[Script Info] Title: [Events] Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text Dialogue: 0,0:00:15.80,0:00:20.36,Default,,0000,0000,0000,,Herald: So could you give a warm welcome\Nof applause to Stephan Gronke who will be Dialogue: 0,0:00:20.36,0:00:23.33,Default,,0000,0000,0000,,talking to you in one minute. Dialogue: 0,0:00:23.80,0:00:31.28,Default,,0000,0000,0000,,{\i1}Applause{\i0} Dialogue: 0,0:00:31.28,0:00:35.29,Default,,0000,0000,0000,,Stephan: So hi everybody my name is Dialogue: 0,0:00:35.29,0:00:39.42,Default,,0000,0000,0000,,Stephan Gronke. I'm a software developer\Nsince about 15 years, working in solo Dialogue: 0,0:00:39.42,0:00:44.50,Default,,0000,0000,0000,,projects and larger teams and smaller\Nteams. So mostly my development stack was Dialogue: 0,0:00:44.50,0:00:50.26,Default,,0000,0000,0000,,JavaScript and you will find some of the\Ntools that I mentioned coming from this Dialogue: 0,0:00:50.26,0:00:55.83,Default,,0000,0000,0000,,world, but I'm very sure you can also find\Nsomething for your project that applies Dialogue: 0,0:00:55.83,0:01:02.25,Default,,0000,0000,0000,,here. Here's my email address, my PGP key\Nand my favorite social network account. Dialogue: 0,0:01:02.25,0:01:09.35,Default,,0000,0000,0000,,Yeah, so a little spoiler what will happen\Ntoday: I will talk about development Dialogue: 0,0:01:09.35,0:01:14.06,Default,,0000,0000,0000,,process exploitation. So that means if you\Nare developing your software and somebody Dialogue: 0,0:01:14.06,0:01:18.46,Default,,0000,0000,0000,,joins your team and since you code for\Nreview it could happen that it executes Dialogue: 0,0:01:18.46,0:01:23.56,Default,,0000,0000,0000,,code on your machine without your\Nknowledge. There are a few things that are Dialogue: 0,0:01:23.56,0:01:27.97,Default,,0000,0000,0000,,really hard to catch or I found hard to\Ncatch and I want to share. Maybe you have Dialogue: 0,0:01:27.97,0:01:32.17,Default,,0000,0000,0000,,the same problems and you find that the\Nsame mitigations apply for your project as Dialogue: 0,0:01:32.17,0:01:40.93,Default,,0000,0000,0000,,well. I will then continue and... let's\Nstart with a software development process Dialogue: 0,0:01:40.93,0:01:44.80,Default,,0000,0000,0000,,that's a small cycle. So first of all it\Nstarts with an operating system: you need Dialogue: 0,0:01:44.80,0:01:48.60,Default,,0000,0000,0000,,to have a computer to write a software and\Nthat's something you need to trust first Dialogue: 0,0:01:48.60,0:01:59.72,Default,,0000,0000,0000,,off. If you... yes, so your operating\Nsystem contains keys and credentials, it Dialogue: 0,0:01:59.72,0:02:03.16,Default,,0000,0000,0000,,contains the source code you want to\Ndevelop and the tools that you have in Dialogue: 0,0:02:03.16,0:02:09.18,Default,,0000,0000,0000,,place. And the major risk is that tools\Nare vulnerable to some exploitation or Dialogue: 0,0:02:09.18,0:02:13.33,Default,,0000,0000,0000,,that your host is already compromised and\Nyou write a software, commit it to your Dialogue: 0,0:02:13.33,0:02:20.53,Default,,0000,0000,0000,,coworkers and it isn't what you intended\Nto write. That's a larger problem here. Dialogue: 0,0:02:20.53,0:02:25.61,Default,,0000,0000,0000,,After you start writing code, the editor\Nis kind of the interface that I have to Dialogue: 0,0:02:25.61,0:02:33.25,Default,,0000,0000,0000,,write the files and edit the code. I find\Nit kind of complex to use an editor. On Dialogue: 0,0:02:33.25,0:02:36.42,Default,,0000,0000,0000,,the left you can see that many of the\Neditors come with a package manager Dialogue: 0,0:02:36.42,0:02:41.94,Default,,0000,0000,0000,,included, which is a good sign for the\Ncomplexity that these tools have. And I Dialogue: 0,0:02:41.94,0:02:45.15,Default,,0000,0000,0000,,don't know what tools you need but they\Nsupport you in development so it's very Dialogue: 0,0:02:45.15,0:02:49.49,Default,,0000,0000,0000,,good to, for example, have code linters\Nand auto-completion in place to write Dialogue: 0,0:02:49.49,0:02:56.75,Default,,0000,0000,0000,,better code. At the same time it can be a\Nproblem because they can execute code Dialogue: 0,0:02:56.75,0:03:02.47,Default,,0000,0000,0000,,unattendedly. We will see in a moment. The\Nmitigation I came up with for the editor Dialogue: 0,0:03:02.47,0:03:06.68,Default,,0000,0000,0000,,part is that you have a virtualized\Nenvironment where you run your editor. So Dialogue: 0,0:03:06.68,0:03:11.08,Default,,0000,0000,0000,,when something happens and and it is\Ncompromised, not your root system is also Dialogue: 0,0:03:11.08,0:03:15.88,Default,,0000,0000,0000,,compromised as well. You want to monitor\Nall your config files that you have in the Dialogue: 0,0:03:15.88,0:03:20.59,Default,,0000,0000,0000,,project and you want to get awareness what\Nexactly happens on my system when I run Dialogue: 0,0:03:20.59,0:03:22.45,Default,,0000,0000,0000,,and view this code. Dialogue: 0,0:03:24.51,0:03:28.43,Default,,0000,0000,0000,,The next part you will\Nprobably use as a shell integration. So as Dialogue: 0,0:03:28.43,0:03:33.34,Default,,0000,0000,0000,,soon as you open your repository some of\Nthe shells I saw just tell you what Dialogue: 0,0:03:33.34,0:03:36.84,Default,,0000,0000,0000,,branch you're working in and what files\Nwere changed and so on. So that's Dialogue: 0,0:03:36.84,0:03:41.79,Default,,0000,0000,0000,,something that comes very neat if you're\Ndeveloping but it can be a risk as well. Dialogue: 0,0:03:43.43,0:03:47.24,Default,,0000,0000,0000,,So my opinion on the shell integrations is\Nmostly that it's made for software Dialogue: 0,0:03:47.24,0:03:50.98,Default,,0000,0000,0000,,development on your own system. So when\Nyou write the code and you can trust it Dialogue: 0,0:03:50.98,0:03:55.76,Default,,0000,0000,0000,,it's not a problem to use those tools at\Nall, but as soon as you get sources from Dialogue: 0,0:03:55.76,0:04:05.76,Default,,0000,0000,0000,,foreign developers it can be a problem. So\Nchoose your tools wisely and don't execute Dialogue: 