Towards a more secure operating system without sacrificing usability

Video in TIB AV-Portal: Towards a more secure operating system without sacrificing usability

Formal Metadata

Towards a more secure operating system without sacrificing usability
The GNOME challenge
Title of Series
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
GNOME is a desktop that cares about its users and their freedom. To be free also includes to have the freedom to use your computer without having to fear of getting compromised or anyone listening to your communication. GNOME takes tries hard to put the user back into the control seat regarding security and privacy. We will see two examples of how GNOME gives you back that control. The first is a classic: The problem of signing OpenPGP keys. The second is the protection against malicious USB devices.
Keywords Security

Related Material

Video is cited by the following resource
Computer animation Computer file Interior (topology) Prisoner's dilemma Speech synthesis Element (mathematics)
Observational study Software developer Cellular automaton Moment (mathematics) 1 (number) Numbering scheme Water vapor Line (geometry) Demoscene Dimensional analysis Power (physics) Goodness of fit Kernel (computing) Computer animation Integrated development environment Software Personal digital assistant Video game Normal (geometry) Right angle Lie group Metropolitan area network Resultant
Medical imaging Voting Computer animation Moment (mathematics) Order (biology) Speech synthesis Normal (geometry) Computer simulation 3 (number) Line (geometry) Neuroinformatik
Dependent and independent variables Touchscreen State of matter Multiplication sign Translation (relic) Graph coloring Computer icon Subset Formal language Software bug Word Inclusion map Computer animation Software Different (Kate Ryan album) Term (mathematics) Computer hardware output Boundary value problem Reading (process) Window Spacetime Physical system
Matching (graph theory) Computer animation Software Object model Core dump Computer network Shared memory Video game Quicksort Streaming media Number Product (business)
Expected value Computer animation Information Telecommunication Projective plane Electronic mailing list Branch (computer science) Position operator Neuroinformatik Task (computing)
Observational study Decision theory Quicksort Information security Task (computing) Physical system Neuroinformatik
Computer animation Decision theory Order (biology) Interactive television Quicksort Information security Physical system
Computer animation Software Computer configuration Decision theory Forcing (mathematics) Multiplication sign Ultraviolet photoelectron spectroscopy Line (geometry) Physical system
Word Computer animation Multiplication sign Decision theory Direction (geometry) Order (biology) Physical law Cartesian coordinate system Disk read-and-write head Task (computing)
User interface Information Channel capacity Software developer Forcing (mathematics) Set (mathematics) Online help Open set Cartesian coordinate system Machine vision Connected space Confluence (abstract rewriting) Root Internetworking Term (mathematics) Personal digital assistant Quicksort Task (computing) Physical system
Group action Information Decision theory Sound effect Menu (computing) Metadata Computer programming Proof theory Internet service provider Order (biology) Computer science Video game Right angle Office suite Quicksort
Logical constant Web page Functional (mathematics) Multiplication sign Transport Layer Security Source code Set (mathematics) Web browser Replication (computing) Mereology Public key certificate Number Web 2.0 Mathematics Root Office suite Information security Computing platform Physical system Area Covering space Matching (graph theory) Information Weight Cellular automaton Software developer Projective plane Physical law Data storage device Bit Cartesian coordinate system Connected space Vector potential Category of being Process (computing) Software Integrated development environment Personal digital assistant Order (biology) Configuration space Right angle Quicksort Routing Row (database)
Group action Game controller Code Decision theory Set (mathematics) Mass Number Online chat Goodness of fit Bit rate Ideal (ethics) Software testing Extension (kinesiology) Metropolitan area network Distribution (mathematics) Software developer Projective plane Interactive television Sound effect Bit Database Cartesian coordinate system Connected space Digital photography Process (computing) Spring (hydrology) Integrated development environment Personal digital assistant Order (biology) Phase transition Right angle Quicksort
Observational study State of matter Physical law Interactive television Arithmetic mean Computer animation Personal digital assistant Order (biology) HTTP cookie Quicksort Information security Physical system Social class
Key (cryptography) Information State of matter Bit Mereology System call Fingerprint
Degree (graph theory) Process (computing) Computer animation Information Hash function Personal digital assistant File format Bit Mereology Identity management
Casting (performing arts) Computer animation Inheritance (object-oriented programming) Order (biology) Set (mathematics) Local ring Computer programming
Dialect Information Key (cryptography) Cellular automaton Multiplication sign Bit Right angle Information security Computer programming Spacetime
Computer animation Software Inheritance (object-oriented programming) Interface (computing) Electronic mailing list Damping Freeware Information security
Authentication Sign (mathematics) Computer animation Information Virtual machine Website Cartesian coordinate system
Medical imaging Coefficient of determination Computer animation Personal digital assistant Projective plane Videoconferencing Set (mathematics) Right angle Cartesian coordinate system
Building Computer animation Integrated development environment Endliche Modelltheorie Cartesian coordinate system Mereology Physical system
Projective plane Virtual machine Sampling (statistics) Bit Cartesian coordinate system Medical imaging Category of being Curvature Mechanism design Computer animation Integrated development environment Order (biology) Right angle Information security Physical system
Classical physics Link (knot theory) Directory service Sequence Computer programming Mathematics Process (computing) Computer animation Profil (magazine) Video game Information security Physical system Spacetime
