Meetups/Infra/2024-02-05
Jump to navigation
Jump to search
Discussion, war stories day. Started slow, 3 new folks 1 of whom was on vacation, and 3 regulars (including host). Arguments about IPv6, VPNs IPsec, WireGuard, NAT, Hole-punching, tailscale, war stories enforcing encrypted connections. More discussion of Tor wanted. Future presentations.
Introductions[edit | edit source]
- [name] - [background]. [goals for meetup, or interests to explore]
- Loren - running, for about 6 months, to teach new people, have great conversations, stay sharp, share and hear war stories. welcome
- Jari - infra, 25 odd years at least, care about privacy & security. just want to hack on stuff, meet interesting people.
- Matt - background in linux & system administration, with Loren, was manager of compute lab at UC Berkeley, don't do much infra, here for the vibes
- Wolf - professionally, don't do infra, have another team, do some stuff personally, here to socialize
- Alvaro - on vacation, sf guide website, background in professional experience in network and software infrastucture, system adminstrator, focus on sustainability, now integrate finance, sustainability, refreshing
(3 people, here)
- Angelo - infra meetup interest
Lesson or Demo[edit | edit source]
- FIDO, Secure Enclaves.
- Mainly security work?
- cryptopals.com
- Concerns about persistent terminal connections applications (two mentioned by name, possibly). Work available.
- Uses OCB3 mode. Also, paper about a weak nonce.
- http://www.noiseprotocol.org/
- OpenVPN (aims to near feature matching with IPsec) - versus WireGuard
- https://tailscale.com/blog/how-nat-traversal-works
- apenwarr, https://apenwarr.ca/log/20170810
- Android doesn't support DHCPv6, response is to support SLAAC.
- IPv6 - adoption, issues. Not for small orgs and users, weird relationship with.
- Story. Snowden leaks, "encryption removed here :)"
- Concern, not just about user-DC links, but also DC-DC links.
- Wrote an analyzer, Shannon-entropy - wasn't enough. 1e-4 buckets. Inspect packets, detect flows. Identify servers. Kept going.
- New approach. SSL wall. eBPF, prevent an application from sending non-encrypted traffic, non-blessed traffic. Kernel-generated RST on host to flow.
- Shannon entropy
- Encrypted bytes should be maximally random, near uniform distribution of possible bits, present
- ASCII streams, extremely obvious, low-entropy
- Compressed streams.
- Need thousands of packets from the same flow, extract variance of shannon entropy of packets from the same flow, to ensure.
- Shannon entropy
- Similar, before faang. Embedded devices boot up in the same state. tcpdump, start of tcp stream, TLS client random from the start of the connection. IoT thermostats
- Unstable analog power rail, sample during booting, mix low order bits of the power.
- Wolf, story about mother. Using, currently, a mac running macOS 9, so she can keep using the version of Word / WordPerfect? and existing printers.
- OepnBSD for networked computer. jwm.
- Musical typesetting, Finale, Finale 98
- reverse engineered the binary file format, in MS Word.
- exploit in TrueType fonts, there since the 90s. https://security.stackexchange.com/questions/91347/how-can-a-font-be-used-for-privilege-escalation
- Differential HTTP parsers. One of attack in last 3 years, repeated, now generalized and as a class.
- Copyright law, fonts. Font shapes. Hot type, linotype machines. Copyright of fonts transfer into the things printed with it? no.
- Tz data issue. Facts are not copyrightable. But compilations of facts are. https://www.eff.org/press/releases/eff-wins-protection-time-zone-database
- Copyright law, fonts. Font shapes. Hot type, linotype machines. Copyright of fonts transfer into the things printed with it? no.
- War stories
- New things people are working
- (gForm)
- Unix + history
- Shell, web services, self-hosting, networking!
Questions, Discussion, or Coworking[edit | edit source]
- [Issue]
For next time[edit | edit source]
Questions[edit | edit source]
Readings & Exercises[edit | edit source]
- Readings
- Exercises
Join online[edit | edit source]
- Try it yourself!
- Join libera.chat #nb-meetup-infra
https://www.noisebridge.net/wiki/Meetups/Infra https://www.noisebridge.net/wiki/Meetups/Infra/2024-02-05