Just a Gwai Lo fun within prescribed limits [?]

Kees Cook was surprised at the ability to find out passwords and data travelling over the wifi network at OSCON:

I feel like I?m beating a dead horse, but I?m appalled at how many people continue to not use encryption. I spent some time yesterday going through my 4.1G of packet capture logs. Generally, I scanned POP, SMTP, IRC, and HTTP traffic. I should probably find better tools than just ethereal, but after finding 45 different POP accounts that were authenticating in the clear, I stopped counting. That put me half way through Thursday, so that?s only a day and a half of OSCON wireless traffic. No one seems to protect their nick on FreeNode, so at least no one?s nick password was sent in the clear. One person logged into Flickr in the clear. One of the accounts was for the speaker I was listening to at one point. I recognized the POP account because it was up on his slides.oscon 2005 wireless sniffing

Before going to the conference, I secured my email connections using SSHKeychain and even donated a little bit to the project during the conference. I like SSH Tunnel Manager's interface better (not only that, but there are some good, if verbose, tutorials at Stopdesign and non literal) but couldn't get it to work with Mac OS X Tiger. I'd be a little more surprised if anybody was logging into things at a conference like, say, DEF CON, but still, almost 4 dozen open source aficionados not securing their connections is about 3 dozen more than expected. Kees has some tips for securing connections while in an environment where those that might sniff wifi data are present, though they may still be too much for most non-technical users conducting transactions over the Internet. | Kees Cook was surprised at the ability to find out passwords and data travelling over the wifi network at OSCON:

I feel like I?m beating a dead horse, but I?m appalled at how many people continue to not use encryption. I spent some time yesterday going through my 4.1G of packet capture logs. Generally, I scanned POP, SMTP, IRC, and HTTP traffic. I should probably find better tools than just ethereal, but after finding 45 different POP accounts that were authenticating in the clear, I stopped counting. That put me half way through Thursday, so that?s only a day and a half of OSCON wireless traffic. No one seems to protect their nick on FreeNode, so at least no one?s nick password was sent in the clear. One person logged into Flickr in the clear. One of the accounts was for the speaker I was listening to at one point. I recognized the POP account because it was up on his slides.oscon 2005 wireless sniffing

Before going to the conference, I secured my email connections using SSHKeychain and even donated a little bit to the project during the conference. I like SSH Tunnel Manager's interface better (not only that, but there are some good, if verbose, tutorials at Stopdesign and non literal) but couldn't get it to work with Mac OS X Tiger. I'd be a little more surprised if anybody was logging into things at a conference like, say, DEF CON, but still, almost 4 dozen open source aficionados not securing their connections is about 3 dozen more than expected. Kees has some tips for securing connections while in an environment where those that might sniff wifi data are present, though they may still be too much for most non-technical users conducting transactions over the Internet.

This being my third technology conference, after Gnomedex and Northern Voice, OSCON beat expectations which were higher than my expectations than Gnomedex. On a subject level, it probably didn't beat Northern Voice, but on a fun level, it definitely beat both of the two, Gnomedex being the conference, out of the three, that I enjoyed the least. That was mostly because of a lack of sleep and lack of breakfast, both not a problem at OSCON. This conference was pretty cool too because there were some people I met that I had "known" already, like Eleanor Kruszewski and some "new" people, like Joi Ito very briefly, whom I "know" from the #joiito IRC channel on irc.freenode.net. The convention is over now, and while my Bryght colleagues BoF it up with other Drupalians, I'm cooling off in my hotel room and trying to figure out what, if anything, to do tonight and tomorrow. In the meantime, here's a list of all the books I've either purchased, got free, or somehow managed to acquire without paying for:

• Dive Into Python by Mark Pilgrim: mostly out of fanboydom for the author, who still writes semi-publicly on comments and email lists, but who wrote unbelievably great articles for his now-defunct weblog and currently-home page dive into mark. I had initially wanted to buy the book through Amazon.com through his associates ID so that as much benefit as possible would go to him, but 20% off at a conference I was attending for work was a sweeter deal. (I've linked the title above to his associates ID.)
• Linux in a Nutshell, 5th Edition by Ellen Siever, Aaron Weber, Stephen Figgins, Robert Love and Arnold Robbins: I think I already have a copy of this, and have exactly zero personal computers at my disposal that run it. I don't use my PC much for Windows stuff anymore, so this book will come in handy eventually.
• The Best Software Writing I by Joel Spolsky: deceptively, this is a book by Apress, who had a booth at OSCON, and they gave me a t-shirt because, along with Dive Into Python, that constituted a two-Apress-book-at-one-time purchase. This looks really good, as a quick flip-through makes it seem as if it focusses on the human element of software development, rather than the technology or the code itself.
• Advanced PHP Programming by George Schlossnagle: it was sitting on a table with a small booklet that I must have dropped along the way. It covers PHP 5 and doesn't really seem to cover XML at all except indirectly through sections on XML-RPC and the MetaWeblogAPI.

Though not by any means a comprehensive haul, I got some t-shirts too:

• two for my friend on the East Coast. One that says "I'm a Bryght girl" (I just created a PubSub feed—RSS and Atom for those at home—to watch for people who specifically mention they are either wearing theirs or see a woman wearing one on the street) and another for "My CMS kicks your CMS's ass".
• I got one of the latter for myself, in a guy's size and colour.
• an ActiveState t-shirt for filling out a survey, telling them thanks for hosting PHP meetups at their Vancouver office every month or so
• a shirt that doubles as an invitation to a party I will probably not attend

That's it. I was complimented at least three times today on my Creative Commies t-shirt, which I bought months ago.The only sessions I attended during the week were the CalDAV session, Sam Ruby's Python session briefly (as already mentioned), and Zak Greant's session on ext/mysqli for PHP 5. No non-technical books purchased, at least not yet. Powell's is 3 blocks away, so that shouldn't be a problem. When packing for the trip, I did keep room in my backpack for a few things to take back to Vancouver with me, including a laptop cooling stand that I so desperately need.

Got an unexpected phone call from longtime online friend and sometime phone buddy Lisa just now. Not unexpected in the "if" sense, but unexpected in the "when" sense. Her timing was impeccable, though, and I just got off the phone with her, as evidently long distance here is free or something. Add that to the list of reasons why I like America. She always catches me when I'm in my rare talkative modes, so I always interrupt her, to either her annoyance or to her amusement, depending on how funny the remark is. Talkativeness, which is evidently a real word, only really happens in America. Add that to the list ...

I'm pretty sure announcing this will have both negative and positive repercussions, but we now have an agreement in principle that she will become my company's creative director—which evidently means a large office full of painting supplies—when I become The Man. Becoming The Man or working for him is something I generally try to avoid unless the people are cool and the ideas are interesting, but the future is bryght. Sorry, bright.

The night appears to be both young and mine (and the night is lookin' might fine), and Powell's is just down the street as are a bunch of other cool stops. Something tells me either SW or NW is the neighbourhood I'd move to if Portland is the destination, but that depends on a lot of things, each of which are a single point of failure, to repeat a phrase bouncing in my head at the moment, thanks toBrad.

OSCON is effectively over now, and I have sort of a recap that mostly talks about the books and t-shirts I got at my "new" site, Undeniably Geeky. It's the successor to the weblog I don't update anymore, MovableBlog, mostly because it has "blog" both in the title and the URL.

Got back from the Portland Coffee House and dropped $7 on a $3 coffee ($4 tip, since the couple hours I spent there while drinking fancy coffee with free wi-fi watching indie girls go in and out was worth that much), having snuck away from my group to hang out there for a couple hours. I'm going to try to sneak out a few more times, probably late at night. Chances are I'll be wearing a Bryght shirt, so if you see someone wearing such a shirt, it's either a) me or b) someone with a Bryght shirt, since we have some to give away. If it's someone else, they're probably cool too, so you can't really go wrong if you're on Alder and Broadway and looking for a geek to talk to. This week, though, you probably won't have trouble finding such a person in Portland, as it's it's geek season in the Rose City, at least more than usual.