Is Open Source Software Really More Secure? (Pycon Pune 2017 Keynote)

Back in February, I keynoted at Pycon Pune in India. I decided to start with one of the questions that comes up frequently when I tell people that my day job is in open source security: “Is open source software really more secure?” Here’s the video!

Hopefully one of these days I’ll get the slides and a written transcript up, but for today, please just enjoy the video. Note that there’s some silence at the start of the video while we’re setting up. I start talking at the 1m50s mark, and the embedded video should start there.

Pycon Pune Group Photo

Open source security is something I’m very passionate about, and I was really glad that the fine folk at PyCon Pune gave me the chance to tell their attendees more about what it means to be secure and what it will take to make open source security even better. I believe there were over 500 people in the room for my talk, even though I was the the final keynote for the conference, and it was one of the greatest audiences I’ve ever had the privilege to talk to — very responsive, lots of great questions, and lots of great follow-ups after the talk was done. If you ever get a chance to speak at Pycon Pune, I highly recommend it. Keep an eye out for next year’s call for speakers!

This also ticked off a few bucket list items for me:

  1. Visting India! I work with a number of people from India and meet new students from there nearly ever year, so I’ve always been curious, but it’s a long an expensive trip. Thankfully it turns out it was also on J’s bucket list so we found a way to make it happen. It’s a super beautiful country and very different from my own. We were fortunate enough to spend some time being tourists before the conference, as well as lots of time socializing with the conference attendees and volunteers.
  2. Keynoting a conference! I’ve wanted to do this for years but opportunities don’t come up very often and I wasn’t able to accept the last offer I got.

PS – Interested in inviting me to keynote? I’d love to do another one! Send an email to terri (at) toybox.ca to let me know. I have a list of my speaking experience on my website. I talk a lot about security, but I’m happy to talk about open source mentorship, community, artificial intelligence, and quite a few other things, just ask!

OSB 2015 – Internet of Things Militia: Paramilitary Training for your IoT devices (Video & Slides)

As previously mentioned, I gave two talks at Open Source Bridge this year, and they’ve recently put the videos online. Here’s the more frivolous and silly of the two:

Internet of Things Militia: Paramilitary Training for your IoT devices

Abstract: Security folk generally talk about how the Internet of Things is bad for security, but it also brings new sensors and connected devices that could co-operate in new and interesting ways. Could we use internet things to enhance security?

Video embedded below:

[Confreaks.tv video link] [Youtube video link]

I was honestly pretty surprised that open source bridge accepted two talks (especially when I found many colleagues who are pretty decent speakers didn’t get in!). This was a bit of a joke talk, meant to poke fun at how security people talk doom and gloom about internet of things, but also a way to talk sideways about how internet things are both terrible and terrific if you think like a hacker. I’m not sure I would have pitched this talk if I’d known that OSB audiences are notoriously quiet and not big on participation, but I was lucky enough to get a crowd who was willing to get into it and come up with some fun suggestions on how to “better” use internet things.

Remember, don’t try this at home!

[Internet of Things Militia: Paramilitary Training for your IoT devices (Slides)] To be honest, there’s not much in these other than pictures to get people talking, but you can see my notes underneath each slide to see what I was planning on saying. The slides are also in the video.

Again, one day I hope to transcribe this and put up a nice blog post with the slides for those who don’t love video, but I the perfect is the enemy of the good and all, so I’m sharing what I have instead of pining for what I don’t have done yet.

OSB 2015 – Bringing Security to Your Open Source Project (Video & Slides)

I gave two talks at Open Source Bridge this year, and they’ve recently put the videos online. Here’s the more serious and informative of the two:

Bringing Security to Your Open Source Project

Abstract: With high profile breaches in open source projects, the issue of security has become one of great import to many people. But many projects, especially smaller ones, are intimidated by the idea of a security audit. This talk will discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No PhDs in security required!

Video embedded below:

[Confreaks.tv video Link] [youtube link]

I’m a bit sad that they cut out the introduction I got; it was pretty hilarious.

The motivation behind this talk is that when I tell people in open source communities that I do security for open source projects, I get a lot of interest but people always say they don’t know where to start and quite a lot of them buy into the idea that somehow just being open source makes you secure. That can be a big push towards security for some projects, but it’s not a panacea, so this talk is an intro to how to do a security hackathon and be welcoming to folk who want to help with your security.

