| |
mark :: blog :: oscon
Back from OSCON to a jetlag and a heatwave. Looks like I
could have got my sunburn/tan here instead of flying 11
hours with a broken seat-back TV and a pounding headache.
Anyway I put up
a few
photos of interest from the conference.
Read what we thought of the tutorials until the end of
this week when we've finished writing up what we thought of
the main sessions. joe and I combined
a
talk on XSLT and a talk on Extreme Programming and spent a
few hours in the hotel converting the Apache Week markup
langauge (which was rather like Ventura Publisher markup)
to XML, pair programming, XP-style. It was either that or
watch ABC and play the internet enhanced-TV version of "Who
wants to be a millionaire?"
I'm sitting at the very back of a packed hall, typing this
live as Craig Mundie from Microsoft talks about his thoughts
on open source. He started by saying that Microsoft's
problems and comments are around the free software movement
rather than the open source movement. "Open source isn't
the issue".
It must be strange for him up on stage looking out over a
sea of people wearing plastic red hats. Yes, it's a bit of
a publicity stunt, but we must have got about a third of all
the attendees wearing the fedoras. I had great fun handing
them out on the way in, getting trampled in the rush, but
the attitude of everyone was great. Apart from the guy who
worked for SuSe who didn't want one. Not even to burn,
apparantly.
It's exactly a year ago that I got to visit Monterery
California to report on the 4th O'Reilly Open Source
software convention (Apache Week
issue #208) When I managed to get invited back to San
Diego for this week I thought I'd been given the ideal
assignment; getting to fly to California in July, avoiding
the British rain, and spending a week right on the West
Coast with nearly 2000 other open source advocates. So with
only one direct flight a day from England I was unsuprised
to find a large number of delegates on the plane; wearing
Penguin badges and snapping pictures of the clear views over
Greenland with a variety of digital cameras.
San Diego has great weather, and it's easy to forget that
coming from England, so I managed to get sunburnt. If
you're at the conference this week look out for the pasty
english guys with sunburn. Wireless lans are great; I'm
currently typing this listening to Brian Behlendorf talking
about Apache to a group of people including Larry Wall,
sitting just in front of me.
Off to San Diego tommorrow for TPC/OSCON. I've not flown
with British Airways since 1995 when after two flights with
dismal customer service I vowed never to fly with them
again. However, London to San Diego was cheapest with BA
and I didn't fancy paying the price difference. Also they
might be better now, they've got the seat back TV screens.
I now know two BA pilots too, but neither is flying the
outward or return flights :(
Well I can't leave until I pack, and I can't pack until
I've finished work, and that means writing Apache Week.
People have been asking about the OpenSSL exploit, so I
need to write that up, together with a company that is
giving out free server certificates.
My entire trust model for SSL is based on that fact that
anyone who can issue a server certificate "does the right
thing". That means they check who I am and that I have the
right to use the name I've asked them to certify.
Otherwise someone else could register my name, or something
similar to it, and theres no point having SSL do
authentication anymore. How can a company giving out free
certificates afford to do any checking? But then I've
heard of Verisign and Thawte making serious mistakes
issuing certificates, so I probably had a false sense of
security anyway.
|
|
|
Hi! I'm Mark Cox. This blog gives my
thoughts and opinions on my security
work, open source, fedora, home automation,
and other topics.
pics from my twitter:
popular tags:
[all],
apache,
apachecon,
apacheweek,
cve,
cvss,
fedora,
financial,
geocaching,
ha,
metrics,
microsoft,
nashville,
north carolina,
red hat summit,
redhat,
security,
trips
|
|
