Free security

Free Security 2017 congress

The general objective of the congress is promoting of open source code and security throughout the Mexican community of programmers & Computer Science students. I was invited to participate as a speaker on the Free Security 2017 congress that took place on the dates between 17 and 19 of May. It is held annually in the city of Tuxtepec, Oaxaca (Mexico) by Instituto Tecnológico de Tuxtepec. This year it was the 7th congress.

As I nearly haven’t attended events of such magnitude before, I had only vague expectations from this participation. Nonetheless, I must admit after these 3 days I am carrying home nothing but warm and joyful experience from Tuxtepec. In particular, my involvement was the speech “What is it like to contribute to an open source project?” and a workshop “Vulnerabilities of websites: attack and defence”.

In the speech about contribution to open source projects I tried to persuade the attendees into active contributions explaining all the material and immaterial benefits I’ve had since I started maintaining a few Drupal contributed modules back in 2012, whereas in the workshop we’ve covered a quick theoretic presentation on various common vector of attacks (XSS, CSRF, SQL injections, file injections, brute force, insufficient access checking, etc) and then executed a few hands-on exercises. I purposely made them “feel” the security concerns in the context of a website by relating my personal experience with each of the covered vulnerability types. Additionally, we saw the penetration in action on various simple websites the students had created during the workshop. So I hope I was able to shape a very realistic understanding of how easy it is to oversee a security hole in their code and what the consequences might be thereafter.

In total there were 7 speakers. In the moments when I was not busy conducting my lectures, motivated by my curiosity I was coming to listen to other running presentations.

Of the particular interest was a presentation about Nova Linux distribution by Allan Pierra Fuentes, a professor at Universidad de las Ciencias Informáticas in La Habana, Cuba. The Cuban government has backed up an effort from a handful of Cuban developers to create own Cuban Linux distribution thus hardening national security. Now the distribution has more than 7 years and each computer sold in Cuba comes with it pre-installed. From the short talk (I would have been happy to listen all day long) Allan gave, it was apparent the magnitude of work assumed by them (all packages are compiled from source in Cuban data centers; they have very open-ended policy towards legacy PCs; 3 flavors are available: light, desktop, and server).

Leonardo Yamasaki, a professor at Universidad Autónoma de Chiapas (Mexico) gave a truly fun workshop where students engineered a lightweight prototype of the R2D2 robot controlled via Bluetooth from one’s smartphone. To me, it brought up sweet childhood memories when I was helping my dad to construct some simple automatic devices for his work.

I would like to close this short write up with an expression of gratitude for all the attention and support I have received during these 3 days from the organisers of the event. Each and every need of mine was attended in a timely manner and transcending my expectations. The food was extremely delicious (Mexicans tend to take it personally when it comes to making sure an invitee’s stomach is happy). I am full of hope my participation has been as useful for the attendees as it was for me as a speaker!

Share this post