Everything Open 2026 – Day 3 – Afternoon

Fixing a misconfigured Kubernetes Cluster by Rob Kenefeck

  • First big docker project was to separately build and test application, hardware and OS
  • First k8s job was focused on making tech work, not the security model around it
  • Still considers k8s in Australia to be fairly bleeding edge
  • OWASP Kubernetes Top 10
    • First released in 2022
    • New list version out soon
  • VMs vs Containers
    • People Treat Containers like they are VMs
    • Lots of things in Linux are not namespace in containers
      • Kernel Modules, /sys , /dev
    • Docker Damon will often run as root
    • Shared Kernel
  • Container Security: Opportunities
    • Hardened Kernels – GRSEC, PAX
    • Security Policies/Whitelisting – Seccomp, AppArmor, SELinux
  • Container Security
    • Drop to unprivileged user in Docker
    • Reduce Attack surface – Run from scratch, Multi-Stage container builds
    • Drop all capabilities, add back only what you need
    • Mount volumes with ro, noexec, nosuid, nodev
    • Software bill of materials
  • K02 – Insecure Workload config
    • Apps running as root
    • Ro filesystems
    • Privileged containers disallowed
    • Resource constraints enforced
  • K02 – Supply Chain Vulnerability
  • K03 – Overly Permissive RBAC
    • K8s Secrets are not secret.
    • Openbao is OS alternative to Hashicorp Vault
  • K04 – Policy Enforcement
    • Pod Security Standards via Admission Controller
    • Privileged, Baselines, Restricted
  • K05 – Logging
  • K06 – Broken Authentication
    • tokens left lying around
  • K07 – Network Segmentation
    • K8s networks are flat by default
  • K08: Secrets management
    • Secrets are Environment variables
    • Anyone who can query node or container/pod can see them.
  • K09 – Misconfiguration Cluster Components
    • Dashboards, MCP agents
  • K10 – Outdated and Vulnerable Components
  • Demo with Capture the Flag and vulnerable container

Everything Open Everywhere All At Once by Steven De Costa

  • “ChatGPT: Please create an interesting keynote about random philosophical concepts strung together in a vaguely meaningful way and themed around Chickens”

Lightning Talks

  • End Security by Obscurity
    • mygov code generator app
    • enrol + TOPT
    • is it secure? Is it spyware?
    • Only availbale via the app store
    • Made Freedom of Information in 2021 and gone through multiple appeals/reviews after being denied
    • Looking for money to appeal further
  • High Altitude Balloons and and ASN.1
    • Need a protocol with various requirements to help recovered balloon and get data from it.
    • Existing protocol not ideal
    • asn.1 old protocol that might be useful
  • What would it take to run everything Open in New Zealand
    • Running a conference is hard
    • Small team and Harder
    • Good idea?
    • What will this actually take
    • Contact Chelsea if interested.
  • Open source is not all you need to fight inshitification
    • No but other freedoms are needed
  • Brain Model in your Hand
    • I’m doing a talk in front of 300 people. My brain thinks I’m being chased by a Lion
  • Learn an Indigenous Language
  • How to Eat Fruit
  • Help is at Hand
    • Join a Union
  • My Community
  • Open Source Institute
  • My $50 question now costs a trip to fench
    • Pycon did battle decks
    • What is the most popular emoji on github?
    • Ran a big query on Bigquery
    • Grabbed the software heritage project
    • Lots of small files. Hard to query or mirror
    • 3 Petabytes. Too might to download
  • Solid Open Source Package
    • 6 talks about deplatforming and/or self hosting this week
    • SOLID is a decentralized Social data
Share