Thanks for everyone who came and participated today! Good fun, many learns
:)
Posting this to sudo-discuss as well - join the Cryptoparty mailing list
here: https://lists.sudoroom.org/listinfo/cryptoparty
Reposted for posterity at: https://sudoroom.org/wiki/Cryptoparty
=February 2014=
This cryptoparty took place on 16 February 2014 with no less than 20
engaged attendees :)
==Areas of Interest==
*Mobile security
*Backups (especially photos)
*Cyanogenmod
*Threat Modelling
*VOIP
*Installing Linux
*Installing Lastpass
*Running DNSSEC
*Playing with alternative, secure email systems
*Chat/OTR on Android
*Image metadata
==Agenda==
*Intros and what you're looking to get out of this cryptoparty
*Why security is important
*Split up into groups:
**Mobile security
**Lastpass (password management)
**Threat modelling (eg; activists on the street)
==Takeaways==
*GPG
*Tails is hard to get running on my machine
*TextSecure is easy!
*Helped people set up secure chats, emails, and texting
*Great one-on-one conversations
*Learned a good deal about Keypass and got it running with help!
*Learned about F Droid - an app store for procuring APKs without going
through GOogle Play
*Made a self-signed certificate and locked down CalDav
*Threat modeling - we're not much better prepared than we were with Occupy.
As an iPhone user, I'm pretty screwed no matter what. Need to talk to
lawyers re: handing over keys and such
*DNSSEC sucks! DNS is already terrible, but DNSSEC makes it worse! Clients
don't use it, registrars don't accommodate it, and if you try to use it
you're in for a headache.
*The latest version of Cyanogenmod forces you to use their cloud for your
contacts, which now must be sync'd with a cloud.
*Suggestion: Cryptoparty Movie Night!
*Suggestion: Linux Install Parties
*Feedback: Splitting the group into "let's do this now" and general
discussion was a great idea!
*Homemade vs. commercial Faraday cages for phones, and general physical
security
*How to make this knowledge more palatable to the general public? Comics
etc;
*Best cryptoparty yet! Folks came with specific questions; paired off
really smoothly; no uber-techie debates taking place; specific tasks and
breakout topics.
==Gratuitous Link Dump==
*[https://lastpass.com/ LastPass] for secure password management.
*[https://f-droid.org/ F-Droid]
*[https://securityinabox.org/en/thuderbird_encryption How to Use Enigmail
with Thunderbird]
*[http://openphoto.net/ OpenPhoto (facilitates backing up photos to your
own server)]
*[http://www.frontlinesms.com/ Frontline SMS]
*[https://play.google.com/store/apps/details?id=fr.slvn.appops&hl=en AppOps
- permissions for Android]
===VOIP Services===
*[http://code.google.com/p/csipsimple/ CSIP Simple]
*[http://code.google.com/p/sipdroid/ SIPDroid]
===Custom Android ROMs===
*[http://www.teamdirt.me/ Dirty Unicorns]
*[http://paranoidandroid.co/ Paranoid Android]
Awesome! I may be interested on buying one. 8-)
Jenny Ryan <tunabananas(a)gmail.com> wrote:
>_______________________________________________
>mesh mailing list
>mesh(a)lists.sudoroom.org
>http://lists.sudoroom.org/listinfo/mesh
Hi folks!
Join us tomorrow afternoon at Sudo Room for a combined cryptoparty / mesh
node flashing party!
Learn how to encrypt your emails, phone calls, text messages, and online
chats; get support for any issues you've run into; or come share what you
know with someone new to digital security. More info here:
https://sudoroom.org/wiki/Cryptoparty
In the sudo room proper, we'll be flashing routers with the just-completed Sudo
Mesh firmware <https://github.com/sudomesh> (Snow Crash). Bring your own
router (must have 8MB of flash memory and be OpenWRT-compatible) or buy one
at cost from us ($75). Learn more about the project at https://sudomesh.org
Cheers,
Jenny
http://jennyryan.nethttp://sudomesh.orghttp://thevirtualcampfire.orghttp://technomadic.tumblr.com
`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
"Technology is the campfire around which we tell our stories."
-Laurie Anderson
"Storytelling reveals meaning without committing the error of defining it."
-Hannah Arendt
"To define is to kill. To suggest is to create."
-Stéphane Mallarmé
~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
Greetings!
I work for a startup, Open Garden, that builds mobile mesh networking
technology (for sharing internet between mobile devices). We've held a
couple of community meetups so far, and this Wednesday we're trying out a
Lightning Talks model!
Come talk about a project you're working on and meet others developing
peer-to-peer technologies and services - or just come enjoy the 'beer
garden' and learn about some cool projects! Free.
RSVP at: http://www.meetup.com/Tech-Garden-SF/events/160432902/
Jenny
http://jennyryan.nethttp://sudomesh.orghttp://thevirtualcampfire.orghttp://technomadic.tumblr.com
How did you all think Sunday went? What can we do better? Here's some
constructive feedback that I've received so far:
* Fewer "grand survey" talks and more targeted goal-oriented projects
- I DEFINITELY agree with this and in retrospect wish I'd just sent
people to the wiki page and not tried to construct the kind of talk I
did. I am thinking for the future, rather than going through the
stress of trying to recruit talks the energy should go towards
facilitation and support of the people who show up. Like maybe passing
around pieces of paper where people can write two or three things that
they're most interested in doing/learning/talking about, and then try
to construct an agenda on the spot from that.
