Black Hat Europe 2015

Black Hat is a famous computer security conference held annually in the USA, Europe and Asia. Philippe Arteau, the original developer of FindSecurityBugs, was accepted as a presenter and because of my significant software contribution, he suggested me presenting the tool together. Y Soft then supported me in taking this opportunity.

Black Hat Europe 2015 was held in November in Amsterdam and over 1500 people from 61 countries attended this event. The conference was opened with the keynote called What Got Us Here Won’t Get Us There mentioning upcoming security apocalypse, complexity as a problem, security anti-patterns, taking wrong turns, developing bad habits, missing opportunities or re-examining old truths (using many slides). The Forum and three smaller rooms were then used for parallel briefings – usually one-hour presentations with slides and some demonstrations of latest developments in information security. There was also Business Hall with sponsors, free coffee and a Tool/Demo area for the sub-event called Arsenal. Here we and mostly independent researchers showed our “weapons” – every tool had a kiosk for two hours and people come closer to see short demonstrations and to ask questions.

Despite presenting during lunch time, fair number of Black Hat attendees came to discuss and see FindSecurityBugs in action. The most common questions were about what it can analyse (Java and other JVM languages like Scala, no source code needed), which security weaknesses can we detect (the list is here, a few people were happy that there are also detectors for Android) and whether is it free or not (yes, it is open source). People seemed to like the tool and someone was quite surprised it is not a commercial tool 🙂

There were many interesting briefings during the two days. One of the most successful presentations (with applause in the middle of it) explained a reliable software-only attack to defeat full disk encryption (BitLocker) in Windows. If there was no pre-boot authentication and the attacked machine had joined a domain, it was possible to change the password at the login screen (and have full access to the system) by setting up a mock domain controller with user password expired. Microsoft released a patch during the conference. Other briefings included breaking into buildings, using continuous integration tools as an attack surface, fooling and tracking self-driving cars or delivering exploits “with style” (encoded in image/HTML polyglot). One presentation (about flaws in banking software) was cancelled (or probably postponed to another event) because the findings were too serious to disclose them at that time, but there was an interesting talk about backend-as-a-service instead – many Android applications contain hard coded credentials to access cloud services and researchers were able to extract 56 millions of sensitive user records. You can download many of the presentations (and some white papers) from the Black Hat website.

I also had time for a small sightseeing – there was a special night bus for attendees to the city centre and I was able to see it again before my flight home too. Amsterdam has a nice architecture separated by kilometres of canals and it is a very interesting city in general. What surprised me the most were bicycles everywhere – I had known people ride here a lot, but I didn’t expect to see such a huge amount of bikes going around and parked in the centre. They don’t wear helmets, sometimes carry a few children in a cart and don’t seem to be very careful (so I had to be a bit more careful than I’m used to when crossing streets). Walking through red-light district De Wallen with adult theatres and half-naked ladies behind glass doors is a remarkable experience too (don’t try to make photos of them, they’ll be angry). Sex shops and “coffee shops” (selling cannabis) are quite common not only in this area.

Another surprise came at the airport, where the inspection was very thorough and I was forced to put everything out of my bag (which I was not very happy about, because it took me a long time to pack it into a single cabin baggage). Just after (when I connected to the airport Wi-Fi) I realized what happened in Paris recently. The plane was also surprisingly small and first time for me I had received special instructions for opening the emergency door (since my seat was next to the right wing by chance). Nevertheless, the whole tripe was a nice experience for me and I was happy to be there, so maybe next time in London 🙂

In November 2015, the third year of the Czech Hackathon was held in Prague. The challenge was to create in less than 2 days a sport application using modern technology such as Oculus Rift, Google Cardboard, Apple Watch, Arduino and others. The use of technologies in sport is becoming more popular. Y Soft therefore decided to set up a hacking team.

From Friday evening on 7 people, including a skilled teammate from sli.do (Dominik Paľo), enjoyed the great atmosphere, lots of interesting people, a chill out zone massage, perfect food and beer and then…

We hadn’t done any special preparation, we had a project idea which we had clarified at work and for which we had divided tasks. After work on Friday we met at the Impact Hub, a welcoming environment, where cool t-shirts and friendly organizers were awaiting us. The evening began with a welcome speech and lectures on Arduino, Apple TV and Apple Watch. Professional athletes also spoke and explained what their training looks like, how technology helps them and what enhancements would be welcomed. The Brainstorming and Assembly sessions started after 22:00. We had agreed our moves in advance, so we assembled a line for beer and dinner. Hacking started straight after the team pitches.

