Just finished up my first breakout session at weeCamp covering RoR security. I would say half the time was spent with real security topics, but we had some insightful conversation about RoR and I feel those of us that are less familiar with Rails learned some important lessons about properly handling input in Rails. I was hoping to see Eric Pugh at weeCamp, but unfortunately he was not, I think his input in this might have been good, or he could have entered in some good questions if he didn’t have any input on the subject directly.

– Blog Break –

We are now moving into the hardening breakout discussing MySQL, Apache, and PHP hardening. The last two breakouts were SQL injection in PHP and authentication. Authentication was interesting, the injection was standard stuff really, I did pickup something I did not know about the PEAR DB library since I do not use it. I may begin using PEAR more it seems like a pretty nice set of scripts.

– Blog Break –

I really enjoyed the session on hardening, Josh explained a number of features found in FreeBSD that would be great for security on the project I am working on. I am however debating Solaris, but I will have to install them both and see which one gives me more of a headache.

Josh took some time afterwards to answer my questions about FreeBSD security levels and a method they used to harden the file system. This method involves moving configuration files in the /etc directory that will need modification and putting them in /var. The files are then recreated as symlinks to the files now located in /var and /etc is then mounted as read-only. This certainly does add an additional layer of protection and I am excited to try this out.

– Drive Home –

I left weeCamp as excited as when I left beCamp. I was able to connect with more people and learn a number of new techniques that I may not have picked up on my own. I hope to one day have a topic worth speaking about at one of these events. As of right now I don’t feel like I could speak well enough in front of people and teach at the same time.

I have come to the conclusion that conferences are key to a successful career in technology. Especially when they follow the structure of barCamp/beCamp/weeCamp, an environment much like hallway discussion where topics are discussed in a round table fashion or presented by an individual and followed up by a round table type of discussion.

If you would like more details about what we discussed you can see them on the weeCamp page.

I also noticed earlier today that for some reason my 1024 layout is extending by around 40 pixels. Very strange since I don’t have anything pushing it out that far. Oh well, I will probably fix it when I upgrade to WP 2.3, but I really don’t care right now.

Tomorrow is weeCamp, a beCamp/barCamp style conference covering web application security. I am REALLY excited about this conference, there was a chance I was not going to be able to go, but I will be there. The talk I think I will be most interested in hearing is RoR security. I have been learning RoR a bit the past week and while there is a learning curve I am really enjoying it. I have a large project that I am going to be tackling in the Rails framework and I hope that my needs to not exceed my limited experience with RoR. Worst case I have to write it in PHP by scratch or use CakePHP.

Very early Friday morning I was updating my BIOS and it appears that the utility killed off a dependency for my UPS utility, which then made the application think that the connection was lost. This resulted in my UPS rebooting and killing the power to my machine in the middle of the update. I was unable to do a BIOS recovery so I had to order a new motherboard since MSI does not have advanced replacement. If I RMA that board it will take 7-10 business days for them to fix it after they receive it. Combine that with shipping and I am looking at probably a month, considering that is my primary system and migrating everything to another system is just out of the question I felt the $150 was worth it.

Its been a difficult few days even outside my techie life, so I am really hoping this conference will boost my spirits.

We are in session 5 right now of day 2. There have been some interesting discussions going on and I have gained more knowledge on topics I knew little about and I was introduced to technologies I knew absolutely nothing about.

The sessions I have attended so far are Ruby on Rails, Web APIs/Amazon APIs, Scaling Ruby, the last one I am going to is GRails. The API session was actually two sessions, before and after lunch. One of the presenters of the API session created a site called Spotzon, which allows you to search Amazon for products that are in stock and qualify for free shipping.

For my first conference it went well, I made some dumb comments and goofs, but that is normal. I wish there had been a 2nd day of sessions, there was more I wanted to learn, but never made the cut because of the limited sessions.

I’ll post more later

I just got home from Charlottesville after having lunch with the folks over at OSC. During lunch, Eric Pugh informed me of the upcoming beCamp; I’m pretty sure I am going, it sounds like a great setup. I sorta worry that I will end up in a discussion on something I should know, but can’t remember because I took so much time off from this stuff. I guess time to refresh on stuff while I have a few weeks. Here is the current list on the wiki about topics people would like to hear about.

• Yahoo User Interface (YUI) Tools
• Yahoo Pipes
• RSS possibilities
• Ruby on Rails apps
• beTech web dev sandbox
• Groovy/Grails +
• MonoRail
• Web 2.0 concepts
• PHP5
• WWDC concludes on June 14th. Maybe someone who attends WWDC could present on news from WWDC.
• Blacklight
• Solr Flare
• beTech Labs + Code Bank(?)
• Scrum
• Dabble DB
• Selenium
• Subversion/WebDAV/Apache mod_filter

I would like to see Blacklight, Solr Flare, Subversion, Selenium, PHP5, RoR, YUI

If you are in the C’Ville area let me know if you are coming I’d like to meet some more developers in the area.