GOTO Berlin is a vendor independent international software development conference with more that 60 top speaker and 400 attendees. The conference cover topics such as Java, Open Source, Agile, Architecture, Design, Web, Cloud, New Languages and Processes.

GOTO Night: To Make Hearts Bleed

Host: Daniel Molkentin

When: 10. Sep 2014 at 19:00 - 21:00

Where: Kosmos, Karl-Marx-Allee 131a, 10243 Berlin


We invite you to an interesting GOTO Night with
Daniel Molkentin
on behalf of GOTO Berlin.
Date September 10, 2014
Time 19:00 / 7PM
Venue Kosmos Berlin
Address Karl-Marx-Allee 131a, 10243 Berlin (Google maps) - use entrance right hand site of the building

Cost Free of charge
Snacks & refreshments included
Speaker Daniel Molkentin

"To Make Hearts Bleed" by Daniel Molkentin

A tour-de-force through the real-life SSL-adversities faced by developers outside the ivory tower that are today's browsers. It's the tale of understaffed engineering teams, hard-to-educate administrators. It's the horror of broken and undocumented APIs, and contradicting standards. It's the nightmare of FIPS requirements. It's a story without a happy ending, but with a call to action.

In a hostile and broken Internet, cryptography is a basic foundation of communication. But cryptography has no value when it's not used correctly. Browser vendors have tried to improve usability, but even they can't fix everything. Some of the improvements have actually been outright rejected by usability studies. Finally, even the biggest amount of developers can't fix ambiguities found in fundamental standards such as those defining X.509 semantics.

Moreover, developers who cannot depend on browser technologies are off much worse: They are required to know a significant amount about crypto, and get to re-implement the GUI part of it, often poorly and wrong, only relying on sub-par APIs of their libraries and/or toolkits.

Somewhere else, server administrators are left with unsafe defaults by their distribution. Due to sheer complexity, under-educated sysadmins and old libraries found in enterprise distributions, SSL setups today are a lot less safe than they should be.

This talk will discuss these subjects, provide examples and give hints for workarounds and proper behavior where possible. And after all, post-Snowden there is enough momentum to fix issues on a broader level, as efforts such as LibreSSL have shown. More effort is needed, and this talk outlines a possible solution. 


Daniel is a Senior Software Engineer for ownCloud Inc., where he is working on the ownCloud desktop client. In his spare time, he is contributing to Qt, where he has started to look into improving secure network communication.

Before joining ownCloud, Daniel worked as a Software Engineer for Nokia, hacking on Qt and Qt Creator. Prior to that he was working as an independent software and IT consultant. As an independent author, he has written two Qt-related books and as well as a number of articles for magazines and news portals such as Linux Magazine, and c't on different topics. Daniel has received a computer science degree from Bonn-Rhine-Sieg University of Applied Science.

Twitter: @danimo

Download the slides on Daniels Homepage


For any questions do not hesitate to contact Dajana Günther.   

We're sorry, registration is closed