PGP Keys



Photo Albums


Presentations available online

Below are recent presentations I've given, in reverse cronological order. If you're interested in having me present at your organization/function/etc, just drop me a line.

LFNW 2024 - Obfuscation Games
This was an experiment - a highly-interactive talk where the goal was to figure out what was being presented. What language is this? What is special about this code? I doubt it comes across well in presentation-only mode, but it was a hoot for me and the folks in the room! 103 slides due to the number of builds as we de-obfuscate things on the screen, mixed with some live shell programming with the crowd.

Video on LFNW's YouTube channel - Obfuscation Games. Sad that we can't hear the audience though, because they were a hoot and absolutely critical to the talk!

LFNW 2024 - Python Unit Testing
Unit tests are (IMO) one of the most important parts of any project. When learning python, I began with learning the testing framework. Because unit tests allow anyone to feel confident their changes work you can encourage more collaboration and faster development. We started from scratch and worked up unit tests including alternative ways to mock external dependencies.

Video on LFNW's YouTube channel - Python Unit Testing. (Audio and video aren't in sync, perhaps put a sticky note over me gesticulating.)

Effective Git Code Review - make their job easier and you look smarter
Code is better when its gone through more eyes. There's a sweet spot between "showing all your (awful) work" and collapsing everything into a single huge unmanageable commit. We'll discuss how to make it easy to see the evolution while hiding your head ends and mistakes. We'll cover theory and style, nitty-gritty command-line options like rebasing and history editing, as well as review-side with open source gitlab core.

Video on SeaGl's site on YouTube SeaGL 2023 day 2 track 4.

SeaGL 2023 'Presentation Roulette'
The slides for "Secure Coding: Fix from Root" by Gopika Subramanian arrived, but due to a miscommunication her pre-recorded video was nowhere to be found! Two dozen or so of us sat while the SeaGL room volunteer wondered what to do. I heard someone speak up and say that since the author was not around, that they'd give the presentation. Then I noticed it was my voice!

So I sat down and went through Gopika's slides! I couldn't see the 'next slide' display, so I could only see the presentation as it came up for everyone. It was a hoot, and more exhausting than I'd have anticipated.

Shout out to Gopkia Subramanian who made a presentation with such a natural flow I was able to do a passable job. You can see her pre-recorded version (which found the next day!) on the SeaGL Live Stream Recording

And for those who want to see the "we're doing it live" version, it's on SeaGL 2023 day 1 track 2 . Sorry for the naughty word as I realized the talk was twice as long as I expected. It's a shame you can't see the face of people who came in late as we all asked "are you the presenter?" while the presentation was already underway. I relied on room involvement, notably Jay Houppermans - thanks for being there and providing corrections and more colour commentary!

Bash Completions for your Custom Commands
I've written who knows how many command line tools. Why did it take until the 2020s before I ever wrote bash completion scripts for them?

In this talk I show how to create custom command line tab complete for easy things like boolean arguments (e.g. -d or --no-frobnicate), or more complex things like auto completing usernames (e.g. --reporter username) to save you time and decrease errors. Here's the original description:

Tab completion saves time typing keys, and helps you remember those --long-esoteric-options without pulling up a man page. You can create bash completions for your custom tools as well, which can help your coworkers and yourself down the road. We’ll build up simple and advanced bash tab completions so you can build your own and save time!
The trimmed video is not up yet, but you can watch from the Day 2 Track 1 livestream at 5:59:10 via youtube for now.

Good shell Patterns
SeaGL 2021 is 100% remote. Thanks covid, once again. Here's the description:
We'll discuss tried-and-true code snippets you can use to make your code more reliable, easier to read, and quicker to debug. Enjoy the elegance of "cd $(dirname $0)", performing actions only on successful exit, and informational help messages. We'll cover all those minor changes that continually come up in our code review sessions that reap outsized rewards.
The video is available on the SeaGL Archive, hosted with the good folks at archive.org (Direct archive.org video link)

Lastly, SeaGL engaged Mind's Eye Creative to produce this graphical slide of the talk as well!

