"> | |
440 | <p><img src="./images/tm11.png" alt="tm11.png" class="fullscreen" /> | |
441 | </p> | |
442 | </div> | |
443 | </div> | |
444 | </div> | |
445 | <div id="slide-15" class="outline-2 slide"> | |
446 | <h2 id="sec-15">10</h2> | |
447 | <div class="outline-text-2" id="text-15"> | |
448 | ||
449 | <div class="figure"> | |
450 | <p><img src="./images/tm10.png" alt="tm10.png" class="fullscreen" /> | |
451 | </p> | |
452 | </div> | |
453 | </div> | |
454 | </div> | |
455 | <div id="slide-16" class="outline-2 slide"> | |
456 | <h2 id="sec-16">9</h2> | |
457 | <div class="outline-text-2" id="text-16"> | |
458 | ||
459 | <div class="figure"> | |
460 | <p><img src="./images/tm09.png" alt="tm09.png" class="fullscreen" /> | |
461 | </p> | |
462 | </div> | |
463 | </div> | |
464 | </div> | |
465 | <div id="slide-17" class="outline-2 slide"> | |
466 | <h2 id="sec-17">8</h2> | |
467 | <div class="outline-text-2" id="text-17"> | |
468 | ||
469 | <div class="figure"> | |
470 | <p><img src="./images/tm08.png" alt="tm08.png" class="fullscreen" /> | |
471 | </p> | |
472 | </div> | |
473 | </div> | |
474 | </div> | |
475 | <div id="slide-18" class="outline-2 slide"> | |
476 | <h2 id="sec-18">7</h2> | |
477 | <div class="outline-text-2" id="text-18"> | |
478 | ||
479 | <div class="figure"> | |
480 | <p><img src="./images/tm07.png" alt="tm07.png" class="fullscreen" /> | |
481 | </p> | |
482 | </div> | |
483 | </div> | |
484 | </div> | |
485 | <div id="slide-19" class="outline-2 slide"> | |
486 | <h2 id="sec-19">6</h2> | |
487 | <div class="outline-text-2" id="text-19"> | |
488 | ||
489 | <div class="figure"> | |
490 | <p><img src="./images/tm06.png" alt="tm06.png" class="fullscreen" /> | |
491 | </p> | |
492 | </div> | |
493 | </div> | |
494 | </div> | |
495 | <div id="slide-20" class="outline-2 slide"> | |
496 | <h2 id="sec-20">5</h2> | |
497 | <div class="outline-text-2" id="text-20"> | |
498 | ||
499 | <div class="figure"> | |
500 | <p><img src="./images/tm05.png" alt="tm05.png" class="fullscreen" /> | |
501 | </p> | |
502 | </div> | |
503 | </div> | |
504 | </div> | |
505 | <div id="slide-21" class="outline-2 slide"> | |
506 | <h2 id="sec-21">4</h2> | |
507 | <div class="outline-text-2" id="text-21"> | |
508 | ||
509 | <div class="figure"> | |
510 | <p><img src="./images/tm04.png" alt="tm04.png" class="fullscreen" /> | |
511 | </p> | |
512 | </div> | |
513 | </div> | |
514 | </div> | |
515 | <div id="slide-22" class="outline-2 slide"> | |
516 | <h2 id="sec-22">3</h2> | |
517 | <div class="outline-text-2" id="text-22"> | |
518 | ||
519 | <div class="figure"> | |
520 | <p><img src="./images/tm03.png" alt="tm03.png" class="fullscreen" /> | |
521 | </p> | |
522 | </div> | |
523 | </div> | |
524 | </div> | |
525 | <div id="slide-23" class="outline-2 slide"> | |
526 | <h2 id="sec-23">2</h2> | |
527 | <div class="outline-text-2" id="text-23"> | |
528 | ||
529 | <div class="figure"> | |
530 | <p><img src="./images/tm02.png" alt="tm02.png" class="fullscreen" /> | |
531 | </p> | |
532 | </div> | |
533 | </div> | |
534 | </div> | |
535 | <div id="slide-24" class="outline-2 slide"> | |
536 | <h2 id="sec-24">1</h2> | |
537 | <div class="outline-text-2" id="text-24"> | |
538 | ||
539 | <div class="figure"> | |
540 | <p><img src="./images/tm01.png" alt="tm01.png" class="fullscreen" /> | |
541 | </p> | |
542 | </div> | |
543 | </div> | |
544 | </div> | |
545 | <div id="slide-25" class="outline-2 slide"> | |
546 | <h2 id="sec-25">GPG WoT</h2> | |
547 | <div class="outline-text-2" id="text-25"> | |
548 | <p> | |
549 | nah :( | |
550 | </p> | |
551 | </div> | |
552 | ||
553 | <div id="slide-25-1" class="outline-3"> | |
554 | <h3 id="sec-25-1">The GPG Web of Trust asserts identity</h3> | |
555 | <div class="outline-text-3" id="text-25-1"> | |
556 | </div><ul class="org-ul"><li><a id="sec-25-1-0-1" name="sec-25-1-0-1"></a>The trustdb is private<br /></li> | |
557 | <li><a id="sec-25-1-0-2" name="sec-25-1-0-2"></a>Keyservers are not designed for other data<br /></li></ul> | |
558 | </div> | |
559 | <div id="slide-25-2" class="outline-3"> | |
560 | <h3 id="sec-25-2">Using PGP is tricky for us</h3> | |
