Session slides from Future Insights Live, Vegas 2015:
https://futureinsightslive.com/las-vegas-2015/
So many network intrusions, so many email spools made public. Remember HBGary, Stratfor, 'The Fappening', Sony Pictures hacks? How about the Snowden Files? The potential liabilities of communicating in plain text has become too expensive to continue to do so. Zero-Knowledge systems can be made useful, elegant even. The problem with putting privacy first in our communications tools is that most of the existing privacy applications were created by crypto-nerds, most of whom have never overlapped with the world of UX. In this talk, Privacy will be put at the core of application design by way of new metaphors for arcane cryptography jargon (that few endusers understand). Using frameworks and services created for this new 'privacy first' era, your application can be built in a way that removes liability, is regulatory-compliant and elegant.
First episode of the podcast at the Crossroads of Project SAFE. It's all about the first truly grass-roots internet with Secure Access For Everyone--the SAFE Network.
This is an approximate transcript of the first episode.
Check out www.safecrossroads.net for this episode and lots more stuff.
Secure Message Transmission using Image Steganography on Desktop Basedijtsrd
The rapid increase in our technology has made easier for us to send and receive data over internet at most affordable way. There are many transmission medias like emails, facebook, twitter, etc” ¦ which led way for the intruders to modify and misuse the information what we share over the internet. So in order to overcome these kinds of issues many methods has been implemented such as Cryptography, Steganography and Digital watermarking to safeguard our data transmissions in a most prominent way. In this paper, hiding text inside a digital image using Stegano tool for secure data transmissions has been described. Sidharth Sai S | N. Priya "Secure Message Transmission using Image Steganography on Desktop Based" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38067.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38067/secure-message-transmission-using-image-steganography-on-desktop-based/sidharth-sai-s
First episode of the podcast at the Crossroads of Project SAFE. It's all about the first truly grass-roots internet with Secure Access For Everyone--the SAFE Network.
This is an approximate transcript of the first episode.
Check out www.safecrossroads.net for this episode and lots more stuff.
Secure Message Transmission using Image Steganography on Desktop Basedijtsrd
The rapid increase in our technology has made easier for us to send and receive data over internet at most affordable way. There are many transmission medias like emails, facebook, twitter, etc” ¦ which led way for the intruders to modify and misuse the information what we share over the internet. So in order to overcome these kinds of issues many methods has been implemented such as Cryptography, Steganography and Digital watermarking to safeguard our data transmissions in a most prominent way. In this paper, hiding text inside a digital image using Stegano tool for secure data transmissions has been described. Sidharth Sai S | N. Priya "Secure Message Transmission using Image Steganography on Desktop Based" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38067.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38067/secure-message-transmission-using-image-steganography-on-desktop-based/sidharth-sai-s
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
This talk will address a fundamental challenge in information security: Authentication, or how to establish trust between a user and their collection of devices and internet services.
I will start by describing the current state of play: a regular user typically has at least one computer and a smartphone; each individual is then subscribed to tens or sometimes hundreds of Internet services which are accessed using these devices. Even these services are interconnected with trust relations, such as email accounts that receive password reset tokens. Some of these relations are not so obvious...
The complexity of this arrangement is rising so fast that it's getting harder for end users (even power users) to cope with all of its security implications. Most users will not have any strategy to manage their security, using the same password for all services and devices; but even most power users such as infosec professionals make mistakes that can be exploited.
I will illustrate the current scenario with a dissection of the Mat Honan hack and my own experience mapping the interconnections between my own devices and services.
I will then attempt to provide a strategy to schematize and improve the level of trust between users and devices / services, analysing ad-hoc strategies by power users and provide the tools to create a personal strategy.
Finally I’ll look into what the future of authentication, and what this Tangled Web might bring us: mutual authentication between devices, the future of two factor, the role of social networks, location based authentication, behaviour based trust, trust federation.
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
ANALYSIS OF IMAGE WATERMARKING USING LEAST SIGNIFICANT BIT ALGORITHMijistjournal
The rapid advancement of internet has made it easier to send the data/image accurate and faster to the destination. But thisadvantage is also accompanied with the disadvantage of modifying and misusing the valuable information through intercepting or hacking.So In order to transfer the data/image to the intended user at destination without anyalterations or modifications, there are many approaches like Cryptography, Watermarking and Steganography. This paper presents the general overview of image watermarking and different security issues. In this paper, Image Watermarking using Least Significant Bit (LSB) algorithm has been used for embedding the message/logo into the image. This work has been implemented through MATLAB.
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
The presentation focuses on the whole process of security testing and present it by analogies to the web applications which are quite well-known. It covers the whole SDLC and show the similarities and differences in the arsenal of vulnerabilities, security tools and standards between the smart contracts and web applications on each step. Even though there exist a lot of great security projects for smart contracts, we do not have single, widely accepted security standard (such as ASVS in web apps world). That is why we introduce SCSVS (Smart Contract Security Verification Standard), a open-source 13-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
Eat Your Vegetables - Data Security for Data ScientistsWilliam Voorhees
Presentation for PyDataDC 2016
You've got data. Lots of it. You might not realize it, but people want to get their hands on that data. You probably don't want that, so let's go over a few things you can do to dissuade attackers from getting their grubby mitts on your hard processed datastore. We'll cover the obvious things (spoiler alert: encryption) and then move on to some advances techniques for keeping your data secure while still keeping it usable (that is to say, analyzable).
