OpenWest Conference 2014

OpenWest Conference 2014
OpenWest 2014 | Hardware • Standards • Source - http://www.openwest.org/


 * OpenWest Conference 2014
 * Utah Open Source
 * Thursday, May 8, 2014 at 8:00 AM - Saturday, May 10, 2014 at 5:00 PM (MDT)
 * Orem, UT

Go
Ken Thompson - Unix

Google

Gopher - GopherCon 2014

Utah Go Users Group - www.utahgophers.com
 * Tues. May 13 @ 6:30pm

The Go Programming Language Specification - The Go Programming Language - http://golang.org/ref/spec

Justifications:
 * C++ too complex
 * compilation too slow
 * programming to difficult
 * easy over safety and efficiency

Comapnies:
 * PayPal
 * Github
 * MongoDB
 * Canonical
 * Mozilla
 * Stack Overflow
 * Puppet Labs

Twitter: #golang Prediction: Will become dominant language for LaaS and PaaS in 24 months

Go is...
 * Compiled
 * Strongly typed
 * Statically typed
 * Garbage collected
 * Similar to C syntax
 * Capable of statically verified duck typing (via interfaces)
 * Open Source

Hello World: pakcage main

import "fmt"

func main { fmt.Println("Hello World") }

Note: Semi colons are optional.

Variables: pakcage main

import "fmt"

func main { var i, j int = 1, 2 k := 3 c, python, java := true, false, "no!" fmt.Println(i, j, k, c, python, java) }

When variables are first initialized, they are always set to their "zero" value. There isn't a null value?

Comments: // comments use C's syntax /* multi line comment */

Functions: pakcage main

import "fmt"

func add(x int, y int) int { return x + y }

func main { fmt.Println(...?? }

Types:
 * bool
 * string
 * int, int32, ...
 * uint, uint8, ...
 * byte
 * rune alias for int32
 * float32
 * complex64

Type conversions - no implicit conversions (have to manually cast)

Looping - Go only has 'for' for i := 0; i < MAX ; i++ { ... }

While: for ; sum < 1000; { sum += sum } for sum < 1000 { sum += sum }

If/Else if x < 0 { ... } else if x > 0 { ... } else { ... }

Don't fear Go pointers type Coordinate struct { X int Y int Z int name string }

func GCP *Coordinate { return &Coordinate{1, 2, 3, "foo"} }

func main { var cp *Coorindate = getCCP fmt.Println(cp) fmt.Printf("%T\n", cp) ... }

Slices

Range var pow = []int{1, 2, 3} func main { for i, v := range pow { fmt.Printf("%d: %d\n", i, v)   } }

for _, v := range pow { ... } // underscore is special

Maps

Access is marked public/private by the first letter of the member. Public is capital. Private is lowercase.

Structs in Go - instead of classes in Object Oriented Programming type House struct { } func (h House) GetHouseName string { } //method defined outside of struct, but works on House

Interfaces are super important in Go. type noiser interface{ GetNoise string } type Cow struct{}  // empty structs type Fox struct{} func (f Fox) GetNoise string { ... }

No assertions?

jQuery
jQuery Introduction - https://joind.in/user/main

Expectations from lecture: Should know what a selector is and have some exposure.

jQuery Philosophy
 * "Write less, do more"
 * Message Sending
 * Chainability
 * Normalize Browsers

DHTML before Ajax was coined

Terminology:
 * jQuery object
 * the result of $(selector) - the $ is jQuery the function
 * acts like an array of DOM objects (not a true Javascript array) - can check length
 * zero or more DOM objects
 * command - methods of the jQuery object
 * $(sel).method;
 * utility methods - methods of $ or jQyery (like Ajax stuff)
 * $.method;
 * $.ajax
 * selector - like css selector with more stuff
 * #id or .class or div or :focus or ...
 * chaining - calling multiple methods in a row
 * $(sel).method1.method2;
 * helps avoiding a lot of temporary variables
 * helps performance

Overloaded Commands var elems = $(sel); elems.val(elems.val + " append me"); // val being used as both getter and setter here elems.width("Sin"); elems.prop("disabled", true); .text/.html .css .width,.height .attr/.val .prop/.data .hasClass .toggle([bool]) .fadeToggle([bool]) .toggleClass('class-name',[bool]) .animate({outlineWidth:'toggle'}) $(sel) .css(cssProperty, cssvalue) .addClass(className1) .text(message) .parent .toggleClass(className2)
 * many commands GET and SET (getters and setters depending on overload)
 * text, html, css, prop, val, attr, and more
 * Getters don't chain, first elem
 * toggle with overloads
 * command chaining
 * most commands return a jquery object
 * Advanced chaning with ".end". Used with 'find', 'filter', 'appendTo', etc...