0,0:04:05.76,0:04:12.29,Default,,0000,0000,0000,,code from others if possible. The\Nversioning system that you commit your Dialogue: 0,0:04:12.29,0:04:20.04,Default,,0000,0000,0000,,code to is also a very good choice. For\Nexample Git and yeah Git can execute hooks Dialogue: 0,0:04:20.04,0:04:24.07,Default,,0000,0000,0000,,on different occasions. For example when\Nyou check out new code, if you commit and Dialogue: 0,0:04:24.07,0:04:30.04,Default,,0000,0000,0000,,so on. That means if you managed to clone\Na repository and a ".git" folder is Dialogue: 0,0:04:30.04,0:04:34.41,Default,,0000,0000,0000,,included or a ".hg" folder is included, it\Ncould mean that your operating system Dialogue: 0,0:04:34.41,0:04:39.80,Default,,0000,0000,0000,,decides to execute whatever is in the\Nhooks. It's not possible to store a ".git" Dialogue: 0,0:04:39.80,0:04:43.13,Default,,0000,0000,0000,,folder within a Git repository but it's\Npossible to store it in a Mercurial Dialogue: 0,0:04:43.13,0:04:48.48,Default,,0000,0000,0000,,repository or in a SVN or something, and\Nthen your shell integration won't know Dialogue: 0,0:04:48.48,0:04:53.21,Default,,0000,0000,0000,,what the original source was and will\Nexecute it anyway. One thing that was Dialogue: 0,0:04:53.21,0:04:57.99,Default,,0000,0000,0000,,introduced for example from Visual Studio\NCode, this October, is that they now Dialogue: 0,0:04:57.99,0:05:00.89,Default,,0000,0000,0000,,support git hooks - which is a great\Nfeature, right? {\i1}chuckles{\i0} Dialogue: 0,0:05:01.97,0:05:03.09,Default,,0000,0000,0000,,The mitigations Dialogue: 0,0:05:03.09,0:05:07.03,Default,,0000,0000,0000,,against this are pretty easy: you can\Neither set a different hooks path, which Dialogue: 0,0:05:07.03,0:05:12.79,Default,,0000,0000,0000,,is not within this project repository so\Nthat you don't execute git hooks at all, Dialogue: 0,0:05:12.79,0:05:16.85,Default,,0000,0000,0000,,or you can use that little wrapper here\Nthat you see, to for example check at Dialogue: 0,0:05:16.85,0:05:21.21,Default,,0000,0000,0000,,least that there is no file that is a git\Nhook within that folder before you execute Dialogue: 0,0:05:21.21,0:05:25.21,Default,,0000,0000,0000,,git. It's a very good choice if you want\Nto protect yourself from that Dialogue: 0,0:05:25.21,0:05:27.100,Default,,0000,0000,0000,,vulnerability. Dialogue: 0,0:05:29.74,0:05:33.91,Default,,0000,0000,0000,,So after you committed the\Ncode and shared it to the versioning Dialogue: 0,0:05:33.91,0:05:38.41,Default,,0000,0000,0000,,server, you probably are going to build it\Nautomatically. So some services like Dialogue: 0,0:05:38.41,0:05:44.23,Default,,0000,0000,0000,,Travis CI will run it, will run it for\Nyou. So they will run tests, they will Dialogue: 0,0:05:44.23,0:05:49.09,Default,,0000,0000,0000,,compile the software and also they do the\Npackage versioning and deployment to some Dialogue: 0,0:05:49.09,0:05:53.88,Default,,0000,0000,0000,,other places. It becomes a problem if you\Ncan't reproduce the results from your Dialogue: 0,0:05:53.88,0:05:59.74,Default,,0000,0000,0000,,built runner, because it's an system you\Ndon't control sometimes. And as soon as Dialogue: 0,0:05:59.74,0:06:04.40,Default,,0000,0000,0000,,you get the binary result from it - if you\Ncompile the software that compiles to Dialogue: 0,0:06:04.40,0:06:09.03,Default,,0000,0000,0000,,binary - you need to check that result\Nsomehow, because somebody could have Dialogue: 0,0:06:09.03,0:06:15.23,Default,,0000,0000,0000,,altered it without your knowledge and then\Nyou will ship it to your users. Also a Dialogue: 0,0:06:15.23,0:06:19.28,Default,,0000,0000,0000,,problem on many of this build workers is:\Nyou want to have this process very fast. Dialogue: 0,0:06:19.28,0:06:23.13,Default,,0000,0000,0000,,So that means you don't want to wait until\Nall the dependencies are installed and the Dialogue: 0,0:06:23.13,0:06:28.29,Default,,0000,0000,0000,,great service is that you have caching in\Nbetween these projects. This means that, Dialogue: 0,0:06:28.29,0:06:33.03,Default,,0000,0000,0000,,for example, if somebody managed to inject\Nthe version to the cache of some CI Dialogue: 0,0:06:33.03,0:06:37.92,Default,,0000,0000,0000,,system, then it will eventually show up in\Nother projects as well and you can pivot Dialogue: 0,0:06:37.92,0:06:43.94,Default,,0000,0000,0000,,across the projects. Usually if you have a\Nbuild environment it has access to some Dialogue: 0,0:06:43.94,0:06:48.84,Default,,0000,0000,0000,,kind of development key. Mostly if you get\Npull requests from externals, the keys are Dialogue: 0,0:06:48.84,0:06:52.45,Default,,0000,0000,0000,,stored encrypted and you don't have access\Nto them, but as soon as somebody has write Dialogue: 0,0:06:52.45,0:06:58.11,Default,,0000,0000,0000,,access to your repository also the keys\Ncould be leaked. Let's make an example: Dialogue: 0,0:06:58.11,0:07:01.52,Default,,0000,0000,0000,,you have somebody offering you a software\Nand you don't give permission to edit the Dialogue: 0,0:07:01.52,0:07:05.93,Default,,0000,0000,0000,,master branch of the repository but as\Nsoon as you open an open a branch anywhere Dialogue: 0,0:07:05.93,0:07:10.53,Default,,0000,0000,0000,,and make a pull request Travis CI or other\Nbuild runners will use that and decrypt Dialogue: 0,0:07:10.53,0:07:14.11,Default,,0000,0000,0000,,the passwords for you and give you access\Nto the credentials which you can then Dialogue: 0,0:07:14.11,0:07:16.94,Default,,0000,0000,0000,,print or do whatever you intend to. Dialogue: 0,0:07:18.24,0:07:21.50,Default,,0000,0000,0000,,Yeah,\Nand for me the best option here would be Dialogue: 0,0:07:21.50,0:07:26.42,Default,,0000,0000,0000,,to have reproducible builds because then\Nyou can use different of the build workers Dialogue: 0,0:07:26.42,0:07:30.30,Default,,0000,0000,0000,,and compare results somehow so that you\Nsee if one gets compromised the other two Dialogue: 0,0:07:30.30,0:07:33.52,Default,,0000,0000,0000,,will tell you: hey, there's a