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications and a hundred identical safes with their combinations so that the world’s best safecrackers can study it and you still can’t open the safe, that’s security.
2019 JJUG CCC Stateless Microservice Security with MicroProfile JWTDavid Blevins
In this presentation we'll deep dive into MicroProfile JWT, which offers a clean Java API and standard configuration for consuming JWTs in Java Microservices. Code and demo focused, we'll see a complete MicroProfile JWT, TomEE and AngularJS app that issues JWTs with custom backend-data, performs server-side verification and injection of claims, and client-side login and refresh. All code in Github, you'll leave ready to bootstrap your next truly secure full-stack project.
Николай Апостол - UI/UX дизайнер из Киева с 15+ опытом работы в этой сфере рассказал как улучшить мобильное приложение с помощью анимации и микровзаимодействий. Эмоции, психология поведения, советы и хитрости. Мы рассмотрели кейсы из прошлой и нынешней практики, а также тенденции в мобильном дизайне на ближайшее время.
UX design is not a step in the process, it's in everything we do. More than anything it is a project philosophy, not just a set of tools, methods and deliverables.
In this presentation we explain how you can differentiate through design, why user experience design matters as well as share our knowledge around all the activities that helps ensure a great UX/UI design.
Your guide to picking the right User Interface (UI) and creating the best User Experience (UX) in just a short amount of time. Learn how to quickly create mockups, landing pages, and build mock integrations that turn into large ideas.
Have more questions about UX/UI? Contact mvp@koombea.com for additional information or questions and we will get back to you shortly.
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
This talk will address a fundamental challenge in information security: Authentication, or how to establish trust between a user and their collection of devices and internet services.
I will start by describing the current state of play: a regular user typically has at least one computer and a smartphone; each individual is then subscribed to tens or sometimes hundreds of Internet services which are accessed using these devices. Even these services are interconnected with trust relations, such as email accounts that receive password reset tokens. Some of these relations are not so obvious...
The complexity of this arrangement is rising so fast that it's getting harder for end users (even power users) to cope with all of its security implications. Most users will not have any strategy to manage their security, using the same password for all services and devices; but even most power users such as infosec professionals make mistakes that can be exploited.
I will illustrate the current scenario with a dissection of the Mat Honan hack and my own experience mapping the interconnections between my own devices and services.
I will then attempt to provide a strategy to schematize and improve the level of trust between users and devices / services, analysing ad-hoc strategies by power users and provide the tools to create a personal strategy.
Finally I’ll look into what the future of authentication, and what this Tangled Web might bring us: mutual authentication between devices, the future of two factor, the role of social networks, location based authentication, behaviour based trust, trust federation.
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
ANALYSIS OF IMAGE WATERMARKING USING LEAST SIGNIFICANT BIT ALGORITHMijistjournal
The rapid advancement of internet has made it easier to send the data/image accurate and faster to the destination. But thisadvantage is also accompanied with the disadvantage of modifying and misusing the valuable information through intercepting or hacking.So In order to transfer the data/image to the intended user at destination without anyalterations or modifications, there are many approaches like Cryptography, Watermarking and Steganography. This paper presents the general overview of image watermarking and different security issues. In this paper, Image Watermarking using Least Significant Bit (LSB) algorithm has been used for embedding the message/logo into the image. This work has been implemented through MATLAB.
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
The presentation focuses on the whole process of security testing and present it by analogies to the web applications which are quite well-known. It covers the whole SDLC and show the similarities and differences in the arsenal of vulnerabilities, security tools and standards between the smart contracts and web applications on each step. Even though there exist a lot of great security projects for smart contracts, we do not have single, widely accepted security standard (such as ASVS in web apps world). That is why we introduce SCSVS (Smart Contract Security Verification Standard), a open-source 13-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
Eat Your Vegetables - Data Security for Data ScientistsWilliam Voorhees
Presentation for PyDataDC 2016
You've got data. Lots of it. You might not realize it, but people want to get their hands on that data. You probably don't want that, so let's go over a few things you can do to dissuade attackers from getting their grubby mitts on your hard processed datastore. We'll cover the obvious things (spoiler alert: encryption) and then move on to some advances techniques for keeping your data secure while still keeping it usable (that is to say, analyzable).
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications and a hundred identical safes with their combinations so that the world’s best safecrackers can study it and you still can’t open the safe, that’s security.
2019 JJUG CCC Stateless Microservice Security with MicroProfile JWTDavid Blevins
In this presentation we'll deep dive into MicroProfile JWT, which offers a clean Java API and standard configuration for consuming JWTs in Java Microservices. Code and demo focused, we'll see a complete MicroProfile JWT, TomEE and AngularJS app that issues JWTs with custom backend-data, performs server-side verification and injection of claims, and client-side login and refresh. All code in Github, you'll leave ready to bootstrap your next truly secure full-stack project.
Николай Апостол - UI/UX дизайнер из Киева с 15+ опытом работы в этой сфере рассказал как улучшить мобильное приложение с помощью анимации и микровзаимодействий. Эмоции, психология поведения, советы и хитрости. Мы рассмотрели кейсы из прошлой и нынешней практики, а также тенденции в мобильном дизайне на ближайшее время.
