Thursday, January 31, 2008
Thursday, January 24, 2008
MadSEC 45699 - 7pm, Thursday, 24 Jan 2008
Yes, I am posting this notice 3 hours after we have meet.
1) The collective has decided that the current meeting numbering scheme is deficient.
In order to satisfy all requirements (new, interesting, secure), from now on I will number the meetings after 2 bytes present in a certain memory location on one of my machines:
At least it's confusing.
2) I missed about half of the conversations. _My take_ on the ones I remember:
That was fun. We should do those more often. /me kicking self
01/25/2008 - an addendum from Will:
1) The collective has decided that the current meeting numbering scheme is deficient.
In order to satisfy all requirements (new, interesting, secure), from now on I will number the meetings after 2 bytes present in a certain memory location on one of my machines:
dd if=/dev/random bs=1 count=2 2>/dev/null | od -N2 -tu2 | awk '{ print $2 }'
At least it's confusing.
2) I missed about half of the conversations. _My take_ on the ones I remember:
- complex issue with tracking unauthorized system use (public) by a rogue employee.
- cross site scripting and request forgery (hey, use site specific browser like WebRunner), input validation, preventing session theft.
- 2 factor (RSA style) are still cool, especially once systems get compromised, and the need for strong auth is freshly apparent.
- there is no good, reliable, fast, awesome clustered file system. gfs just does not cut it. Something about dedicated NFS appliances (I mean APPLIANCES) that I've missed.
- Splunk, esp. version 3 is awesome, and saves our hides.
- something about shooting to proteins
- Patricia tries are awesome for working with network traffic (there was a lot of context to this discussion that will remain offline).
- neat things can be done with iRules on F5s. What's the logic behind embedding TCL in network devices (IOS, F5)? I have "Building Network Management Tools with Tcl/Tk" on my shelf, I know the history, but let's move on.
- Security Data Visualization and managing humans have new temporary homes.
That was fun. We should do those more often. /me kicking self
01/25/2008 - an addendum from Will:
First, there's the Spolsky article on SLAs and uptime[1]. Then there's test-driven development proponent and Python hacker Grig Gheorghiu thoughts[2] on the matter, with a nice plug for Twill[3]. If you haven't used it, Twill is a super cool scripting language for interacting with web pages.
Lastly, I mentioned Bluearc[4] as a possible vendor for high performance NFS stuff. I don't have direct experience with Bluearc, but BNL, FNAL and Purdue swear by them.
[1] http://www.joelonsoftware.com/items/2008/01/22.html
[2] http://agiletesting.blogspot.com/2008/01/joel-on-checklists.html
[3] http://twill.idyll.org/
[4] http://bluearc.com/
Subscribe to:
Posts (Atom)
