Vienna DevOps Meetup

THIS MEETUP WILL BE IN-PERSON 🕺

What to expect:
🗣️ Two or Three speakers
👥 Meet old and new friends from the community
🍕 Free food
🎉 Open-end and free drinks afterwards
✔️ Just RSVP!

Agenda:

• 17:30 - Doors open
• 18:00 - Welcome
• 18:10 - 🗣️ Dominik Hack — The magic of sceptical Software Architects: A dive into complexity theory
• 18:55 - Break
• 19:05 - 🗣️ Carlotta Tagliaro — Balancing Act: Ethical Considerations in Testing the Security of IoT Backends
• 19:35- 🗣️ Riccardo Capraro — A first shot at taming complexity in production
• 20:00 - 🎉 Open-end

🧑‍💻 Speakers:

Dominik Hack is a Software Engineer at SQUER. He ❤️ bouldering and alpacas 🦙 (rumours say he's also amazing at building software)

Software architecture is hard, but why exactly is it difficult? There are lots of reasons someone could guess why it is strenuous to plan and construct a software architecture for a whole system. His talk will focus on the 3 points:

• Time
• Uncertainty
• Change

Furthermore, we will discuss how complexity, a weird thing called "residue" and an unpredictable Godzilla attack can help us build reliable software architecture more easily.

Carlotta is a fourth-year PhD student at TUWien in Vienna, Austria. She has a great interest in Internet of Things security, especially in the application-layer messaging protocols and how their backends are enforcing protections. Additionally, she is investigating the impact of companion apps on user security and privacy when communicating with IoT devices.

Internet of Things (IoT) devices, ranging from smart home assistants to health sensors, are pervasive. Understanding and improving their security and their machine-to-machine communication is crucial. Carlotta and her research group focus on three real-world protocols used by IoT vendors for our large-scale analysis: MQTT, CoAP, and XMPP. They gathered a dataset of over 300k backends and performed non-invasive active measurements (e.g., software fingerprinting) to investigate three major security threats: information leakage, weak authentication, and denial of service. Their measurements raise ethical concerns that particularly affect practitioners, as an invasive analysis might impede or disrupt the correct functioning of a service.

During her talk, Carlotta will discuss how they overcame such shortcomings and she will show how they performed an ethical assessment of the security of IoT backends without interfering with their operation, by performing a large-scale Coordinated Vulnerability Disclosure (CVD) according to industry best practices with 2,000 vendors/developers.

With this talk Carlotta will showcase the gaps in IoT security and what options we have to improve how the industry can proactively handle vulnerability disclosure.

Riccardo works as a cloud and platform engineer at SQUER, focusing on pipeline design, automation, and Kubernetes-based solutions.

In this talk we will dig together into the topic of complexity (theory), talking about what tools we need to tame complexity when dealing with production systems: monitoring and traceability, reproducibility and access, team dynamics and incident management, and more.