different\Nresult, have a look please. Dialogue: 0,0:07:34.22,0:07:35.80,Default,,0000,0000,0000,,That would be great. Dialogue: 0,0:07:36.25,0:07:40.04,Default,,0000,0000,0000,,And also the build steps; I\Nmentioned building, testing and packaging Dialogue: 0,0:07:40.04,0:07:43.94,Default,,0000,0000,0000,,the software are totally different steps\Nso what you can do is you can have one Dialogue: 0,0:07:43.94,0:07:48.93,Default,,0000,0000,0000,,compartment per step so that you can have\Na data at a finer level and see what Dialogue: 0,0:07:48.93,0:07:55.67,Default,,0000,0000,0000,,happens here. After you compiled the\Nsoftware, you built the software, you need Dialogue: 0,0:07:55.67,0:07:59.84,Default,,0000,0000,0000,,to ship it to the user somehow so either\Nyou store it in your own server or most Dialogue: 0,0:07:59.84,0:08:04.74,Default,,0000,0000,0000,,often you use a CDN. You just put it there\Nand it's the asset that's lying around. Dialogue: 0,0:08:04.74,0:08:09.46,Default,,0000,0000,0000,,Your users will come around, download it\Nfrom here and execute it, so what is the Dialogue: 0,0:08:09.46,0:08:13.67,Default,,0000,0000,0000,,problem here? The problem is, that if you\Nhave an URL it's very hard to prove that Dialogue: 0,0:08:13.67,0:08:19.11,Default,,0000,0000,0000,,it's actually from the real maintainer. If\Nyou call your software like if - if you Dialogue: 0,0:08:19.11,0:08:23.26,Default,,0000,0000,0000,,call your account like a different\Nproject, then people won't be able to Dialogue: 0,0:08:23.26,0:08:28.32,Default,,0000,0000,0000,,notice the difference somehow. What you\Ncan do to mitigate this, is to publish the Dialogue: 0,0:08:28.32,0:08:34.32,Default,,0000,0000,0000,,URLs that you legitly using and also sign\Nyour assets so that users can check is Dialogue: 0,0:08:34.32,0:08:38.37,Default,,0000,0000,0000,,that something that the developer intended\Nto give me or is it something that is Dialogue: 0,0:08:38.37,0:08:42.74,Default,,0000,0000,0000,,really ... that is really not intended. Dialogue: 0,0:08:43.20,0:08:44.99,Default,,0000,0000,0000,,So, ... Dialogue: 0,0:08:46.18,0:08:49.36,Default,,0000,0000,0000,,Yes. And the next part is you need to \Nreach out to your users Dialogue: 0,0:08:49.36,0:08:52.14,Default,,0000,0000,0000,,so you make people aware,\Nthat there is a project they can Dialogue: 0,0:08:52.14,0:08:57.16,Default,,0000,0000,0000,,check out, they can clone and usually you\Nhave the package registries. A few slides Dialogue: 0,0:08:57.16,0:09:03.90,Default,,0000,0000,0000,,back you saw that the package managers are\Nalso included in the editors, so that's Dialogue: 0,0:09:03.90,0:09:08.29,Default,,0000,0000,0000,,also something where you can ship the\Nsoftware but the package manager I was Dialogue: 0,0:09:08.29,0:09:12.79,Default,,0000,0000,0000,,mostly looking at was for example NPM.\NThere was an interesting occasion where Dialogue: 0,0:09:12.79,0:09:19.14,Default,,0000,0000,0000,,somebody had a project called Kik.The\Ncompany Kik then tried to take it down and Dialogue: 0,0:09:19.14,0:09:23.26,Default,,0000,0000,0000,,the person just ignored it for the moment\Nbut then Kik reached out to NPM directly Dialogue: 0,0:09:23.26,0:09:27.86,Default,,0000,0000,0000,,and they deleted the repository. In\Nconsequence the developer removed all his Dialogue: 0,0:09:27.86,0:09:31.92,Default,,0000,0000,0000,,projects from the versioning server and a\Nfew hours later malware showed up with the Dialogue: 0,0:09:31.92,0:09:35.78,Default,,0000,0000,0000,,same project names, so that means if you\Nhave a software that uses that Dialogue: 0,0:09:35.78,0:09:40.65,Default,,0000,0000,0000,,dependencies and somebody freed up names\Nit would affect your repository as well Dialogue: 0,0:09:40.65,0:09:46.67,Default,,0000,0000,0000,,and compromise it. That's something that\Nneeds mitigation. I think the best idea Dialogue: 0,0:09:46.67,0:09:51.48,Default,,0000,0000,0000,,here is to not only identify the\Nproject by a unique identifier but also Dialogue: 0,0:09:51.48,0:09:58.32,Default,,0000,0000,0000,,have a GUID or an or a unique identifier\Nper project that does not change, so that Dialogue: 0,0:09:58.32,0:10:01.70,Default,,0000,0000,0000,,you can make a difference. That's\Nsomething that's up to the package Dialogue: 0,0:10:01.70,0:10:05.31,Default,,0000,0000,0000,,registries to implement. That's not\Nsomething we can do as a user but it's a Dialogue: 0,0:10:05.31,0:10:11.37,Default,,0000,0000,0000,,very common case - it's a very common case\Nthat these packages fluctuate. Dialogue: 0,0:10:11.37,0:10:14.75,Default,,0000,0000,0000,,So for example, if somebody deletes it,\Nyou don't have a backup of that. Dialogue: 0,0:10:14.75,0:10:18.50,Default,,0000,0000,0000,,A very good idea is also to store offline\Nbackups of every package that you Dialogue: 0,0:10:18.50,0:10:22.42,Default,,0000,0000,0000,,check out and that you install to\Nyour software because it's very bad Dialogue: 0,0:10:22.42,0:10:26.60,Default,,0000,0000,0000,,if you want to maintain your software and\Nyou figure out there's something, there's Dialogue: 0,0:10:26.60,0:10:29.37,Default,,0000,0000,0000,,something missing and I can't recover\Nbecause it's deleted. Dialogue: 0,0:10:33.16,0:10:38.11,Default,,0000,0000,0000,,Yes, software developers have some\Nneeds during their work. Dialogue: 0,0:10:38.11,0:10:42.73,Default,,0000,0000,0000,,I want my tooling to perform if my\Ncode editor for example is in the VM and Dialogue: 0,0:10:42.73,0:10:49.14,Default,,0000,0000,0000,,the VM is slow, that's something that's\Nannoying all over the process. So then on Dialogue: 0,0:10:49.14,0:10:53.11,Default,,0000,0000,0000,,the other hand the velocity is something\Nthat your manager will require from you if Dialogue: 0,0:10:53.11,0:10:59.09,Default,,0000,0000,0000,,you write commercial software or you try\Nto get something done and you can't spend Dialogue: 0,0:10:59.09,0:11:03.02,Default,,0000,0000,0000,,all day to work on chores and improve\Nthe repository, the versioning and so on. Dialogue: 0,0:11:03.02,0:11:09.58,Default,,0000,0000,0000,,So that's something you need to deal with.