At 3 AM we were still working on the first prototype and application design. Our project was applications for fitness centers. Customers with an iBeacon keyring which identifies them are paired with their web profile. On each machine in the gym there is a tablet that detects whether the iBeacon keyring is nearby and greets the user with the question of whether they wish to work out or to have the statistics of their previous exercises. They can even directly choose the exercise program for the whole period spent in the gym. Whenever a problem occurs, the user may call a coach who can see on his own tablet the position and status of all the machines in the gym.

Gym Web Portal
The Saturday wake up was smooth, motivation was our morning alarm. We hacked, chatted and drank beer the whole day. The pleasure derived from the chillout massage planned before dinner was awesome. The work was divided into the application for tablet, watches, web portal and backend. We went home a bit earlier, a little after midnight. Next morning the final hours of hacking, testing and fine-tuning awaited us. The final presentations and voting started at 13:00.Mobile App Animation

So a great atmosphere and litres of beer and then … we came 2nd! The Hackathon was great, we enjoyed it because we strengthened our friendships, learned to do only what is necessary due to time constraints and spent it in the pleasant company of hacking enthusiasts. It was our second Hackathon. We came 3rd at the first one and 2nd at this one, so you’re welcome to join our Y Soft RnD team of enthusiastic hackers and win first place at the 2016 Hackathon.
Hacking Team
Hack on and run along now to the gym!
Y Soft Hacking Team

 

Members of our Robot team have participated in the worldwide competition of robots on the 11 April to 12 April in 2015, which was held in Vienna, Austria. There were a lot of competition categories including Humanoid sumo, where we participated. Over 600 robots were registered over all categories and 16 robots in the Humanoid sumo.

Robot specifications

Each humanoid robot has to meet certain specifications, e.g. maximum dimensions and weight. The rules also require having a head, two legs, two arms and a name. We named our robot YSoft Ragnarök, which is a great foretold battle from Norse mythology. The limit for the weight is 3000 g, which was quite problematic for us. At the beginning of the competition we had to reduce robot’s weight to 2997 g by removing some insignificant parts. Our strategy is a great stability which many other robots lack, but it comes with demand for heavy parts especially at the bottom of the robot. Heavy body also reduces mobility and speed so we had to develop better solution in order to find the opposing robot reliably, then move directly to it and wreck it. For this purpose we used ultrasonic sensors with maximum range of 2 meters, high precision and low power consumption.

robot clanekArena rules

Tournament started with qualifications and continued with single match elimination. Each match startswith two robots in opposing corners facing each other. The main goal is to push the other robot out of the arena or to knock it down. If any robot is pushed out of the arena, it can be placed within the arena again, however it must be placed face down. If the robot can autonomously stand up, the match continues. Team gains 3 points for pushing the other robot out of the arena. If any robot falls in the arena, the opposing team gains 1 point. Two points are awarded for a robot that knocks the opponent to the ground. Match ends if any robot is knocked out (and cannot stand up), it does not move for a period of time or the time for the match runs out (the maximum time is 3 minutes). The competitor with highest score wins.

Our performance

We have beaten every robot in the qualification group and successfully advanced into the semifinals without suffering a loss. However, this had already happened in the past when we lost the next two matches to finish in the 4th place. This time we tried not to repeat such outcome. The first semifinal match against Mexican robot Speedy Gonzales was quite even as the opponent avoided contact with us so we only managed to knock it down once. The second match versus another Mexican robot Atom was more one-sided because it could not get up after knockout (this match can be viewed here).

Once we got into the finals, we have faced our old rival from Poland, robot DUE. At the end we have beaten them and won the first place (video). Polish robots DUE and UNO took both 2nd and 3rd place.

 

Do you want to attend the famous developer conference, GeeCON, in the Czech Republic? No problem! Y Soft and GeeCON’s organizers bring it to our capital again. We can therefore proudly announce, that Y Soft is the platinum sponsor, co-organizer and key partner of GeeCON 2015 in Prague, on October 22-23.