561 | <div class="outline-text-3" id="text-25-2"> | |
562 | </div><ul class="org-ul"><li><a id="sec-25-2-0-1" name="sec-25-2-0-1"></a>Choosing algos and signature strengths<br /></li> | |
563 | <li><a id="sec-25-2-0-2" name="sec-25-2-0-2"></a>Protecting key material<br /></li> | |
564 | <li><a id="sec-25-2-0-3" name="sec-25-2-0-3"></a>Not getting fooled by EVIL-32 <sup><a id="fnr.7" name="fnr.7" class="footref" href="#references">7</a></sup><br /></li></ul> | |
565 | </div> | |
566 | <div id="slide-25-3" class="outline-3"> | |
567 | <h3 id="sec-25-3">Impossibly difficult for end users</h3> | |
568 | <div class="outline-text-3" id="text-25-3"> | |
569 | </div><ul class="org-ul"><li><a id="sec-25-3-0-1" name="sec-25-3-0-1"></a>Sharing public keys<br /></li> | |
570 | <li><a id="sec-25-3-0-2" name="sec-25-3-0-2"></a>Configuring applications properly<br /></li></ul> | |
571 | </div> | |
572 | </div> | |
573 | ||
574 | <div id="slide-26" class="outline-2 slide"> | |
575 | <h2 id="sec-26">You think you know what I'm going to say NOW…</h2> | |
576 | </div> | |
577 | ||
578 | <div id="slide-27" class="outline-2 slide"> | |
579 | <h2 id="sec-27">Bitcoin</h2> | |
580 | <div class="outline-text-2" id="text-27"> | |
581 | ||
582 | <div class="figure"> | |
583 | <p><img src="./images/bitcoin.svg" alt="bitcoin.svg" class="pad-bottom" height="300px" /> | |
584 | </p> | |
585 | </div> | |
586 | ||
587 | <p> | |
588 | In Satoshi Nakamoto we trust! <sup><a id="fnr.8" name="fnr.8" class="footref" href="#references">8</a></sup> | |
589 | </p> | |
590 | </div> | |
591 | </div> | |
592 | ||
593 | <div id="slide-28" class="outline-2 slide"> | |
594 | <h2 id="sec-28">Hyperledger</h2> | |
595 | <div class="outline-text-2" id="text-28"> | |
596 | ||
597 | <div class="figure"> | |
598 | <p><img src="./images/logo_hl_new.png" alt="logo_hl_new.png" class="pad-bottom" /> | |
599 | </p> | |
600 | </div> | |
601 | ||
602 | <p> | |
603 | It's hosted by the Linux Foundation. That means it's community friendly… rite? <sup><a id="fnr.9" name="fnr.9" class="footref" href="#references">9</a></sup> | |
604 | </p> | |
605 | </div> | |
606 | </div> | |
607 | ||
608 | <div id="slide-29" class="outline-2 slide"> | |
609 | <h2 id="sec-29">Ethereum</h2> | |
610 | <div class="outline-text-2" id="text-29"> | |
611 | ||
612 | <div class="figure"> | |
613 | <p><img src="./images/ethereum.png" alt="ethereum.png" class="pad-bottom" /> | |
614 | </p> | |
615 | </div> | |
616 | ||
617 | <p> | |
618 | Companies use it for smart contracts! <sup><a id="fnr.10" name="fnr.10" class="footref" href="#references">10</a></sup> | |
619 | </p> | |
620 | </div> | |
621 | </div> | |
622 | ||
623 | <div id="slide-30" class="outline-2 slide"> | |
624 | <h2 id="sec-30">Zcash</h2> | |
625 | <div class="outline-text-2" id="text-30"> | |
626 | ||
627 | <div class="figure"> | |
628 | <p><img src="./images/zcash-logo-gold.png" alt="zcash-logo-gold.png" class="pad-bottom" /> | |
629 | </p> | |
630 | </div> | |
631 | ||
632 | <p> | |
633 | Zooko and Matthew Green <sup><a id="fnr.11" name="fnr.11" class="footref" href="#references">11</a></sup> | |
634 | </p> | |
635 | </div> | |
636 | </div> | |
637 | ||
638 | <div id="slide-31" class="outline-2 slide"> | |
639 | <h2 id="sec-31">DogeCoin</h2> | |
640 | <div class="outline-text-2" id="text-31"> | |
641 | ||
642 | <div class="figure"> | |
643 | <p><img src="./images/dogecoin.png" alt="dogecoin.png" class="pad-bottom" /> | |
644 | </p> | |
645 | </div> | |
646 | ||
647 | <p> | |
648 | That's the MEME! <sup><a id="fnr.12" name="fnr.12" class="footref" href="#references">12</a></sup> | |
649 | </p> | |
650 | </div> | |
651 | </div> | |
652 | ||
653 | <div id="slide-32" class="outline-2 slide"> | |
654 | <h2 id="sec-32">nah :(</h2> | |
655 | <div class="outline-text-2" id="text-32"> | |
656 | <p> | |
657 | Wait, why NOT blockchain tech? | |
658 | </p> | |
659 | </div> | |
660 | <div id="slide-32-1" class="outline-3"> | |
661 | <h3 id="sec-32-1">centralized – in effect</h3> | |
662 | <div class="outline-text-3" id="text-32-1"> | |
663 | <p> | |
664 | Domination by huge mining pools | |