Tricky Bits:

.html & .text function(untrustedStr) { $('#title').html(untrustedStr); }
 * similar but crucially different
 * .html incorrectly used in place of .text. Example: (cross site scripting hack)
 * .html takes properly encoded html source

.prop vs .attr
 * due to old usage, that haven't known better
 * use .prop for everything
 * .attr usually the wrong choice! (it used to be all that we had)
 * use .attr to modify html src
 * .prop usually the right choice
 * use to modify DOM properties, especially checked and disabled
 * .attr and .prop have friends
 * .prop has current value, and .attr has html source value

Modern Event API $(sel).on('click', function); $sel).off('click');
 * stop using .bind and .unbind
 * bind, unbind, delegate, live, click, load, submit, etc - old fashioned deprecated
 * replaced with .on and .off and .one - best practices
 * .trigger and .triggerHandler

Delegated Events $(sel).on('click',sel,function);
 * replaces .delegate & .live
 * faster, smaller, better
 * reduces code complexity

Terminate Events
 * return false; - from event handlers unless you need events to bubble up to element ancestors or want the default behavior
 * preventDefault - browser functionality
 * stopPropagation - ancestors
 * returning false does both

Poor: many inline styles - Better: classes & style sheets - Example: $(sel).css(selected ? {    color: "red",    backgroundColor: "black"  } : {    color: "black",    backgroundColor: "white" );

$(sel).toggleClass("selected",selected);

Switch from Python to Go
by Brian G. Merrell

--

Compile first: go help

test.go: package main

import "fmt"

func main { fmt.Println("test") }

go build -o test test.go

To just run the script: go run test.go

--

Justifications:
 * C++ too complex
 * compilation too slow
 * programming to difficult
 * programmers choosing easy over safety and efficiency

--

Python bad because:
 * actually quite complex
 * runtime errors
 * performance
 * doesn't scale

--

Go has:
 * concurrency is a breeze
 * no exceptions
 * no type hierarchies
 * no classes

Go good because:
 * small language (fit all in your head, have read the spec)
 * compile time checks (fast)
 * fast enough for even more things
 * benefits at little cost
 * dynamic feel with compiled performance
 * rich standard library
 * libraries are all written in Go
 * great bundled tooling
 * seems to scale well
 * cross compiling in Go is simple
 * Go syntax is very light and simple

--

Hello World Web server: package main

import ( "fmt" "net/http" )

func main { http.HandleFunc("/", Hello") http.ListenAndServer("kicakhost:800", nil) }

func Hello(w http.ResponseWrite, r *http.Request.... ???

--

Don't like about Go: x,yz, =1,2,3 return
 * Naked return statements (optional)
 * scoping rules specific case
 * not faster than java
 * new vs &T{} vs make
 * len("foo") vs "foo".Len - but keeps lanuage simple
 * Name "Go" is ungoogable / hastagable (use golang) *** MOST ANNOYING ***
 * No dynamic linking in Go - makes binaries huge
 * two compilers - may work with gccgo, just not with google's gc compiler
 * no dlopen in Go

Python vs Go
 * Interpreted vs Compiled
 * Strongly typed vs Strongly typed
 * Dynamically typed vs statically typed
 * Garabage collected
 * Unique syntax vs Similar to C
 * Open Source
 * Python Foundation vs Google
 * more platforms vs fewer platforms
 * 1991 vs

Go does not have:
 * Classes
 * Exceptions
 * Assertions
 * Templates / generics (for now)
 * Operator overloading

Zen of Python >>> import this

Go does not have:
 * decorators
 * static methods
 * class methods
 * properties
 * iterators
 * generators
 * exceptions
 * meta classes
 * class decorators
 * multiple inheritance
 * list comprehensions
 * ternary operator (expression?true:false)

--

Errors should never pass silently - sure beats runtime error package main

import ( "fmt" "net/url" )

func main { u := url.Parse("http://foo.org/index%.html") // notice bad '%' /* fix u, err := url.Parse("http://foo.org") if err != nil { fmt.Println("got error") } */ fmt.Println(u.Host) }

Zero Values

Encapsulation - capitalized names are exported

Slices vs Lists

Arrays

Slicing syntax is very similar to python

Maps, Dicts and Sets

Duck typing - Go uses interfaces to solve

Exception handling - uses interfaces and type assertions to check

Calling C code from Go

go get - similar to pip

Unit testing and Code coverage go test ./... go test -cover ./...