UX design is not a step in the process, it's in everything we do. More than anything it is a project philosophy, not just a set of tools, methods and deliverables.
In this presentation we explain how you can differentiate through design, why user experience design matters as well as share our knowledge around all the activities that helps ensure a great UX/UI design.
Your guide to picking the right User Interface (UI) and creating the best User Experience (UX) in just a short amount of time. Learn how to quickly create mockups, landing pages, and build mock integrations that turn into large ideas.
Have more questions about UX/UI? Contact mvp@koombea.com for additional information or questions and we will get back to you shortly.
Your data is encrypted. So what? Are you using SSL, AES, 3DES, or something else? Can your data be compromised with a cryptographic attack? What key length are you using? This paper attempts to shed a bit of light on the myths and misconceptions when dealing with encryption.
Protecting Your Privacy: Cyberspace Security, Real World SafetyAEGILITY
Carpe Diem Strategic Services (CDSS), a veteran owned service-disabled business that offers education and training which addresses threats to digital communications and online privacy.
Their mission is to assist individuals, families, and small businesses to understand, identify, and reduce threats and vulnerabilities that expose their business, financial, intellectual property, and sensitive personal data to potential exploitation and risk.
(Presentation, slides, and content created by AEGILITY)
Evolution of Monitoring and Prometheus (Dublin 2018)Brian Brazil
This talk looks at the evolution of monitoring over time, the ways in which you can approach monitoring, where Prometheus fit into all this, and how Prometheus itself has grown over time.
Slides from my DevOpsExpo London talk "From oops to NoOps".
They tell you in these conferences that DevOps is not about tools, but about culture. And they are partially right. I am going to tell you that it’s not only about culture or tools but also abstractions.
It is a lot about how you see software and its value. About our mental model of what software is: how it runs, evolves, and interacts with the other facets of an enterprise.
We used to view software as code. As a state of code. Now we think about software as change, as a flow. A dynamic system where people, machines, and processes interact continuously.
At Platform.sh we spend a bunch of time asking ourselves not “How do you build?” - or even “How do you build consistently?” - but rather “What does it mean to consistently build in a world where change is good?” A world that lets you push security fixes into production as soon as they’re available because you don’t want to be an Equifax but you do want stability.
In this presentation, I will go over what we think software is and why having the right ideas about software will help you get your culture right and your tooling aligned, as well as gain in productivity, and general happiness and well-being.
This whitepaper reveals how organizations can easily modernize their disparate IT systems and migrate their on premise PGP encryption solutions to the cloud; creating additional value for their customers and improved performance.
International Refereed Journal of Engineering and Science (IRJES)irjes
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
An overview of Secure IoT development using Java technologies. A brief overview of some recent attacks, some considerations on what to consider and the related Java technologies
This Encryption software developer in java . there in this software we can Encrypt JPGE and Simple text .
For simple text encryption we use most secure algorithm type "RSA" .In this RSA algorithm we create two types of key "Public key" and "Private key" one for sender and one for receiver .this type method make encryption and definition very secure.
Similar to Privacy is a UX problem (David Dahl) (20)
A Universal Theory of Everything, Christopher MurphyFuture Insights
Taken from the Future of Web Design, New York 2015 Conference. https://futureofwebdesign.com/nyc-2015/
Drawing on over two decades of experience designing and developing digital products, Christopher will walk you through everything he's learned along the way. He'll break apart the creative process, exploring how an understanding of that process, leads you to become a better designer. In this session, he'll explore how the best designers: firstly 'prime the brain' by ensuring it is constantly nourished with new material; then explore that material from multiple perspectives to gain a deep understanding of it; before, finally, putting those pieces back together again to create exciting new ideas that stand the test of time. In short, he'll ensure you leave the session fully creativity-hardened and never short of ideas again.
Horizon Interactive Awards, Mike Sauce & Jeff JahnFuture Insights
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
Mike Sauce, Founder and President of the Horizon Interactive Awards will present an award to the Most Awarded Developer in the 13th annual competition to DynamiX Web Design. Jeff Jahn, owner and founder of DynamiX, will discuss design trends, processes and technologies that led his company to achieve such a high honor in the Horizon Interactive Awards competition.
Reading Your Users’ Minds: Empiricism, Design, and Human Behavior, Shane F. B...Future Insights
Taken from the Future of Web Design, New York 2015 Conference. https://futureofwebdesign.com/nyc-2015/
How do you decide what your users really need? The difficult truth is that the best web design comes from finding out for yourself. Luckily for anyone passionate about improving web-based human interaction, the field of psychology can shed light on common motivations, needs, and biases that are powerful influences on human behavior. In this session, you’ll learn about how these psychological forces—such as prospect theory, metacognitive fluency, and the introspection illusion—can shed light on UX, design, and conversion.
Structuring Data from Unstructured Things. Sean LorenzFuture Insights
From FOWA Boston 2015
Structuring Data from Unstructured Things. Sean Lorenz
Data coming from Internet of Things (IoT) product sensors can be hard to manage or know what to do with. In this talk Sean will discuss ways to tame IoT data sources by organizing and pruning that information effectively. He will also discuss the importance of time series when culminating sensor, metadata and other data sources together, making it vastly easier to query or perform analytics on your newly structured data.