 

GeeCON focuses on news and hacks all around Java and Java Virtual Machine based technologies. It was first organized in 2009 and since then has grown into a big conference with over 80 speakers and sessions in three days, from an initial 350 participants to 2000+ attendees today. From its originally wider focus, it has crystallized into one specialized topic, although no less rich – all about JAVA technology.

GeeCON is a conference focused on Java and Java Virtual Machine based technologies, with special attention to dynamic languages like Groovy and Ruby. GeeCON is a forum for sharing experiences about modern software development methodologies, enterprise architectures, software craftsmanship, design patterns, distributed computing and more!

The fact that the participants are literally flocking from all over Europe says a lot about the qualities of GeeCON, with some even coming from other continents as well. Traditionally, representatives of Czech developers have come there in large numbers. Lectures take place in several halls in parallel so that all participants can choose exactly according to their interests. You will find famous names from around the world among the speakers – Kevlin Henney, Milen Dyankov, Simon Brown, Grant Ingersoll or Antonio Goncalves.

We encourage you to visit GeeCON Prague, CineStar – Cerny Most, all you have to do is book a date in your diary for the 22nd to 23rd of October, everything else you will discover over the following weeks directly at www.geecon.cz.

The process of forming the team, it’s stages, team roles which should be represented in a team and many interesting issues about team coordination, cooperation, communication and productivity. All of that was discussed during agile community meeting, which Y Soft was hosting last week in Brno office. In this text I want to highlight most interesting issues we have discussed and found ways hoe to handle it.

agilia_01

Introduction

Short introduction by Michal Vallo was about Tuckman’s stages of group development as life-cycle of team construction and Belbin Team Roles as guide to what characters should be included in each team. Later, each participant propose one topic to be discussed, then everybody vote for the one which he likes. I will present three of them which were discussed the most.

agilia_03

Need of Junior/Senior positions

Team consists of different roles and people. One of way how to differentiate team members is usage of Junior and Senior labels. There were many interesting inputs to this topic.

One of the opinion reflected in real company policy was to remove these formal roles. Reasons to do such a thing are more. There is no race in a team to reach senior position. If starting new project and forming new teams, you will prevent situation with low interest in junior positions in a team. But you still have to differ skills and knowledge, reward courage and motivation. It’s should by done by assigning responsibilities, competences, work tasks with different difficulty. And do not forget about money, company benefits and other materialistic stuff.

On the other hand, especially bigger companies has defined career paths, so they need to differ positions on formal level. It also works if these career paths are well defined and they are not limited by project budget or head count calculated on HR. Because there was also one case discussed, where team is limited by budget and even they had chance to hire great senior guy, they couldn’t because of restrictions on number of senior positions.

Low performance of one member in a team

An interesting discussion was about dealing with low performance of one team member, who is lowering teams overall performance. Well working team should identify such a member itself without intervention from higher positions. Move to another team, relocate to another department or fire him are another “simple solutions”.

But what if this member is e.g. external contractor and you cannot get rid of him like this? Again more working solutions were discussed, but think about two types of people. Ones who will get better if you will push them and ones who are too lazy or incompetent for this work type and load. For the perspective ones, motivation is the key. If direct motivation is not successful, try to do it other way. Make them work in pairs with team members which are more productive, make them responsible for something and force them to present work results to the team e.g. on daily stand-ups. They will be shamed maybe, but it should show the difference. For the lazy ones, try to assign them work tasks which are easier, maybe not popular, or just ones that are the cheapest in case they will screw it.

But do not forget. That it’s not only about performance. Team member with lower performance can have e.g. greater social influence for the team, so it’s affecting the team performance also.

Team motivation

How to motivate team and its members to perform better? In the beginning I want to explain difference between motivation and stimulation, because both approaches were discussed. Motivation refers to the will to act, work, create, etc. On the other hand, stimulation deals with encouraging on an initial effort or in supporting an already existing action. Most of discussed motivation practices were:

  • Allowing self-development of team members, based on their will and needs of the team
  • Giving challenging and interesting task to team members
  • Take inputs from team members seriously, try to give valuable feedback
  • Trust the team and let them make decisions, give responsibilities to each team member

If there are some activities in the team like supporting the product or bugfixing, which are not as popular as e.g. new development, distribute these type of tasks over the whole team by rotating engineering role every iteration or distribute it evenly across all team members.

agilia_02

It looked like everybody has took something from this meeting, and I am looking forward to another interesting topics to be discussed in further community meetings.