* Separate beginners from the advanced. This is a lot like the
dev/user tracking I was talking about a couple weeks ago, which I'm
still not sure about, but just relaying it.
* Somebody whose job is to keep time, take stack, keep things focused,
and in general step up facilitation when cross-talk starts to happen
* More attention to less technical privacy issues like social
engineering, doxxing and general best practices for interacting with
bureaucracies, banks and the surveillance economy. One person in
particular offered to help us do an event centered on these topics but
she said January would be too soon for her.
Does anybody else have feedback they'd like to share or relay?
I really appreciated having the securedrop devs - our own local crypto
rockstars. :)
In general the event felt beginning-heavy, in that we had a
high-impact beginning but it petered into social mingling very
quickly. Some people did get to work on GPG & OTR, which is awesome,
but a lot of other people seemed to leave right away. I'd like to
think of more ways to offer people a sustained value and supportive
environment for the next event.
Sorry I had to leave the meeting early! Can anyone post notes or
summarize what happened?
Before I left, I did learn that folks had decided to narrow the focus
towards training journalists and activists, which I think is great,
but not sure if the mailing list has been notified about it yet!
Anything else we should know?
I volunteered to do the "intro to /overview of attack surfaces" talk.
This is my first time giving such a talk, so bear with me! I've
started a wiki page with the kinds of things I had in mind:
https://sudoroom.org/wiki/Security_Overview
Any updated list of the talks/tracks/sessions we expect to have? I
will try to provide context for later talks and help people understand
how they relate to each other, so it'll be good to know what areas in
particular to focus on.
Thanks!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi friends!
Sunday, December 15 (a bit less than two weeks away) is the next
cryptoparty!
If you're explicitly CC'd on this message, that means you haven't
joined the sudo cryptoparty mailing list :( It is super low-traffic,
and intended for planning and ideas around our monthly cryptoparties.
I know Yardena has some great ideas on creating a wiki / powerpoint
[wikipoint] guide to common security vulnerabilities. I've been trying
to get in touch with Micah Lee about reprinting his fantastic guide to
crypto tools - if anyone wants to help make that happen, that would be
awesome!
Yardena also suggested a User and Developer track - segmented by 'how
can i be more secure today' and 'how can we help everyone be more
secure in the future.' I'd love to try this out!
User Track
- -email / PGP
- -chat / OTR
- -mobile security
Developer Track
- -new secure mail projects [jaekwon, substack]
- -new secure chat projects
Commence plannings in this thread!
Can folks meet around 5 or 6pm on Sunday, Dec. 8th at sudo room? This
would be immediately following a documentary screening, 'The Battle
for Oscar Grant Plaza,' which I highly recommend:
https://sudoroom.org/ai1ec_event/the-battle-for-oscar-grant-plaza-screening…
<3
- --
Jenny
http://jennyryan.nethttp://sudomesh.orghttp://thevirtualcampfire.orghttp://technomadic.tumblr.com
`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
"Technology is the campfire around which we tell our stories."
- -Laurie Anderson
"Storytelling reveals meaning without committing the error of defining
it."
-Hannah Arendt
"To define is to kill. To suggest is to create."
- -Stéphane Mallarmé
~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQEcBAEBAgAGBQJSnrK/AAoJEHTWWpBUSeDhDPsH/RMEMTvI9XczBTwdjJhIadh9
DNBy10uWoAyyOz/9c0QYUBYajNVi4BVrKPkqyWeT2NdKutCbOayDKkaIROOg8mVD
3HeRVcgtud7cxzh8uoRx/cOwGyRwRzxzqlCOi4igCBwI8uiO+EUniQHJVfLlVYfH
7zIrhSn+9PFVnvC5x/emCZOw60B1yWifwQOOQ+MJZmJdl9eNWbmEJovcgbKGJbEW
jeFTF9R/Ruqqqhcl2yvI2Y1gNl3pSjNZglMQSLBtM7oOoVeoQonanqK0wAmZEcVw
wbrsJid6tB4ipK461BCQvWijrOa904xcCTnxuUjNaQJ/BOUomkyq7k4slg0rN5o=
=96HG
-----END PGP SIGNATURE-----
Hi all,
Happy 2nd Sunday, one Sunday away from 3rd Sunday aka Cryptoparty at sudo
room!
If your name is in the 'To' field it's because you haven't added yourself
to the Cryptoparty list yet but have helped out with past cryptoparties. It
would be awesome to have you join us again next Sunday!
I think it would be best to start with workshops and do lightning talks
later on if people are interested.
*1-2pm:* If you come early to plan, I will make a delicious foamy latte
just for you :)
*2-2:30pm:* Introductions, framing, snacks, agenda.
*2:30-4pm: *Workshops:
1) Email / PGP
2) TOR and SSL
3) Mobile Phone security
4) OTR
Others?
*4-5pm:* Lightning talks OR breakout groups OR keysigning party
*5-6pm:* If you stay after and help with cleanup, we can then all hang out,
give ourselves sudokudos and drink beerz <3
Respond to this thread if you're interested in taking on a particular
component of the above schedule. It would be rad if folks could also help
flyer and promote online as well. Anyone have some minutes to make a flyer
tonight? If not, I'll find some time to do so tomorrow, but will be up in
Tahoe much of this week with the Open Garden team so won't be able to
promote in physical locations.
It would also be great to have a handout - I saw an excellent little paper
book by Micah of EFF at the Anarchist Bookfair, and we now have a digital
duplicator at Sudo... will try to print that out en masse next weekend!
<3
Jenny