Taken from the Future of Web Design, New York 2015 Conference. https://futureofwebdesign.com/nyc-2015/
The process behind making a blockbuster film is similar to creating a meaningful website or app. Through the lens of cinema, we’ll walk through practical ways that UX design teams can work together to deliver an award-winning final product. Whether you’re making a low-budget indie for a non-profit or the next summer smash for a Fortune 500, we can learn a thing or two from film.
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
In the last few years, we’ve seen an emergence of a modular way of thinking about code and design. We’ve seen the rise of SMACSS, BEM, and Atomic Design. This talk will look at those modular concepts and how they can streamline development for large and long-running projects. We’ll also look at how these approaches can ease responsive design and development. Lastly, we will look at where the modular approach is going in the future as Web Components slowly make their way into browsers and application frameworks.
Designing an Enterprise CSS Framework is Hard, Stephanie RewisFuture Insights
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
It seems that not a week goes by without a shiny new framework of some type — be it CSS or JS. But no matter how awesome they are, each have shortcomings and idiosyncrasies that invariably make you ask, 'Why?' Now imagine someone gave you the ability to start from scratch to create your own framework. No strings. No preconceptions — well, except that it has to be enterprise scale, platform agnostic, and work in a whole host of disparate situations. In this session, Stephanie will talk about some of the challenges, hurdles, tradeoffs, and unique decisions Salesforce UX made on the way to building an enterprise framework.
Accessibility Is More Than What Lies In The Code, Jennison AsuncionFuture Insights
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
Many associate making a digital product accessible with the guidelines and specifications that address themselves at the code-level. In short, the developers/engineers will take care of it. While the thoughtful implementation of accessible code during the development phase is unquestionable, the truth is accessibility depends heavily on choices made by designers and others involved in determining the user experience, and typically before development begins. Join Jennison as he illustrates this by identifying some of the user interactions and design-related decisions that can pose accessibility challenges. He will also share practical advice for those seeking to scale accessibility and make it a shared responsibility.
Sunny with a Chance of Innovation: A How-To for Product Managers and Designer...Future Insights
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
Growth stage companies need to continue to be as innovative as they were as smaller startups - but how do you actually do it? How can product leaders and designers de-risk valuable new ideas and get the support required to actually execute? From the perspective of a product owner and a designer respectively, Audrey and Alexa will walk through how they ran an innovation team on a recent project. They'll discuss how they rallied a broader group of stakeholders around big and risky ideas, testing the limits of experimentation, and turning small-scale experimental code into real life features. Thinking big and executing in layers is the future of innovation. You will walk away with some easy methods to start launching experiments at your company, regardless of whether you come from a three-person startup or a huge corporation.
Taken from the Future of Web Design, New York 2015 Conference. https://futureofwebdesign.com/nyc-2015/
The future must be universally approachable. In this talk, Andrew looks at designing for dyslexic users. Learn how to create designs that are more universal; designs that not only better fit dyslexics, but are a better fit for everyone regardless of race, religion, national origin, language or ability.
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
Site analytics. The quantified self. Big data. Human activity is creating more and more measurable data. But is more data really helping designers make better decisions? Human problems often require illogical approaches. In order to meet real human needs, we need to approach the data we collect with empathy and find the story in the facts.
Taken from the Future of Web Design, San Francisco 2015 Conference. https://futureofwebdesign.com/san-francisco-2015/
We need to create processes that get us away from nice looking design files to actually shipping our projects into the real world.
FOWA London 2015
In recent years there have been incredible advances in artificial intelligence and deep learning. As a result, powerful technology which used to be rare and expensive has very quickly become easily available and cheap. This will have both positive and negative consequences for web developers. In this talk I will look at how AI will change the development field, and provide techniques that will help designers and developers to work with AI to improve their skills and make better sites and applications for end users.
Digital Manuscripts Toolkit, using IIIF and JavaScript. Monica Messaggi KayaFuture Insights
FOWA London 2015
Monica is part of the DMT project at the Bodleian Libraries (University of Oxford) that aims to create a toolkit using IIIF standard (http://iiif.io) for images, a server solution (to store images of manuscripts and metadata), and a client solution using JavaScript to build an authoring tool that allows editing the manuscript manifest and its metadata. Working specifically on the authoring tool, and on the challenges that different types of manifests presents for the developer. You will have a glimpse of the whole picture and then she taps into the libraries used, choices made, collaboration experiences and lessons learned so far.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Accelerate your Kubernetes clusters with Varnish Caching
Privacy is a UX problem (David Dahl)
1. Privacy is a UX Problem
David Dahl, SpiderOak, Inc.
Future Insights Live
Las Vegas, NV June 3rd, 2015
1
2. David Dahl
• Privacy Enthusiast
• Director, Crypton - SpiderOak
• Former Privacy Engineer, Mozilla
• ILM, DOE, consultant
• @deezthugs
3. A beam splitter
To NSA
InternetBackbone
In 2006, a whistle-blower came forward from ATT named Mark Klein. He gave us a heads up that our personal communications were being siphoned off of the internet
via a literal prism that split the internet backbone fiber optics line in San Francisco to be copied, searched sorted, sliced and diced. “Former director of the NSA's World
Geopolitical and Military Analysis Reporting Group, William Binney, has estimated that 10 to 20 such facilities have been installed throughout the United States.” https://
en.wikipedia.org/wiki/Room_641A
I find this very disturbing. Also, how difficult is it to send a truly private message to someone online? For most users this has been until recently effectively impossible.