\NAnother big factor for me is the Dialogue: 0,0:11:09.58,0:11:13.48,Default,,0000,0000,0000,,reliability. So as soon as your software\Ngoes down and you are in holiday or Dialogue: 0,0:11:13.48,0:11:18.24,Default,,0000,0000,0000,,something, anybody else from the company\Nor from your team should be able to Dialogue: 0,0:11:18.24,0:11:26.33,Default,,0000,0000,0000,,recover what was there before, also known\Nas the bus-factor and, yeah, if you have Dialogue: 0,0:11:26.33,0:11:30.78,Default,,0000,0000,0000,,convenience like for example Ruby on Rails\Ngives you. It gives you a very good, Dialogue: 0,0:11:30.78,0:11:34.51,Default,,0000,0000,0000,,very easy start in the projects and that's\Nsomething you don't want to break by Dialogue: 0,0:11:34.51,0:11:38.84,Default,,0000,0000,0000,,making it too complicated with a\Ndevelopment environment. And also Dialogue: 0,0:11:38.84,0:11:45.49,Default,,0000,0000,0000,,something I've found to be more annoying\Nthan helpful is, if you want to pair- Dialogue: 0,0:11:45.49,0:11:49.58,Default,,0000,0000,0000,,program and you have a very\Ncompartmentalized environment, it's very Dialogue: 0,0:11:49.58,0:11:53.27,Default,,0000,0000,0000,,hard to share the resources that you need\Nto talk about with other developers, Dialogue: 0,0:11:53.27,0:11:56.70,Default,,0000,0000,0000,,expecting you're not in the same room but\Nworking remotely, what is for me most Dialogue: 0,0:11:56.70,0:11:58.48,Default,,0000,0000,0000,,often the case. Dialogue: 0,0:12:02.11,0:12:06.60,Default,,0000,0000,0000,,A large problem that I saw is, if you\Nunderhand somebody code, Dialogue: 0,0:12:06.60,0:12:13.03,Default,,0000,0000,0000,,if you go ahead and and check out\Ncode from any online resources, it's Dialogue: 0,0:12:13.03,0:12:17.37,Default,,0000,0000,0000,,sometimes very hard to tell if the code\Nthat you see in your, e.g. Git diff, Dialogue: 0,0:12:17.37,0:12:22.69,Default,,0000,0000,0000,,is what you really would expect to\Nsee. I have some examples here, which can Dialogue: 0,0:12:22.69,0:12:25.96,Default,,0000,0000,0000,,show how this could work and how this\Ncould look like if somebody tries Dialogue: 0,0:12:25.96,0:12:30.46,Default,,0000,0000,0000,,to inject code to your repository, that\Nyou don't see. First of all, let's start Dialogue: 0,0:12:30.46,0:12:37.53,Default,,0000,0000,0000,,with something easy, that's phishing. What\Nyou see here on the slide, on the left Dialogue: 0,0:12:37.53,0:12:42.100,Default,,0000,0000,0000,,side maybe you see the cursor. That's not\Na full path, that is just a domain name. Dialogue: 0,0:12:42.100,0:12:49.68,Default,,0000,0000,0000,,The slashes in here are UTF-8 characters\Nso that thing here resolves to a hostname, Dialogue: 0,0:12:49.68,0:12:54.09,Default,,0000,0000,0000,,and if you control this host, you can get\Na certificate for it and then the example Dialogue: 0,0:12:54.09,0:12:59.96,Default,,0000,0000,0000,,below you see, how it would look like, if\Nyou install it. First I have a host that's Dialogue: 0,0:12:59.96,0:13:04.48,Default,,0000,0000,0000,,just running a web server on port 80, so\Nthat you can see the result. Okay, I was Dialogue: 0,0:13:04.48,0:13:09.12,Default,,0000,0000,0000,,cheating a little bit. I was putting the\Ndomain in the /etc/hosts so that I don't Dialogue: 0,0:13:09.12,0:13:15.52,Default,,0000,0000,0000,,have to buy it, for just showing it. It's\Nstrange that dot zip is a domain actually, Dialogue: 0,0:13:15.52,0:13:21.60,Default,,0000,0000,0000,,but then if you install it, you would see\Nthat you can send somebody a very Dialogue: 0,0:13:21.60,0:13:25.14,Default,,0000,0000,0000,,nice-looking link which looks like a\Ntotally different project, but it's Dialogue: 0,0:13:25.14,0:13:30.65,Default,,0000,0000,0000,,pointing to your server instead; and I\Nfound many of the package managers having Dialogue: 0,0:13:30.65,0:13:34.90,Default,,0000,0000,0000,,the nice feature of executing PostScript\Nhooks, so that means, if you have Dialogue: 0,0:13:34.90,0:13:38.57,Default,,0000,0000,0000,,installed it, it will run some commands\Nafterwards for you. Dialogue: 0,0:13:42.10,0:13:46.50,Default,,0000,0000,0000,,Then there is invisible code. If you go\Nonline somewhere, find in a forum or in a Dialogue: 0,0:13:46.50,0:13:50.76,Default,,0000,0000,0000,,blog, you find an article and see, "hey,\Nthat code is actually solving my problem", Dialogue: 0,0:13:50.76,0:13:54.51,Default,,0000,0000,0000,,you go ahead and copy/paste it. So, on the\Nleft you see the source code how this Dialogue: 0,0:13:54.51,0:14:00.29,Default,,0000,0000,0000,,would look like in HTML for the blog. On\Nthe right there's the result. So you can Dialogue: 0,0:14:00.29,0:14:03.98,Default,,0000,0000,0000,,go ahead, you can copy/paste from it and\Nif you paste it to a text area, you will Dialogue: 0,0:14:03.98,0:14:07.76,Default,,0000,0000,0000,,see, that the result is something that you\Ndidn't expect. For example, if you copy a Dialogue: 0,0:14:07.76,0:14:11.51,Default,,0000,0000,0000,,large chunk of code, you won't go ahead\Nand review it on your local system again Dialogue: 0,0:14:11.51,0:14:15.65,Default,,0000,0000,0000,,and that could be the compromise for your\Nproject. Dialogue: 0,0:14:26.87,0:14:31.14,Default,,0000,0000,0000,,Another example here is, you can\Nuse ASCII characters, Dialogue: 0,0:14:31.14,0:14:34.96,Default,,0000,0000,0000,,the control characters to influence\Nthe output in your terminal. Dialogue: 0,0:14:34.96,0:14:38.38,Default,,0000,0000,0000,,So if your terminal also\Nsupports the legacy of ASCII control Dialogue: 0,0:14:38.38,0:14:42.54,Default,,0000,0000,0000,,characters, you can use that to just\Nrevert the line and override it with Dialogue: 0,0:14:42.54,0:14:47.85,Default,,0000,0000,0000,,something you wouldn't expect. What you\Nsee on top here, that harmless script is Dialogue: 0,0:14:47.85,0:14:52.06,Default,,0000,0000,0000,,the file. It's a little larger than