Videos from NUUG

Forening NUUG er for alle som er interessert i fri programvare, åpne standarder og Unix-lignende operativsystemer.

Visit web pages for NUUG

  • When exploits are blind - Chris Dale (0:49:11)
  • NUUG
  • Demonstration based presentation. Only intro and outro powerpoint slides. Demonstrate user enumeration using timing attacks. Especially prominent when companies have implemented bcrypt/scrypt/pbkdf#2. Attack vector which is very useful in many cases today, notably against Lync/Skype4B installations today. Further password spray into a solution. Discover, analyze and fully exploit reverse-shell command injection. How to find these across large systems? How dose vulnerability scanners work, and how do they detect this? Introduction to Burp Collaborator. Introduction to script for merging attack data into hundreds of Burp Collaborators. Discover, analyze and fully exploit blind SQL Injection. Demonstrating Burp Intruder cluster bomb attack to enumerate out table data. Recorded at the OWASP Norway Day by NUUG.
  • Modern Web Application Vulnerabilities - Erlend Oftedal (0:44:04)
  • NUUG
  • With the emerging popularity of bug bounty programs, lesser known and even brand new vulnerability classes are gaining popularity. This talk will give a walk-though of some of these vulnerabilities, how they occur in modern web applications and how they can be found and fixed. Recorded at the OWASP Norway Day by NUUG.
  • The State of Your Supply Chain - Andrew Martin (1:03:21)
  • NUUG
  • Container security often focuses on runtime best-practices whilst neglecting delivery of the software in the supply chain. Application, library, and OS vulnerabilities are a likely route to data exfiltration, and emerging technologies in the container ecosystem offer a new opportunity to mitigate this risk. Treating containers as immutable artefacts and injecting configuration allows us to "upgrade" images by rebuilding and shipping whole software bundles, avoiding configuration drift and state inconsistencies. This makes it possible to constantly patch software, and to easily enforce governance of artefacts both pre- and post-deployment. In this talk we detail an ideal, security-hardened container supply chain, describe the current state of the ecosystem, and dig into specific tools. Grafeas, Kritis, in-toto, Clair, Micro Scanner, TUF, and Notary are covered, and we demo how to gate container image pipelines and deployments on cryptographically verified supply chain metadata. Recorded at the OWASP Norway Day by NUUG
  • Machine Learning for Security - Alan Saied (0:47:37)
  • NUUG
  • The ability to mathematically classify patterns, predict events and/or identify abnormalities within a wide range of data is known as Machine Learning. For the purpose of this conference , we explain the power of data and how it can be used with Machine Learning models to identify abnormal behaviour within complex environments. We also explain the ingredients and the steps required to build a Machine Learning models to serve security tasks. This will further be followed by its complications in terms of false positives, accuracy of detection and validity of model and how this can be improved. Recorded at the OWASP Norway Day by NUUG.
  • Linux Security APIs and the Chromium Sandbox - Patricia Aas (0:53:47)
  • NUUG
  • The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk. Recorded at the OWASP Norway Day by NUUG.
  • What We’ve Learned From Billions of Security Reports - Scott Helme (0:59:29)
  • NUUG
  • Running one of the largest security reporting platforms of its kind, we handle billions of security reports for our customers every single month. Come and learn how we've scaled from handling 10,000 reports per month to 10,000 reports per second and the many evolutions our infrastructure has gone through. Alongside that come and see how, with our bird’s-eye view of such a diverse ecosystem, we’ve helped identify malware in a multinational organisation, had a malicious browser plugin taken down and much more! Recorded at the OWASP Norway Day by NUUG.
  • FSCONS 2017 - Trust, Elections and Twitter - Patricia Aas (1:04:06)
  • NUUG
  • What happened from beginning to end. What made the news and what didn't. How did it feel to be in it and how I was treated by the public, by the government and by the media. How transparency and suspiciousness is fundamental to an election system and how the lack of transparency drove me to dig further into the ballot counting system in Norway.
  • Sintel (0:14:49)
  • NUUG
  • Historien om Sintel og hennes ekspedisjon for å finne babydragen hun ble kjent med.