Classical physics Demon Default (computer science) Group action Namespace State of matter Interactive television Cartesian coordinate system Wave Computer animation Integrated development environment Order (biology) Physical system
Arithmetic mean Web portal Computer animation Core dump Interactive television Series (mathematics) Open set Cartesian coordinate system Extension (kinesiology) Information security Physical system
Classical physics Area Group action Web portal Multiplication sign Sampling (statistics) Letterpress printing Cartesian coordinate system Medical imaging Mechanism design Computer animation Lecture/Conference Personal digital assistant Different (Kate Ryan album) Operator (mathematics) Duality (mathematics) Right angle Endliche Modelltheorie
Slide rule Computer animation Virtual machine Device driver Information security
Area Computer animation Virtual machine Device driver Incidence algebra
Pulse (signal processing) Game controller State of matter Patch (Unix) Multiplication sign Virtual machine Device driver Set (mathematics) Mereology Perspective (visual) Public key certificate Number Product (business) Power (physics) Usability Inclusion map Internet forum Bit rate Hypermedia Internetworking Computer configuration Videoconferencing Representation (politics) Social class Area Graph (mathematics) Touchscreen Block (periodic table) Keyboard shortcut Electronic mailing list Cartesian coordinate system Word Curvature Kernel (computing) Computer animation Software Integrated development environment Personal digital assistant Password Phase transition Right angle CD-ROM Quicksort Conformal map
Computer animation
ever going on so we then I I'd know person as you get the interior the
known talk like this you want Goa and your else should knows your files have to sort of find the right room otherwise I'm happy to any of next 45 minutes to an hour depending on how much we engage I'm very happy tendentious days you have to have any question on those you you know I want to discuss anything this anything on the elements that so really very very
well and things you know microsoft of and we get these things sorted out is there anybody had not Iistening German I is everybody speaking and understanding German well you're like prisoner and does not mean that you are speaking German that you are not to be alright and so that good so that means we can actually proceed endowment
development of this all but it could always the moment to them in the measured Anderson enforced then last as normally at each my own so what do we do not which think to the if lower doses kernel where while the result of the enough to good I'm ionization of computing out and the only by others Milan and I know that would not to this on signing the others computing environment to the anonymous to always true Alpine assumed doesn't but soybean dust lie on the line this was don't commodity true robustness and minor minor minor or not that's a lovely and prompt case studies and get what the power the I'm Popeye should the Will the titles on the norm among those you descending by and you must use a another man of water to capital nothing about the the puzzle that is modified to the right now as on the scene and the 4th thing hold true life rather than the beginning I've assumed above conceptually his 2 moments London the personal which at the show I knew that
MultiFinder scheme of through food you stayed on you've not registered on the cell lines and cut these you can seek unity that the point other formal is this software for movies she dimensions of fight on each uh adopted so long as movies the dimension of ideas and norms
of some of moment placed by a few mentioned as well when you computing to it right on an d the I 9 of white Jesus use into this is still so this is no which are just small quickly found voting for the user experience in the and that's the sitting on this line of whatever the value of the size women's experience does sermon avoid what ties in need of they are the 3rd mole modesty
softly eyes it's in eating the speech and all of the norm uh in
this nobody old supported in country governments must in order computing model by the iron drops to a leading out on the by the again from computers on what you discover the mind-sets pizzas might going in the health of a cut down looks up at the here is then aligned although the you on the coming of the commoners show from the fifties also scholars movies schnapps want need for leading but warned German for the mandible image in much will pursued milk which so I need dinner the uh which together for advice and stuff on isn't the way that song although norm 2 movies you mentioned that's what you like with the computing but highly encoding the
fire subsets of the time for adults who at the 3rd no big I should probably such things so that's no problem well I was actually initially offering like to continue the instrument but problem that we have the initial that's the perfect that's the of in so there's many things happening you know in 1 of the more successful things I think is the whole story around so
uh the language issues involved with people not necessarily speaking we know we have a quite successful translation story when there's a new anomalies upcoming we have many many languages being conservative known suffer the stated in many many languages in relatively short time In and this is so this is not only a single so this is that not all have this is not only happen a single time but has happened over the last of the useful with the known software that we have constant efforts in enabling well also non-English-speaking people to use well to do that computing 3 subbands best with no we also tried to be inclusive you know the the key word I had uh 2 sides was inclusiveness we extend this term or we also understand this will in this term that we enable people who have different say physical me so we try to make known as uh usable as possible in the sense that we try to make it easy for people with different say with me so different state input methods or different reading methods who the people cannot necessarily you know we regular screen because they have some physical challenges to deal with uh well requires say dedicated hardware all with the same color tinting of the screen these a try to think of these as well issues and we try to make software which enables as many people as possible to use both free software the and we take again we take responsibility for the user experience for the whole system we try to remove issues say uh in the stack and not paper around you know what matters so that's becoming visible when you're dealing with things like say plugin always graphic stuff we don't just you know stop and ask relatively high-level boundary of being like it a new space and being after draw some icons and windows if necessary we dig deep down in in the stack and fix things as speed as in the car so we want to be as inclusive as possible as that this is 1 of the for things that drive the other thing that drives known is freedom no freedom
