Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
boston_past_events [2017/03/30 18:43] bittereggplantboston_past_events [2022/05/08 11:42] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +[[https://www.cryptoparty.in/boston#upcoming_events|Upcoming events]]
 +
 ===== Past Events in Boston Massachusetts ===== ===== Past Events in Boston Massachusetts =====
  
-^Date ^Details ^ +^ Date        ^ Details                                                                                                                             
-2017-03-29 Monthy Digital Security 101 at The Sprouts +2019-6-26   | How to setup and use a 2FA token device, such as Yubikey at Sprout                                                                  | 
-2017-03-27 | Privacy at the Border workshop for International Students Harvard Univ +| 2018-07-25  Monthly Digital Security 101 at Sprout                                                                                              
-2017-03-24 Libre Boston meetup [[https://www.meetup.com/desktop-linux-users-group/events/238268984/  Personal Privacy & Security Skillshare]] |+2018-06-27  Monthly Digital Security 101 at Sprout                                                                                              | 
 +| 2018-05-30  | Monthly Digital Security 101 at Sprout                                                                                              
 +2018-05-09  [[https://mos.org/public-events/cryptoparty|A Crash Course in Digital Hygiene]], at the [[https://www.mos.org/|Museum of Science]] 
 +| 2018-04-25  | Monthly Digital Security 101 at Sprout                                                                                              | 
 +| 2018-03-28  Monthly Digital Security 101 at Sprout                                                                                              | 
 +| 2018-02-10  | Creating a (greater) Boston Meshnet at Somerville public library                                                                    |
  
 +  * [[https://www.reddit.com/r/BostonMeshnet/|r/bostonmeshnet]]
 +  * Mass Pirates [[https://masspirates.org/blog/2018/02/05/saturday-community-meshnet-workshop/|blog post]]
 +
 +^Date^Details|
 +|2018-01-31|Chatting about meshnets at Sprout|
 +|2017-12-27|Monthly Digital Security 101 at Blue Shirt Cafe|
 +|2017-11-29|Monthly Digital Security 101 at Sprout|
 +
 +  * There was interest in a discussion about mesh networking, so demo-ing an Enigmabox would be worthwhile. PirateBox, too? During the discussion, we talked about whether a cryptocurrency would be useful to incentivize hosting nodes / file sharing on the network. Someone specifically mentioned an Initial Coin Offering to build equity. Am not an expert in this area so I don't know whether it's at all feasible. Made for good discussion at the time!
 +
 +  * We also discussed two apps that are trying to address the injustices of people sitting in jail because they are too poor to pay cash bail (something like 700,000 people at any given moment in America). Apps like [[https://thenewinquiry.com/bail-bloc/|BailBloc]] and [[https://appolition.us/|Appolition]] are trying to generate money for community bail funds.
 +
 +^Date^Details|
 +|2017-11-11|Boston Anarchist Bookfair|
 +|2017-11-04|South Boston BPL|
 +|2017-10-25|Monthly Digital Security 101 at Sprout|
 +
 +Talked about:
 +
 +  * [[https://send.firefox.com/|https://send.firefox.com/]] for private file sharing
 +  * [[https://www.privacytools.io/|https://www.privacytools.io/]] if shopping for VPNs
 +  * [[https://keybase.io/|https://keybase.io/]] as a new and interesting way of advertising your pgp public key
 +  * [[https://f-droid.org/|https://f-droid.org/]] as a way of finding open source android apps, which are not in the Play Store
 +  * [[https://authy.com|https://authy.com]] using a true two factor authentication system, instead of SMS
 +  * [[http://www.thesomervilletimes.com/archives/79600|Article]] in The Somerville Times
 +
 +^Date^Details|
 +|2017-09-27|Monthly Digital Security 101 at Sprout|
 +
 +Talked about:
 +
 +  * How to complete the set up for Signal, to ensure no man-in-the-middle exposure.
 +  * How DropBox is known to be p0wed by the NSA.
 +  * The down sides to keeping all your passwords in a Google docs, document, unencrypted.
 +  * Who uses which password manager.
 +  * Services which allow you to generate one time credit card numbers.
 +
 +^Date^Details|
 +|2017-08-30|Monthly Digital Security 101 at Sprout|
 +|2017-07-26|Monthly Digital Security 101 at Sprout|
 +
 +Thanks again to Troy for hosting us! Small turnout this week, but good discussion about semiconductors, trusting trust and thinking about security for lawyers.
 +
 +^Date^Details|
 +|2017-07-20|In association with [[http://encuentro5.org|E5]] & Boston Socialist School|
 +|2017-06-20|BPL Fields Corner branch|
 +
 +I went to the Fields Corner cryptoparty last week and had a lot of fun. Had about 10 attendees. Talked about using general operational security, threat models, strong passwords, password managers, mobile security, and anonymous browsing. Seemed like our info was well-received. We're getting pretty good at the Digital Security 101 training, if I do say so myself!
 +
 +^Date^Details|
 +|2017-06-24|BPL South Boston branch|
 +|2017-05-30|Monthy Digital Security 101 at Sprout|
 +|2017-05-05|LGBTQ-focused [[https://www.facebook.com/events/144403422752740/|Details]], [[http://makeshiftboston.org/|Make Shift Boston]] South End|
 +|2017-04-26|Monthy Digital Security 101 at Sprout|
 +|2017-04-22|[[http://www.bostonsocialistunity.org/|Boston Socialist Unity Project Conference]], MIT|
 +|2017-03-31|Privacy at the Border workshop for International Students - Harvard Univ|
 +|2017-03-29|Monthy Digital Security 101 at Sprout|
 +|2017-03-27|Privacy at the Border workshop for International Students - Harvard Univ|
 +|2017-03-24|Libre Boston meetup [[https://www.meetup.com/desktop-linux-users-group/events/238268984/|Personal Privacy & Security Skillshare]]|
 +
 +^Date^Location^Address^Additional Information|
 +|2017-03-02|Fields Corner branch BPL|Boston, MA||
  