665 | </p> | |
666 | </div> | |
667 | </div> | |
668 | <div id="slide-32-2" class="outline-3"> | |
669 | <h3 id="sec-32-2">bandwidth limited</h3> | |
670 | <div class="outline-text-3" id="text-32-2"> | |
671 | <p> | |
672 | Time to process transactions long and variable | |
673 | </p> | |
674 | </div> | |
675 | </div> | |
676 | <div id="slide-32-3" class="outline-3"> | |
677 | <h3 id="sec-32-3">transaction fees</h3> | |
678 | <div class="outline-text-3" id="text-32-3"> | |
679 | <p> | |
680 | Start to look like PayPal fees | |
681 | </p> | |
682 | </div> | |
683 | </div> | |
684 | <div id="slide-32-4" class="outline-3"> | |
685 | <h3 id="sec-32-4">a waste of energy</h3> | |
686 | <div class="outline-text-3" id="text-32-4"> | |
687 | <p> | |
688 | Brute forcing hashes is bad <sup><a id="fnr.13" name="fnr.13" class="footref" href="#references">13</a></sup> for the environment <sup><a id="fnr.14" name="fnr.14" class="footref" href="#references">14</a></sup> | |
689 | </p> | |
690 | </div> | |
691 | </div> | |
692 | </div> | |
693 | ||
694 | <div id="slide-33" class="outline-2 slide"> | |
695 | <h2 id="sec-33">Great barrier reef</h2> | |
696 | <div class="outline-text-2" id="text-33"> | |
697 | <table border="none" cellspacing="0" cellpadding="6" rules="groups" frame="hsides" class="quiettable"> | |
698 | ||
699 | ||
700 | <colgroup> | |
701 | <col class="left" /> | |
702 | ||
703 | <col class="left" /> | |
704 | ||
705 | <col class="left" /> | |
706 | </colgroup> | |
707 | <tbody> | |
708 | <tr> | |
709 | <td class="left">not fake news</td> | |
710 | <td class="left"><img src="./images/reef-death.jpg" alt="reef-death.jpg" /></td> | |
711 | <td class="left"><sup><a id="fnr.15" name="fnr.15" class="footref" href="#references">15</a></sup></td> | |
712 | </tr> | |
713 | </tbody> | |
714 | </table> | |
715 | </div> | |
716 | </div> | |
717 | ||
718 | <div id="slide-34" class="outline-2 slide"> | |
719 | <h2 id="sec-34">What we need is..</h2> | |
720 | <div class="outline-text-2" id="text-34"> | |
721 | <p> | |
722 | What's the essential thing the blockchain solves | |
723 | </p> | |
724 | </div> | |
725 | ||
726 | <div id="slide-34-1" class="outline-3"> | |
727 | <h3 id="sec-34-1">non-repudiation</h3> | |
728 | </div> | |
729 | </div> | |
730 | ||
731 | <div id="slide-35" class="outline-2 slide"> | |
732 | <h2 id="sec-35">Learn by example</h2> | |
733 | <div class="outline-text-2" id="text-35"> | |
734 | ||
735 | <div class="figure"> | |
736 | <p><img src="./images/mall_logo1_medium-300x286.png" alt="mall_logo1_medium-300x286.png" class="pad-right" align="left" /> | |
737 | </p> | |
738 | </div> | |
739 | </div> | |
740 | ||
741 | <ul class="org-ul"><li><a id="sec-35-0-0-1" name="sec-35-0-0-1"></a>The tire fire that is X.509 <sup><a id="fnr.16" name="fnr.16" class="footref" href="#references">16</a></sup><br /></li> | |
742 | <li><a id="sec-35-0-0-2" name="sec-35-0-0-2"></a>MiTM on the internet <sup><a id="fnr.17" name="fnr.17" class="footref" href="#references">17</a></sup><br /><ul class="org-ul"><li><a id="sec-35-0-0-2-1" name="sec-35-0-0-2-1"></a>4.0% of Firefox update connections<br /></li> | |
743 | <li><a id="sec-35-0-0-2-2" name="sec-35-0-0-2-2"></a>6.2% of e-commerce connections<br /></li> | |
744 | <li><a id="sec-35-0-0-2-3" name="sec-35-0-0-2-3"></a>10.9% of U.S. Cloudflare connections<br /></li></ul> | |
745 | </li></ul> | |
746 | </div> | |
747 | ||
748 | <div id="slide-36" class="outline-2 slide"> | |
749 | <h2 id="sec-36">Certificate Transparency</h2> | |
750 | <div class="outline-text-2" id="text-36"> | |
751 | </div><div id="slide-36-1" class="outline-3"> | |
752 | <h3 id="sec-36-1">Use append-only logs to record certificate signatures <sup><a id="fnr.18" name="fnr.18" class="footref" href="#references">18</a></sup></h3> | |
753 | <div class="outline-text-3" id="text-36-1"> | |
754 | </div><ul class="org-ul"><li><a id="sec-36-1-0-1" name="sec-36-1-0-1"></a>Early detection of misissued certificates, malicious certificates, and rogue CAs.<br /></li> | |
755 | <li><a id="sec-36-1-0-2" name="sec-36-1-0-2"></a>Faster mitigation after suspect certificates or CAs are detected.<br /></li> | |
