web dev & more!

Kernelcon - An Epic Gathering of Hackers

Published: April 9, 2019

Over the past weekend, I had the pleasure of attending Kernelcon 2019 in Omaha, Nebraska and this conference has become my new yearly pilgrimage. If I never go to any other conferences ever again and only went to this one, I’d be perfectly happy with that. What made it so great?

Organization

Large black vinyl wraps around pillars of the hotel with the conference logo.

This conference was incredibly well organized. Not only was our parking paid for, but upon arrival we were greeted by these vinyl pillar wraps which made it immediately clear this conference had thought of everything. After registering, we were given our swag bags which were loaded with stickers, quality notebooks, pens, extra soft t-shirts in our size, our conference badges, and an assortment of goods from various sponsors.


A blue WordCamp conference shirt being worn with a kernelcon badge that has blinking LEDs

Yes, I wore my WordCamp Omaha 18 shirt in hopes of shamelessly cross promoting a conference I helped organize.

The badges were fully functioning circuit boards that came with 5 LED lights and programmed to allow attendees to changes colors and patterns. Not only was that fun, but they were hackable! People could take their badges to the Hardware Hacking Village in the conference to extend their badges and add even more blinking lights. Along with the actual badges, the conference had a thoughtful privacy policy communicated via two different colored lanyards; if you wore the provided yellow lanyard, it meant that you were not interested in having your picture taken whereas if you wore the black lanyard, it meant you didn’t have a preference. Reminders were posted all around the convention since this was a security conference and people interested in security also tend to be interested in privacy. For the most part, everyone I encountered was very respectful of this policy.


Experience

I didn’t get a chance to attend the morning keynote as the first day, the workshop I wanted to attend started right away in the morning. But I can’t complain all that much because the workshop was fantastic. In it, we assembled an ODROID-GO. Now, this may look like a simple gaming emulator but it’s so much more than that. After installing a few things like the Arduino IDE and some packages that integrate it nicely with the ODROID-GO, we got to tinkering. Click here for the workshop syllabus repository.

Fully assembled ODROID-GO

Fully assembled ODROID-GO

Some sample tetris code that I didn't personally write, but could tinker with if I felt so inclined.

Some sample tetris code that I didn’t personally write, but could tinker with if I felt so inclined.

Photoresistor (light sensor) with code that prints out sensor reading to the LCD.

Photoresistor (light sensor) with code that prints out sensor reading to the LCD.

After wiring up the bread boards to work with some extra power, we added an ultrasonic sensor (sonar) to measure distance and print the results to the LCD.

After wiring up the bread boards to work with some extra power, we added an ultrasonic sensor (sonar) to measure distance and print the results to the LCD.

Not only did we do these fun little projects, but we also wired up our boards to work with temperature sensors, connected them to a WiFi access point, and reported the temperature data to a server on the network. That’s right, this gameboy-looking device has WiFi on board, and can even connect to Bluetooth. There are so many possibilities!

Along with the workshops, there was a conference wide Capture The Flag (CTF) challenge where attendees could sign up as a team or individual, and score points for competing various challenges like “hacking” a server on the network, finding hidden WiFi access points, or picking locks. I wanted to participate, and even made some friends at the conference who also wanted to but we were so busy practicing lock picking, that we never got around to it.

In the lock picking village, instructors were setup with videos and directions teaching anyone who was interested in learning.

In the lock picking village, instructors were setup with videos and directions teaching anyone who was interested in learning.

After practicing on beginner locks, I successfully picked my first real lock; a lock that happens to be one of the most common available to consumers.

After practicing on beginner locks, I successfully picked my first real lock; a lock that happens to be one of the most common available to consumers.

I also learned how to shim handcuffs with nothing more than a bobby pin.

I also learned how to shim handcuffs with nothing more than a bobby pin.

The second day, I brought my two year old to the conference who SUCCESSFULLY PICKED HIS FIRST LOCK. Granted, I held the tension wrench down for him but he raked the pins all by himself.

The second day, I brought my two year old to the conference who SUCCESSFULLY PICKED HIS FIRST LOCK. Granted, I held the tension wrench down for him but he raked the pins all by himself.

I've blurred out any potential PII so as to not violate the privacy of patients being broadcast on a TV after being intercepted by a hacker.

I’ve blurred out any potential PII so as to not violate the privacy of patients.

The conference didn’t have a shortage of hackers doing what they do. One attendee, setup his software defined radio (SDR) and tuned it to the frequency of pagers. What does this mean? It means that this person was able to see all things sent back and forth between these devices since they are broadcast over the air like how any wireless technology is. Unfortunately for some of the patients at local hospitals, their personally identifying information was captured and shown to the world. Let this be a reminder to everyone to take their privacy seriously.


This conference took an interesting approach by not providing food to conference attendees and instead, opted for a lunch break. I think most people could appreciate this as it left lunch plans up to attendees and drove economic incentives for Omaha by bringing business into the downtown area. However; supper and drinks were provided at the after party thanks to sponsors. Along with sustenance, the after party made for a great opportunity for attendees to socialize. Mini-games were held, as well as “Who’s Slide is it Anyways” where participants were assigned a presentation with pre-made slides (unseen by them until the presentation) that were on a wide variety of topics like the History of Bitcoin, Why Sloths are Awesome, and my favorite; Corn. Why was corn my favorite? Because it’s the presentation my co-worker and I ended up giving AND WINNING.

Giving a 10 minute presentation on corn is tough, but Jordon and I pulled it off.

Giving a 10 minute presentation on corn is tough, but Jordon and I pulled it off.

As I mentioned before, I brought my two year old with the second day. Not only did he have a blast picking locks, but he also enjoyed some of the games that were available like the Jurrasic Park arcade game. He wanted to play in the Super Smash Bros. tournament, but we’re not quite ready to compete at the level that the hardcore players were.

We played this game together a lot and even made it in the official Kernelcon's tweets.

We played this game together a lot and even made it in the official Kernelcon’s tweets.

He had to play a couple rounds with Jordon as well.

He had to play a couple rounds with Jordon as well.

https://twitter.com/_kernelcon_/status/1114551537081225216

Speakers & Presentations

All this, and I haven’t even gone into the different talks by all the great speakers. I know a few wished they had more time, and so did attendees, but there was so much to cram into our two short days. If I had one complaint about the entire conference, it would be that I didn’t get to participate in nearly as many workshops or watch all the talks I wanted to. Decisions had to be made to make the most out of my time but I still managed to see plenty of security focused talks loaded with tips and information about how to become a better developer.

Wrap It Up

At the end of the conference, organizers surveyed attendees to find out what was good, what was not good, where there were hangups, and how people felt overall. I think it was very much appreciated by attendees as everyone who wanted to tell them thank you, was given that opportunity. Prizes for the the after-party games were awarded, along with CTF and the Smash Bros. tournament. Some of those prizes included the Wifi Pineapple (a $200 device), various Arduino boards, and Raspberry Pi’s (a favorite device for hackers). Winners of the CTF were awarded the most coveted prize of all: the Eternal Kernel, a badge that got them free admission to every future Kernelcon. Gasps could be heard throughout the crowd upon this announcement. I’m sure the competition will be ferocious next year.

This is getting to be a very long post so let me just close by saying that Kernelcon was an incredibly well done conference that I can’t wait to attend again. I met lots of interesting people, made some new friends, and learned so much. Big thanks to the volunteer organizers of Kernelcon for putting on one hell of a conference.

All the goodies I took home from the conference with cute pup tax.

All the goodies I took home from the conference with cute pup tax.