-^Date ^Location ^Address ^Additional Information ^ 
-| 2017-03-02 | Fields Corner branch BPL | Boston, MA || 
 Jamie and I had a great cryptoparty last week at the Fields Corner branch of BPL. The flower of our conversation might be instructive for this month's "Train the Trainer" session. Jamie and I had a great cryptoparty last week at the Fields Corner branch of BPL. The flower of our conversation might be instructive for this month's "Train the Trainer" session.
  
 For context: We were joined by a librarian and three older women, who meet regularly as a reading group. They did not have any expertise in technology. For context: We were joined by a librarian and three older women, who meet regularly as a reading group. They did not have any expertise in technology.
  
-We started the conversation by loading the Norse real-time [[http://map.norsecorp.com/#/|attack map]]. We did this to communicate that, if they didn't already know (!), the internet is not a safe space. There are concerted efforts to compromise networks and identities going on all the time. +We started the conversation by loading the Norse real-time [[http://map.norsecorp.com/#/|attack map]]. We did this to communicate that, if they didn't already know (!), the internet is not a safe space. There are concerted efforts to compromise networks and identities going on all the time.
  
 Because a few of the attendees had personal experience with phishing attacks, we talked about how to hover over a link with your cursor to check the path. Close reading and attention to URL length can save you from many attacks. Similarly, if you are downloading a file from e-mail, you can hover over the attachment and see the attachment's file extension. File extensions like .exe, .bat, .dll should be avoided! What are people phishing for, anyways? Bank accounts. Personal information. Usernames and passwords. &c &c. Because a few of the attendees had personal experience with phishing attacks, we talked about how to hover over a link with your cursor to check the path. Close reading and attention to URL length can save you from many attacks. Similarly, if you are downloading a file from e-mail, you can hover over the attachment and see the attachment's file extension. File extensions like .exe, .bat, .dll should be avoided! What are people phishing for, anyways? Bank accounts. Personal information. Usernames and passwords. &c &c.
  
-We moved into a discussion of passwords -- er, passPHRASES. The [[https://xkcd.com/936/|XKCD]] comic was great, if only to broach the fact that it's not individual humans trying to guess your password, but automated programs that query against dictionaries and tables of known passwords. We talked about salting, 2FA, and about not using the same password for multiple accounts.+We moved into a discussion of passwords – er, passPHRASES. The [[https://xkcd.com/936/|XKCD]] comic was great, if only to broach the fact that it's not individual humans trying to guess your password, but automated programs that query against dictionaries and tables of known passwords. We talked about salting, 2FA, and about not using the same password for multiple accounts.
  
-That was the first 45 minutes of the cryptoparty. During the last 45 minutes we talked about threat modeling and a bit about encryption via HTTPS. I'd say the transition to talking about encryption needs work. It's a crucial topic but very difficult to grasp intuitively at first. +That was the first 45 minutes of the cryptoparty. During the last 45 minutes we talked about threat modeling and a bit about encryption via HTTPS. I'd say the transition to talking about encryption needs work. It's a crucial topic but very difficult to grasp intuitively at first.
  
 Scared straight, the group wondered about how they might audit their computers to know if they'd been compromised. We suggested running anti-malware programs on the reg (recommended AVG as a free alternative). We also walked through opening up the task manager and reviewing what processes are running at any given time. Right clicking was a new feature for most of the group. And we might have accidentally found some malware on the library computer, spoofing as the csrss.exe program(!). Scared straight, the group wondered about how they might audit their computers to know if they'd been compromised. We suggested running anti-malware programs on the reg (recommended AVG as a free alternative). We also walked through opening up the task manager and reviewing what processes are running at any given time. Right clicking was a new feature for most of the group. And we might have accidentally found some malware on the library computer, spoofing as the csrss.exe program(!).
  