  • Decentralized Open Source Mesh Networks - Benedict Lau (1:12:23)
  • NUUG
  • Benedict Lau, en bidragsyter og arrangør på (Toronto Mesh), besøker oss for å snakke om å bygge nettverk for mesh-nettverk som er selvadresserende, desentralisert og fungerer uten internettforbindelse. Vi vil diskutere peer-to-peer-applikasjoner som det interplanetariske filsystemet (IPFS) og Secure Scuttlebutt (SSB), både teknisk og å utforske sosial dynamikk som oppstår når brukerne har eierskap og kontroll over webapplikasjonene de bruker. Foredraget vil gå på engelsk.
  • Caminandes 3: Llamigos (0:02:31)
  • NUUG
  • I denne episoden av tegnefilmserien Caminandes blir vi enda bedre kjent med vår helt Koro. Det er vinter i Patagonia, og det er lite mat. Llamaen Koro møter den plagsomme pingvinen Oti i en episk kamp om siste saftige bær.
  • Thomas Sødring - Noark 5v4 som fri programvare (1:16:50)
  • NUUG
  • Prosjektet nikita-noark5-kjerne er i sitt andre år med utvikling og vi har kommet et godt stykke på veien i arbeidet med å realisere en Noark 5-kjerne som fri programvare. Noark 5v4 eller tjenestegrensesnittet som det heter er fortsatt under utvikling. Vi har utviklet nikita-noark5-kjerne i henhold til Noark 5v4 og ønsker å dele våre erfaringer med implementasjon og tolkning av Noark 5v4 standarden. Vi vil gi en overordnet beskrivelse av teknologivalgene våre og forklare hva som ligger i HATEOAS-begrepet. Noark 5v4 bruker OData som en standard for søk og vi tar også en gjennomgang hvordan det brukes. Deretter åpner vi for en diskusjon om hvilken innovasjonspotensial det ligger i en Noark 5-kjerne som fri programvare og hva som skjer hvis arkivering blir gratis.
  • Trustworthy computers (0:58:18)
  • NUUG
  • Jonas Smedegaard, Debian developer and PureOS developer, talks about backdoors in computers, and explains how some laptops, servers, and phones minimize such risks. He brings a Purism Librem13 laptop and a few other gadgets.
  • Virtual Machines and Where to Find Them (0:44:24)
  • NUUG
  • Viua VM is a greenfield virtual machine designed for parallel execution. Its instruction set aims to facilitate writing reliable, correct, concurrent software. Such an undertaking is not completed in a day or two - work on Viua started in December 2014, and is still ongoing. Viua positions itself as a contender to the throne currently occupied by Erlang's VM - BEAM. Apart from a technical overview, this talk will give a tour of the "softer" problems one may encounter while working on a piece of non-trivial Free Software. It will also discuss how work on such software may affect one's position in the academia and in the business world. This will be described from an undergraduate student's point of view, early in their carreer.
  • Vincent Ambo - Where does YOUR compiler come from (0:49:54)
  • NUUG
  • Many people are familiar with the problems around the lack of trust in proprietary hardware components and their firmware. Similar issues do however exist on the software side of things, especially when it comes to how we bootstrap compilers for the ubiquitous C-language. This talk will present an overview of how these processes work in modern Linux distributions, which issues we have and what the implications are. We'll also do a brief dive into related topics, such as repeatable build environments and reproducibility. If you're not already aware of these issues, hopefully this talk will leave you with a newfound sense of paranoia and some pointers towards things that YOU can do to improve the situation.
  • Trustworthy computers (0:58:23)
  • NUUG
  • Jonas Smedegaard presents Trustworthy computers. Buying a new laptop, phone or other computer is not easy. Many computers can run Linux nowadays, but depending on your needs fewer of them work well, if security is one of your concerns then options available to you surprisingly shrink to almost zero. The talk will highlight some security issues and advice on what to look for in computers - laptops, phones and small home servers - for those of us concerned about privacy and want full control over our computing environments. Jonas Smedegaard is a freelance systems administrator and developer with a special interest in ethically designed computers and software. Jonas is a long time Debian developer involved with several Blends including FreedomBox and DebianParl where ethical aspects of hardware and software is crucial. Since mid 2017 Jonas has been hired by Purism to help develop the Debian-based PureOS shipped with their line of Librem laptops and a future Librem phone. NUUG talk from 2018-01-09.