you\Nwould expect for just a echo foo, but not Dialogue: 0,0:14:52.06,0:14:57.01,Default,,0000,0000,0000,,something you would notice when you just\Nsee it. Looking at it from a hex editor Dialogue: 0,0:14:57.01,0:15:01.06,Default,,0000,0000,0000,,you can see, that there is something more\Ngoing on than just the foo and if you Dialogue: 0,0:15:01.06,0:15:05.51,Default,,0000,0000,0000,,actually execute it, it will not print\Nsomething, it will create the pwned text, Dialogue: 0,0:15:05.51,0:15:11.50,Default,,0000,0000,0000,,which is a good example for you that your\Nhost was compromised in this moment. Dialogue: 0,0:15:15.05,0:15:20.09,Default,,0000,0000,0000,,Another example I found online, so credit\Nto Ariel for this, so there is a byte Dialogue: 0,0:15:20.09,0:15:23.10,Default,,0000,0000,0000,,sequence you can use so that this even\Nworks in a Git diff. So when you're Dialogue: 0,0:15:23.10,0:15:27.11,Default,,0000,0000,0000,,working exclusively in your terminal and\Nyou're not doing reviews on GitHub or some Dialogue: 0,0:15:27.11,0:15:32.71,Default,,0000,0000,0000,,graphical tool, it could be the case that\Nyou don't notice what was going on. What Dialogue: 0,0:15:32.71,0:15:37.53,Default,,0000,0000,0000,,you can see here on the left is, I created\Nan empty repository, I added a small Dialogue: 0,0:15:37.53,0:15:43.13,Default,,0000,0000,0000,,script and in the next step down here, I\Nadded some improvement to the script, Dialogue: 0,0:15:43.13,0:15:50.57,Default,,0000,0000,0000,,which is actually the malicious commit\Nthat's here in red. Afterwards, I just ran Dialogue: 0,0:15:50.57,0:15:55.69,Default,,0000,0000,0000,,a Git diff on the code and I see that\Nthere is only no backdoor, oh sorry that Dialogue: 0,0:15:55.69,0:16:00.81,Default,,0000,0000,0000,,should be okay in the updated slides. So,\Nyou don't see the evil.sh that it's Dialogue: 0,0:16:00.81,0:16:05.56,Default,,0000,0000,0000,,executed as well, if you run it. That's\Nsomething I consider very dangerous. Dialogue: 0,0:16:10.89,0:16:16.18,Default,,0000,0000,0000,,So, some mitigations: the best thing you\Ncan do, is to make it expensive for your Dialogue: 0,0:16:16.18,0:16:21.09,Default,,0000,0000,0000,,attackers to compromise or try to. So\Nas soon as you have the chance to notice Dialogue: 0,0:16:21.09,0:16:27.01,Default,,0000,0000,0000,,what is going on, also retrospectively,\Nyou can at least burn the capabilities and Dialogue: 0,0:16:27.01,0:16:31.89,Default,,0000,0000,0000,,tell others how your project was attempted\Nto compromise and that's something Dialogue: 0,0:16:31.89,0:16:35.50,Default,,0000,0000,0000,,that is, in my opinion, the best\Nmitigation against this complexity. Dialogue: 0,0:16:36.92,0:16:41.75,Default,,0000,0000,0000,,What you can also do, is you can test your\Nsoftware from external services directly, Dialogue: 0,0:16:41.75,0:16:47.51,Default,,0000,0000,0000,,which will tell you, if some compromise\Nhappened. For example, Git has it newly Dialogue: 0,0:16:47.51,0:16:52.40,Default,,0000,0000,0000,,introduced. They will check your packages,\Nthe dependencies and will warn you about Dialogue: 0,0:16:52.40,0:16:59.50,Default,,0000,0000,0000,,some vulnerabilities that are commonly\Nknown. The best thing you can do on your Dialogue: 0,0:16:59.50,0:17:02.47,Default,,0000,0000,0000,,local system is to build small\Ncompartments, so that if some compromise Dialogue: 0,0:17:02.47,0:17:08.71,Default,,0000,0000,0000,,happens, it doesn't affect your full host.\NAlso not all your projects you have Dialogue: 0,0:17:08.71,0:17:12.36,Default,,0000,0000,0000,,access to. And it's very important, that\Nyou have backups on a different system Dialogue: 0,0:17:12.36,0:17:16.27,Default,,0000,0000,0000,,than the hosts you're working on. So if\Nthe compromise happens you still have Dialogue: 0,0:17:16.27,0:17:20.85,Default,,0000,0000,0000,,access to the original data and can\Ncompare it and do some forensics on this. Dialogue: 0,0:17:23.59,0:17:27.64,Default,,0000,0000,0000,,So, the intrusion detection forensics;\Nthere are some great tools available. Dialogue: 0,0:17:27.64,0:17:32.60,Default,,0000,0000,0000,,For example my favorites are DTrace and\NOpensnoop. You can monitor changes and Dialogue: 0,0:17:32.60,0:17:37.10,Default,,0000,0000,0000,,access on the file system or on your\Nsystem at all. And you can e.g. set some Dialogue: 0,0:17:37.10,0:17:40.12,Default,,0000,0000,0000,,rules for your projects that are\Nspecifically matching. So I am Dialogue: 0,0:17:40.12,0:17:44.36,Default,,0000,0000,0000,,not going to share some rules that match\Nfor all projects, but you will figure out Dialogue: 0,0:17:44.36,0:17:48.78,Default,,0000,0000,0000,,what is e.g. important. Very\Ngood start is e.g. to Opensnoop for Dialogue: 0,0:17:48.78,0:17:54.03,Default,,0000,0000,0000,,/etc/passwd if there was some access, then\Nyou can e.g. say that's not something Dialogue: 0,0:17:54.03,0:18:00.77,Default,,0000,0000,0000,,what my software would do. And again it's\Nvery important to have the backups of this Dialogue: 0,0:18:00.77,0:18:04.53,Default,,0000,0000,0000,,because in the moment where you execute\Nit, you can't trust your host at all. Dialogue: 0,0:18:06.89,0:18:11.92,Default,,0000,0000,0000,,The idea how to achieve this is,\Nif you have a VM per project for example, Dialogue: 0,0:18:11.92,0:18:15.61,Default,,0000,0000,0000,,you let it run for half a year,\Nyou don't approve the situation. Instead Dialogue: 0,0:18:15.61,0:18:19.31,Default,,0000,0000,0000,,of having one system that you need to\Nupdate the software to, you need to update Dialogue: 0,0:18:19.31,0:18:23.95,Default,,0000,0000,0000,,afterwards all the projects that you're\Nworking on frequently and that's something Dialogue: 0,0:18:23.95,0:18:28.36,Default,,0000,0000,0000,,that's easy to forget. So it's dangerous.