Naturally this got me thinking about Silicon Valley companies and what they actually do - and the fact that so few of them provide privacy with their services, least of all
privacy from *them*
4. Intersection of
Crypto Nerds &
UX Designers
The number 1 reason for this talk is in this Venn diagram. Do you see any orange in this Venn diagram? A sliver?
When I was at Mozilla I remember bending our UX designers’ ears about privacy and crypto and User Interface design. It was a bit baffling for both of us to try and
understand each other. There really was too little interaction between privacy & crypto engineers and UX. Most of the software designed for preserving online privacy
suffers from this
5. Wait, privacy is
*just*
a UX problem?
Well, kind of…
Who has heard of GPG or PGP? Used GPG or PGP? This image is a screenshot of the first page of the GPG user guide. Clearly, GPG documentation is dense, technical
and long winded. This is not going to work for the majority.
In this talk I want to navigate through concepts, issues and pitfalls of using apps built for privacy. I will also cover newer advances in privacy UX. Please take this talk as a
call to action to familiarize yourself with privacy techniques and tooling - you *can* make it better
6. We have the technology!
We have incredibly fast and capable devices today. There is no reason we cannot also have privacy in all of our communications.
7. We have very fast, tiny computers
in our pockets
All of us do. Some even have 2.
8. …and on our wrists.
These are devices are capable of decrypting real-time streaming video & audio data! Ok, well, maybe not this device, but one a bit like it.
9. We have
very fast
networks
connected
to these
tiny
computers
Not to get out in the weeds, but, some of our network operators are hostile to privacy, which presents further problems.
10. The math is sound WTF?
Strong crypto DOES work. This is a page from Snowden’s files. Even the NSA cannot decrypt a PGP message. Note: this does not stop the NSA from storing this
message until the computer is broken into and the private key is taken. Unless… January 2032 arrives and they delete or reclassify this message! Srsly?
11. This Snowden slide illustrates just how much of a problem Tor, TrueCrypt and TAILS are for the NSA.
TruCrypt is a disk encryption tool and was recently audited and found to be sound
Tails stands for “The Amnesic Incognito Live System”, a secure linux distribution booted from a USB stick, which has Tor Browser and other tools ready to use. Once you
shutdown all traces of your activities vanishes.
12. Privacy nerds have an embarrassment of riches
in crypto libraries
[NaCl, BoringSSL, SJCL, LibGCrypt, NSS & others in many languages ]
Not that many of them are easy
for developers to actually use
Crypto libraries must be used with care. When I worked at Mozilla and implemented window.crypto.getRandomValues it took an inordinate amount of time to land a
feature that “just” produced random numbers.
13. You’ve probably noticed a lack of web applications
Web pages are not considered safe for cryptography & privacy applications. You know, those pages that load JS files from CDNs that can be anywhere. JavaScript
source files are not verified at all, they are just downloaded and immediately run.
This problem is not going away any time soon. Browser vendors are slowly working towards signed and verified web apps, but it is such a vast change in the way
browsers work.
Naturally, you can build HTML5 apps that can be packaged and signed and not load external content. This does work. I am doing it today.
14. Pitfalls
Common issues in creating and
using private applications
Lets talk about some of the pitfalls we run into with privacy apps. Some of these issues are related to GPG & PGP. But even some newer applications suffer from some
notable problems.
15. Understanding Cryptography concepts is a requirement
for using many privacy applications
Some apps ask the user to choose algorithms
& key lengths (whatever that means!) to use
GPG / PGP, which does work to defend people against
dragnet surveillance can be horribly difficult to even install
That being said, there are some new takes on PGP: Yahoo Mail has a browser extension, Whiteout.io is a new email client that supports PGP with any eye toward better
UX, and there are others as well
16. Jargon
keys
fingerprints
signatures
Jargon and comcepts in Crypto is dense and complicated. A Math degree is required to truly understand it. For instance, a “key” is used to unlock data but it is also used
to identify you. Fingerprints make it easy to verify keys. Signatures verify that the sender is the originator of data - or has access to the private key that created the
encrypted message. The “signature” is the best real-world analog here.
Side note, most everyone who you think might be a crypto nerd will never admit to it. Some of the top engineers in Silicon Valley who do crypto every day will not admit
they “know crypto”. It is a dark art. I only claim to be able to use APIs, with guidance from professionals.
17. Keys
Most applications have a
step where “keys” are
generated
Do users really need to know
about this?
Knowing about key generation adds complexity to the mental model a user is used to in a communications app. Hiding this step is worth considering. I would prefer to
not refer to keys at all. Creating new metaphors for these crypto-specific operations is a better idea. A “key” really represents a user - or the ability to converse with said
user. A peer’s keys represent them - can’t we just use an “account” & “contacts” model here and do away with all of this key jargon?