Other tools (included) http://play.golang.org

CSS3
Interactive Periodic Table - http://codepen.io/nemophrost/pen/EkImb

by Alma Madsen

Bitcoin
Summary - better to just horde bitcoins then to mine them

Tor
Dark Side of the Intenret

Danny Howerton (metacortex)

Look at Troll slide
 * ice berg - level 0 web - common web - everything

Tor - the onion router

Tor Project - https://www.torproject.org

Darknet

Watch "House of Cards" - Tor

firefox plugins:
 * tor option
 * no script
 * https everything

TAILS - live distro

Tor hidden services:
 * .onion as TLD
 * turns tor into darknet
 * torproject.org/docs/hidden-services.html?
 * hidden wiki
 * tor find
 * tor search
 * grams - google rip off
 * reddit/r/onions
 * word of mouth
 * the pirate bay

Market Places
 * reddit.com/r/DarkNetMarkets
 * Silk Road 2
 * Andromeda

Buy
 * Bitcoin
 * money in escrow
 * ship to PO Box

Bitcoin:
 * crypto currency
 * relies on PKI

Attacks:
 * correlation attacks
 * own entry and exit nodes
 * browser exploits
 * btc not fully annonymouse
 * use tumbling service

Stay up to date:
 * blog.torproject.org

OpSec:
 * Don't reuse identities or password

Shameless self promotion - hacker group "801 labs"

ipchicken.com

Chrome Dev Tools
Does performacne matter
 * motion
 * limits of human perceptibility - 5ms
 * 60Hz frame rate - 16ms

Human perceived response times:
 * 100ms - immediate
 * 300ms - fast
 * 1200ms - laggy

Got bored... Jumping to agile class

Agile
by Hala Saleh, Dir. Product Management, Rentlr Agile Manifesto - http://agilemanifesto.org
 * Individuals and interactions - over processes and tools
 * Working software - over comprehensive documentation
 * Customer collaboration - over contract negotiation
 * Responding to change - over following a plan

Agile Principles - 12 principles - http://agilemanifesto.org/principles.html
 * Collaboration
 * Continuous feedback and improvements
 * Self-organizing teams
 * Simplicity
 * Retrospectives
 * Frequent and Continuous delivery
 * Inspect-adapt cycle
 * Sustainable pace
 * Timeboxing

Agile development - iterative and incremental approach to developing software that incorporates continuous feedback loops, adaptability and collaboration

But agile is not only for software

Ready to work?
 * Step 1: Identify the Problem
 * Step 2: Is Agile the Answer? Is your culture compatible? Start with processes and implement incremental changes.
 * book "Becoming Agile in an Imprefect World" by Smith and Sidky

Conclusion:
 * Agile can't make you a better executive (it is not a silver bullet)
 * Learn it, Live it, Do it
 * Learn from others
 * Cultivate a tolerance for Failing Fast

TOUCHXPAY
Pay with your finger print

Questions:
 * security -

On site - Point of Sale (POS) device

Revenue:
 * about 1% per transaction - credit card processing

Obstacles:
 * PCI Credit Card Processing

Founds:
 * David Coronado
 * Cameron Moon

Suggestions:
 * Look for a strategic partnership that could provide PCI

COPILOT
Social marketing platform to build audiences though video content

Reviews for Studios?

Founders:
 * Aarpon Ellsworth

Need an iOS developer

Help pilot videos

Google Fiber
Google Access - Google Fiber

Kansas City (initial), Austin TX, Provo UT

Symmetrical Gig

http://google.com/fiber

Check out the story of Chattanoga, TN that did it on their own, and the benefits that came about.