\NIf you assume that every time you run some Dialogue: 0,0:18:28.36,0:18:31.94,Default,,0000,0000,0000,,command or every time you work in a\Nproject, you spin up a new server entirely Dialogue: 0,0:18:31.94,0:18:36.09,Default,,0000,0000,0000,,from scratch, install the dependencies and\Nso on that's something that's not a risk Dialogue: 0,0:18:36.09,0:18:43.24,Default,,0000,0000,0000,,for you. Also, if you have for example a\Nvirtualized server environment you can Dialogue: 0,0:18:43.24,0:18:48.38,Default,,0000,0000,0000,,have memory dumps at any time, you can\Nmonitor the network and you can also diff Dialogue: 0,0:18:48.38,0:18:51.77,Default,,0000,0000,0000,,the filesystem. For example, if you stop\Nthe server and just compare it to a Dialogue: 0,0:18:51.77,0:18:55.54,Default,,0000,0000,0000,,previous version and see, "hey, here is\Nsomething that was changed that I didn't Dialogue: 0,0:18:55.54,0:18:58.97,Default,,0000,0000,0000,,plan". It's great to know. Dialogue: 0,0:19:01.96,0:19:05.80,Default,,0000,0000,0000,,Very important is also to separate your\Naccounts. E.g., if you see large GitHub Dialogue: 0,0:19:05.80,0:19:09.32,Default,,0000,0000,0000,,accounts, people are making contributions\Nevery day since years. Dialogue: 0,0:19:11.76,0:19:17.41,Default,,0000,0000,0000,,So it shows that the people\Nhave access to very, to many projects from Dialogue: 0,0:19:17.41,0:19:22.25,Default,,0000,0000,0000,,the same machine. And the permission model\Nfrom GitHub for example, allows you to Dialogue: 0,0:19:22.25,0:19:26.67,Default,,0000,0000,0000,,store an SSH key for write access. But it\Nautomatically has access to all the Dialogue: 0,0:19:26.67,0:19:30.94,Default,,0000,0000,0000,,repositories you control. So the best that\Nyou can have here, is to make a Dialogue: 0,0:19:30.94,0:19:35.46,Default,,0000,0000,0000,,new GitHub account for, ... or to make a\Nnew account on that versioning system Dialogue: 0,0:19:35.46,0:19:39.02,Default,,0000,0000,0000,,that only has exclusively write access\Nto that single repository. Dialogue: 0,0:19:39.74,0:19:43.58,Default,,0000,0000,0000,,So when you work in your\Ncompartmented system and you want to Dialogue: 0,0:19:43.58,0:19:50.26,Default,,0000,0000,0000,,upload or pull changes, you can't\Ninfluence other repositories. That means Dialogue: 0,0:19:50.26,0:19:54.58,Default,,0000,0000,0000,,compromise doesn't spread across all your\Nprojects and so on, which would be an Dialogue: 0,0:19:54.58,0:20:00.33,Default,,0000,0000,0000,,invitation for malware somehow or\Nransomware. And you get a better Dialogue: 0,0:20:00.33,0:20:06.05,Default,,0000,0000,0000,,permission model if you create a GitHub\Norganization. In this case you can also Dialogue: 0,0:20:06.05,0:20:11.65,Default,,0000,0000,0000,,limit your own access in a better way. So\Nmy recommendation is not to work on your Dialogue: 0,0:20:11.65,0:20:15.12,Default,,0000,0000,0000,,personal GitHub account but create an\Norganization for your project. Dialogue: 0,0:20:18.81,0:20:26.10,Default,,0000,0000,0000,,Something many projects are missing are to\Nfind responsible persons for security Dialogue: 0,0:20:26.10,0:20:33.31,Default,,0000,0000,0000,,and to clearly communicate what is the\Nplan for incident response. Small example: Dialogue: 0,0:20:33.31,0:20:36.77,Default,,0000,0000,0000,,If you have a new project and you\Nfind a vulnerability, you would like to Dialogue: 0,0:20:36.77,0:20:40.57,Default,,0000,0000,0000,,commit it, but you don't open an issue\Npublicly, because then everybody, every Dialogue: 0,0:20:40.57,0:20:44.49,Default,,0000,0000,0000,,user would be affected. You try to reach\Nout to some developers and if you don't Dialogue: 0,0:20:44.49,0:20:52.57,Default,,0000,0000,0000,,have any clue how to securely achieve\Nthis, that can get you into trouble. And Dialogue: 0,0:20:52.57,0:20:58.08,Default,,0000,0000,0000,,there are quite a few projects which don't\Ncommunicate this and some of them don't Dialogue: 0,0:20:58.08,0:21:01.96,Default,,0000,0000,0000,,even respond to their security@ email\Naddress, which is bad. Dialogue: 0,0:21:05.66,0:21:12.21,Default,,0000,0000,0000,,In this case I told you what I saw from\Nmy experiences of working on the projects. Dialogue: 0,0:21:12.21,0:21:20.70,Default,,0000,0000,0000,,So that's basically my summary of\Nwhat can be harmful Dialogue: 0,0:21:20.70,0:21:23.21,Default,,0000,0000,0000,,and what can be good for your project. Dialogue: 0,0:21:23.22,0:21:33.09,Default,,0000,0000,0000,,{\i1}Applause{\i0} Dialogue: 0,0:21:33.09,0:21:38.18,Default,,0000,0000,0000,,Herald: Thank you and we now have time for\NQ&A. In the room you can line up behind Dialogue: 0,0:21:38.18,0:21:43.07,Default,,0000,0000,0000,,the microphones and I can see we have a\Nquestion from the internet already. Dialogue: 0,0:21:44.41,0:21:50.03,Default,,0000,0000,0000,,Signal Angel: What about Git signed\Ncommits? Any thoughts on that? Dialogue: 0,0:21:50.03,0:21:53.62,Default,,0000,0000,0000,,Answer: So as soon as you have signed\Ncommits and I find that you also email Dialogue: 0,0:21:53.62,0:21:57.07,Default,,0000,0000,0000,,with the same PGP key, it's very\Ninteresting that you have the PGP key on Dialogue: 0,0:21:57.07,0:22:01.33,Default,,0000,0000,0000,,the same host probably, then you have your\NGit executable. So if somebody executes Dialogue: 0,0:22:01.33,0:22:06.52,Default,,0000,0000,0000,,Git hooks, they can steal your PGP keys\Nfrom this. I didn't find any tutorial Dialogue: 0,0:22:06.52,0:22:11.59,Default,,0000,0000,0000,,online which explains you, how to make it\Nmanually, so that you don't use the Git Dialogue: 0,0:22:11.59,0:22:17.05,Default,,0000,0000,0000,,for signing the commits. But I think it\Ncan be very good to sign the commits, Dialogue: 0,0:22:17.05,0:22:23.21,Default,,0000,0000,0000,,but it can be also dangerous, because your\Nemail communication can be compromised. Dialogue: 0,0:22:23.21,0:22:28.98,Default,,0000,0000,0000,,Herald: Microphone number four.\NQ: In the Git diff you showed us, there Dialogue: 0,0:22:28.98,0:22:36.87,Default,,0000,0000,0000,,were some control characters. I think\NGit diff pipes to less by default, so Dialogue: 0,0:22:36.87,0:22:41.36,Default,,0000,0000,0000,,shouldn't they appear there somewhere?