as a the freedom determine itself by abstract the but the gene known is
new life in the new product is the well got others you if you will of free software In the SER on the on the letters of numbers anybody know what no match the stand for the actin the couple letters right this anybody no any chance the the exactly as new network object model but no G. N. the NSS entity in endowments is new the in so we of course a or dedicated to sort of freedom and softer freedom for us that essentially means the 4 4 freedoms anybody another 4 core freedoms that for offers about throwing I and that's the number 0 it's the freedom to you yes that's actually to uh do the freedom to you know share with their neighbors to help him enables and the freedom to improve down there's like another freedom sort of a prerequisite for these stream number 1 we there are definitely do that you have to understand that if you you have to be able to study of some textbooks so these are the so the freedom that know Miss uh concerned about also but this is not the freedom for I think there's no freedom the I can there's the freedom of you being able to use the
computer out you know listing of being
compromised without you having to be concerned about your communication to be well wide you want to you know do your task on your
computer without having to fear but so that things will in I think the young project or we know we're in a good position to enable peace or to deliver these expectations on these expectations because as it turns out that filtering out of extras information is 1 of the basic function of
branches as according to Barry Watson and their American psychologist he and I think if we had known we are quite good the concentrating on the
same necessary thing here and it's sort of a the highlighting the things that are you know important here and making the other things let's say visible war intrusive truth as I mentioned in the early on in the beginning we try to you know enable people to do their tasks to make the sulfur that does not stand in your way of you know you be successful in performing whatever you set out to do in your in your own or with your computer so we shall try to make decisions you know you for years the is as easy as possible and we should try to focus on things that are necessary indeed and the the do not social things that are maybe not summers and regarding the security of the system or if you translate that my answer to the security of a system we end up
with you know uh remove the removing the user from the creation of the securities because there have been studies which have shown that if you let users so take decisions on future relevant questions regarding your system you may as well Role that's because the user
is well I cannot comprehend uh the the consequences of certain security decisions and I mean now bring some examples off well the sort of decisions that I think that you cannot we well mate make in an informal manner the here in order to sort of convince you off this the fact say and to lay the foundations for all work at known to make the secret is systems that built without the need of his invention or with with as little user interaction I'm planning that's we're
seeing problems every now and then the problems in general are dubious feature or do we use way off you know interacting with the user what
I problems problems are these moral pop ups that's come out of nowhere that you know stay for as long as you click the the option and that force you to take a decision just right now probably while you're doing stuff you know you're probably in the in the middle of performing some time and then you get 1 of these problems you know you get a modal dialog you cannot walk around the dialog you have to know do something with the system right now or you can continue on and we think that these problems realm are not a good way of dealing of interacting with the user in these problems have been quite popular line of like few use it's you don't see them so much the seasonal also because people have realized people make itself that realize that prompts or HE where of interacting with the user but not and they are not an effective way of interacting with the user to problems are just plain
wrong you must not know built self security-relevant relevant software which prompts the user you must have not do that
and you must especially not produce
problems which make it permanent decisions you know where the where the fact of the user in tracking the problems it is time and where it were words not you know a 1 and 1 time decision spots where the and of the of the invention of the user is
head is being stored for for future directions and why is that I claim that this is very bad and actually wrong because users on the middle of performing a task and of course you know the user 1 to perform the task so the user does everything uh year she can in order to get back to the task of the application to continue with their what In my 1 of my most the answer of the law of the
it is is this no if put it this is uh this this promise not showing this connections untrusted you do you really want to continue you really want to connect and you know the user but is imagine the user uh the user just open the chat application across all you know whatever it is that working hours of performing in Africa uh connection or opening in Africa lecture summer and I mean the user has expressed the intent to have this application you know connect to the Internet of the whatever the occasion 1 and of course I want to continue y why
