Version Paracetamol 1.4142g

Vortrag: Functionality, Security, Usability: Choose any two. Or GNOME.

Gnomelogo.svg

GNOME is a desktop that cares about its users and their freedom. To be free also includes to have the freedom to use your computer without having to fear of getting compromised or anyone listening to your communication. GNOME takes tries hard to put the user back into the control seat regarding security and privacy. We will see two examples of how GNOME gives you back that control. The first is a classic: The problem of signing OpenPGP keys. The second is the protection against malicious USB devices.

GNOME 3.20 has been released on 21st of March. With that release, many visible improvements will be delivered to users around the world. While many people already excitedly use GNOME 3 with the new user experience, some features of the new and elegant desktop like LibreOffice integration or editing photos with non-destructive GEGL operations are not yet wildly known. We also did many things on the plumbing layer such as allowing GNOME to run Wayland.

First, this talk will introduce to some of the design philosophies inherent in GNOME 3 as well as the main changes brought to users and developers. Also, since GNOME 3.20 is another step of a long lasting incrementally improved user experience, the future of GNOME's development will be speculated on.

The keysigning problem helps to strengthen the Web of Trust which is the decentralised PKI in the OpenPGP world.
It depends on people participating by signing other people's keys.
However, when following best practises, the act of signing a key involves secure transfer of the OpenPGP key which contemporary casual key signing protocols for small groups address by exchanging the fingerprint of the key to be signed.
The key will then be downloaded over an untrusted channel and the key obtained needs to be manually verified.

We will see a novel approach to signing keys which makes it easy to sign a person's key.
It enables very small groups of people to casually hold very small key signing parties.
The key idea is to automatically authenticate the key material
before the transfer via a secure audible or visual channel.
A Free Software implementation of the protocol will be shown and people are invited to sign their keys :-)

USB is ubiquitously used to connect peripheral (or not so peripheral) devices with a host. The attacks on operating systems and applications are growing and we will see a way to thwart many attacks without compromising on usability. This serves as a good example of how to draw the line between functionality, usability, and security for a security mechanism that is intended to be massively deployed.

Info

Tag: 02.09.2016
Anfang: 20:00 Uhr
Dauer: 00:45
Raum: Chirurgie (Saal 1.04)
Track: Talks
Sprache: en

Links:

Feedback

Uns interessiert deine Meinung! Wie fandest du diese Veranstaltung?