[Reproducible-commits] [presentations] 01/01: work in progress.

Tue Jan 20 13:59:45 UTC 2015

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository presentations.

commit ffa9449b1387cbc5737949a0135082ccf6545c10
Author: Holger Levsen <holger at layer-acht.org>
Date:   Tue Jan 20 14:59:41 2015 +0100

    work in progress.
---
 2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn | 89 ++++++++++++++++++++++++++--
 2015-01-31-FOSDEM15/TODO                     |  3 +
 2 files changed, 86 insertions(+), 6 deletions(-)

diff --git a/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
index e70de8c..2c1fbac 100644
--- a/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
+++ b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
@@ -12,12 +12,88 @@ enable anyone to reproduce the exact same
 binary packages from a given source
 \end{center}
 
-Why?
-----
+“I want to believe”
+-------------------
+
+ * FOSS ethos: Users should have the source code to their programs
+  * For both individual freedom and software security
+ * But: The only proof that binary packages correspond to the source code is that someone said so
+  * Without build system info, verification is almost impossible (and sometimes even with it)
+ * This is inadequate for fostering trust in our software's functionality and security
+
+“But I'm the developer!”
+------------------------
+
+ * “I know what's in the binary because I compiled it myself!”
+ * “I'm an upstanding, careful, and responsible individual!”
+ * “Why should I have to worry about hypothetical risks about the contents of my binaries?”
 
- * Prevent targeted attacks
- * Debugging: ensure known source; create missing debug symbols
- * FIXME: use list from 31c3 talk
+“But the build daemons are maintained well”
+-------------------------------------------
+
+ * How you can be sure this is the case?
+
+Unpleasant thoughts
+-------------------
+
+ * We think of software development as a fundamentally benign activity. “I'm not that interesting.”
+ * But attackers target a project's users through its developers
+  * See Dullien “Offensive work and addiction” (2014)
+ * Known successful attacks against infrastructure used by Linux (2003), FreeBSD (2013)
+
+Single points of failure
+------------------------
+
+ * Imagine the most secure computer in the world...
+
+Single points of failure
+------------------------
+
+ * Can that computer still remain secure if:
+  * It is networked?
+  * It is mobile or is physically accessible by others?
+  * It regularly has arbitrary USB devices connected?
+  * It must run Windows (in a VM)?
+  * It regularly runs unauthenticated HTML+JS?
+  * Several nation-states want access to it?
+
+Single points of failure
+------------------------
+
+ * What if:
+  * Compromising that one computer gave access to:
+   * Hundreds of millions of other computers?
+   * Every bank account in the world?
+   * Every Windows computer in the world?
+   *Every Linux server in the world?
+  * Compromising that computer was worth:
+   * $100k USD? (Market price of remote 0day)
+   * $100M USD? (Censorship budget of Iran/yr)
+   * $4B USD? (Bitcoin market cap)
+
+Bitcoin's motivation
+--------------------
+
+ * Malicious modifications to Bitcoin binaries could result in irrevocable theft of large amounts of money
+ * Individual developers could be blamed for such modifications
+ * Users might not believe that a developer's machine was hacked
+ * Reproducible builds protect developers
+
+How small can a backdoor be?
+----------------------------
+
+OpenSSH 3.0.2 (CVE-2002-0083) – exploitable security bug (privilege escalation: user can get root)
+
+<pre>
+{
+  Channel *c;
+-     if (id < 0 || id > channels_alloc) {
++     if (id < 0 || id >= channels_alloc) {
+  log("channel_lookup: %d: bad id", id);
+  return
+</pre>
+
+FIXME: the above code is not displayed at all and the - line should be red, and the + line should be green...
 
 Why
 ---
@@ -222,7 +298,8 @@ More goodies
 
  * https://reproducible.debian.net/$package
  * integration in tracker.debian.org (the new PTS)
-
+ * IRC notifications thanks to KGB
+ * FIXME: index_dd-list.html
 
 How?
 ----
diff --git a/2015-01-31-FOSDEM15/TODO b/2015-01-31-FOSDEM15/TODO
index 8380918..469162f 100644
--- a/2015-01-31-FOSDEM15/TODO
+++ b/2015-01-31-FOSDEM15/TODO
@@ -1,4 +1,6 @@
 mention 
+	add thanks for stealing the intro from 31c3 talk, the layout from lunars talk, the tango icons,
+		everybody contributing
 	who are we?
 		the team in debian
 		other noteworthy people
@@ -25,6 +27,7 @@ mention
 		3 builds in tmpfs
 		html pages
 		.json
+		irc notifications
 	.buildinfo support in dpkg
 	strip_nondeterminism and dh_stripnoterminism
 	srebuild

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/presentations.git