and what have opened the application of force of and I can well claim you know there's some value to this problem I mean it's not that this that the application developer would have I thought of putting comes you know in random places just another use of course the of additional other had a 0 0 1 0 noted to inform the user of the connection being somewhat dodgy entries and you know how do you handle this situation well on the cheap way is to issue a prompt and then at the user such a I think you must not be that I think we must well in this very case and must system term interconnection or maybe offer a settings dialog where we were we can configure the connection and then well setting up connections then you know have this sort of information being processed but not you know when the user opens the vision and potentially wants to start you know chatting with someone then we get this with many get this dialog this is not cool because the users want to perform tasks and if we issue these problems values will be interrupted in the task of them onto and they will potentially they continue because that's what they want to do they want to continue I mean they don't want a confluence rally sail wide actually just in the last 30 ms I decided otherwise I do not want of of course there's an applications which are left sort of easy to handle and the way to remove these pronouns must involve we searching for a way to guide the user to still provide the same say functionality because as I said the application developer capacity problem now all what to do in this situation by the application connects a somewhere there's a problem what all the application to it's not necessarily clear do and uh the way to root of promises to research help to well provide a user interface a user experience to still allow the application to be able to decide what to do and yet and as much the Our disturb the user in their and their task and there's ways around that and we had known we do many of these without all the without even noticing and the another prominent that's a the somewhat funny is this what
like this office not signed by a trusted provider more trusted what would they need suffers not find this there yet again the same facts and that do not a big effect you really are sure that it's safe to do so and this is so much information and I claim that's if you know answer kind of people on the streets but if they what what they would do if they get this dialog you good as well have rolled the dice in order to get a decision the I mean that the metadata imagine the situation where this style comes up you
probably knew were softer update program whatever and you have clicked update please update all packages and then you get this dialog and you probably know all we know how the bill was with this situation probably stand comprehend what's going going on behind the scenes but you're played a specialized onto people have because you from the well have the the fortunate opportunity of having a precise education you've probably heard about the you know issues involved with the people menu clicking you packets for many manipulating packets on the fly you know when you're downloading stuff at but I claim that most people that we try to you know provides with computing do not have this sort and opportunity of having had a computer science education so this is a I think this is 1 of the worst problems that we could possibly have because this is if you click now all these of right so it's like on on you know this is bad and all talk FIL sorry just a group of Jews from me and the the the comment was that this problem does not even tell you what sort of and of that so that's quite a bit of that it doesn't exist anymore I mean I have to say that this is I use to pull this out to offer historic releases the of some it's about 17 frightened proof you know on each every reason of this will still life and I I a reward for not be here because I should rather think these things so these do not or should not exist anymore another very well concerning
dialog is this Abbott funding update which fixes the problem please run before submitting about p cannot be that we that enable people cigar and so on the project right had probably 6 constantly have to go in and up please weights the system is being shut down here and along with that but I modified it up as a prompt an that this the the so stefan of the the so it is it is see problems in software well tried to find a way of enabling the same functionality like uh still enabling application in order to take the decision but without the actual problem and it's a hot subject is not you know that there there would be a an easy way to do so and there's no obvious way for each single prompt but there's ways you right so the the chat application uh well let me roll back just just 1 half that's there are some applications that are quite special I think for example the repr also is quite natural that problems because the browser soul by now there are rebels on application platform so it's there's no single purpose is not a single purpose at the beach application onion and is more of a limited-purpose out it only just chat and for the chat application of the my recommender my recommendation now that sounds funny is was the inventor but if you look at other times applications what they do is when you set up the case when you set up the accounts then you get the sort of request as to whether you want to use this sort of match information including the certificate or not and then in the future of the certificate of matched what you set up than the connection just doesn't know established and there's no problem you may get something like connection Arab these reviews of your security settings something and then you know that the but without prime but more like an informational thing in the constant area of replication and then that by pressing this button you get
to the settings and then you also know were these things are configured for the future this it's not a one-time thing but you get to be general settings page where you can then set up the right what would you exactly what practice of to all all of this so yes so the at this the stand yeah probably the new maybe it's a hard problem yes I I give you up and if there was there was an easy fix we wouldn't have had comes in 1st year it runs like this because they were cheaper applications developers to do and watch I explain what makes no mother different from other say environments is that the young people well it tends to give these issues if offices and they try to come up with ways to enable you know the functionality still but without interrupting the user as badly as the top maybe you know there's still probably needs up and that is probably wouldn't be as bad or year at these prompts that see no you wanted to something some of the properties of the year security this is due to the user you've made of the science of just the next the law the cost this already in informations and the you could prevent so the 1st part that I got was that most of these things are configuration issues not necessarily