-^Date ^Location ^Address ^ +^Date^Location^Address| 
-| 2017-02-22 | Sprout | 339R Summer Street, Somerville, MA |  +|2017-02-22|Sprout|339R Summer Street, Somerville, MA| 
-| 2017-02-18 | East Boston branch BPL | Boston, MA| +|2017-02-18|East Boston branch BPL|Boston, MA| 
-| 2017-02-05 | Somerville Library | Somerville, MA| +|2017-02-05|Somerville Library|Somerville, MA| 
-| 2017-02-03 | The Humanist Hub | Somerville, MA |  +|2017-02-03|The Humanist Hub|Somerville, MA| 
-| 2017-01-25 | Sprout | Somerville, MA | +|2017-01-25|Sprout|Somerville, MA|
  
-Someone already sent a link to [[https://www.harihareswara.net/libreplanet-2016-inessential-weirdnesses-in-free-software.txt|Sumana Harihareswara's talk from last year's LibrePlanet]]. It is really important that we provide a safe space for cryptoparty participants, like addressing our preferred gender pronouns during introductions. An easy thing we can do for our LGTBQIA+ cryptonauts. Same goes for people who don't share our class, politics, race, ethnicity, culture...+Someone already sent a link to [[https://www.harihareswara.net/libreplanet-2016-inessential-weirdnesses-in-free-software.txt|Sumana Harihareswara's talk from last year's LibrePlanet]]. It is really important that we provide a safe space for cryptoparty participants, like addressing our preferred gender pronouns during introductions. An easy thing we can do for our LGTBQIA+ cryptonauts. Same goes for people who don't share our class, politics, race, ethnicity, culture
  
 During the cryptoparty, we walked through securely installing a new operating system for a laptop. We downloaded an .iso file from a torrent for the Xubuntu OS. We downloaded the SHA256sum checksum file to verify that the .iso file we downloaded is the same .iso file Xubuntu uploaded. We also downloaded the public key signature associated with the signed chechsum file. We verified the checksum and the public key using command line tools. Finally, we used the dd command to format a USB into a bootable device with our .iso file on it. In all, it took a good 90 minutes! During the cryptoparty, we walked through securely installing a new operating system for a laptop. We downloaded an .iso file from a torrent for the Xubuntu OS. We downloaded the SHA256sum checksum file to verify that the .iso file we downloaded is the same .iso file Xubuntu uploaded. We also downloaded the public key signature associated with the signed chechsum file. We verified the checksum and the public key using command line tools. Finally, we used the dd command to format a USB into a bootable device with our .iso file on it. In all, it took a good 90 minutes!
  
-We also chatted about Tor and privacy policy. +We also chatted about Tor and privacy policy.
  
 For next month, there was some talk about focusing on surveillance cameras. I think I heard that someone had a camera to bring in to play with? Anyways, I would find it super useful to learn how to "read" surveillance cameras, know what it is they are monitoring. Would anybody else be interested in this? For next month, there was some talk about focusing on surveillance cameras. I think I heard that someone had a camera to bring in to play with? Anyways, I would find it super useful to learn how to "read" surveillance cameras, know what it is they are monitoring. Would anybody else be interested in this?
Line 40: Line 107:
 I thought it would be cool if we produced a short (~20 minute) cryptoparty show that we could get aired on SCATV. They might also help us distribute the show to community access stations across the country. Anybody else interested in producing this with me? I remember someone saying that this had already maybe been done before, too. I thought it would be cool if we produced a short (~20 minute) cryptoparty show that we could get aired on SCATV. They might also help us distribute the show to community access stations across the country. Anybody else interested in producing this with me? I remember someone saying that this had already maybe been done before, too.
  