SSH in CI/CD Pipelines
Actually, I did two presentations this year!
Your CI/CD pipeline needs to make things happen, and often that means hitting other machines via SSH or rsync. Since no human is at the keyboard to type a password, how do you automate this securely? We'll show alternatives to passwordless keys in your repository (BAD!!!), describe the security implications, and how you can assure that these keys are usable only for the commands they require.
Video available on the Seagl Archive, (Direct archive.org video link)

10 Vim Tricks
SeaGL 2020 happened 100% remote due to Covid, so I was presenting into the void. Here's the description:

Sometimes you need to write software to solve problems and automate systems. But sometimes all you really need is a good editor and a few tricks up your sleeves. I find myself frequently turning to vim to handle repetitive tasks, and create commands I'll run from the command line. Why write python when some efficient macros will do, or an occasional :%s will save you time? And naturally that godsend for fixing typos, xp.

Once SeaGL is done processing the video I'll link to it.

A Really QUIC History of HTTP
HTTP, first defined in 1991, has undergone radical change since it was created by Tim Berners-Lee in the days of dialup. We'll cover the notable problems and improvements from 0.9 up to the proposed HTTP/3 which sheds TCP entirely and implements a secure and highly performant TLS-over-UDP protocol known as QUIC.

No prior knowledge of HTTP or networking is required, but even those comfortable writing web requests at the command line will learn a thing or two.

This is a highly condensed version of the LFNW

A QUIC History of HTTP
HTTP, first defined in 1991, has undergone radical change since it was created by Tim Berners-Lee in the days of dialup. We'll cover the notable problems and improvements from 0.9 up to the proposed HTTP/3 which sheds TCP entirely and implements a secure and highly performant TLS-over-UDP protocol known as QUIC.

No prior knowledge of HTTP or networking is required, but even those comfortable writing web requests at the command line will learn a thing or two.

Video is available on youtube as part of the full day streaming. (Starts at 4:49:54)

Task automation with Python and DoJobber, LFNW 2018
DoJobber allows you to execute large complex and interwoven tasks by breaking them into individual components and defining any interdependencies. DoJobber determines the right order to run tasks and will try every unblocked task until it encounters a failure. This means it is completely idempontent - you can run it repeatedly until it succeeds.

Rather than a yaml-based syntax with many plugins, DoJobber lets you write in native python, so anything you can code you can plumb into the DoJobber framework. DoJobber is conceptually based on a Google program that was used for automating service and datacenter spinups.

The presentation video is available on YouTube.

Serving Secrets Securely, SeaGL 2016
How do you securely provide sensitive information to automated systems without typing in passphrases at 2 in the morning? Bri will discuss the ways he allows headless daemons to access secrets with minimum security impact. Topics will include ssh and gpg agents, encfs partitions, full disk encryption (including remote unlock), hashicorp vault, SSSP - the simple socket secret provider (Open Sourcing shortly!) and others.

Production Trenches: Pitfalls and Pratfalls (or how I learned to stop scheduling downtime and love the SLA) - LFNW 2016
Whether your title is Production Engineering, DevOps, SRE, or IT doesn't matter. You're the lifeblood of the company, the team that invisibly makes everything work. You, my friend, carry the pager.

In this talk, I passed on wisdom, wit, and embarrassing stories, replacing my normal code-filled presentations with humour and humiliation. You'll learn how to run a solid yet nimble production infrastructure, organize your workload, avoid burnout, and automate caffeine ingestion.

You may you end up making the same mistakes I made, but at least you'll make them your own.

This talk was recorded at LFNW this year, and is available on YouTube. The LFNW site page is at http://lfnw.org/node/3898, and you can submit feedback there if you attended.

Production Trenches: Pitfalls and Pratfalls (or how I learned to stop scheduling downtime and love the SLA) - SeaGL 2015
The precursor to the same talk at LFNW 2016.

Suggest you look at the LFNW version above instead, as many of the verbal bits have been captured in slides, and some bugfixes in the logging output.