security problems precision In the 2nd part was too long for me to comprehend because it's quite late in the last sort of the conference it's been it's been an amazing at 20 ounces of conference and quite frank but also mentally so but please repeat itself but it is just the detector to adjust we connect you with this so you can change and we use a small the not so and become was that I was recommending they tend to it into connect anyways if the certificate change but that's not what I meant at least I hope it's also not what I said I said the connection should not be established in a case just not in you just knock at the just not met I mean you just don't because it's not what you set up before the application would probably ask you to set up your credentials and 1st place you know in the initial set up and and then In this of the example of some this the right and in less aggregates also normal that you have you know uh a common a root certificate intermediary which cholestasis and I mean if we all talking TLS then you probably have a TLS credential store and we should of course made use of of the problem in 2017 still is a bad these credentials stalls these root CA scores are a bit messed up we have in new minutes we have no unified way of many but again you know is is working on that there is p 11 you where the 11 kid which has like some who called to unify these credentials source because you have several you have open a cell has own stuff in someone at sea as elsewhere before you have a Firefox which has their own stuff of potential on the web which I think has their own uh route those for still and you have probably there all that feature their own on the job exactly John as on the 1st row and you have all these well ecosystems which which should the owner carbonize for no good reason really other than that nobody sat down and like work on the final and again known is I think 1 of the few people also the Fedora guys at an interest in having the confined but uh the known as 1 of the is involved in getting this sort of fixing cleaned up and this again I attribute this to known being concerned about the user experience of uh and goes down the the steps necessary this 1 the 3 and so it's not an easy these are easy to and again we need to think of all of em together and I think the numbers so t 1 project 2 dollars well make efforts and thinking what is the the of but you of the 2 I'm not some of our covers known like probably a traditionalist and better right so the
answer is well it's no obligations non just fix things that the ideal can be on the desktop is the 1 in this talk I make a asperities is 5 minutes and asking the people you know what you think is no men and what you know does dome involved and everything and then we sort of rates that's known is a desktop environment for people you come up with relatively easy but then what the mean people then that it's the right of that could then against the tougher donors also set of applications and we should I forgot the exact number but it's a it's a relatively large number of applications that you have under all control that we want distributions to ship along or that they ship with what they called and we hope that you know if you solve known that you get a nice and working and fully sort of suited environment your country of course it's that what efficient landing at the end of the day we are again we can only suggest fixes and if you know nobody except that man people do as I'm not entirely sure of light in the test kitchen uh regarding things like that and it spots but what I know is that uh we are concerned with don't forks all the masses and all of them for half a for the code and our 4 of attenuation spring so but I've forgotten the name of your lab and the affixes important fixes and or and we go the extra mile and in all from the other projects and great photographs for these important it's do that to the limited extent that you're capable of I at this and that was thank you thank you and I think that there you have it would have been a few things that you the right here want right so the the comment was or the question was that's a really test example uh when the user wants to know check with someone and uh does matter much but the user can offer a prompt or some other way off well actually right you know the we the exact way of the how the user actor gets a connected matter because the user goes to whatever extent necessary to make the action have never come so what's the value not having prompts song but they have in question the can be the 1 thing is that in the chat education thing you might be tempted as an application developer to have this permanent session if you don't offer this prominent decision 1st phase then you well do not risk that the well user forgets about or that you have a chance of reversing the decision in case the user I realized that it was a bad decision of course then you get the same effect still the revised user interaction I mean if you set something a that actually pictures that show but hopefully in the process of doing so the user also needs to learn how to well set it up correctly you know in the future in case the user realises all I set up the connection wrongly not everybody can read my data bases so the well if you let the user do that if you give the order of the opportunity to do that correctly and the Chancellor higher that the user little do you will be prompted there's no way you can do you can answer the prompt you know in a good way because if you select no council that is not good because the user cannot check if you let you select yes that is that because uh American with the data so this is the promise that there's no debate about the other than the Chevalier pensionable about with the alternative way and I mean it's it's not 100 % good but it's at least a little bit better in the sense that it's the maybe the proper way of setting up a connection and the user can undo the wrong think of the user did before order I don't think there's you know the best way of handling these things I'm thinking all that we have better ways and how and the alternative alternative way off i in the Chatham phase example I think is a better because you know the user learns what underpins things a lot of there are 2 things 1 they're valid of they're valid sometimes and sometimes they're not valid when I to Council or payoffs it's also I think mentally it's a bit easier to comprehend that the things that are that I have setting being are ballots whereas the from the the things in my settings dialog only that sometimes OK so mean there is