756 | <li><a id="sec-36-1-0-3" name="sec-36-1-0-3"></a>Better oversight of the entire TLS/SSL system.<br /></li></ul> | |
757 | </div> | |
758 | <div id="slide-36-2" class="outline-3"> | |
759 | <h3 id="sec-36-2">Browser support</h3> | |
760 | <div class="outline-text-3" id="text-36-2"> | |
761 | </div><ul class="org-ul"><li><a id="sec-36-2-0-1" name="sec-36-2-0-1"></a>Chrome <sup><a id="fnr.19" name="fnr.19" class="footref" href="#references">19</a></sup><br /></li> | |
762 | <li><a id="sec-36-2-0-2" name="sec-36-2-0-2"></a>Firefox <sup><a id="fnr.20" name="fnr.20" class="footref" href="#references">20</a></sup><br /></li></ul> | |
763 | </div> | |
764 | <div id="slide-36-3" class="outline-3"> | |
765 | <h3 id="sec-36-3">Ongoing concerns and discussion <sup><a id="fnr.21" name="fnr.21" class="footref" href="#references">21</a></sup></h3> | |
766 | <div class="outline-text-3" id="text-36-3"> | |
767 | </div><ul class="org-ul"><li><a id="sec-36-3-0-1" name="sec-36-3-0-1"></a>RFC 6962 <sup><a id="fnr.22" name="fnr.22" class="footref" href="#references">22</a></sup><br /></li></ul> | |
768 | </div> | |
769 | </div> | |
770 | ||
771 | <div id="slide-37" class="outline-2 slide"> | |
772 | <h2 id="sec-37">Append-only logs</h2> | |
773 | <div class="outline-text-2" id="text-37"> | |
774 | </div><div id="slide-37-1" class="outline-3"> | |
775 | <h3 id="sec-37-1">Merkle Trees <sup><a id="fnr.23" name="fnr.23" class="footref" href="#references">23</a></sup></h3> | |
776 | <div class="outline-text-3" id="text-37-1"> | |
777 | <p> | |
778 | Tree of hashes, provides log(n) performance | |
779 | </p> | |
780 | </div> | |
781 | </div> | |
782 | <div id="slide-37-2" class="outline-3"> | |
783 | <h3 id="sec-37-2">eXtended Merkle Signature Scheme (XMSS) <sup><a id="fnr.24" name="fnr.24" class="footref" href="#references">24</a></sup></h3> | |
784 | <div class="outline-text-3" id="text-37-2"> | |
785 | <p> | |
786 | Requires maintaining state (not portable) | |
787 | </p> | |
788 | </div> | |
789 | </div> | |
790 | <div id="slide-37-3" class="outline-3"> | |
791 | <h3 id="sec-37-3">SPHINCS <sup><a id="fnr.25" name="fnr.25" class="footref" href="#references">25</a></sup></h3> | |
792 | <div class="outline-text-3" id="text-37-3"> | |
793 | <p> | |
794 | Stateless <sup><a id="fnr.26" name="fnr.26" class="footref" href="#references">26</a></sup> | |
795 | </p> | |
796 | </div> | |
797 | </div> | |
798 | </div> | |
799 | ||
800 | <div id="slide-38" class="outline-2 slide"> | |
801 | <h2 id="sec-38">Generic use of append-only logs</h2> | |
802 | <div class="outline-text-2" id="text-38"> | |
803 | </div><div id="slide-38-1" class="outline-3"> | |
804 | <h3 id="sec-38-1">Trillian <sup><a id="fnr.27" name="fnr.27" class="footref" href="#references">27</a></sup></h3> | |
805 | <div class="outline-text-3" id="text-38-1"> | |
806 | <p> | |
807 | Merkle tree based | |
808 | </p> | |
809 | </div> | |
810 | </div> | |
811 | <div id="slide-38-2" class="outline-3"> | |
812 | <h3 id="sec-38-2">Cothority <sup><a id="fnr.28" name="fnr.28" class="footref" href="#references">28</a></sup></h3> | |
813 | <div class="outline-text-3" id="text-38-2"> | |
814 | <p> | |
815 | Multi-party cryptographic signatures to avoid backdoors | |
816 | </p> | |
817 | </div> | |
818 | </div> | |
819 | <div id="slide-38-3" class="outline-3"> | |
820 | <h3 id="sec-38-3">Codehash <sup><a id="fnr.29" name="fnr.29" class="footref" href="#references">29</a></sup></h3> | |
821 | <div class="outline-text-3" id="text-38-3"> | |
822 | <p> | |
823 | A simple oracle that answers a simple question: is this software safe to install and run? <sup><a id="fnr.30" name="fnr.30" class="footref" href="#references">30</a></sup> | |
824 | </p> | |
825 | </div> | |
826 | </div> | |
827 | </div> | |
828 | ||
829 | <div id="slide-39" class="outline-2 slide"> | |
830 | <h2 id="sec-39">Challenges</h2> | |
831 | <div class="outline-text-2" id="text-39"> | |
832 | </div><div id="slide-39-1" class="outline-3"> | |
833 | <h3 id="sec-39-1">Toxic Data</h3> | |
834 | <div class="outline-text-3" id="text-39-1"> | |