\NA: No, they don't. I just checked with the Dialogue: 0,0:22:41.36,0:22:47.29,Default,,0000,0000,0000,,latest version today. So, that's something\Nthat, well, we can also click on the blog Dialogue: 0,0:22:47.29,0:22:49.81,Default,,0000,0000,0000,,and see, if there is the video available. Dialogue: 0,0:23:04.73,0:23:08.45,Default,,0000,0000,0000,,Yeah, it's very hard to show from my\NHTML slide how this works. Dialogue: 0,0:23:08.45,0:23:11.34,Default,,0000,0000,0000,,So this video animation, ...\Nmaybe we can enlarge it a bit. Dialogue: 0,0:23:12.78,0:23:14.23,Default,,0000,0000,0000,,That's how it would work. Dialogue: 0,0:23:30.26,0:23:34.52,Default,,0000,0000,0000,,So most often, yes, if you pipe to less or\Nyou use a hex editor to review, Dialogue: 0,0:23:34.52,0:23:36.41,Default,,0000,0000,0000,,then you would notice, yes. Dialogue: 0,0:23:38.27,0:23:44.30,Default,,0000,0000,0000,,Q: I somehow remember that, maybe it\Nonly shows for longer diffs, but I think Dialogue: 0,0:23:44.30,0:23:46.74,Default,,0000,0000,0000,,when I type "git diff", I can scroll\Naround. Dialogue: 0,0:23:46.74,0:23:53.00,Default,,0000,0000,0000,,A: Ah, that's interesting. I need to try.\NHerald: We have a question from microphone Dialogue: 0,0:23:53.00,0:23:58.54,Default,,0000,0000,0000,,number one.\NQ: You mentioned Travis having access to Dialogue: 0,0:23:58.54,0:24:07.47,Default,,0000,0000,0000,,hidden variables and you being able to\Nleak those variables during pull requests. Dialogue: 0,0:24:07.47,0:24:10.41,Default,,0000,0000,0000,,What are your suggestions to mitigate\Nthat? Dialogue: 0,0:24:10.41,0:24:15.22,Default,,0000,0000,0000,,A: Don't give people write access to your\Nrepository, not even to branches that you Dialogue: 0,0:24:15.22,0:24:18.71,Default,,0000,0000,0000,,don't trust. So, as soon as they have\Nwrite access, they would also know the Dialogue: 0,0:24:18.71,0:24:23.41,Default,,0000,0000,0000,,secrets behind the variables in this case.\NI like the security model, because if you Dialogue: 0,0:24:23.41,0:24:26.78,Default,,0000,0000,0000,,for example get contributions from\Noutside, nobody can trigger that and steal Dialogue: 0,0:24:26.78,0:24:29.25,Default,,0000,0000,0000,,your keys.\NBut as soon as you build it on your own Dialogue: 0,0:24:29.25,0:24:32.44,Default,,0000,0000,0000,,branch somewhere in the repository that\Nchanges. Dialogue: 0,0:24:32.44,0:24:38.94,Default,,0000,0000,0000,,Q: Yes, but if you submit a pull request,\Nyou don't necessarily have to have write Dialogue: 0,0:24:38.94,0:24:43.46,Default,,0000,0000,0000,,access to that repository.\NA: Yes, that's what I mean. If you come Dialogue: 0,0:24:43.46,0:24:48.24,Default,,0000,0000,0000,,from outside and it's not within the same\Nrepository, the secrets are not decrypted. Dialogue: 0,0:24:48.24,0:24:52.35,Default,,0000,0000,0000,,So you can't run the steps. For example,\Nyou would not like to deploy directly from Dialogue: 0,0:24:52.35,0:24:57.76,Default,,0000,0000,0000,,a foreign branch, somewhere.\NHerald: We have a question from microphone Dialogue: 0,0:24:57.76,0:25:02.70,Default,,0000,0000,0000,,number four.\NQ: You mentioned the problem with Dialogue: 0,0:25:02.70,0:25:07.41,Default,,0000,0000,0000,,different compartments and how to exchange\Nthose environments without people. I think Dialogue: 0,0:25:07.41,0:25:10.98,Default,,0000,0000,0000,,that problem has already been solved with\NVagrant and some kind of provisioning Dialogue: 0,0:25:10.98,0:25:14.90,Default,,0000,0000,0000,,software like Ansible.\NDo you have any experience with checking Dialogue: 0,0:25:14.90,0:25:20.48,Default,,0000,0000,0000,,those results of those Vagrant boxes that\Nare automatically provisioned, like Dialogue: 0,0:25:20.48,0:25:25.83,Default,,0000,0000,0000,,having some server spec software to check\Nthose environments afterwards, or having Dialogue: 0,0:25:25.83,0:25:31.27,Default,,0000,0000,0000,,some kind of hashing, how to find out, if\Nthey have been reproduced the same way and Dialogue: 0,0:25:31.27,0:25:37.04,Default,,0000,0000,0000,,or if they have been any exploit used\Nin that process of setting up the Vagrant Dialogue: 0,0:25:37.04,0:25:40.25,Default,,0000,0000,0000,,environments.\NA: Yes, so different levels you can look Dialogue: 0,0:25:40.25,0:25:46.15,Default,,0000,0000,0000,,at this. There was some, ..., I try to\Nfind it, yes. You can for example memory Dialogue: 0,0:25:46.15,0:25:50.12,Default,,0000,0000,0000,,dump at any time, if you have the hosts\Ntrying somewhere or was your question Dialogue: 0,0:25:50.12,0:25:55.15,Default,,0000,0000,0000,,exactly that you want to check, if your\Nenvironment that was spun up was not Dialogue: 0,0:25:55.15,0:25:58.87,Default,,0000,0000,0000,,compromised yet?\NQ: Yeah, there has to be some kind of Dialogue: 0,0:25:58.87,0:26:05.83,Default,,0000,0000,0000,,process, how to verify that the produced\Nenvironments are the ones you expect them Dialogue: 0,0:26:05.83,0:26:10.99,Default,,0000,0000,0000,,to be, or if they have been compromised\Nand the problem is, I have used those Dialogue: 0,0:26:10.99,0:26:16.61,Default,,0000,0000,0000,,environments and tried, first I tried the\Nfull disk encryption for the Vagrant boxes Dialogue: 0,0:26:16.61,0:26:26.96,Default,,0000,0000,0000,,but the problem is, it's always the same\Nkey for the encryption, so that doesn't Dialogue: 0,0:26:26.96,0:26:30.53,Default,,0000,0000,0000,,work and even as you mentioned, you can\Nhave a memory dump, so you can read out Dialogue: 0,0:26:30.53,0:26:37.11,Default,,0000,0000,0000,,that key so there's no real possibility to\Nset up a Vagrant box that can't be Dialogue: 0,0:26:37.11,0:26:46.35,Default,,0000,0000,0000,,tampered with afterwards. So there has to\Nbe some kind of hash sum to compare those Dialogue: 0,0:26:46.35,0:26:49.15,Default,,0000,0000,0000,,produced results.