another inherent to a state law it's attributed to allicin uh from some using the conference from 2 years ago and this law says that for every k cookie from required for security child is a basic facts perhaps the so if we you know make use of do something
actively in order for the security to be they Banwell well our system is not as good as if this duty was there without the user having to do so we should try to you know have built systems which requires little interaction but still secure whatever secure means in this class so these are the sort of further this is the mind set where we are coming from India known project in general and now i 5 promise and bring some case studies and bring some examples of how I think that we do that and 1 example is this is anybody know what
these people are doing has anybody ever seen that
it's like a bunch of people standing around the that some sheets of paper everything has anybody ever announced and what he had said he sent by what the 2nd part the so what what is the anybody here the state of art and so right so the
call was that the people so that keys so that mean like other the fact that an I immediate equally they're building about frustrate so Due to use these I you can use the fingerprint because this is so what people do they offer thing of situ these are 160 bits of information
and these people when the worst case they're like capturing the bits of information I liked toward the job and these are the the 1 of 40
people were in this like in this huge industry and and this is the typical format of what people deal it's like this is a hexadecimal strain 6 this of information the shall 1 hash of the OpenPGP peaking and people read this out each other and then they claim to verify identities not In the so you've taken parts you participate in 80 what did do like you good for 3 hours in uh Brussels In January because oftentimes it's minus 2 degrees and snowing and you get home to your cold and cough what they do that do something and the the all right so far so you but it is also you read you know the fact that not that of your piece of paper you're not sure in ordering a b or 8 or
something and then you transfer the data Europe's stories saying and then you actually produce
right and how you produce a set of reviews can have like the tool to use you know when you producing the this is the pinnacle this is the gold standard as of now you know if your it it doesn't get any better than using half and half is
a program there's nothing wrong with Perl and some people like it or dislike it never mind and then orders consider a cast you know you're right locale so all I ever wanted use cannot with my parents say I you know not only to ship a book about OpenPGP integrate everything else leadership a book about pro because my friends who need to learn from 1st place before they are able to you know to 40 sense and you cut I think if you mean that is like a
big conspiracy around the sole OpenPGP security vain because we're using all this weird stuff like base 16 years I haven't even ask you what you think uh I do that because it's fun how do you think you can communicate 160 bits of information in the least efficient way possible no yeah policies bits of information on your piece of paper and you want to get that across you know by uttering something how do you get high 60 bits of information across in the least efficient possible what what would you do
the by find right you would use space to encoding of the data and then what you think is the 2nd least efficient way of transferring has 6 of information the utterances the the well before we do that you know basically this for now what about base a probably be you know the next 1 but is also a bit weird the next thing would be based it's so it's quite inconvenient way off your sharing information but yet people somehow like and we have this while I get it running so I get excited the so that you have like lots of problems with the evil infrastructure around the holiday the body you put the key in the recent past right you want to be sure to get the key right because all of which obtained a copy of the ever you get the key from from a key cell right he so other written camel I know quite a bunch of people right uh I've been around if we suffer community for a long time and many people who do programming all get I know exactly 3 person 3 people I mean uh knowing how to program in all come is this weird French dialect from the mid 16 hundreds that by by now only 3 people are being able to write programs so we have this everything is a bit we around the sulfur of proposed and I claim it's a little bit due to the fact that the security people
very mostly are concerned with themselves which is fine you know free software people to use the scratch their own age that's it's a perfectly valid reason you know to develop software but I think we'd be living in a better world if we the targeted say my parents or you know using the security things and again I think that was a good you know as a good mind-set to actually deliver on
that and I'll I'll quickly show some examples of how I think we could make things better regarding this old the signing next if you will the following hollowed we have an interface that face a allows it to select your
own TV show you get a list of Europe's and eventually you select 1 in then you
get some machine information that you can use with the other party you actually want to sign your working that other party would eventually you know make use of the machine readable information then so all the application would make sure that the he's been transferred in an authentic way so that nobody could have tampered with his in friends and maybe in all
qualitative a click of a button and accuse site would that be also developed if you can do that know more less with the application of the signs and I think it's slightly I think it shows how you can you know make things better that have been the way that
they all hope 20 or more years all with just the mind set of trying to be non-intrusive without all with trying to be as inclusive as possible was trying to be able to make it as possible to make use of the In this case it would at I brought a video but let's get to the bad and the go to something talk about something that's much more exciting and
containerization of applications we have all the rage now about talker and images and now is that people talk about snappy and flat hat in the image in the world we do not to so we have heard ending