Big Data
Applications:
 * MongoDB
 * Hadoop
 * Cassandra

Problems with Big Data:
 * Variety of Data (messy)
 * Geo Spacial

"I haven't failed, I found 8000 ways that didn't work" -- Edison

Lua
Script up your application with Lua
 * Ryan Erickson
 * http://www.untestedhacks.com
 * Works at Control4

Home automation - http://ericksonfamily.com/

The Programming Language Lua - http://www.lua.org/

Lua: getting started - http://www.lua.org/start.html

Installation: yum install lua

curl -R -O http://www.lua.org/ftp/lua-5.2.3.tar.gz tar zxf lua-5.2.3.tar.gz cd lua-5.2.3 make linux test

History:
 * lua.org
 * created in 1993 at PUC-RIO
 * Predecessors: DEL and Sol (merged to Lua)
 * Lua is Portuguese for Moon, not an acronym (play on words from Sol)

Focus:
 * Simplicity for non-programmer audience
 * Portability
 * Designed to be easily embedded, extended
 * Clean ANSI C code
 * Garbage Collected

Why:
 * Size (tiny) < 100kb DLL/LIB
 * Runs on mobile / embedded devices
 * Performance - interpreted faster than Pyuthon, Ruby, Perl, PHP
 * Need faster? LuaJIT
 * LuaJIT is C++ / Java 6 territory (luajit.org)

Momentum:
 * Used a lot in games
 * Adobe Lightroom and Photoshop
 * First interpreted lanugage allowed on iOS
 * Angry Birds / World of Warcraft
 * Control4 uses

Safety:
 * Code runs in sandbox
 * Embedder chooses which modules to expose
 * Host application can provide APIs / primitives to Lua engine

Lanuage:
 * Dynamically typed
 * Whitespace not significant
 * spaces, linebreaks, tabs, what you like
 * Semicolons not required, and discouraged
 * single line comments
 * variables are global by default, 'local' keyword

Types:
 * number, string, boolean, nil, table, function, userdata
 * numbers are double by default
 * can represent floats and integers
 * no i++, i+=2. use i =i +1

Strings:
 * single/double quote
 * backslash to escape
 * string concatenation uses '..' (not +)

nil:
 * empty value
 * evaluates to false
 * frees item for garbage collection

tables: a = {"apple", "banana"} b = {lua = "cool", java = "sucks"} c = a print(c[3], b.fred, b.["java"], a.grape) # orange 3 sucks nul
 * lua's single data structure
 * simultaneous array and hashmap
 * arrays in Lua are 1 based

Comments: -- this is a comment -- this is a multi line comment

Functions: function add(a, b)   print(a + b) end multiply = function(a, b) print(a * b) end plus = add plus(3,5)
 * first class objects

Control: if ... then ... elseif ... else ... End do  print("one") end for i = 1, 10 do print(i) end for k, v in pairs({"}} ???

C Programmer Hangups
 * no curly braces - uses begin... end
 * No +=, ++
 * Not equals is "~="
 * Not is "not"
 * arrays start at 1
 * #array is not always right (if empty items in the middle)

C interface API
 * set of functions allow C to interact with Lua
 * functions to read/write lua global variables
 * functions to call lua functions
 * functions to register c functions to call within lua
 * stack based parameter passing

Book:
 * "Programming in Lua" - http://lua.org/pil

Reference PDF:
 * http://lua-users.org/wiki/LuaShortReference

Demo: -- comment print("test" .. os.date)

function rirc(user, message) local no_err, errmsg = pcall(parseIRC, user, message) if (no_error == false) then SendIRC("ryan", errmsg) end end

function parseIRC(user, message) message = message:gsub("%s", "") -- trim white space if (message == "|reload") then if (user == "ryan") then dofile("default.lua") end end if (message == "|echo") then SendIRC(user, "hello") end if (message:find("|giflet") ~= nil) then local figstr = message:sub(8) local sd = io.popen("figlet " .. figstr) while(line) do           SendIRC(user, line) end sd:close end

end

Linux Performance Tools
Ed Felt - DBA/Developer at LDS Church

Keep it simple ... at least at first

No Mockumentation - Document well, even over document

Recommended course - Linux Foundation - Linux Performance Tools (LF426)

Track changes as you test

Human memory sucks - keep personal notes (journaling)

Keep focused on one variable at a time (Exception: fix it now emergency fire!) - most of us think linearly

Examples:
 * ngrep to troubleshoot Segmentation Fault that doesn't make it to the logs
 * actime0=0 # NFS  (?kill it/keep it?)

