Devconf.cz 2023

This talk briefly introduces post-quantum cryptography and discusses the following issues. How do emerging quantum computers jeopardize current security protocols (TLS, SSH, IPSec) in ICT? How long can we use existing asymmetric schemes such as RSA, ECDSA, ECDH, etc.? Which quantum-resistant cryptography protocols are recommended by security authorities, e.g. NIST, NSA, BSI, etc.? How shall we establish keys, encrypt data, and digitally sign messages after 2025? Are current security libraries ready for the post-quantum era?

Serverless and Function as a Service (FaaS) are getting more and more attention from customers and developers as a way to develop, run and manage applications functionality without the burden of infrastructure related knowledge. All big cloud providers offer them already, e.g., AWS Lambda, Google Cloud Functions or Microsoft Azure Functions. One of the most relevant upstream projects for serverless is Knative, which recently added support for functions (create, build, and deploy) on top of K8s clusters.

This workshop will introduce you to the FaaS model, as well as to building Kubernetes operators. You will implement a K8s Operator, using the operatorsdk framework, to provide the functionality of the Knative CLI. This will allow to easier create, build and deploy functions with Knative just by creating Kubernetes (CR) objects, and will help you learning the internals about how K8s Operators work in a real life example.

Since HTTP 1.1, we have the Cache-Control HTTP header to manage the cache flow mechanism. You can get a stale response if an error occurs, get a cached response only if it’s a maximum X seconds old. We saw the Age header in addition to the TTL directive in the response, and the X- prefixed response headers in favor to standards. Some companies tried to add other caching and edge-side servers behaviors without success (e.g. the ESI tags). During the HTTP/2 and HTTP/3 developments, there was a lot of draft RFC to add more standards on the servers to handle the cache, be able to group cache keys, add newer HTTP response headers. See together the improvements and the new features that can be used to deal with the HTTP cache.

Forensic container checkpointing was recently introduced as an alpha feature in Kubernetes. This feature allows to transparently save the state of running a container as a collection of image files to persistent storage that can be used to reconstruct the processes inside a container and the data they have used at the time when the checkpoint was created.
In this talk we will focus on exploring a set of tools and methods that can be used to analyze container checkpoints and extract useful information, such as application's memory, metadata, timestamps, open files, network sockets, and to recover deleted (ghost) files. These tools can be used to examine the captured runtime state of all processes running in a container and to uncover evidence of malicious activity.

Both the European Union (EU) and the United States (US) recently started investing in chip design and manufacturing via their
respective CHIPS Acts, with the end goal being sovereignty in the semiconductor industry. Part of the EU investments is the recently
funded Horizon Europe AERO project. AERO has the single goal of upbringing the necessary software components for cloud-ready deployments over the EU processor designs created by the European
Processor Initiative (EPI). In this talk we will provide an overview of the AERO project and will demonstrate two key components of the
software stack regarding the Java ecosystem:
1) Quarkus from Red Hat; a Kubernetes Native Java stack tailored for OpenJDK HotSpot and
GraalVM's native-image.
2) TornadoVM from the University of Manchester; a JVM plugin for accelerating Java programs on GPUs and FPGAs.

As AI becomes more mainstream, there are likely to be entirely new career fields that have not yet been invented. In this talk, we aim to recognize the impact of AI technologies on various software testing activities or facets in the STLC , explain some of the biggest challenges software testers face while applying AI to testing and how self healing will take care of your script and save script maintenance time. Audience will also get to know some key contributions of AI in the future to the domain of software testing.
Key Takeaways:
how AI and ML can be used to improve your testing processes, leverage AI-based security tools, and implement risk-based methods such as risk-based testing that can leverage big-data insights.
How to make the current automated tests more resilient and less brittle.
How self healing observe changes in the application and start learning the pattern of changes and then can identify a change at runtime without you having to do anything.

Postquantum transition of cryptographic algorithms is one of the challenges for the whole community and to Red Hat in near future. The transition should be done in several years, and we should be ready to deal with it.
Currently we can't add the support of these algorithms in RHEL because of lack of finalized standards. But we can provide the implementations of the current standardization level in Fedora to ensure the transition happen as soon as possible.

Red Hat Crypto team has a roadmap and plans of introducing the PQ algorithms in Fedora to prepare the transition to Red Hat.

The presentation describes our choices, current state, and next moves to ensure that the algorithms will be usable in Fedora at least for experimental purposes.

We all see AI changing everything around us - especially the market-speak. It is the best! It will keep us safe on the internet because AI is faster, more knowledgeable, and never sleeps. Right?

This talk will provide a brief glimpse into the current research on autonomous cybersecurity systems. It will introduce the research, engineering, and societal challenges and outline the effort that goes into overcoming them. It will then dive deeper into the topic of developing environments for the training of autonomous systems. On the example of the CYST cybersecurity simulation platform, it will demonstrate the many tradeoffs one has to make when designing such an environment. Finally, it will introduce the AI-Dojo project and show that, market-speak or not, there may be autonomous cybersecurity systems in the near future after all.

After the talk, the attendees should:
- understand that there is currently nothing to fear from AI in cybersecurity;
- have an insatiable urge to change that.

With over 5 trillion megabytes of data on the internet, data privacy is becoming increasingly important. Many people blindly accept website privacy policies, leading to the transfer of personal information to the public domain. However, some platforms offer data anonymization, which allows personal information to be encrypted while still enabling analysis and inferences. Homomorphic encryption enables the safe, secure, and private sharing of data in untrusted environments, such as public clouds or with external parties.

In this talk we will cover,
1. Introduction to HE and its significance in data security.
2. Comparative study of open source HE tools.
3. How HE can transform the way we view open-source data and enable multi-party sharing.
4. Intersection of AI and HE, and how it can enhance data privacy and security.

Attendees will leave the talk with a deeper understanding of HE, its potential applications, and the ways in which it can improve data security and privacy.

Propose the idea to build new, or transform the existing quality testing to reduce the climate impact. Running computing tasks that consume a high level of resources and that have already been planned, not last minute, when the electricity is as clean as possible because it comes from renewable sources. I want to explain how this is actually possible based on the projects from two organizations: Electricity Maps and WattTime, they provide APIs that can be used to obtain real CO2 emissions forecasts in order to make carbon efficient decisions.

The talk will focus on a design and development environment coming from the H2020 PHYSICS project, that aims to ease application evolution to the new FaaS model. It uses the Node-RED open source tool as the main function and workflow runtime. The goal of the environment is to enable a more user friendly and abstract function and workflow creation process for complex FaaS applications. To this end, it provides an extendable, pattern-enriched palette of ready-made, reusable functionalities such as workload parallelization, data collection at the edge, function orchestration creation among others. The environment embeds seamless DevOps processes for generating the deployable artefacts of the FaaS platform (Openwhisk). Annotation mechanisms are also available for the developer to dictate diverse execution options towards the deployment stacks, including sizing and locality considerations, as well as abilities for dynamic FaaS applications to continuously leverage the edge-cloud continuum.