[Bringing Security to Your Open Source Project (Slides)] The slides are in the video as well, but sometimes this is easier! If you look at the slides, you can also see a rough version of what I’d planned to say in the notes section.

One of these days I’ll transcribe the talk and set up a blog post with slides as images for folk who don’t aren’t into videos for whatever reason (I know I don’t watch very many myself unless I’m multitasking), but I thought I’d share the video first rather than wait. Hope you like it!

Winking Microview

With my travel and work schedules, I haven’t had time to hack my original MicroView, but the replacement ones arrived while I was out at ABQ Mini Maker Faire! So of course, I had to try *something* now that I can actually flash things to it.

Here’s my current very simple program: a smile with a wink!

microview_wink

Although it’s probably better with video

And of course, it’s more fun if you can also check out the code so I dumped it into my git repository. Here it is in case you’re not feeling like clicking through:

/* 
 * microview_wink: a simple winking face animation for the MicroView
 * 
 * Created by: Terri Oda 
 * Sept 16, 2014
 */

#include 

void setup() {
  uView.begin();		// start MicroView
  uView.clear(PAGE);		// clear page
  uView.print("Hi Terri!");	// say hi
  uView.display();
  delay(1000);
}

void loop () {
  //drawFace();
  winkFaceAnimation();
}

void drawFace() { 
  uView.clear(PAGE);
  
  drawEyes();
  drawNose();
  drawMouth();    

  uView.display();        // display current page buffer
}

void drawEyes() {
  uView.circle(20, 15, 5);
  uView.circle(45, 15, 5);
}

void drawNose() {
  uView.line(30, 22, 35, 32);
  uView.line(35, 32, 31, 32);
}

void drawMouth() {
  uView.line(20, 40, 25, 45);
  uView.line(25, 45, 40, 45);
  uView.line(40, 45, 45, 40);
}

void winkFaceAnimation() {
  for (int i = 0; i < 7; i++) {
    uView.clear(PAGE);
    
    // animate one eye for the wink
    switch (i) {
      case 0: 
      case 6:
        uView.circle(45, 15, 5);
        break;
      case 1:
      case 5: 
        uView.rect(40, 12, 10, 5);
        break;
      case 2:
      case 4:
        uView.rect(40, 14, 10, 2);
        break;
      case 3: 
        uView.line(40, 15, 50, 15);
        break;
    }

    // draw the static parts of the face
    uView.circle(20, 15, 5);    
    drawNose();
    drawMouth();
    
    // display and wait for the next frame to start
    uView.display();
    delay(500);
  }  
}

The MicroView was pretty easy to get up and running since this machine was already set up for arduino programming, I just had to remember to switch from the Adafruit Flora (what I'd been coding for last) to the Microview ( / the Arduino Uno). I'm pretty pleased with my first run, and even though I am reminded that animation frame drawing is not my favourite activity, I'm happy to have written some code for it, even if it's absurdly simple.

I'm still planning on continuing with the necklace plan for the first of these, so I'm going to work on a few more animations while I decide how I'm going to handle power, shaping, and whether I'm going to want any sensors in the final pendant. My current plan is that I'll create a backpiece that I can embed a battery into (probably 3d printed?), and I think I'd like to stick an accelerometer in there so it can be more interactive. But my plans may change as I fiddle with it!

My Little Robot

A number of weeks back, it occurred to me that as an adult with disposable income, I could buy a robot anytime I wanted to. So I did. Or rather, I bought a kit to build my own robot. I haven’t had as much time to play with as I’d like (the downside to being an adult with a job), but I’m hoping to take it out to Albuquerque Mini Maker Faire this weekend, so I’ve been experimenting with programs to show it off.

Here’s a video:

Cute, eh? That was just me making sure that the sensor “whiskers” work, but it’s kind of a convenient program because I don’t have to worry about it falling off the table. Right now, I know how to make it flash lights, move the wheels, and make noise with the little speaker on top, so either I should make a box for it to play in and teach it to do basic collision avoidance, or maybe work on a program where people can touch it and have it react, much like the one it’s running now. I’ve only got a couple of days to finish: Maker Faire is the 24th and 25th!