Posted by Jonathan
Day two of RailsConf Europe 2008 is over and so are my two sessions.
On tutorial day Mathias and I did a 4h workshop on deploying and monitoring Rails applications. The tutorial went really well, apart from the AirportExpress base station not coping with 100 laptops connecting to it. In the practical part we had a FreeBSD server with 40 virtual machines running and helped the audience deploy an example application with git or svn and Mongrel or mod_rails.
On day two I held my Security on Rails session where I go over the various attacks and countermeasures against Rails applications. This session was also well received and I hope I could educate people a bit about WebAppSecurity.
The slides are available as PDF here: Security on Rails (PDF) Deploying and Monitoring Rails (PDF)
Further, you can find both presentations at slideshare.
The slides are available as PDF here: Security on Rails (PDF) Deploying and Monitoring Rails (PDF)
If you attended one of my sessions, I encourage you to rate them at the conference site.
So far my expectations have been met and I've could catch up with a lot of people. I'm looking forward to day three of RailsConf Europe!
Posted by Jonathan
May is going to be a busy month, with several conferences and events lined up.
On May 14 I will be giving a lecture on Web 2.0 technologies for the Web 2.0 Start-Ups - Vom Entrepreneur zum Business Angel seminar at the Technical University of Berlin. This seminar, organized by Timo Glaser, is packed with German Entrepreneurs, Venture Capitalists, and founders. My lecture will cover why start-ups nowadays are able to deliver great services and products so fast. Amazons Web Services, Google App Engine, Ajax, Ruby on Rails, and Open Source tools will be part of the story.
|
On May 27 -28 I will be at the Dynamic Languages World Europe conference in Karlsruhe. With speakers like Neal Ford, Jason Seifer, Stefan Tilkov or Gregg Pollack there is some interesting line-up. I will be talking about Ruby on Rails Security, from deployment security to CSRF or XSS in Rails.
|
|
May ends for me with Linuxtag 2008 here in Berlin (May 28 - 31). There I will also talk about Ruby on Rails Security. Further, it seems like a very interesting project I'am part of will present a sneak peak.
|
Posted by Jonathan
The conference season is starting again for me and I wanted to note where I will be/speak during the next couple of weeks.
|
First, there is Ruby Fools Copenhagen (April 1st and 2nd) where I will speak in the Ruby Performance track about Rails on AWS and how to leverage EC2, S3, and SQS in your application. The lineup at Ruby Fools looks really good with speakers like Glenn Vanderburg, Michael Koziarski, Evan Phoenix, Dr. Nic Williams, Dave Thomas, and Matz himself. Unfortunately I will not have too much time in Copenhagen as I have to leave early for Scotland on Rails in Edinburgh.
|
|
I'm really looking forward to be in Edinburgh again. After living, studying, and working there it feels like a second home. At Scotland on Rails (April 4th and 5th) I will talk about Rails Patterns: typical problems and scenarios in Rails applications like asynchronous operations (image processing, calculations, ..), authentication or deployment and common solutions and best practices.
|
In Mai I will be at Linuxtag 2008 in Berlin and hopefully talk about Ruby on Rails Security, but this talk has not been confirmed yet. Further, there is a chance that I will be speaking a the iX Cebit Forum 2008 about our internal Software Development Process and Agile Development.
Posted by Jonathan
The slides and a video of my Ruby on Rails Security session are now online. The 24C3 was a lot of fun, unfortunately I couldn't spend all 4 days there.
My talk covered most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration were be examined and best practice solutions were introduced.
The is also a Google video version: Ruby on Rails Security.
Get the slides (PDF - 1.6 MB) or the video (mkv - 95 MB). Other formats are available from the official mirrors or the torrent site.
Posted by Jonathan
Rails-Konferenz was really a success, nearly a hundred people showed up!
Lot’s of interesting talks and I’m looking forward to the next one.
The slides to my talk about JavaScript and RJS in Rails should soon on the Rails-Konferenz site.
There are also available here:
JavaScript und Ajax mit Rails
Posted by Jonathan
The slides for the OpenBSD presentations at OpenCON 2005 are now available. Peter Valchev posted the links on misc@openbsd.org.
Peter also described the Venice v2k5 ports hackathon that was held right before the conference. See his post for details or his presentation slides about the hackathron.
The other presentations are:
OpenBSD Ports and Packages by Marc Espie
An overview of the current state and some of the new features like FETCH_PACKAGES and FORCE_UPDATE.
OpenBSD Networking Update by Henning Brauer
Interesting information about PF, OpenBGBD, OpenOSPFD, DoS migration, and crazy ideas for the future like a fast path through the network stack for forwarded connections with an already set up state.
Porting OpenBSD by Niall O’Higgins and Uwe Stühler
How to port OpenBSD to another architecture and a status update on the Zaurus port.
Exploit Mitigation Techniques by Theo de Raadt
Theo’s famous presentation on the exploit migration techniques used in OpenBSD with some updates on the new random malloc and mmap stuff.
UPDATE:
Undeadly.org has a write-up on the ports hackathon here.
