by
“Look! He has a rave mounted to the roof of his car!”
–Murray, noticing a DC police cruiser
Sadly, LISA ’06 is just over 24 hours away from coming to a close. As usual, it has been a very rewarding experience, filled with great moments and great knowledge. In an effort to preserve more of what I’ve taken in, I’m making some notes here.
S6: Advanced Perl Programming
Summary: wow.
There is far more to know about Perl than any one person should be able to cram in to their brain, but Tom seems to have accomplished it. I was doing a pretty good job of keeping up with him until the network monitor at work distracted me for a couple minutes. Once I figured out that our entire data center network had indeed NOT gone down (instead it was a problem with the machine running Nagios), I tuned back in only to find that I was hopelessly in the dust. Fortunately, the lunch break arrived shortly thereafter and I was able to resync for the afternoon.
I don’t know why concepts such as typeglobs and Packages were originally so difficult for me to understand… Maybe it was due to me just trying to learn how to make use of them rather than trying to embrace what’s really going on under the hood. With Tom’s explanations, I now “get it.” I liked how the first half the class was staged as a build-up to the Audit class. (“You may be asking yourself ‘Why would I ever need to know this?’ The answer is: ‘It’s important to understanding slide 298.’“) That helped to tie things together for me and definitely put the Audit class on the list of things that I need to start making use of.
The afternoon was not quite as easy to tie together in my mind, partially due to the hearty lunch, but also due to lack of a central theme. Still, it was a very useful collection of concepts to understand and I was able to keep up with it pretty well.
M6: The Latest Hacking Tools and Defenses
I came in to this class thinking that it would talk mostly about tools, techniques and exploits that are commonly used out in the wild. Instead, it was mostly about security auditing. I realize there is a decent amount of overlap between those two bodies of info and I’m not sure how my expectation got skewed from what reality turned out to be. Still, it was an interesting time and I learned about a few neat things like Firebug, Burp and why samy is my hero.
I will make a suggestion on the evaluation that I’d really like to see a class that shows me what the crackers really are doing out there – things that are likely to be less-than-obvious to a whitehat. I don’t have days to spend on a black hat conference, so I’d like to see some of that information brought in to the white hat world here at LISA.
T10: Writing Filters Using “milter”
This one gets my nod as the best training class that I took this time around. Murray did an excellent job of presenting milter and I really feel like I could write a useful mail filter to plug in to my sendmail boxen.
In fact, I definitely need to at least write one to log what exactly comes in on the RCPT TO commands for each message. There have been so many times I have wished I could see this information in the logs on each sendmail server that touched a message on its way through my environment. Having only the alias-resolved addresses in syslog doesn’t give me everything I need in order to tell my users exactly why the To field says so-and-so should have gotten the message, but they didn’t. I also need to be able to see who one mail server thought it was shooting at in order to explain why the next mail server routed the message how it did. This is now an item on my project list back at the shop.