Git Administration, Hooks, and Dangerous Things (SeaGL 2014)
Managing your git repositories with gitolite-admin. We'll go in depth about different access levels, grouping users, and allowing selective users to change repo history. We'll discuss how you can use server-side git hooks to enforce policy, send commit messages, or even trigger actions such as pushing content to production. We'll use a DNS server config as an example, where all management is in git and no changes are made directly on the DNS servers any more.

Python For Converts (SeaGL 2014)
Python is a powerful scripting language that can be used for anything between short few-liners, cron jobs, to full web applications. It's not the language of the week, but it's also not the language of perpetual rewrites.

As a long time Perl advocate and now Python convert, I show you what you need to learn to start being proficient in python. This class will discuss the idioms that make python unique, introduce you to the "No, there's really only one way to do it" mindset, and get you past the disdain for forced indentation.

Note that the slides without the talk itself, are somewhat low on discussion, YMMV.

Python For Converts (LFNW 2014)
Same as the SeaGL talk, but with unfixed bugs.

SSH Login Automation, Tunneling, Authprogs, and More
SSH replaced insecure protocols like telnet and ftp ages ago, but it has far more power than simple remote login capabilities. In this talk we'll cover passwordless SSH w/ pubkeys and ssh-agent, locking down access with authorized_keys options, port forwards and SOCKS proxies, ssh 'bouncing', and more.

Also demonstrates Authprogs, an SSH remote command authenticator, which allows you to restrict which commands can be run, thus limiting what access a trusted key is granted.

SSH Login Automation, Tunneling, Authprogs, and More
I'm presenting this at SeaGL 2013. Looking forward to this new Linux/Open Source conference. See http://seagl.org for more information.

Linux Fest Northwest Talks
I have two talks at Linux Fest Northwest this year, Network Protocols Illuminated and Shell Scripting from Scratch. After a long stretch of minimal speaking engagements (limiting myself to the occasional GSLUG lightening talk) it was a pleasure to be back at LFNW and see throngs of Linux veterans and new folk alike.

The Command line is for Everyone
An attempt to dispell the "only uber-hax0rs can understand the command line" myth, this talk from Linux Fest Northwest shows how the command line works - arguments, redirection, etc - to remove the mystery and lead you down the trail to real power. Muahahaha.

Linux Security Overview, Redux
I recycled my talk from ISSA for TacLUG, condensing the 2.25 hour talk into about 1 hour. Many slides were summarized, skipped, or at least overlooked.

Practical SSH Encryption, Tunneling, and Automation
A 1 hour presentation I gave at LinuxFest Northwest this year. I don't think I should have called it 'practical' because really it covers more of the essoteric and bizzare hackish things you can (and should) do with SSH.

Perl Security Overview
A 2 hour presentation (written in the same amount of time) I gave at the November Seattle Perl Users Group. Overview of common problems and pitfalls when developing in Perl.

File Integrity Checking with AIDE
Jeremy Reed and I tag-teamed this talk. My sections are available here.

GnuPG/PGP Encryption
A 1 hour presentation at GSLUG overviewing how PGP works, how to create, exchange, and verify keys, and how to sign and/or encrypt files.

Covert Channels
A 1 hour presentation at SecureWorld Expo discussing various nefarious ways to communicate covertly, from steganography, SSH and SSL forwarding, to application tunneling such as TCP over HTTP or IP over DNS.

Crypto Tunnels with SSH and SSL
A 1 hour presentation at GSLUG (Greater Seattle Linux User Group) covering how to use SSH tunneling (LocalForward / RemoteForward) and SSL tunneling (using Stunnel) to protect your cleartext protocols.

Linux Security Overview
A 2 hour presentation at ISSA Puget Sound in July, 2003. Covers Bastille Linux (basic), identifiying and locking down services manually (intermediate) and the kernel-level security (advanced) with traditional root, capabilities, LIDS, and Systrace.

VPNs and Crypto Tunnels

A talk about various VPN technologies and cryptographic Tunnels available on Linux, presented at Real World Linux in April 2003.

Linux: The secureable operating system -- AKA, 'every linux security hook in 60 minutes or less'

This was a insanely ambitious attempt to cover all linux kernel security in one hour that I presented at LinuxFest Northwest. I only made it through 98 of the 130 slides.