[11:24] schestowitz[11:24] schestowitzGNU Guix is different from most other GNU/Linux distributions and perhaps nowhere is that more obvious than the organization of the filesystem: Guix does not conform to the Filesystem Hierarchy Standard (FHS). In practical terms, this means there is no global /lib containing libraries, /bin containing binaries, and so on. This is very much at the core of how Guix works and some of the convenient features, like [11:24] schestowitz per-user installation of programs (different versions, for instance) and a declarative system configuration where the system is determined from a configuration file.
[11:24] schestowitz
[11:24] schestowitz[11:24] schestowitzWhen people think of home security they usually think of an alarm system with a keypad next to the door. These days, however, home security should have two meanings. Im here to talk about the second: cybersecurity. In other words, security in the smart home.
[11:24] schestowitzA recent investigation found that a shocking number of leading smart home devices contained outdated SSL libraries. An outdated SSL could leave the door open for malicious actors to listen in on network traffic. In the smart home context, that traffic could include extremely personal information such as when youre at home or away. This kind of security threat is far from being the only one; consumer [11:24] schestowitz device security breaches are consistently in the news. Clearly, this is a significant issue.
[11:24] schestowitz
[11:25] schestowitz[11:25] schestowitzIts enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible.
[11:25] schestowitz
[11:30] schestowitz[11:30] schestowitzLiz and Eben received Honorary Fellowships acknowledging outstanding individuals who have made significant and lasting contributions to the fields of computing and technology.
[11:30] schestowitz
[12:12] schestowitz[12:12] schestowitzWhen everything eventually settled down, we sent a report over to the scooter manufacturer and became super interested in trying to more ways to make more things honk. We brainstormed for a while, and then realized that nearly every automobile manufactured in the last 5 years had nearly identical functionality. If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics [12:12] schestowitz systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely.
[12:12] -TechBytesBot/#techbytes-samcurry.net | Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More | Sam Curry [12:12] schestowitzAt this point, we started a group chat and all began to work with the goal of finding vulnerabilities affecting the automotive industry. Over the next few months, we found as many car-related vulnerabilities as we could. The following writeup details our work exploring the security of telematic systems, automotive APIs, and the infrastructure that supports it.
[12:12] schestowitz
[14:52] schestowitz[14:52] schestowitzHowever, today I'll go out on a limb and show you a piece of code that gets 4 times faster by compiling it to C++. Consider the following little QML program: [...]
[14:52] schestowitz