on project we have further concern ourselves with the question of how the we confine applications so that they cannot do harm in case they are being exploited you know to be able to mighty data facts are they compromise and I you you might say ah well just a stop rights as a dog resting around for what to use something else for by now and you just use that for application but look in in in 1 of those images and you're good to go you might be able to do that but you quickly run
into problems if you wanting to do desktop applications know not as opposed to server-side applications that get along without any interaction if you're having death of applications it's likely that needs to interact with you know not only use of the system itself but also with the 1st week like printer always go your some cars with your camera or something but so you cannot just use you know any existing technology because you will
need to interact with the rest of the work environment somehow for its relatively likely that if you're building a desktop systems that you will need to interact with other parts of not only the system models so we are flat fact that is a new
way of distributing applications in new letters so we're not say not limited to all and running out how much of that is on his 1st this the right so the question was whether something is only usable if on the answer is not it's not to say it's not we were indeed is abnormal what in order for it to work properly thought is a I technology which basically ships your image topic itself is only a cool way off distributing Norwest so actually Fathead itself doesn't even do that itself you know it doesn't even disappear the image itself act only uh calls for makes use of all of West order to ship the data you know from the seller for example to you were machine or well there for
the application to then live on your machine rather than you know 1 you it also doesn't at all them to send itself because it useful bubble redolent bubble wrap is a project which creates a sample a confined environment where the applications so it can live in and where they can hopefully I well will not cause any any harm for the whole system the here the wall but flat pack essentially does is it connects to it reflects all those bits and pieces and gives you a the application delivery mechanism a and ecosystem where you can make your application right and bumblebee applications and and it's uh have users download this application community so all the security properties offer flat kind of
coming from bubble raft of the bubble wrap is true it makes use of links so any lets you have the live program loans go by the bubble wrap the and all of its use of all these modernize and fancy from features like in space sequence and sex basically what you have is a change hoops that's really like very old traditional security feature of life it can be confining a process to a certain directory on your profile system basically here and there but it's it's a short on C write it uses all these other fancy things to well but to make it more secure still but also to enable you to punch
holes in into or through the and what so the sandboxing facilities is what I call the classic security feet you know this
is these are classic classical Linux ways to prophecies well in order to limit them in their potential harm that they could do not by by noting stuff we only into the namespace to prevent things that you prevent the application from being able all right data by not mounting things into the namespace you prevent the application from being able to read data well out of the system by using the group to prevent the application from high quality resources but these are all relatively classic waves off making things more secure and flat you know use all that conveniently without you having to carry out any of this any of these things the yes I said something like well you to interact with the environment because that's probably what uh desolate occasions do so you can punch holes through
the sand box you can you know interact with your state x out of your body demon with your D because you can do all these things by punching holes through the sandbox with you know with uh bubble wrap you can certain arguments and it'll allow you to do stuff that you were not able to do by default by the political ball that we get the most restrictive alignment possible In the you may want to open up the sandbox in order for you to be able to interact with me the
rest of the system a you might want to complement that those with uh a more modern approach to security
which well we call portals these portals or interactive means to are to get to know the intent of the user because I think this is 1 of the the core features of the 3rd Marine modern security solutions so the woman in the core thing is to get to know you take the intent of the user you know you
need to find out what the user actually wanted to do if I open the beach education is relatively reasonable that I want to start checking now so you know as a series of those 2 to some extent so the the user tries to make it possible for the application will do exactly that all and that by having interactive so portals interactive dialogs prompts to some extent we try to find out what the intent of the user 1 the know what is such a portal such a portal could be open something with cheese something with without
with an application in case upper left like that which application you want to you know open this duality or we have a i it printing dialog if you press print that you're being asked what printer you want to use these already the classic thing from people know these already and we're using these mechanisms to find out what the user wanted to and then let the action you know work permit the actions so we can poke through the sample of these portals so to to allow privileged operations like printing but without surprisingly use of the snow where prompt like do you really want to print out something we reason to show that the user wanted to you know to print because the user selected the printer and only then if we select the better the sandbox will be
I will be along the application you know to print the thing and once the dialog is gone the application cannot connected to printer anymore we also using these portals as a temporary mechanism to allow in know compare that to say docker where you can see that given right axis all the time or you can because it cannot dynamically adjust the emissions of the of the image the With this interactive model we can do about and I think it's I think it's great and I think we will see much much more well and ramblings around the signal because I think it's great I think it's enabling us to things that we weren't able to do before you a much much more secure way so this is the 2nd thing let me quickly I do the 3rd thing before we enter the different areas in Yunnan Europe with so another thing that I personally concerned with is that you