835 | </div><ul class="org-ul"><li><a id="sec-39-1-0-1" name="sec-39-1-0-1"></a>Allow deletion? Possible vulnerabilities in allowing log altering<br /></li> | |
836 | <li><a id="sec-39-1-0-2" name="sec-39-1-0-2"></a>Prohibit deletion? Permanent toxicity: no way to be forgotten<br /></li></ul> | |
837 | </div> | |
838 | <div id="slide-39-2" class="outline-3"> | |
839 | <h3 id="sec-39-2">Spam</h3> | |
840 | <div class="outline-text-3" id="text-39-2"> | |
841 | </div><ul class="org-ul"><li><a id="sec-39-2-0-1" name="sec-39-2-0-1"></a>Open log with arbitrary input data?<br /></li> | |
842 | <li><a id="sec-39-2-0-2" name="sec-39-2-0-2"></a>vs. CT only allowing root authorities?<br /></li></ul> | |
843 | </div> | |
844 | <div id="slide-39-3" class="outline-3"> | |
845 | <h3 id="sec-39-3">Astroturfing</h3> | |
846 | <div class="outline-text-3" id="text-39-3"> | |
847 | </div><ul class="org-ul"><li><a id="sec-39-3-0-1" name="sec-39-3-0-1"></a>Can the network be overwhelmed?<br /></li> | |
848 | <li><a id="sec-39-3-0-2" name="sec-39-3-0-2"></a>vs. Is the personal vantage point immune?<br /></li></ul> | |
849 | </div> | |
850 | <div id="slide-39-4" class="outline-3"> | |
851 | <h3 id="sec-39-4">Writing crypto safe code is difficult</h3> | |
852 | </div> | |
853 | </div> | |
854 | ||
855 | <div id="slide-40" class="outline-2 slide"> | |
856 | <h2 id="sec-40">Best Practices</h2> | |
857 | <div class="outline-text-2" id="text-40"> | |
858 | </div><div id="slide-40-1" class="outline-3"> | |
859 | <h3 id="sec-40-1">Free Software with Complete and Corresponding Source</h3> | |
860 | </div> | |
861 | <div id="slide-40-2" class="outline-3"> | |
862 | <h3 id="sec-40-2">Code review</h3> | |
863 | <div class="outline-text-3" id="text-40-2"> | |
864 | </div><ul class="org-ul"><li><a id="sec-40-2-0-1" name="sec-40-2-0-1"></a>Avoid the OpenSSL problem<br /></li></ul> | |
865 | </div> | |
866 | <div id="slide-40-3" class="outline-3"> | |
867 | <h3 id="sec-40-3">Reproducible builds</h3> | |
868 | </div> | |
869 | <div id="slide-40-4" class="outline-3"> | |
870 | <h3 id="sec-40-4">Automated, Continuous integration</h3> | |
871 | <div class="outline-text-3" id="text-40-4"> | |
872 | </div><ul class="org-ul"><li><a id="sec-40-4-0-1" name="sec-40-4-0-1"></a>static analysis (ASAN)<br /></li> | |
873 | <li><a id="sec-40-4-0-2" name="sec-40-4-0-2"></a>coverage<br /></li> | |
874 | <li><a id="sec-40-4-0-3" name="sec-40-4-0-3"></a>fuzzing<br /></li> | |
875 | <li><a id="sec-40-4-0-4" name="sec-40-4-0-4"></a>tests against threats<br /></li></ul> | |
876 | </div> | |
877 | <div id="slide-40-5" class="outline-3"> | |
878 | <h3 id="sec-40-5">As a developer you do NOT want to be a target</h3> | |
879 | <div class="outline-text-3" id="text-40-5"> | |
880 | </div><ul class="org-ul"><li><a id="sec-40-5-0-1" name="sec-40-5-0-1"></a>want to do be right by your users<br /></li> | |
881 | <li><a id="sec-40-5-0-2" name="sec-40-5-0-2"></a>the checks & balances keep developers from being vulnerable<br /></li></ul> | |
882 | </div> | |
883 | </div> | |
884 | ||
885 | <div id="slide-41" class="outline-2 slide"> | |
886 | <h2 id="sec-41">Shape of the solution (part 2/2)</h2> | |
887 | <div class="outline-text-2" id="text-41"> | |
888 | </div><div id="slide-41-1" class="outline-3"> | |
889 | <h3 id="sec-41-1">Research similar work</h3> | |
890 | <div class="outline-text-3" id="text-41-1"> | |
891 | </div><ul class="org-ul"><li><a id="sec-41-1-0-1" name="sec-41-1-0-1"></a>append-only log alternatives<br /></li> | |
892 | <li><a id="sec-41-1-0-2" name="sec-41-1-0-2"></a>Application Transparency<br /></li> | |
893 | <li><a id="sec-41-1-0-3" name="sec-41-1-0-3"></a>Binary Transparency <sup><a id="fnr.31" name="fnr.31" class="footref" href="#references">31</a></sup><br /></li></ul> | |
894 | </div> | |
895 | <div id="slide-41-2" class="outline-3"> | |
896 | <h3 id="sec-41-2">Address the Challenges</h3> | |
897 | </div> | |
898 | <div id="slide-41-3" class="outline-3"> | |
899 | <h3 id="sec-41-3">Use Best Practices</h3> | |
900 | </div> | |
901 | <div id="slide-41-4" class="outline-3"> | |
