Security and Self-Driving Computers
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Links:
Number of views:
16Creation date:
July 3, 2018Speakers:
Stefan EissingLicense:
CC BY-SA v4Description
We have to admit to ourselves: we do not really like to turn on automatic updates. We do not like relinquishing control. Even if we do not really know what the announced update contains, we like to have one look at it before we hit the “update” button.
Right?
Often, still, we do not even have an automated update option available - like on our phones. And we are nagged every other month or so that an update is available, that we should install it and if we please can hit the “ok” button now to start it.
My mother usually calls me when her phone asks her to update. “Should I?” she asks. And I always say “Yes!” And she keeps on calling me.
Well, that’s what mothers do anyway. But you get the point.
This is technical nonsense. It’s all part of the Legal Blame Game: “Make sure, when things go wrong, we have an excuse.” But from a technical and security point of view, updates need to happen without user intervention, for everyone.
For our security infrastructure, we try to avoid this and jump from “no updates” to full automation. Because expired certificates are just too embarrassing for everyone.
Oh, and we can make it free at the same time - because automation.
[Insert the story of Let’s Encrypt (LE) that everyone knows…]
LE is interested to get broad support, so one of the most commonly used web server on the planet was a natural target. greenbytes proposed to MOSS (Mozilla’s Open Source Support) for a grant and got it going in 2017.
This talk gives a summary of what is nowadays available in Apache, what is still on the road ahead, and where one may contribute (Hint: ACME fuzzing anyone?)!
Stefan Eissing
Stefan is one of the founders of greenbytes, a small software consultancy company in Germany with customers such as Adobe, SAP, Google and Deutsche Telekom. And very active in the IETF http working group and related areas. Personally, he has obsessed about computers forever - it seems - and sees no reason for stopping. In 2015 he became part of the Apache httpd project after he did the HTTP/2 implementation for the server.
Other media in the channel "2018"
- 109 views, 7 this yearGlassfish from (IN)Secure adminJuly 6th, 2018
- 160 views, 3 this yearShadow on the Wall - Risks and Flaws with ShadowsocksJuly 6th, 2018
- 57 views, 4 this yearOpen Hardware for (software) offensive securityJuly 6th, 2018
- 48 views, 4 this yearFreedom Fighting Mode - Open Source Hacking HarnessJuly 6th, 2018
- 76 views, 1 this yearExpl-iot: IoT Security Testing FrameworkJuly 6th, 2018
- 23 viewsIo(M)T Security: A year in reviewJuly 6th, 2018