speak so in my previous slide was assessing the security on B and I found out that the well just 270 port open on your machine opens a relatively
large Texas essentially lost an asset that could do is hold any pretty much any kernel driver that you have on your like machine and if you're installing any random you know when the orthodox here every kernel driver there is on your machine and yet it is able to interface to interact with this with any of these drivers at their well it's quite scary if you if you think about it if you think about the so the question I think that probably was a when users the and most importantly when you not know and then if you're not using
areas the well and why how actually allowing the USB port to work and you're not know old even being able to use all use the because you're always you know I'm not the screen wide of my use before work why do those my machine alone Attica or I mean any
person really to interact with all these uh Linux drivers when I'm not even here and touching the machine when I'm on the title and I don't think we have a good reason for doing that and you
the is an attack it's so were relatively well known that you know if you're exposed to use B then you get well you might have trouble you know it's up there have been incidents in the past and there will be warranted in the future that make use of the this people and I think
that 1 easy fix this true the sixers to you know just use and you and you know fix up your USB port and then nobody can have I'm not putting of course that's not uh we're coming from a
number of we can do that so that we can block and unblock be used in software and we would
see a video with my graph struggle
worked but it doesn't it's also not about what we would see you know is some some some of which disables use before I certainly you know a own on sorry not device it would there did use me for certain classes for this would not be able to lobes and he uh say CD-ROM drive you know the penny external media because a the people is that it was the becoming especially not keyboard and Frank because you will want to allow keyboards in any case because if you are might bring the best no details again that's requires cities have this this inclusiveness mind set to be able to find out what you need to allow and disallow and was very and text describing the right right so the power was there there was tax assimilating keyboards and that's certainly correct that's absolutely right the yet to from a technical perspective the attacks for quite war they were not used interfacing with any random a kernel driver you had and there were only as powerful as any regular people which in itself is you know like that but if I'm on the on the pollen my machine is not benign find that you know they the keyboard can and the worst thing that you would do is you know where to go through passwords at a rate like that it's not as bad as know the machining compromise because it would spilled the pulses and writer for now name any ancient fossils and that would automatically you know be mounted if I put in a congressional so by at this issues around that really cannot simply disable use be when the screens block of all it would probably be already better than the status quo you right out everything in your body is the your Lewis kernel would have legal any random rival at my my fate to speed device would you make you world uh admitted to and let's scary of the most that's the knowledge right you do you what write so the comment was that enough conformity the words you know you can uh put in and I say it's you can think of a solution either I think it's uh I think it's a bad solution of I think from a on the user experience perspective uh it's it's hard to communicate that you can plug into you to keyboards but not 3 said somehow difficult due to you many problems right you can make profits of the wife yes I would I just prompt so I would probably somehow shoal something like always detected you UIC do you want to make use of that number the Pronto and then if you figure out the set of my device then you would get your list of devices than you could then of like the the device to the to the left of the right if you want to make use of it or something about war the best at case I think is to only allow devices if you have an application sort you know imagine then now now we have the technology solely we started to to having this analogy with flat but we have to take control over what what applications are doing what with environment and why would I built a cannot drive on why would I make my letters from they cannot drive over not having an application that uses the camera you know so I don't think it makes much sense to have the 2 GeV modernist from the love with Compaq we can potentially determine whether we have a an education using the camera and only then make the kernel used corralled become and I think we have many more things to explore in this area and we want to see some the use of which would show some moderation around this these things it's so very experimental 5 as shown you uh sulfur all ideas in various stages I've shown you the keys and of which is sort of in that state you can use that are at now be says the shots were not drawn a relied of so new facts or it's part production already uh if you you know do apt-get install flatpack you get all the subtext of again certifications now and you can you know well do real things with flat I just right now and if you develop applications you should you should patch it up like that right and put it up on fat hot so that other people can use related representation has stopped by an option is to use the style which is very fundamental and is a more in the research phase and it also allows you know for contributions like you to engage in this sort of discussion and make this we'll and usable and protect users from no attacks the use people In I'm way over time already and this is also because we had a great discussion in the nonetheless I want to close it now and of course unavailable you look for the Internet the closing down and I thank you very much for your attention thank