18. Fingerprints
A fingerprint is a shorter string derived from and which helps identify a longer key
My GPG fingerprint is:
094A 590E 099D 4621 A7DB 440A 8425 DACF 4F19 5F87
Before you collect my public key - and save it into your “key database”, you should compare my fingerprint to the one that you will get with my public key or via a key
server lookup.
I publish my fingerprint on my business card in order to hand contacts an out of band copy of the fingerprint. This goes a long way towards really verifying my public key
and my messages to contacts
19. Signatures
Signatures are used in proving authenticity of a message,
either encrypted or plain text.
All encrypted messages should also be signed
Many GPG front-end applications default to NOT signing each message. Why this is I do not know. It is less safe to send an unsigned message. We end up with an extra
step for users to do - and many may not even know to do this.
20. Are your eyes
glazing over
yet?
Just wait!
All these extra bits needed to make software more private need to be turned around and used - with new metaphors and mental models - to make the software feel
private but not be a chore to operate
21. GPG Usage
Enigmail on Thunderbird
• Install Thunderbird
• Install GPG
• Install Enigmail
• Try not to Fail
• There is Hope here…
To get GPG email going - in this case - you have to install 3 different products! Then you walk through a messy “Wizard” to generate keys and publish your public key to
a “keyserver”. After all of this you must be aware that by default, all email is sent in plain text and you usually have to be proactive about making sure your message is
going to the right person using the correct key and the message is both encrypted and signed. Also, your subject line is never encrypted.
22. Lets send a GPG message via Thunderbird & Enigmail. Now, don’t get me wrong, I think this all works great - for me, a privacy nerd - but this is not going to work to
make privacy universally usable. The first thing I notice here is that the message WILL NOT be encrypted & signed. That is OK, as most email is not, but this sometimes
will allow you to send what you wanted private in the clear! Let’s pick a recipient - but I am not sure if I have the public key…
23. It turns out my recipient has more than one key! We have wandered into bad UX so quickly here. This is unusable by the vast majority of internet users.
24. My default settings set the messages to not be signed when encrypting. This is bad default behavior.
25. “Pre-send” warning!
My privacy is guarded by a
Modal Dialog and a Toolbar
I’m not even kidding. This is cutting edge stuff. The app now interrupts your message sending to make sure its actually encrypted and a toolbar makes it easy to make
sure all messages are signed as well! Thank you UX gods!
26. Now we are sending the message correctly after clicking on both the Lock and the Pencil. Normally, this works correctly, but this is perilous as email is designed to be
clear text and we are bolting on some privacy measures. Don’t be in a hurry. Again, this is unusable by humans.
27. Privacy is best not bolted-on!
EMAIL
GPG
We need applications that are built from the ground up with privacy at the core of the application. Bolt-ons do work, but are dangerous to rely on.
You can also use GPG as a general encryption tool for files and messages outside of an email program. This is how Snowden passed along his documents to Laura &
Glenn.
28. We have ‘Mobile first’ development
And we have ‘User First’ development
We also need ‘Privacy First’ development
This is the future. Privacy First development
29. Greenwald nearly missed
the story of a lifetime!
GPG fail to install even! THANK YOU LAURA POITRAS
Here we have a screen capture from “Citizen4”, the Snowden Documentary.
This is an extreme example, but Glenn Greenwald was unable to even install GPG in order to communicate with Snowden.
I highly suggest you see the movie.
30. Of course this talk is not about the UX to help avoid NSA
targeting. You might as well tape your mobile phone to a
Greyhound bus bumper, smash your computer and travel
overland with cash and false identity papers to South
America and become a farmer in the Pampas
(I did some research for a friend)
Avoiding some blanket wiretapping and dragnet surveillance is possible. Avoiding surveillance when personally targeted is probably impossible - and I am not advocating
that is a possible:)
31. What is a likely threat model?
Advertisers are a threat
Ok, not advertisers, it is companies that
sell your data you to advertisers.
Like, nearly everyone in Silicon Valley
Side Note:
We really have to stop and think about what is happening here. What is the logical conclusion of all of the data being gathered and stored about you?
32. You are not the Customer
You are the product
Google
You
Facebook
Twitter
Bing
Yahoo!
We all may think these search engines and social networks are free software. They are not. The real reason they exist is to milk you of your private life and sell it to the
highest bidder. This will cost you in the long run.
[Insurance company rates example: read about beers, go to many bars, car insurance rates through the roof. Buy too much junk food and watch A LOT of Amazon Prime
or Netflix? Your Health insurance rates will climb.]
33. The real danger is the aggregation of all of our social networking posts, social graph, search history and location history. We are being sliced, diced and categorized into
buckets of user types. Our most private conversations, opinions and movements are known to marketers and possibly worse. Even things we don’t search for are known
to them. It is probably true that our search engines know more about us than the NSA and even our closest friends.
34. New-ish Privacy Applications
Ok, that was a bit of a side note…
Lets talk about some newer privacy apps and the potential issues we will run into
35. Crypto.cat
• Relatively easy to use
• Installation: Browser
extension /Chrome App
• Obtuse verification process
• Great for real-time chat for
groups
Overview: easy to use compared to GPG, provides instant messaging for groups. Still difficult to verify and authenticate others
36. We need to set up a secret
question & answer for each
person we talk to?
