I can tell you a bit about the Minneapolis positions and the Sydney position. Otherwise, I’ll have to point you to our recruiter. Job descriptions at https://www.perforce.com/careers (or I can fetch them for you as you are interested)
The title of this year's talk is The Ethics Void. Here's a rough abstract:
Medicine, legal, finance, journalism, scientific research—each of these fields and many others have widely adopted codes of ethics governing the lives of their professionals. Some of these codes may even be enshrined in law. And this is for good reason: these are fields that have enormous consequences.
Software and technology pervade not only through these fields, but through virtually every aspect of our lives. Yet, when compared to other fields, our community leaders and educators have produced an ethics void. Last year, I introduced numerous topics concerning #privacy, #security, and #freedom that raise serious ethical concerns. Join me this year as we consider some of those examples and others in an attempt to derive a code of ethics that compares to each of these other fields, and to consider how leaders and educators should approach ethics within education and guidance.
For this talk, I want to solicit the community at various points. I know what _I_ want to talk about, but what are some of the most important ethical issues to _you_? Unfortunately there's far too much to fit into a 40m talk! Also feel free to e-mail me at mtg@gnu.org.
Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against #Android 6.0: it forces the client into using a predictable all-zero #encryption key.
so Mozilla is still working on the plans to eliminate poorly managed Symantec-issued certificates from Firefox, but perusing the mozilla.dev.security.policy list it sounds like they're more or less going to stick with Google's plan.
SSL-using sysadmins note that Chrome will remove trust in Symantec-issued certificates issued before 1 June 2016, including Thwate, VeriSign, Equifax, GeoTrust, RapidSSL. Mozilla just updated their Root Store Policy, but it's not clear that they're doing the same, even though it was their mailing list that identified the problem. They're using a DigiCert certificate (like $work) so at least THEY don't have to worry. Ironically, the Google Security Blog is using a Symantec certificate, albeit a pretty fresh one.
here's one for the systemd haters: you can set up a service with a username starting with a digit (whether or not it exists) and it will run as root. worse yet is that Lennart thinks it's not a bug. https://lwn.net/SubscriberLink/727490/d161e315ff0775c1/ #security