Description: Let’s Encrypt is a way for anyone to enable TLS (as in, HTTPS) support to a webserver at no cost. However, there are many security considerations involved with everything from certificate renewal to safe handling of the various files involved. In this talk and live demo I’ll cover how to create a reverse proxy using the nginx webserver that simultaneously allows multiple webservers to exist at one IP address and show how isolating Let’s Encrypt to a different system increases security. The talk will also cover more secure (and less risky) methods of automatic key renewal than the official, somewhat invasive renewal tool.

ContinuingLogo is a recently written interpreter for the Logo programming language that is still in pre-alpha. It is mostly compatible with Brian Harvey’s UCBLogo interpreter and has some graphic and sound features inspired by Atari Logo for the Atari 800. Logo was created at MIT and BBN in the late 1960s as a language to support children in learning mathematical and logical thinking. Its most well known feature is turtle graphics, in which a “turtle” moves around on the screen as instructed, drawing a trail behind it.

This talk will consist of a brief tour of some of ContinuingLogo’s basic features, followed by demonstrations of several short example programs. Language demos will include an incredibly short pig Latin translator. Graphics demos will include spirals, fractals, line followers, and a traffic simulation. Sound demos will include the generation of music and sound effects, and illustrations of the relationship between sound frequencies and perceived musical notes. A few larger games will be demonstrated but not discussed line by line.

Working on an engineering project with more than one person is hard enough when everyone is in the same room. It’s more difficult when you have a team spread around the world and even more interesting if you’re working on a shared physical device. In this talk, I’ll discuss a remote engineering environment I created that allows contributors to connect to a standard Linux user account with a shared terminal (tmux), shared desktop (x2go with desktop sharing enabled), power and data control for a device under test (serial over USB), and even streaming video for viewing camera feeds (RTMP streaming from OBS Studio and viewed in VLC). This wide-ranging talk is appropriate for all levels of experience and will primarily be a series of live, remote demos.

Update: Allan has posted a video of the talk on YouTube.

Lightning Talks: Have something you would like to present, but don’t have enough material for a full talk? Here’s your chance. Talk about anything Linux related.

Elections: After the last lightning talk concludes we will hold our annual elections.

Hackfest: Bring your hardware or software project to get help with it or just to show it off.

The Epiphany is a processor that tries to combine the best attributes of a CPU and a GPU. The Parallella is a single-board computer that runs Ubuntu, originally designed as a showcase for the Epiphany chip. I backed the original Kickstarter campaign for the Parallella in 2012. I will talk about my experience with the fundraising campaign, how the Epiphany and the Parallella are different from their predecessors, and the strengths and weaknesses of the Epiphany in practice.

Update: William has posted his slides.

Capture the Flag tournaments have long been used to test hacker skills but they can also serve as effective security training for developers. This talk will feature a case study where I turned teams of developers with no prior security training against each other in a CTF arena featuring their own applications and watched them rack up points as they popped shells in each other’s applications.

This will be an encore presentation of a DEF CON talk given August 5th at 4:00 PM. TASBot is an augmented Nintendo R.O.B. robot that can play video games without any of the button mashing limitations us humans have. By pretending to be a controller connected to a game console, TASBot triggers glitches and exploits weaknesses to execute arbitrary opcodes and rewrite games. This talk will cover how these exploits were found and will explore the idea that breaking video games using Tool-Assisted emulators can be a fun way to learn the basics of discovering security vulnerabilities. An overview of some of the details that will be described in the talk can be found in an article I coauthored for the PoC||GTFO journal issue 0x10 (Pokemon Plays Twitch, page 6).

Have you looked at the prices of ChromeBooks and thought “Wow, that’s cheap! Too bad they don’t run my OS of choice.” Well, they can! In this talk, Robert will go over the options to give you “more” Linux with your ChromeOS device, from just accessing the crosh (chrome-os-shell) to flashing a new ROM with Coreboot and SeaBIOS and installing the Linux distro of your choice.

Come show us what you’ve been up to! Bring your projects, problems and persons for round-table discussion. We also welcome lightning talks if you’d like to present, but don’t have enough material for a full talk. A projector will be available (VGA).

To understand how Qubes secures your desktop, look to your pantry. The same security by compartmentalization concept that makes Qubes resilient against attack was conceived of over two hundred years ago to protect food against infection. In this talk Kyle will discuss how to jam strawberries, can green beans, and isolate desktop workflows into a combination of netVMs, proxyVMs, and appVMs. He’ll cover some common threats against your food and data and describe how Mason jars and Qubes can mitigate them.

A follow-on talk to a previous talk Mike Higgins gave here at NBLUG in the past about programming in the video game Second Life. This time he’ll talk about Life After Second Life. There is a larger world, a Metaverse, of open source MMORPGs based on the open source Second Life Viewer projects and the Open Simulator project. There are hundreds of small companies trying to make a living doing what Second Life did. There are thousands of crazy artists creating 3D environments and inviting you to walk through them, there are tens of thousands of people setting up virtual environments on their own PCs and all of these are starting to link up to each other. My plan is to not have many slides for this talk, but log onto several different virtual worlds and put them up on the Big Screen while I talk. Eventually taking us to my private world run off the server in my barn.

In this presentation, we’ll get to know Git intimately enough to anticipate its every move. We’ll develop a visual mental model for a Git repository. Then we’ll explore how every-day Git commands manipulate that model. Along the way, we’ll find ways to peek into Git’s inner world to confirm our understanding. This is not an introduction to Git; it targets a developer who can commit, branch, and merge with Git. Although I’ll show example commands and output, consider bringing a laptop with Git installed so you can type along.

Update: Marcel’s slides are now available online