902 | <h3 id="sec-41-4">Under the umbrella of a fiscal sponsorship organization</h3> | |
903 | <div class="outline-text-3" id="text-41-4"> | |
904 | </div><ul class="org-ul"><li><a id="sec-41-4-0-1" name="sec-41-4-0-1"></a>Governance review<br /></li></ul> | |
905 | </div> | |
906 | </div> | |
907 | ||
908 | <div id="slide-42" class="outline-2 slide"> | |
909 | <h2 id="sec-42">Software Freedom Conservancy</h2> | |
910 | <div class="outline-text-2" id="text-42"> | |
911 | <p> | |
912 | Why you should support Conservancy: | |
913 | </p> | |
914 | </div> | |
915 | ||
916 | <div id="slide-42-1" class="outline-3"> | |
917 | <h3 id="sec-42-1">🌲 supports diversity and is home to Outreachy <sup><a id="fnr.32" name="fnr.32" class="footref" href="#references">32</a></sup></h3> | |
918 | </div> | |
919 | <div id="slide-42-2" class="outline-3"> | |
920 | <h3 id="sec-42-2">🌲 helps hackers: ContractPatch <sup><a id="fnr.33" name="fnr.33" class="footref" href="#references">33</a></sup></h3> | |
921 | </div> | |
922 | <div id="slide-42-3" class="outline-3"> | |
923 | <h3 id="sec-42-3">🌲 is a 501(c)3 charity supported by individuals <sup><a id="fnr.34" name="fnr.34" class="footref" href="#references">34</a></sup></h3> | |
924 | <div class="outline-text-3" id="text-42-3"> | |
925 | </div><div id="slide-42-3-1" class="outline-4"> | |
926 | <h4 id="sec-42-3-1">Please join today!</h4> | |
927 | <div class="outline-text-4" id="text-42-3-1"> | |
928 | <p> | |
929 | <a href="https://sfconservancy.org/">https://sfconservancy.org/</a> | |
930 | </p> | |
931 | ||
932 | <p> | |
933 | <b>disclaimer: I'm on the Conservancy Evaluation Committee</b> | |
934 | </p> | |
935 | </div> | |
936 | </div> | |
937 | </div> | |
938 | </div> | |
939 | ||
940 | <div id="slide-43" class="outline-2 slide"> | |
941 | <h2 id="sec-43">Possible first use case: Debian</h2> | |
942 | <div class="outline-text-2" id="text-43"> | |
943 | <p> | |
944 | Protect against compromised repositories | |
945 | </p> | |
946 | </div> | |
947 | ||
948 | <div id="slide-43-1" class="outline-3"> | |
949 | <h3 id="sec-43-1">On package publication (by the Debian project)</h3> | |
950 | <div class="outline-text-3" id="text-43-1"> | |
951 | </div><ul class="org-ul"><li><a id="sec-43-1-0-1" name="sec-43-1-0-1"></a>put package signature into an append-only log<br /></li></ul> | |
952 | </div> | |
953 | <div id="slide-43-2" class="outline-3"> | |
954 | <h3 id="sec-43-2">On package installation (by the user, via apt-get plugin)</h3> | |
955 | <div class="outline-text-3" id="text-43-2"> | |
956 | </div><ul class="org-ul"><li><a id="sec-43-2-0-1" name="sec-43-2-0-1"></a>verify package signatures with the log<br /></li> | |
957 | <li><a id="sec-43-2-0-2" name="sec-43-2-0-2"></a>publish suspicious checksum to an auditor<br /></li> | |
958 | <li><a id="sec-43-2-0-3" name="sec-43-2-0-3"></a>option to not install mismatched packages<br /></li></ul> | |
959 | </div> | |
960 | </div> | |
961 | ||
962 | <div id="slide-44" class="outline-2 slide"> | |
963 | <h2 id="sec-44">Why talk trust at LibrePlanet?</h2> | |
964 | <div class="outline-text-2" id="text-44"> | |
965 | </div><div id="slide-44-1" class="outline-3"> | |
966 | <h3 id="sec-44-1">Because of the people in this room!</h3> | |
967 | <div class="outline-text-3" id="text-44-1"> | |
968 | </div><ul class="org-ul"><li><a id="sec-44-1-0-1" name="sec-44-1-0-1"></a>We understand the tech<br /></li> | |
969 | <li><a id="sec-44-1-0-2" name="sec-44-1-0-2"></a>We understand why trust matters to end users<br /></li> | |
970 | <li><a id="sec-44-1-0-3" name="sec-44-1-0-3"></a>We are the peer reviewers<br /></li></ul> | |
971 | </div> | |
972 | <div id="slide-44-2" class="outline-3"> | |
973 | <h3 id="sec-44-2">Need to reach more than just developers…</h3> | |
974 | <div class="outline-text-3" id="text-44-2"> | |
975 | </div><ul class="org-ul"><li><a id="sec-44-2-0-1" name="sec-44-2-0-1"></a>User experience experts<br /></li> | |
976 | <li><a id="sec-44-2-0-2" name="sec-44-2-0-2"></a>Lawyers: How to reprise the "hack on copyright" to protect network services<br /></li> | |
