Promoting a sense of community with CloudFest Hackathon 2018
A New Direction for 2018
This year's CloudFest Hackathon featured a revamped structure. Unlike previous years, when sponsors came up with the projects, this year the sponsors took a step back and let the developers define the project ideas themselves.
The results were fantastic. Around 50 men and women from all over Europe attended the Hackathon. The participants included members of the Open Source community, hosting providers, and service providers, working together hand-in-hand.
The Hackathon began with a delicious lunch on Saturday in Europapark, at Hotel Santa Isabel. After lunch, attendees broke off into six groups which began working on their projects immediately. Several teams worked late into the night.
After enjoying a rest (the event included board and lodging) in the fabulous hotels of Europapark, participants returned Sunday to continue the enthusiastic atmosphere and inspiring experience. By the end of the second day, most of the projects were almost complete, with a little more fine-tuning required on Monday.
Tuesday morning brought the official opening of CloudFest, and final moderation of the Hackathon projects. The results were presented on stage by Jeff Hardy (Hackathon host) and Sabrina Waltz (Community Manager and one of the organizers and sponsors of the event). The projects were presented by the participants themselves.
It was wonderful to watch developers who are more or less competitors in "real life" exchanging their routines, sharing their knowledge, and learning from each other.
Event sponsors included:
- CMS Garden
- Domain Factory
- Host Europe
The following projects have been submitted from the community.
Project 1: Automated security check for WordPress plugins
28% of all websites run on WordPress. Vulnerabilities in WordPress plugins are therefore a threat to a great portion of the internet, leading to large-scale spam, DDOS, phishing etc.
A German start-up has already developed a tool that scans PHP scripts for security vulnerabilities by source-code analysis. Based on this tool, this project works on an automated solution that will scan WordPress plugins in the extensions directory for vulnerabilities - at the click of a button. We are aiming at checking the 100 most popular WordPress plugins during the Hackathon.
Project 2: One-time password for ProFTPD
The File Transfer Protocol (FTP) is still very popular in our industry. We are facing the problem that users and service providers save the FTP passwords in their client software, exposing them to trojans and similar threats. These circumstances have led to massive exploits.
This Hackathon project will develop a module for ProFTPD, the popular open source FTP server. This module will offer 1-time passwords based on the Yubico OTP protocol which requires a hardware token for processing the passwords.
Project 3: Secure auto-updates for PHP applications
One of the major problems in today’s IT security is making software updates a part of the software user’s schedule. We are dealing with unnecessarily outdated software and a vast number of known exploits. On the other hand, automated updates imply a certain danger: If the update server itself is exploited it can issue a manipulated update which then will automatically infect all connected system.
Cryptographic signatures could be an easy solution for this problem: only the legitimate software developer (or team) would digitally sign the updates in question. Even after a successful attack on the update server, the software cannot be distributed because of the invalid signature.Based on the PHP library
libsodium we want to develop proofs of concept for popular web applications during the Hackathon.
Project 4: Exploit filtering with mod_security for shared hosting environments
The open source web server module
mod_security allows filtering of attacks on web hosting environments of any size. Lacking available rule sets and issuing too many false positives, the module has not been very popular to date.
The web hoster service SIWECOS is now offering such rule sets for free (as a result of last year’s Hackathon). This Hackathon project will be a workshop for hosters, rule set developers and the developers of mod_security for implementing firewalls in shared hosting scenarios.
Project 5: Domain Connect Example DNS Provider
After last year’s successful Hackathon project building an example service that utilizes Domain Connect, this year we are going to build the other side of the protocol. We’ll build an example DNS Provider. We’ll build this on top of standard DNS implementations and APIs.
Project 6: Secure Industrial IoT Solution Based on Trusted Modules and Open Source Cloud Components
This Hackathon project will develop a whole MVP (Minimal Viable Product) for small companies who want to implement an affordable, secure, reliable and easy to implement IoT solution to monitor production equipment. The MVP consists of different edge devices, like the Raspberry Pi Zero or the Aaeon UP^2 board, and an (on premises) cloud solution like the Open IoT Service Platform (OISP) (https://github.com/Open-IoT-Service-Platform).
The first task is to configure the edge device (with OSS frameworks like Node-RED and libMRAA) to collect sensor data, process it, and send it to the backend. The Trust Module will be used to authenticate the device to the backend and provide needed attestations so that the backend can onboard the edge device secure and simple.
The second task is to connect with the OISP backend solution in the cloud which receives data from the edge device and sets up alert procedures to send messages to a mobile solution.
The third task is to develop a mobile solution with which the system could be monitored and where the alerts will be shown.
Gallery and Downloads
Click here to see a photo gallery from the event, and to download the PowerPoint presentation "CSP Ready IoT Solution for SMB," the final result from the IoT Team.