Stress testing is NOT baselining/profiling or even troubleshooting

/proc - TLDP describes it as "window" in to kernel and processes

PIDS:
 * /proc/PID/cmdline
 * /proc/PID/cwd
 * /proc/PID/environ
 * /proc/PID/exe
 * ps

CPU:
 * /proc/cpuinfo
 * top

Memory:
 * /proc/meminfo
 * free

Netstat:
 * /proc/net/netstat
 * netstat

Logs:
 * /var/log/messages
 * /var/log/[application]

Write your own:
 * BASH
 * Perl
 * Python

Tools:
 * hdparm -tT /dev/....
 * top
 * sar (sysstat)
 * collectl
 * mlmon

Other tools:
 * watch
 * tail
 * strace
 * iostat
 * vmstat
 * nmon
 * iptraf
 * lsof
 * htop

Cargo Cult Security
by Derrick Isaacson

Cargo Cult Security 2014_01_18 - http://www.slideshare.net/DerrickIsaacson/cargo-cult-security-20140118

https://github.com/disaacson/cargo-cult-security

Zimmerman telegraph - mexico german war

Cphertext, plain text

Symmetric Key Cryptography (Private-key Cryptograph)

Blowfish, twofish, serpent, aes (rijndael) cast5, rc4, 3des, idea

Ctrypto Primitives & Goals - https://oracleus.activeevents.com/2013/connect/sessionDetail.ww?SESSION_ID=6325 Crytpo Primitives	Hash		MAC		Symmetric Key	Asymmetric Key	Digital		Digital Salted Hash	HMAC		Crypto		Crypto		Signature	Certificates

Security Goals

Data Integrity		XXX		XXX						XXX

Data Authentication			XXX				XXX		XXX

Non-Repudiation								XXX		XXX

Confidentiality						XXX		XXX*

Trust													XXX
 * Public key can be used to encrypt data that can only be decrypted with private key

Love HMACs

Cargo Cult Programming - Ritualistic inclusion of code or pattersn that are unnecessary for the task at hand.

Anti-pattern: authentication
 * using encryption for authentication is bad. Use HMAC instead
 * don't use symmetric key alone, as flipping a bit will just bump IDs to the next
 * Use HMAC

Anti-pattern: Integrity
 * Symmetric key is only good for confidentiality
 * HMAC good for Data Integrity and Data Authentication

Anti-pattern: Encryption Modes
 * Electronic Codebook (ECB) mode encryption
 * can do bit mapping (think picture) hack to get an idea of contained data
 * Cipher Block Chaining (CBC) mode encryption
 * avoids the patterns found among blocks of ECB

Anti-pattern: Initialization Vector
 * Avoid same data being encrypted repeatedly looking the same
 * Cipher-block chaining prevents patterns within messages
 * Correct IV prevents patterns across messages

Anti-pattern: Random Values
 * Finding linear congruential seed

Anti-pattern: Psuedo-random Session IDs
 * really only ~20 bits of entropy
 * HMACs and secure random
 * do not use sessions - use HMACs seriously

No Cargo Cult Security:
 * 1) Identify true security goal.
 * 2) Find correct crypto primitive.
 * 3) Spend some time to learn about it.
 * 4) Write as little of your own crypto code as possible.

Unleash Raspberry Pi
"Unleash the Raspberry Pi Through Physical Computing"

by Kevin Sidwar

"Conference speakers anre't the community eleite, they are just people who build stuff and like tto talk about it. Anyone can do it." -- Tweet

Skill Share - http://skl.sh/1boHmFo
 * 3 hours of videos and lessons

Physical Computing - interacting digitally with the analog world.

Internet of Things is a subset of Physical Computing.

Why the Pi? Huge ecosystem and a ton of resources online.

Buy them through "newark" for $35 without the $5 markup elsewhere (although you get hit with shipping)

The voltages are safer than licking a 9V battery.

Requires very little EE knowledge

SPI - communicating with other devices like other micro controllers

I2C - Inter-Integrated Circuit

Serial

Cool projects:
 * RFID reader

Keep pins straight: (keep track of the pins, don't fry your Pi)
 * Rasberry Leaf - good printout to keep track of pin outs
 * Pi cobbler is another good way
 * Verify twice, connect once
 * Pins are 3.3V not 5V!
 * Use isolated jumper wires (don't short out the pins)
 * Don't touch header while powered on

GPIO - General Input / Output

Write: import RPi.GPIO as GPIO GPIO.setmode(GPIO.BOARD) GPIO.setup(12, GPIO.OUT) (OUT/HIGH/LOW) GPIO.cleanup

Read: ...