977 | <li><a id="sec-44-2-0-3" name="sec-44-2-0-3"></a>Activists: Help end users understand and care!<br /></li></ul> | |
978 | </div> | |
979 | </div> | |
980 | ||
981 | <div id="slide-45" class="outline-2 slide"> | |
982 | <h2 id="sec-45">Q/A & Where we go from here</h2> | |
983 | <div class="outline-text-2" id="text-45"> | |
984 | </div><div id="slide-45-1" class="outline-3"> | |
985 | <h3 id="sec-45-1">Call to action: Join the [trust-api] mailing list</h3> | |
986 | <div class="outline-text-3" id="text-45-1"> | |
987 | <p> | |
988 | <a href="http://lists.info9.net/mailman/listinfo/trust-api">http://lists.info9.net/mailman/listinfo/trust-api</a> | |
989 | </p> | |
990 | </div> | |
991 | </div> | |
992 | <div id="slide-45-2" class="outline-3"> | |
993 | <h3 id="sec-45-2">Cuddles asks a question??? <sup><a id="fnr.35" name="fnr.35" class="footref" href="#references">35</a></sup></h3> | |
994 | <div class="outline-text-3" id="text-45-2"> | |
995 | ||
996 | <div class="figure"> | |
997 | <p><img src="./images/cuddles-qa.jpg" alt="Cuddles" align="center" /> | |
998 | </p> | |
999 | </div> | |
1000 | </div> | |
1001 | </div> | |
1002 | </div> | |
1003 | ||
1004 | <div id="references" class="outline-2 slide"> | |
1005 | <h2 id="sec-46">References</h2> | |
1006 | <div class="outline-text-2" id="text-46"> | |
1007 | <p> | |
1008 | Footnote references (press 's' for scrollbars) | |
1009 | </p> | |
1010 | <input type="button" value="◁" onclick="window.history.back()"/> | |
1011 | <ol> | |
1012 | ||
1013 | <li id="fn:1"> <a href="https://sfconservancy.org/blog/2016/dec/29/software-freedom-after-trump/">https://sfconservancy.org/blog/2016/dec/29/software-freedom-after-trump/</a> | |
1014 | ||
1015 | <li id="fn:2"> See 48:35 in r0ml's talk on how the minority of GitHub projects actually have a license: | |
1016 | <a href="https://www.youtube.com/watch?v=i3nJR7PNgI4&feature=youtu.be&t=2915">https://www.youtube.com/watch?v=i3nJR7PNgI4&feature=youtu.be&t=2915</a> | |
1017 | ||
1018 | <li id="fn:3"> <a href="https://www.youtube.com/watch?v=i3nJR7PNgI4">https://www.youtube.com/watch?v=i3nJR7PNgI4</a> | |
1019 | ||
1020 | <li id="fn:4"> <a href="https://www.nytimes.com/2017/03/13/business/energy-environment/brooklyn-solar-grid-energy-trading.html">https://www.nytimes.com/2017/03/13/business/energy-environment/brooklyn-solar-grid-energy-trading.html</a> | |
1021 | ||
1022 | <li id="fn:5"> <a href="http://www.usatoday.com/story/tech/news/2017/03/06/mapping-software-routing-waze-google-traffic-calming-algorithmsi/98588980/">http://www.usatoday.com/story/tech/news/2017/03/06/mapping-software-routing-waze-google-traffic-calming-algorithmsi/98588980/</a> | |
1023 | ||
1024 | <li id="fn:6"> <a href="https://archive.fosdem.org/2014/schedule/event/network_freedom/">https://archive.fosdem.org/2014/schedule/event/network_freedom/</a> | |
1025 | ||
1026 | <li id="fn:7"> <a href="https://evil32.com/">https://evil32.com/</a> | |
1027 | ||
1028 | <li id="fn:8"> <a href="https://bitcoin.org/en/">https://bitcoin.org/en/</a> | |
1029 | ||
1030 | <li id="fn:9"> <a href="https://www.hyperledger.org/">https://www.hyperledger.org/</a> | |
1031 | ||
1032 | <li id="fn:10"> <a href="https://www.ethereum.org/">https://www.ethereum.org/</a> | |
1033 | ||
1034 | <li id="fn:11"> <a href="https://z.cash/">https://z.cash/</a> | |
1035 | ||
1036 | <li id="fn:12"> <a href="http://dogecoin.com/">http://dogecoin.com/</a> | |
1037 | ||
1038 | <li id="fn:13"> <a href="http://www.abc.net.au/news/2015-10-06/quiggin-bitcoins-are-a-waste-of-energy/6827940">http://www.abc.net.au/news/2015-10-06/quiggin-bitcoins-are-a-waste-of-energy/6827940</a> | |
1039 | ||
1040 | <li id="fn:14"> <a href="https://www.bitcoinmining.com/is-bitcoin-mining-waste-electricity/">https://www.bitcoinmining.com/is-bitcoin-mining-waste-electricity/</a> | |
1041 | ||
1042 | <li id="fn:15"> <a href="http://www.news.com.au/technology/environment/natural-wonders/before-and-after-great-barrier-reef-photos-expose-shocking-realities-of-coral-bleaching/news-story/527d7599f160532474b27f1ca26fdbfc">http://www.news.com.au/technology/environment/natural-wonders/before-and-after-great-barrier-reef-photos-expose-shocking-realities-of-coral-bleaching/news-story/527d7599f160532474b27f1ca26fdbfc</a> | |