I had the honor to open the GeeCON Prague conference with a short keynote. I spent several months thinking about appropriate topics as I wanted to express the reasons and motivation why we have partnered with GeeCON team and cooperated to make this happen. Now that the conference is over and we all feel positive about it, my colleagues asked me to share the keynote slides with them. I feel that the slides are not very comprehensive on their own, so I am writing this short post, trying to explain what was on my mind and what message I tried to give.

Two years ago, when we started to look around to search for interesting groups, projects and events within the developer community to support and work with, we have realized that there is no conference for Java  developers in the Czech Republic and there wasn’t one for at least 8 years. The last such event were probably the Java Days organized by Sun in 2006. Anyway, we set out to Krakow with the simple mission, bring GeeCON to the Czech Republic in two years. Mission accomplished. It was fun and a learning experience, I met lots of great people and I am simply happy that I have the opportunity to work with them. So let’s dig into the keynote…

GeeCON in Prague

We met for two days in Prague, with 42 speakers givin talks in 3/4 parallel tracks, more than a dozen of partners and almost 500 participants. Two days packed with information about Java, JVM and related tools and technologies.

In 2013, we started to look around for events, communities and organizations to cooperate. Cooperation with the community is important for any public company and in our case, it is about several things. First of all, any kind of such cooperation is giving you the much needed perspective on yourself. It is also giving you the opportunity to give something back and also to bring something new to your work. For us, it is also about presenting Y Soft and showing what we are doing to the public. When we started in 2013, we realized that there is no conference for serious Java developers and we set on a mission to bring one to the Czech Republic. How this came to this end is perhaps a topic for another post :-).


And so we were there and I used this opportunity to think out loud about how developer community could and perhaps should work.


Have you ever wondered why some communities work and some don’t? Well the key concepts are, in my opinion, contribution and sense of ownership. You probably think that this is just too obvious and trivial thought, so let’s elaborate.

One of the key traits in Silicon Valley is the notion of Paying it forward. This means that everybody is trying to help others without expecting to get immediate return. Help is seen as a long term investment – you do something for somebody now and somebody else will help you when you need it. The most fascinating part of this is, that this really work and not only in the Valley.

When you create something, you own it, but at some point, you need to let it go and open this, so others can contribute. And whenever you do this, you are transcending yourself to your work and letting others to share in your ownership alike.


All contributions do count – no matter how big or small they are. You can do something as small as attending a meetup or joining in a public discussion.

Y Soft is a proud contributor and we proudly share the responsibility for the state of the developer community here in the Czech Republic. We are also proud contributor to GeeCON, being a Platinum Partner in 2013 and 2014. We are having a plethora of other projects, such as Y Soft Technology Hour.


I would like you to think about your contribution. It does not matter whether you do something small or big. But it makes sense to be serious about it, because we all share the responsibility for the developer community in the Czech Republic.

The complete slides to my keynote are available at slideshare.net.

 

The idea behind unconference is that attendees create and plan content.

Y Soft and Kentico were discussing possibility to host unconference in Brno.

How we organized it?

20150305-unconference-introduction

We presented rules of unconference to attendees:

1. Planning

  • submit your topic for discussion
  • place topic which you like onto the planning board
  • join similar topics into one topic

2. Unconference

  • topic owner should kick-off discussion
  • enjoy the discussion
  • feel free to leave room when you do not find topic interesting and join other group

We made 3 iterations of topic discussion. Duration of each iteration was 20 minutes followed by 10 minutes break.

unconference-board

We were running 3-4 parallel tracks and many discussions were happening in corridors.

What was the feedback? It was positive. Attendees liked opportunity to learn about challenges or experience from the other company.

Attendees suggested that discussion time should be longer. Twenty minutes were not enough to dive deeply into the topic.

We’re looking forward to attend next unconference with our friends from Kentico.