I2C: import smbus i2c = smbus.smbus?? temp = bus.read_word_data(0x48, 0)

SPI Code example ...

Twython - twitter python clinet

Twilio - send/receive text/phone

http://twitter.com/PiHomeMonitor

Source code for this presentation - http://github.com/sidwarkd/openwest_demo

Python Pandas
Python Data Analysis Library — pandas: Python Data Analysis Library - http://pandas.pydata.org/

NumPy — http://www.numpy.org/ - NumPy is the fundamental package for scientific computing with Python.

SciPy - http://www.scipy.org/ - SciPy (pronounced “Sigh Pie”) is a Python-based ecosystem of open-source software for mathematics, science, and engineering

Pandas - http://pandas.pydata.org/ - Python Data Analysis Library - pandas is an open source, BSD-licensed library providing high-performance, easy-to-use data structures and data analysis tools for the Python programming language.

Matt Harrison - http://hairysun.com
 * co-chair Utah Python.

Impetus - if this were a perl class it would be about regexes. Panda is the weapon of choice for dealing with tabular data in Python.

Pandas is "A nosql in-memory db using Python, that has SQL-like constructs" - Matt's view
 * note adopts many numpy-isms that may not appear pure Python

Based off of data framing (tabular data) stolen from 'R'. Data frame is similar to a table in SQL.

Panda is best for small to medium data, not "Big Data".

Not really good from ETL perspective - star schema
 * Extract Transform Load - take data from one system to another
 * Data warehousing

Data Structures:
 * Series (1D)
 * TimeSeries (1D) - special Series
 * DataFrame (2D)
 * Panel (3D) - like stacked DataFrames

Series: ser = { 'index':[0,1,2], 'data':[.5,.6,.7], 'name':'growth', }
 * 1) python version

import pandas as pd ser = pd.Series([.5,.6,.7], name='growth')
 * 1) pandas version

Behaves like NumPy array: ser[1] ser.mean

Boolean Array ser > ser.median a False b False c True

Filtering: ser[ser > ser.median]

DataFrames - Tables with columns as Series df = { 'index':[0,1,2], cols = [ { 'name':'growth', 'data':[.5,.6,1.2] }, { 'name':'Name', 'data':["paul","george", "ringo"] }, ] }
 * 1) python version, but not a true Pandas DataFrame

df = pd.DataFrame({  'growth':[.5,.7,1.2],   'Name':['paul','geroge','ringo'] }
 * 1) pandas version

Import DataFrame from: rows (list of dicts), columns (dicts of lists), csv file ***, slurp up a NumPy ndarray directly

Two Axes: df.axes[0] or df.index df.axes[1] or df.columns
 * axes 0 - index
 * axes 1 - columns

Examine: df.columns df.describe df.to_string df.test1 # or df['test1'] -- makes magic attribute for you df.test1.median df.test1.corr(df.test2) # correlation - if data goes in same direction 1, no would be 0 and opposite would be -1

Tweaking Data df = pd.concat df['test3'] = 0 def name_grade(val): .. df['test4'] = df.fname.apply(name_grade) t3 = df.pop('test3') # or del df['test3']   # note: del df.test3 does not work!
 * note: pandas objects are generally immutable
 * add row
 * add column
 * 1) note: df.test3 = 3 does not work!
 * add column with function
 * remove column
 * rename column

Fill - statistics ignore NaN, so if you want a zero can use this.

Install Pandas: (what worked for me) pip install pandas
 * 1) yum install

Pivoting - Pivot Tables print pd.pivot_table(..rules..)

Serialization
 * dump to CSV, etc

Plotting
 * box plot, etc...

Clipping

GPS example.

Introduction to Hacking
Surface Areas of Attack:
 * Network
 * Operating system
 * Software
 * Users
 * Hardware

Pen Testers

Do you really trust your own computer? Have you read ever line of source code? Traced every circuit?

CVE - database of vulnerabilities
 * http://wiki.alpinelinux.org/wiki/Cvechecker

Exploit Development Resources:
 * http://exploit-exercises.com/

Tools:
 * Kali Linux OS - http://www.kali.org/

Metasploit:
 * http://www.offensive-security.com/metasploit-??????