1043 | ||
1044 | <li id="fn:16"> Security Now, Epsiode #599 | |
1045 | <a href="https://www.grc.com/securitynow.htm">https://www.grc.com/securitynow.htm</a> | |
1046 | ||
1047 | <li id="fn:17"> <a href="https://jhalderm.com/pub/papers/interception-ndss17.pdf">https://jhalderm.com/pub/papers/interception-ndss17.pdf</a> | |
1048 | ||
1049 | <li id="fn:18"> <a href="https://www.certificate-transparency.org/">https://www.certificate-transparency.org/</a> | |
1050 | ||
1051 | <li id="fn:19"> <a href="https://www.thesslstore.com/blog/google-chrome-certificate-transparency-2017/">https://www.thesslstore.com/blog/google-chrome-certificate-transparency-2017/</a> | |
1052 | ||
1053 | <li id="fn:20"> <a href="https://www.thesslstore.com/blog/firefox-certificate-transparency/">https://www.thesslstore.com/blog/firefox-certificate-transparency/</a> | |
1054 | ||
1055 | <li id="fn:21"> <a href="https://www.ietf.org/mailman/listinfo/trans">https://www.ietf.org/mailman/listinfo/trans</a> | |
1056 | ||
1057 | <li id="fn:22"> <a href="https://datatracker.ietf.org/doc/rfc6962/">https://datatracker.ietf.org/doc/rfc6962/</a> | |
1058 | ||
1059 | <li id="fn:23"> <a href="https://en.wikipedia.org/wiki/Merkle_tree">https://en.wikipedia.org/wiki/Merkle_tree</a> | |
1060 | ||
1061 | <li id="fn:24"> <a href="https://eprint.iacr.org/2011/484.pdf">https://eprint.iacr.org/2011/484.pdf</a> | |
1062 | ||
1063 | <li id="fn:25"> <a href="https://sphincs.cr.yp.to/">https://sphincs.cr.yp.to/</a> | |
1064 | ||
1065 | <li id="fn:26"> <a href="https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html">https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html</a> | |
1066 | ||
1067 | <li id="fn:27"> <a href="https://github.com/google/trillian">https://github.com/google/trillian</a> | |
1068 | ||
1069 | <li id="fn:28"> <a href="https://boingboing.net/2016/03/10/using-distributed-code-signatu.html">https://boingboing.net/2016/03/10/using-distributed-code-signatu.html</a> | |
1070 | ||
1071 | <li id="fn:29"> <a href="https://github.com/rootkovska/codehash.db">https://github.com/rootkovska/codehash.db</a> | |
1072 | ||
1073 | <li id="fn:30"> <a href="https://secure-os.org/pipermail/desktops/2016-November/000143.html">https://secure-os.org/pipermail/desktops/2016-November/000143.html</a> | |
1074 | ||
1075 | <li id="fn:31"> <a href="https://github.com/FreeBSDFoundation/binary-transparency-notes">https://github.com/FreeBSDFoundation/binary-transparency-notes</a> | |
1076 | ||
1077 | <li id="fn:32"> <a href="https://www.gnome.org/outreachy/">https://www.gnome.org/outreachy/</a> | |
1078 | ||
1079 | <li id="fn:33"> <a href="https://sfconservancy.org/blog/?tag=ContractPatch">https://sfconservancy.org/blog/?tag=ContractPatch</a> | |
1080 | ||
1081 | <li id="fn:34"> <a href="https://sfconservancy.org/supporter/">https://sfconservancy.org/supporter/</a> | |
1082 | ||
1083 | <li id="fn:35"> cuddles: Copyright © 2017 Tom Marble, CC-by-sa 4.0</ol> | |
1084 | </div> | |
1085 | </div> | |
1086 | ||
1087 | ||
1088 | <!-- Place the following snippet at the bottom of the deck container. --> | |
1089 | <p class="deck-status" aria-role="status"> | |
1090 | <span class="deck-status-current"></span> | |
1091 | / | |
1092 | <span class="deck-status-total"></span> | |
1093 | </p> | |
1094 | ||
1095 | <!-- Place the following snippet at the bottom of the deck container. --> | |
1096 | <div aria-role="navigation"> | |
1097 | <a href="#" class="deck-prev-link" title="Previous">←</a> | |
1098 | <a href="#" class="deck-next-link" title="Next">→</a> | |
1099 | </div> | |
1100 | ||
1101 | <!-- Place the following snippet at the bottom of the deck container. --> | |
1102 | <form action="." method="get" class="goto-form"> | |
1103 | <label for="goto-slide">Go to slide:</label> | |
1104 | <input type="text" name="slidenum" id="goto-slide" list="goto-datalist"> | |
1105 | <datalist id="goto-datalist"></datalist> | |
1106 | <input type="submit" value="Go"> | |
1107 | </form> | |
1108 | ||
1109 | </div> | |
1110 | </body> | |
1111 | </html> |