That’s a lot of work
Since Crypto.cat allows you to use it anyway without doing this, it provides for bad habits and is just too much work for non-nerds to use
37. Crypto.cat docs are built in and very good. Regardless, it is a lot of work to use properly.
38.
39.
40. While not ideal, this built-in documentation is good. How can we build systems like this that don’t need or require even less built-in documentation?
41. “UX is like a joke if you have to
explain it you have done it wrong”
I don’t blame crypto.cat here, there are just doing what everyone else has done.
They are trying to make it fun and more humane and I applaud them for that.
42. Signal
Probably the best experience in
privacy: encrypted phone calls and
texting
https://whispersystems.org/
Started off as “text secure” on android, now on iOS and Android, its called “Signal”
43. Signal looks and feels like
any other texting application
but all texting and calling is
end to end encrypted
Key generation is done behind the scenes. The contacts are verified over an initial SMS message that hands the other your public key and fingerprint
44. You still need to verify fingerprints.
“tap to copy” makes
it pretty easy
to get your own fingerprint
for others to verify
over a 2nd channel
you get a new phone and your key will change, so others will be warned when they are sent a new public key behind the scenes.
45. Encrypted calling is elegant
A phrase is used to verify
your caller is
who you think it is.
It should be
the same on each device
Encrypted calling in signal started off life as “RedPhone” for android, which was mentioned in that Snowden slide.
There is a lot to say about Signal. It is the next generation app for ease of use and slick UX for privacy. The crypto is pretty cutting edge as well, which uses “key
ratcheting” for text messages. Each text is encrypted with a new key. Very slick and hard to attack.
46. A downside:
notifications are generic
This is true of most privacy-leaning applications. Since notifications might pop up at any time - and when your phone is visible to others, a generic notification is all we
can really do. Perhaps using sensors we can determine if the user is holding the device we can decrypt the actual notification. (On iOS, this may be problematic as
background operations can be limited, apple’s concern about using too much CPU in the background)
47. Anonymity Online
• Tor Browser
• Ricochet (IM)
Anonymity online is possible. The best tool for this is the Tor Browser for web browsing, and tools built on top of the Tor network protocol. Ricochet is one of these
applications and is used for IM.
My focus is on applications that are open source. Also, these are apps you can help improve the UX for. Apps that are closed source I have to wonder about the
"privacy" being trustable.
48. While Tor Browser is a bit slow, it does allow for real anonymity online. It is built on top of Firefox and through the Snowden leaks we have learned that Tor does indeed
work! It is used heavily by dissidents and activists living under repressive regimes as well as many journalists that don’t want any of their research queries tied back to
them, etc.
50. You exchange identifiers through another channel, perhaps even in person (which is best). Once you exchange IDs, you can chat anonymously with end to end
encryption
51. Design for Privacy Applications
How do we do better?
Lets talk about the operating and design model for Privacy Applications
The client is the powerful actor. This turns things a a bit upside down. The source of truth is not 100% encapsulated in the server. Working with this model can be
challenging and some use cases are difficult to implement.
52. Client
ServerThe development
model is somewhat
inverted:
The client
generates the
account (and keys)
Theclienttellstheservertostorethe
accountdata
An inverted model makes for some very tricky operations. The client is the source of truth (it generates keys and tells the server what to store)
54. Client
Server
Searching is always done on the client
Search indexes are created on
the client, stored on the server
and are pulled down to the client,
decrypted and searched locally
Search is difficult as we must search the plain text on the client. Normally this data is indexed on the server and easily searchable there. This breaks what is known as
“Zero Knowledge”. Indexed data must be searched on the client only. There are some advances in encryption technology where we can search encrypted data directly
on the server, but this is not mainstream or easy to implement, it is still very much “research"
55. The UX of Privacy starts at the API
We need APIs that encapsulate the complex crypto operations that underlying libraries require. Developers need better “SDK UX” to be able to safely design and develop
applications in a “privacy first” effort.
56. Crypton is an attempt
at better UX for
privacy-centered apps
Well, mainly better UX for APIs so
developers can use crypto properly
by NOT actually using Crypto!
It is not easy to use crypto APIs - and of course that much more difficult to IMPLEMENT crypto APIs. Crypton is a stab at an SDK any developer who knows JavaScript
can implement privacy-centered applications with little knowledge of crypto. Crypton provides APIs that resemble normal app-building APIs but everything is encrypted
end to end.
Sadly, there are few projects like this.
57. Crypton at a glance
crypton.generateAccount(‘username’, ‘password’,
function (error, account){});
crypton.authorize(‘username’, ‘password’, function (error, session){});
session.getOrCreateItem(‘wineList’, function (error, item){});
session.items.wineList.value.reds = [{cabernet: ‘sonoma’}];
session.items.wineList.save(function (err) {});
session.getPeer(‘alice’, function (err, alice) {});
session.items.wineList.share(alice, function (err) {});
Not to get too far into the APIs crypton provides, but Crypton’s APIs read like any other web API. All of the crypto is encapsulated inside functions anyone can use, and
all of the normal parameters that developers need to choose are set for you to “smart defaults” - that have been audited by professionals. This is UX *too*, making the
framework APIs simple. The developer never deals directly with the encryption. When you call “getFoo()”, decryption happens even before you are handed the plain text
object.
