Conference:  Defcon 31

Authors: Cory Doctorow

2023-08-01

The enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. It doesn't have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to "five giant websites filled with screenshots of text from the other four" (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification. We don't have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!

Conference:  Cloud Native SecurityCon North America 2022

Authors: Adrian Mouat

2022-10-24

The talk discusses techniques and tooling to address security concerns in building images for the secure supply chain.

• Provenance and reproducibility are major issues in the current state of security in IT.
• The distroless philosophy and using smaller base images can save from scan report purgatory.
• Updating images and dependencies is crucial.
• Using apko to build container images with SBOMs and complete reproducibility.
• Signing images with Sigstore.
• Cutting down dependencies by using smaller base images and keeping them up to date.
• Verifying signatures and using policy management tools to check for vulnerabilities.
• The vulnerability exploitability exchange can help filter vulnerabilities and cut down noise.
• Google container tools and digital images are small and perfect for running statically compiled binaries.
• The drawbacks of using Google container tools include a hard-to-extend list and difficulty in installing apps.
• Cutting down images to the minimum set of dependencies can drastically reduce noise in vulnerability reports.

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Karen Chu, Nanci Lancaster

2022-05-19

When it comes to open source software, having a strong, active community that feels supported is imperative to success. Oftentimes, maintainers are tasked with an abundance of responsibilities but are also expected to set aside time to inform and engage with community members such as users, contributors, and others who are interested in the project. This is where community managers can step in to alleviate the burden and provide support.For those who are trying to understand what this hard-to-define role is, the responsibilities involved, and the value of having a community manager dedicated to your project, join Nanci (community manager for Carvel and Tanzu Community Edition(TCE) Open Source Software projects) and Karen (community manager for Helm and other CNCF projects) for a breakdown of what a community manager role can look like and the value of the role as they cover topics including:Maintainer and Contributor experienceEventsSocial media/communicationsGitHub Repo HealthCommunity MeetingsClick here to view captioning/translation in the MeetingPlay platform!

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Aviv Sasson, Jay Chen

2021-10-14

As much as the cloud-native community devoted to building a rock-solid platform, the weakest link has always been the users who inadvertently introduced insecure configurations. Jay and Aviv will share their findings of misconfigured Kubernetes clusters in the wild and malware campaign that exploited these misconfigurations. Their research found 2,100 unsecured Kubernetes clusters that consist of 5,300 nodes, 31,340 CPUs, and 75,270 pods on the internet. Many sensitive data leaked from these clusters, including access credentials, source code, and PII. The researchers will share how they architected their honeypot infrastructure to collect and monitor malicious activities targeting Kubernetes environments. The research also uncovered the first malware that exploited Kubelets to compromise Kubernetes. The malware used sophisticated tactics to evade detection, harvest credentials, move laterally, and perform cryptojacking operations in compromised clusters.