-^Date ^Location ^Address ^Additional Information ^ +^Date^Location^Address^Additional Information| 
-| 2016-12-28 | Encuentro | 9A Hamilton Place, Boston | | +|2016-12-28|Encuentro|9A Hamilton Place, Boston| | 
-| 2016-11-30 | Sprout | 339R Summer Street, Somerville, MA | | +|2016-11-30|Sprout|339R Summer Street, Somerville, MA| | 
-| 2016-10-26 | Sprout | 339R Summer Street, Somerville, MA | |+|2016-10-26|Sprout|339R Summer Street, Somerville, MA| | 
 + 
 +A couple things from last night: Mailvelope seems to be a pretty cool tool. There's a demand for a Linux "install fest". Let's set aside some time to do that in the future. Speaking of which, seems we're developing a workflow to on-board new members into the crypto community. Something like this: Install Linux –> Generate key pair –> Exchange keys –> Start messaging. The more concrete we can be about this process on the website and during cryptoparties, the easier it'll be for others to join. Talked a little about botnets and DDOS attacks. V v interesting. Would love to learn more about systems administration and protecting home routers against botnets. So turns out the models I've been using to describe encrypted messaging (Alice, Bob, public key, private key) barely scratch the surface of the problem of secret messaging. It'd be great to have more information about what, exactly, models like the Diffie-Hellman diagram are trying to describe. From what I gather, the problem is how to make a handshake when you're being watched the entire time. If you can, please shed some light about this problem! 
 + 
 +^Date^Location^Address^Additional Information| 
 + 
 +|2016-10-22|BPL, Grove Hall Branch|41 Geneva Avenue, Dorchester, MA| | 
 +|2016-09-28|Sprout|339R Summer Street, Somerville, MA| | 
 +|2016-08-31|Parts and Crafts|Somerville, MA| | 
 +|2016-07-27|Parts and Crafts|Somerville, MA| | 
 +|2016-01-27|Parts and Crafts|Somerville, MA| | 
 +|2015-12-30|Parts and Crafts|Somerville, MA| | 
 +|2015-10-28|Parts and Crafts|Somerville, MA|Community Jamboree: Imagining what the Internet will look like in 5 years| 
 +|2015-09-30|Somerville Ave Starbucks|Somerville, MA| | 
 +|2015-09-16|BLU| |PGP Keysigning| 
 +|2015-08-26|Parts and Crafts|Somerville, MA| | 
 +|2015-07-23|Parts and Crafts|Somerville, MA| | 
 +|2015-06-30|Parts and Crafts|Somerville, MA| | 
 +|2015-05-21|Parts and Crafts|Somerville, MA| | 
 +|2015-05-17|Danger! Awesome, Together Boston| | | 
 +|2015-05-02|Point to Point Camp [[http://ptp.camp/|http://ptp.camp/]]| | | 
 +|2015-04-16|Parts and Crafts|Somerville, MA| | 
 +|2015-03-19|Parts and Crafts|Somerville, MA| | 
 + 
 +[:boston|[[https://www.cryptoparty.in/boston]|https://www.cryptoparty.in/boston]]] 
 + 
 +\\
  
-A couple things from last night: 
-Mailvelope seems to be a pretty cool tool. There's a demand for a Linux "install fest". Let's set aside some time to do that in the future. Speaking of which, seems we're developing a workflow to on-board new members into the crypto community. Something like this: Install Linux --> Generate key pair --> Exchange keys --> Start messaging. The more concrete we can be about this process on the website and during cryptoparties, the easier it'll be for others to join. Talked a little about botnets and DDOS attacks. V v interesting. Would love to learn more about systems administration and protecting home routers against botnets. So turns out the models I've been using to describe encrypted messaging (Alice, Bob, public key, private key) barely scratch the surface of the problem of secret messaging. It'd be great to have more information about what, exactly, models like the Diffie-Hellman diagram are trying to describe. From what I gather, the problem is how to make a handshake when you're being watched the entire time. If you can, please shed some light about this problem! 
-     
-^Date ^Location ^Address ^Additional Information ^ 
-| 2016-10-22 | BPL, Grove Hall Branch | 41 Geneva Avenue, Dorchester, MA | | 
-| 2016-09-28 | Sprout | 339R Summer Street, Somerville, MA | | 
-| 2016-08-31 | Parts and Crafts | Somerville, MA | | 
-| 2016-07-27 | Parts and Crafts | Somerville, MA | | 
-| 2016-01-27 | Parts and Crafts | Somerville, MA | | 
-| 2015-12-30 | Parts and Crafts | Somerville, MA | | 
-| 2015-10-28 | Parts and Crafts | Somerville, MA | Community Jamboree: Imagining what the Internet will look like in 5 years | 
-| 2015-09-30 | Somerville Ave Starbucks | Somerville, MA | | 
-| 2015-09-16 | BLU | | PGP Keysigning | 
-| 2015-08-26 | Parts and Crafts | Somerville, MA | | 
-| 2015-07-23 | Parts and Crafts | Somerville, MA | | 
-| 2015-06-30 | Parts and Crafts | Somerville, MA | | 
-| 2015-05-21 | Parts and Crafts | Somerville, MA | | 
-| 2015-05-17 | Danger! Awesome, Together Boston | | | 
-| 2015-05-02 | Point to Point Camp [[http://ptp.camp/|http://ptp.camp/]] | | | 
-| 2015-04-16 | Parts and Crafts | Somerville, MA | | 
-| 2015-03-19 | Parts and Crafts | Somerville, MA | | 
  
-[:boston|https://www.cryptoparty.in/boston]