Privilege Escalation - process of acquiring system rights of another target user

Passive Attacking - ease dropping packet sniffing
 * man in the middle
 * ssl strip
 * wireshark
 * dsniff

Denial of Service (DoS)

Social Engneering Tool Kit
 * https://www.trustedsec.com/downloads/social-engineer-toolkit/
 * installed on Kali
 * Capture facebook credentials and other stuff??

OWASP

Web Attacks
 * The Open Web Application Security Project (OWASP) Top 10
 * https://www.owasp.org/index.php/Top10

SQL Injection attacks

Broken Authentications and Session Management

Cross-Site Request Forgery (CSRF)
 * easily to fight against - just include a random number for each request that the user has to respond with

Booting a Linux System
by Mike Lovell

Slides - http://baldr.dev-zero.net
 * http://baldr.dev-zero.net/openwest-2014-booting-a-linux-system.pdf

Boot Process: Platform Init - Bootloader - Kernel Init - Init

Platform Init:
 * Firmware boot
 * BIOS (Award, AMI, Phoenix, Coreboot on Chromebooks)
 * UEFI
 * Low level hardware initialization
 * Pass control from BIOS to bootloader:
 * Find boot loader through MBR or GPT
 * Preboot eXecution Envrionment (PXE)

Bootloader:
 * Grub, Lilo, Syslinux, uBoot, iPXE
 * Loads and execute kernel

Kernel Init:
 * reinitialize hardware with OS drivers
 * load kernel modules
 * initrd (old) / initramfs (newer)
 * mount root

Init:
 * First process the kernel runs
 * Kernel Process PID 1
 * Responsible for starting all other applications
 * Traditionally been sysvinit, now upstart/systemd/openrc

-

UEFI
 * (Unified) Extensible Firmware Interface
 * Most implementations based on the Open Source reference implementation, Tianocore
 * GPT
 * Supports GPT and larger than 2TB boot drives
 * EFI System Partition Table
 * Default application at EFI\Boot\bootx64.efi
 * Secure Boot
 * Not DRM

Hacking the Moon
by Brian G. Merrell

Source and Slides - https://github.com/bgmerrell

Cool kit - Spark Fun Inventors Kit

arduino.cc

Slides -

Noise sensor

Infrared - not as simple as it appears
 * Pro: cheap, widespread
 * Con: many protocols, confusing, line-of-sight, libraries hard to find

Decode signal - IRremote library

put it on a PCB
 * board layout (using Eagle)
 * Generate gerber files (de factor standard used by PCB industry)
 * Send to DrkPCB, BatchPCB (3 boards, $5-$10, 2+ weeks)
 * Remember to add ways to program the microcontroller (FTDI Serial USB, storage)

Fermented Foods
Fermented foods your bishop won't get antsy about
 * Joshua Tolley and Karlyn Tolley

"Ever wonder where ketchup, salsa, and soda come from? Probably not, but you should. Their modern form conceals their origins, but those foods and many others descend from ancient fermented creations, foods where microbial growth was encouraged. These ancient foods surpass their newer replacements in many ways: they taste better, require fewer chemicals and less energy to produce, store easily, and restore health. Come learn about historic fermented foods, how to make them, and why you'd want to."

Blog - thebacktwenty.blogspot.com

Why fermented food?
 * disease fighting
 * nutrition

Process:
 * something to ferment
 * means micro-organims are consuming or transforming
 * starter like soure dough starter

Sourdough
 * Easy to make
 * Mix flour with water. Wait.
 * Use same kind of flour all the time
 * Feed it regularly
 * Use non-chlorinated water where possible
 * Keep it warm
 * Always let it breath

Use Kamoot - hybridization of the hard wheats is bad (increase gluten content to make a pretty loaf of bread)

Use glass as it doesn't leach and it is easy to clean

Tips and Tricks
 * Keep things clean - more important with long term storage
 * Use non-chlorinated water. Chlorine is there to kill fermenting.
 * Use right amount of salt
 * Use whey with more sugary ferments
 * Keep ferments separate, or they will cross-contaminate
 * Finding reliable source of raw milk will change your life

Daniel's coworker recommend http://www.breadtopia.com/make-your-own-sourdough-starter/

Fermented beverages are good - kefir, ginger ale, kombucha (non alcoholic)

Kombucha - Originally from Russia, kombucha is a fermented, sweetened tea. The fermentation removes much of the caffein, carbonates and acidulates the liquid, and produces several beneficial compounds. Black tea with refined suagar works best; herbal teas can slow or stop the fermentation, and less refined sugars contribute off-flavors.