\NA: Yeah, so as soon as you have a Dialogue: 0,0:26:49.15,0:26:53.35,Default,,0000,0000,0000,,reproducible build and the result that\Nyou, for example script languages are much Dialogue: 0,0:26:53.35,0:26:57.65,Default,,0000,0000,0000,,easier to achieve, because then you can\Njust diff the filesystem directory and Dialogue: 0,0:26:57.65,0:27:02.03,Default,,0000,0000,0000,,see, if there was some change. What I\Nwould do in this case, is to run multiple Dialogue: 0,0:27:02.03,0:27:05.56,Default,,0000,0000,0000,,services and compare the results, if\Nthat's possible. For example, you have Dialogue: 0,0:27:05.56,0:27:10.63,Default,,0000,0000,0000,,these reproducible builds, then run it on\Na few servers which are independent and Dialogue: 0,0:27:10.63,0:27:14.50,Default,,0000,0000,0000,,compare what you have.\NHerald: We have two more questions from Dialogue: 0,0:27:14.50,0:27:17.96,Default,,0000,0000,0000,,microphone number one and only a few\Nminutes left. Microphone number one. Dialogue: 0,0:27:17.96,0:27:22.77,Default,,0000,0000,0000,,Q: So, what's your recommendation for\Nhandling credentials in application Dialogue: 0,0:27:22.77,0:27:28.79,Default,,0000,0000,0000,,configuration files? We need often some\Ndatabase user and password or something Dialogue: 0,0:27:28.79,0:27:33.84,Default,,0000,0000,0000,,like this in, say Spring Boot Application\NYML, or things like that? Dialogue: 0,0:27:33.84,0:27:40.64,Default,,0000,0000,0000,,And is there any best practice or any\Nframework which can handle such things or Dialogue: 0,0:27:40.64,0:27:46.92,Default,,0000,0000,0000,,we need to explicitly encrypt these\Ncredentials in this application and then Dialogue: 0,0:27:46.92,0:27:51.71,Default,,0000,0000,0000,,decrypt for itself in the application, but\Nthen you need symmetric keys, or? Dialogue: 0,0:27:51.71,0:27:56.25,Default,,0000,0000,0000,,A: Yes, so Ansible for example comes with\Na mechanism that's called Ansible Vault, Dialogue: 0,0:27:56.25,0:28:00.00,Default,,0000,0000,0000,,which encrypts that with a passphrase that\Nyou can enter in your command line as soon Dialogue: 0,0:28:00.00,0:28:03.99,Default,,0000,0000,0000,,as you touch the file. For example, if you\Nwant to run Ansible then, it will ask you Dialogue: 0,0:28:03.99,0:28:07.68,Default,,0000,0000,0000,,for the password when starting up. So, if\Nyou want to share that password with your Dialogue: 0,0:28:07.68,0:28:11.22,Default,,0000,0000,0000,,developers everybody has access to the\Nsame keys, I would prefer to give Dialogue: 0,0:28:11.22,0:28:16.00,Default,,0000,0000,0000,,everybody, so every person in this team or\Neven every device a different key, if Dialogue: 0,0:28:16.00,0:28:21.10,Default,,0000,0000,0000,,that's possible somehow.\NThat's what I was trying to mention with Dialogue: 0,0:28:21.10,0:28:24.83,Default,,0000,0000,0000,,the GitHub accounts; that you don't use\None GitHub account but you use many of Dialogue: 0,0:28:24.83,0:28:27.05,Default,,0000,0000,0000,,them. If you, ... yeah. Dialogue: 0,0:28:28.10,0:28:31.86,Default,,0000,0000,0000,,Herald: We have one more question from\Nmicrophone number one and then a question Dialogue: 0,0:28:31.86,0:28:35.09,Default,,0000,0000,0000,,from the internet.\NQ: Yeah, my question was more about, I Dialogue: 0,0:28:35.09,0:28:38.92,Default,,0000,0000,0000,,mean some of your recommendations are low-\Nhanging fruits, but some of them it's Dialogue: 0,0:28:38.92,0:28:42.85,Default,,0000,0000,0000,,like, it's just impossible. I mean it's\Nnot sustainable, like it's very hard to Dialogue: 0,0:28:42.85,0:28:46.96,Default,,0000,0000,0000,,maintain and so I'm wondering, if you use\Nall of them every day or just part of them Dialogue: 0,0:28:46.96,0:28:50.19,Default,,0000,0000,0000,,or do you just leave like an ??? at the\Nend? Dialogue: 0,0:28:50.19,0:28:54.40,Default,,0000,0000,0000,,A: It depends on the project. So what I\Ntry to do on my development system is to Dialogue: 0,0:28:54.40,0:28:59.28,Default,,0000,0000,0000,,have these compartment, so that one\Ncompromised project would not affect Dialogue: 0,0:28:59.28,0:29:04.29,Default,,0000,0000,0000,,others. Because I'm not the only person\Nchecking and merging the code, so and Dialogue: 0,0:29:04.29,0:29:08.82,Default,,0000,0000,0000,,that's something that gets quickly too\Nmuch for one person to review. So, I Dialogue: 0,0:29:08.82,0:29:13.15,Default,,0000,0000,0000,,can't review all the code that I'm running\Ncurrently on my computer, that's true. But Dialogue: 0,0:29:13.15,0:29:16.54,Default,,0000,0000,0000,,I can try to mitigate what the impact of\Nthis will be. Dialogue: 0,0:29:16.89,0:29:20.62,Default,,0000,0000,0000,,Herald: And the question from the internet.\NSignal: What tool would you recommend Dialogue: 0,0:29:20.62,0:29:31.85,Default,,0000,0000,0000,,for diffing a file system?\NA: Diff. {\i1}giggles{\i0} Well, it worked for me Dialogue: 0,0:29:31.85,0:29:38.62,Default,,0000,0000,0000,,so far. Or what exactly is the question\Nabout? Um, maybe you want to see, if did Dialogue: 0,0:29:38.62,0:29:42.18,Default,,0000,0000,0000,,the hash change in the files? So when you\Nhave e.g. the script file one and Dialogue: 0,0:29:42.18,0:29:45.67,Default,,0000,0000,0000,,the script file B and they have a\Ndifferent hash sum, that's something I Dialogue: 0,0:29:45.67,0:29:49.76,Default,,0000,0000,0000,,would consider something I would look up\Nmanually. So as soon as I have an Dialogue: 0,0:29:49.76,0:29:53.44,Default,,0000,0000,0000,,indication that there was something wrong,\NI would look it up manually and use any Dialogue: 0,0:29:53.44,0:29:57.06,Default,,0000,0000,0000,,tool that I have. Hex editor or whatever\Nis available. Dialogue: 0,0:29:57.06,0:30:01.20,Default,,0000,0000,0000,,Herald: Good. We have less than one minute\Nleft. Are there any final remarks? Dialogue: 0,0:30:01.20,0:30:03.62,Default,,0000,0000,0000,,Stephan: Thank you.\NHerald: Thank you very much. Dialogue: 0,0:30:03.62,0:30:05.93,Default,,0000,0000,0000,,{\i1}Applause{\i0} Dialogue: 0,0:30:10.15,0:30:15.86,Default,,0000,0000,0000,,{\i1}postroll music{\i0} Dialogue: 0,0:30:15.86,0:30:28.00,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\Nin the year 2019. Join, and help us!