58. The SAFE (Secure Access for Everyone) network can be best
described as a fully distributed data management service. This
network manages static and dynamic data as well as
communications. Importantly the data held is either:
Encrypted by clients
Cryptographically signed by clients
MaidSafe is another project that is attempting to build a Peer to Peer network that by default does nothing but end to end encryption. The project is working on a beta
version of its network now and has a lot of potential. MaidSafe will allow you to build most applications we use today where the network (everyone else’s computer on
the network) is the datacenter.
59. Top Privacy UX issues
• Key Exchange
• Verifying others
The management of keys has always been a complex and confusing affair. Keys need to be exchanged to begin communication and again when keys change.
Verification of contacts is usually awkward, with one or more contacts wondering why it is necessary and be OK with using the application in an unsafe, unverified mode.
60. New Metaphors
New Metaphors need to be created to allow application users to better understand (or to completely hide the complexity of key exchange)
61. Crypton’s Contact Card Concept
The Contact Card metaphor.
Everyone has an ID or Business Card. You show it to people so they can verify who you are, or learn a bit about you.
Eliminates specialized jargon from privacy: no “keys” are referred to.
An exchange of Contact Cards establishes a secure communication channel
62. Scanning or loading
the Contact ID compares
the fingerprint against one
queried from the server
A match adds the contact to
your contacts DB
This whitelists the scanned ID
and allows them to “follow you”
Also, we are in the process of simplifying the Card design as well as the workflow, it needs to be as seamless as possible.
63. My current project:
ZK: A “Zero-Knowledge Twitter”
Fun Fact!
ZK does “GPS to place name”
via a database lookup
instead of a “maps GPS API”
“ZK” is the code name for a Zero Knowledge twitter-like application I am building as a proof of concept of non-data-minable social networking. Users create accounts,
exchange Contact cards (out of band via SMS, email) and are then following each other. A major difference here is that following is whitelisted. Bob must scan Alice’s
card in order for Alice to follow Bob
64. CMU
Privacy Engineering Program
SpiderOak is currently
working with a group of
grad students in this
program on a privacy UX
project
The good news is that programs like Carnegie Mellon’s Privacy Engineering Program exist, and is turning out a great group of multi-disciplinary engineers who really
understand technology UX, crypto and humans
The students are helping to improve the Contact Card concept by doing UX research via focus groups and Mechanical Turk surveys.
65. Adopt a project!
I would like to see UX designers adopting crypto projects.
Its a huge challenge! *& you can learn while doing*
Crypto nerds need to pay attention to UX, to design, designers will blow their minds
66. Why should I (UX Designer Extraordinaire) do this?
WHY DO THIS?
[why should I as a UX designer pay attention to crypto communications systems?]
Future Demand!
67. Current & Future Demand!
Government and corporate spying is at an all time high. We are living in a “golden age of surveillance”. The web, our apps, our networks are all surveilling us.
*All* email probably routes through NSA, Chinese, Russian, corporate collection points.
The facilities NSA is building to house data can house a copy of everything digital we produce that interests them. They can store all of it forever, decrypting it once they
get the keys or key factoring is possible.
68. End 2 End Encryption solves for (some of) the Sony Hack
(also, email should die in a fire)
All cloud systems that consume plain text are one tiny exploit from a 'Sony Email situation' or ‘The Fappening'.
End-2-end encryption systems make cloud storage and communications data complete garbage to an attacker. Imagine a messaging system a corporation can put in
place for internal and external collaboration.
Naturally, with external collaborators this breaks down. It makes good business sense to build a communications tool that outside users can use, however, this is not
going to be commonplace anytime soon.
69. With E2E encryption tools, attackers must attack the device
THIS IS EXPENSIVE
The target goes from 1 semi-well-protected network to hundreds maybe thousands of devices.
The economics of surveillance make is easy and cheap to do dragnet spying.
For instance:
@dymaxian, on Twitter: “We need to go from 10 Cents per user per day to $10000 per user per day to get state surveillance to the right scale”
70. The ‘Alpha Incident’
A privacy bomb has already gone
off, but, like the nuke tests in the
South Pacific, many are not at all
aware of the damage done.
Just wait.
I’m talking about a wide-scale “The
Fappening" with your junk!
There has yet to be what I call the "Alpha Incident"
This is when - overnight - a cloud communications company is hacked and 10, 20, 50 million people's message history is stolen and hosted in keyword-searchable
format on a server in Eastern Europe or similar jurisdiction. People will begin to question why they use these systems.
71. Silicon Valley’s Business Model
Real capitalism is when you offer a service or good to a customer and they pay you for it because it benefits THEM. Silicon Valley's model makes you the product and
*you* are sold to companies. Your devices are logical extensions of you.
72. ‘Some might say "I don't care if they violate my privacy;
I've got nothing to hide.” … Arguing that you don't care
about the right to privacy because you have nothing to
hide is no different than saying you don't care about free
speech because you have nothing to say.’
- Edward Snowden
"If you have something that you don't want anyone to know,
maybe you shouldn't be doing it in the first place.”
- Eric Schmidt
2 quotes here, I’ll leave this as my last slide. If you are in the Eric Schmidt camp, you are sadly mistaken.