  • Nivlheim, et verktøy for datainnsamling fra datamaskiner (0:31:58)
  • NUUG
  • Øyvind Hagberg presenterer Nivlheim. USIT drifter maskinparken til UIO, som består av 2800+ servere (fysiske og virtuelle). Vi har utviklet et verktøy som kontinuerlig samler inn informasjon om disse, bl.a. hvordan de er konfigurert og hva slags hardware de har. Det hjelper oss å holde oversikt. Presentasjonen handler om hvordan dette verktøyet virker, og hvilke muligheter det gir oss. Vi går inn på noen tekniske detaljer, og snakker om historikken bak designvalg. Til slutt snakker vi om hva vi gjør for å gjøre dette verktøyet om til åpen kildekode, og hva vi planlegger videre. Øyvind Hagberg jobber i driftsavdelingen på USIT. Han holder på med utvikling av støttesystemer for drift av maskinparken. Han har bakgrunn som utvikler, og har jobbet på USIT siden 2014. NUUG talk from 2017-12-12.
  • Glass (0:03:14)
  • NUUG
  • To amatørkunstkritikere treffes i et kunstgalleri og argumenterer heftig om maleriene de får se, inntil de endelig finner et kunstverk de kan enes om...
  • TED - Rutger Bregman: Poverty isn't a lack of character; it's a lack of cash (0:15:03)
  • NUUG
  • "Ideas can and do change the world," says historian Rutger Bregman, sharing his case for a provocative one: guaranteed basic income. Learn more about the idea's 500-year history and a forgotten modern experiment where it actually worked — and imagine how much energy and talent we would unleash if we got rid of poverty once and for all. TED talk downloaded from The Internet Archive.
  • Opne offentlege data (1:22:05)
  • NUUG
  • Kva skjer med opne data i Norge? I fleire år har offentleg sektor gjort sine data tilgjengelege så dei kan brukast av andre. Brukarane kan vere både frå privat sektor/sivilsamfunnet - såkalla vidarebruk - eller at offentleg sektor sjølve gjenbruker data. I foredraget gir Livar Bergheim ein kort introduksjon om du ikkje er kjent med opne data, du får høyre eksempel på bruk av opne data, kort historikk, kva er status, kva skjer (nye retningslinjer, felles datakatalog m.m.) og vegen vidare. NUUG talk from 2017-10-10.
  • An introduction to Freifunk (1:37:11)
  • NUUG
  • Starting with the history of Freifunk, Andreas will give an overview on Freifunk's goals and vision. It is also a history about their devices and the software they use for that. Another topic will be their social and political impact in Germany and the EU. He will also talk about how Freifunk organizes with more than 400 local communities. There will be enough time and room for questions, as well. Andreas Bräu studied computer science in the early 2000s and now works as a software developer in Berlin. Freifunk came to his life in 2006. Since then he did a lot, i.e. some firmware development, creating web sites, organizing community meetings. NUUG talk from 2017-09-12.
  • Teckids: The Free Software Youth Organisation (0:56:01)
  • NUUG
  • Teckids is a youth organisation from Germany, aiming at establishing a free software community among children and adolescents (basically pupils). Regularly running youth programmes at FOSS conferences where children take part in workshops about many aspects of technology and computer science, Teckids provides the necessary entry level to the free software community. Being a community organisation for young people, Teckids entirely relies on engaging those young people in all aspects of the organisation, starting from tutoring in workshops up to participating as board members. This concept brings a whole bunch of quite complicated and hard processes with it, but is entirely worth while. We would like to introduce our work to interested participants in Norway, to present the idea behind the organisation, and maybe find people who would like to engage in the project in Norway. Eike and Nik are two members of Teckids e.V. in Germany. Nik is chairperson and founding member of the organisation, and Eike, now 16 years old, is the tutor who got everything rolling back when he was 11 years old and held his first PyGame workshops at FrOSCon. The two are now lead developers of the Veripeditus project, a new tool to get young people interested in gaming involved in programming using free software tools. NUUG talk from 2017-08-08.