Camping and Hacking at HAR2009
By bblfish on Aug 20, 2009
On Monday 10 August evening I arrived under a light drizzle in Vierhouten in the Netherlands, after cycling the last 100km section of the 300km that I had traveled from the University of Koblenz. I just had time for a beer and a soup, as the c-base bus arrived from Berlin. Night was falling fast, and so we all got together and helped put up the large colorful tent on the edge of a still mostly empty field. The BSD camp next to us had worked out how to get some electricity and kindly let us have enough to power a lamp and a couple of laptops. So we could relax and listen to some music, as it got colder.
I travel very light weight on my bicycle for obvious reasons. So I don't carry a tent with me. Instead I go from hotel, to youth hostel, to family couch. I have not tried the Couch surfing network yet, but it's an extra option I could use. Here on the camp, in the middle of the forest, none of the options were available. So I was very grateful to Dirk Höschen for having taken a nice tent with him for me to sleep in, and also to Rasta for having given me some blankets and furs he happened to have to sleep on. The thick down coat I had carried with me from France, finally came in useful, in the cold nights that followed.
HAR (Hacking At Random) is an international technology and security conference, with a strong free software, freedom of information political leaning. I had not heard of it until I reached Berlin, but was told so much good about it from so many different people, that I was convinced to go. I was lucky to get some last minute tickets, from some friends of a friend from the Viennese Metalab who could not make it. The 2000 tickets had all been sold out a month ago. Needless to say I had largely missed the deadlines for submitting a presentation. The organisers though were interested enough in what I was presenting on Distributed Social Networks that they gave me a couple of 2 hour workshop sessions to present. The first one of them was filmed, but I am not sure where the video is yet. (I'll update this when I get a link to it.) On Saturday I was lucky to get a 10 minute slot on the Lightening Talks track. This was recorded (slides here)
(( Mhh, one learns a lot from being filmed. I was not so aware how much I gesticulate with my hands. Something I picked up in France I think, but without the french mastery...))
Given how foaf+ssl builds up on X509 and relies on existing Internet infrastructure this conference was an excellent place to come to and learn the latest on holes and limitations in these technologies. Perhaps the most relevant talk was the one given by Dan Kaminsky x509 considered harmful, which he gave while downing a bottle of excellent whiskey - as I found out while talking to him after the presentation.
In his talk Dan really beats home the importance of DNSSEC, the next version of DNS which is about to get a lot higher profile as the root DNS server moves over to it at the end of this year. The x509 problems could mostly disappear with the rollout of DNSSEC, which is good for me, because it means we can continue working on foaf+ssl. Also foaf+ssl relies a lot less on Certificate Authorities. The only place where that is important is for server authentication (which is where DNSSEC comes in). Client certificates can be self signed as far as foaf+ssl is concerned.
If there was a main theme I got from this conference, then it was clearly the importance of the deployment of DNSSEC. It may be a lot more heavy weight, and a lot more complex than what we have currently, but the problems are getting to be so big, that it is unavoidable. For a good presentation of these issues see Bert Hubert's talk, the man behind PowerDNS:
For an overview/introduction of what DNSSEC is, how it functions and what problems it solves, see Rick Van Rein's presentation Cracking Internet: the urgency of DNSSEC.
Sun Microsystems is also supporting the DNSSEC effort. In this security alert, you can read
Note 1: The above patches implement mitigation strategies within the implementation of the DNS protocol, specifically source port randomization and query ID randomization making BIND 9 more resilient to an attack. It does not, however, completely remove the possibility of exploitation of this issue.
The full resolution is for DNS Security Extensions (DNSSEC) to be implemented Internet-wide. DNS zone administrators should start signing their zones.
If your site's parent DNS zone is not signed you can register with the ISC's DNSSEC Look-aside Validation (DLV) registry at the following URL:
Further details on configuring your DNA zones for DNSSEC is available from the ISC at the following URL:
The issues addressed by these talks are not just technical, they have political implications for how we live. There were many good talks on the subject here at HAR, but my favorite, perhaps because I followed the story in France so carefully, was the one given by Jéremie Zimmermann co-founder of Quadrature du Net a French site with an English translation, that does an excellent job tracking the position of French and European politicians on issues related to web freedom. Jeremie's talk on Hacking the Law was on Sunday noon, the last day of the talk, and there were some technical problems getting the projectors to work. The best way to get it for the moment is to download it from the command line
And view in in your favorite ogg viewer. I think the talk starts around the 20th minute.
curl -o jeremie.ogv ftp://ftp.sickos.org/pub/HAR2009/room1/r1-filer.20090816-115405.ogv
The talks will hopefully be placed online soon in an easier to access manner.
But HAR2009 was not just about talks. It was also about meeting people, talking, exchanging ideas. Some of the best parties were organised by the Chaos Computer Club a German wide hacker's club that deals with security and political issues, and that is widely referenced by the German media, when in need of enlightenment. They had a great tent with an excellent view of a pond, and at night had excellent DJs to create just the right ambiance to meet people. Mix that together with some Tschunk a cocktail of Club-Mate - the Germanic hacker drink - and Rum, and I found it difficult to go to sleep before 4am.
On Monday morning I cycled the remaining 100km to Amsterdam, one of the most easy going, beautiful towns in Europe, where I am writing this.