Coding by Voice with Open Source Speech Recognition
Speaker(s): David Williams-King
Carpal tunnel and repetitive strain injuries can prevent programmers from typing for months at a time. Fortunately, it is possible to replace the keyboard with speech recognition - David writes Linux systems code by voice. The key is to develop a voice grammar customized for programming. A community has evolved around hacking the commercial Dragon NaturallySpeaking to use custom grammars, but this method suffers from fragmentation, a steep learning curve, and frustrating installation difficulties. In an attempt to make voice coding more accessible, David created a new speech recognition system called Silvius, built on open-source software with free speech models. It can run on cloud servers for ease of setup, or locally for the best latency. He and his collaborators have also prototyped a hardware dongle which types Silvius keystrokes using a fake USB keyboard, and requires no software installation. This talk will include live voice-coding demos with both Dragon and Silvius. The hope is that Silvius will lower the bar for experimentation and innovation, and encourage ordinary programmers to try voice coding, instead of waiting until a crippling injury throws them in at the deep end.
A Penetration Tester's Guide to the Azure Cloud
Speaker(s): Apostolos Mastoris
The wide adoption and the benefits of cloud computing has led many users and enterprises to move their applications and infrastructure towards the Cloud. However, the nature of the Cloud introduces new security challenges, therefore organizations are required to ensure that such hosted deployments do not expose them to additional risk. Auditing cloud services has become an essential task and, in order to carry out such assessments, familiarization with certain components of the target environments is required. This talk will provide insight into the Microsoft Azure Cloud service and present practical advice on performing security assessments on Azure-hosted deployments. More specifically, it will demystify the main components of a cloud service and dive further into Azure-specific features. The main security controls and configurations associated with each of the mainstream Azure components will also be explored. Areas that will be covered include role-based security, secure networking features, perimeter security, encryption capability, auditing, and monitoring of activities within the Azure Cloud environment. Additionally, the talk will include the demonstration of a new tool that uses the Azure PowerShell cmdlets to collect verbose information about the main components within a deployment. The tool also provides functionality to visualize the components within a network infrastructure using an interactive representation of the topology and the associations between the deployment's components.
SecureDrop: Two Years on and Beyond
Speaker(s): Garrett Robinson
Two years ago, Freedom of the Press Foundation introduced HOPE to their just-launched SecureDrop project, the open-source whistleblower submission system for journalists and news organizations that was originally created by the late Aaron Swartz. Now over three dozen news organizations around the world are using SecureDrop, and they've learned a ton about how journalists and sources interact securely. This talk will share a lot of this information for the first time. How is SecureDrop working in newsrooms? What challenges and threats does the system face? And what does the next generation SecureDrop look like?