Sort by:  

Conference:  Defcon 31
Authors: Asi Greenholts Security Researcher at Palo Alto Networks

GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers. In this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm. We will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of. We will then dive down to how GitHub Actions is working under the hood and I’ll show you how an attacker that is in control of an Action can utilize the mechanism of the GitHub Actions Runner to infect other Actions that are dependent on their Action and eventually infect the targeted project. Finally, after we’ve gained all of the theoretical knowledge I’ll show you a demo with POC malware that is spreading through Actions and we will talk on how to defend against this kind of attack.
Authors: Kunal Kushwaha, Mark Boost

tldr - powered by Generative AI

Tips for students to overcome challenges and find mentorship in the cloud native industry
  • Research potential mentors and align goals and interests
  • Approach mentors professionally and provide meaningful insight into your background and interests
  • Utilize open source projects to gain experience and build your resume
  • Collaborate with diverse communities to foster innovation and knowledge sharing
  • Overcome communication barriers by asking specific questions and seeking out mentorship
  • Manage time effectively to balance coursework and open source contributions
  • Combat imposter syndrome by recognizing your value and belonging in the community
Authors: Dan Sun, Theofilos Papapanagiotou

tldr - powered by Generative AI

K-Serve is a tool for deploying machine learning models that can handle large language models with billions of parameters. It allows for easy deployment and management of models, as well as the ability to observe and analyze model performance.
  • K-Serve allows for easy deployment and management of machine learning models
  • It can handle large language models with billions of parameters
  • Observation and analysis of model performance is possible with K-Serve
  • The future of K-Serve is to support even larger language models
Authors: Greg Kroah Hartman, Philippe Ensarguet, Gabriele Columbro, Sachiko Muto

The EU Cyber Resilience Act aims to address a vital need for improved security across the software supply chain, but there’s broad consensus that, in its current draft, it risks imposing undue burden on individuals and non profit organizations with the risk of stifling European open source innovation with ripple effects to it’s global ecosystem. We welcome representatives from all the different constituents of the Community, from individual maintainers to companies consuming and contributing to open source, from representatives of the public sector to open source foundations, to join us for an open discussion to learn more on the real life impacts of the CRA and where do we go from here
Authors: Antonio Ojea Garcia, Fernando Gont

Kubernetes is a scalable distributed system and networking is a central part of it. IPv6 is an important protocol for Kubernetes, because it solves the problem about IP address exhaustion. The project has been working on implementing it for a long time, supporting IPv6 single-stack clusters since its version 1.18, and dual-stack clusters since version 1.23 March 2020. Kubernetes is also an Open Source project, driven by the community, and the development doesn’t follow a strict and well documented process, with architectural decisions and implementation details not being well documented at times. However, the project is very serious abouts its APIs, with a strong commitment to not breaking compatibility. This allows the project to have a quick feedback loop delivering new features, and allows other projects to have an opportunity to add. During this talk Antonio Ojea, Kubernetes maintainer and developer, and Fernando Gont, author of multiple IETF IPv6 protocol specifications , will do an exhaustive analysis of the Kubernetes IPv6 architecture and take a look “under the hood” to explain the myths, legends and realities of IPv6 in Kubernetes.
Authors: Josh Berkus, Dawn Foster, Catherine Paganini, Nate Waddington, Dave Sudia

Helping others pays off. The TAG Contributor Strategy's (TAG CS) mission is to help open source projects succeed. Whether establishing best practices and tips for projects to recruit contributors, govern themselves effectively to stay healthy, scale sustainably and transparently, or mentor others effectively, TAG CS members get something out of it too. Join this panel discussion to hear from TAG CS members what they've gotten out of giving, including how it's shaped their careers, advanced their skills, and grown their own community. And if you are a maintainer and like what you hear, you should join us too!
Authors: Kaitlyn Barnard, Hannah Ouellette

tldr - powered by Generative AI

The presentation discusses strategies for building and growing a successful community, including engaging with members, showcasing personal stories, and using metrics to track progress.
  • Engage with members through events, personal stories, and third-party metrics
  • Use metrics to track community growth and engagement
  • Encourage local languages and representation in community events
  • Empower community members to organize their own events
  • Share success stories and third-party metrics to communicate the value of the community
Authors: David de Torres Huerta, Mirco De Zorzi

tldr - powered by Generative AI

Defensive Monitoring in Kubernetes Clusters
  • Using metrics from Prometheus to detect anomalies in network traffic and CPU usage
  • Manipulating data from Kubernetes metrics to generate topology diagrams of the cluster
  • Using service-level metrics to create network topology diagrams
  • These techniques can be useful for detecting and investigating security breaches
Authors: Richard Collins, Catherine Paganini, Danielle Cook, Simon Forster

tldr - powered by Generative AI

The importance of non-code contributions to open source projects
  • Code alone is not enough for the success of open source projects
  • Non-code contributions such as documentation, marketing, UI/UX design, and event organization are crucial
  • A variety of skill sets are needed for a project to succeed
  • Tech professionals can contribute without coding
  • The community needs a medley of tech and non-tech to create cognitive bridges between worlds
  • The Cloud Native Computing Foundation is working on a Learning Journey concept to provide signposted information and curated resources for people embarking on their Cloud Native Journey
Authors: Erwin de Keijzer

Erwin's house has an elevator, you might think it's an apartment, but no, it's a family home with an elevator. Since moving in Erwin has wanted to upgrade the elevator experience. In this talk Erwin explains how he used open source projects like NATS, Grafana, Prometheus, AlertManager and protocol buffers to track elevator performance and add awesome elevator music and floor announcements to an otherwise mundane elevator ride. Erwin will show how he made the system resilient and performant and show some epic dashboards with insights into the elevator performance. This talk will not feature a live demo, Erwin thought about bringing the elevator with him, but it was not accepted by his family.