Ctrl-Alt-What?

Posted on December 18, 2008 by Sander

I run a VMWare Server 2.0 installation so I can test Apache and other things on a wide variety of operating systems. Recently, I’ve been fighting to send Ctrl-Alt-Delete to the remote console of a VM from my Ubuntu workstation… some operating systems work better with Ctrl-Alt-Delete, but the moment you press Ctrl-Alt the console releases input focus. On a Windows client, you use Ctrl-Alt-Insert because the local operating system will catch the real thing.

It turns out you are to press the Del key on the numeric keypad, not on your main keyboard, to send the key combo to the console. I’m blogging this so the LazyWeb learns of it, and when next I forget I can Google for my own post.

VMWare Server rocks: the price is more than right, which allows me to do my Open Source work without paying Closed Source prices. And that in turn benefits VMWare because some of their stuff is clearly based on Apache Software Foundation projects.

Hardening Apache Presentation Book List

Posted on November 18, 2008 by Sander

At the end of my Hardening Enterprise Apache Installations Against Attacks presentation at ApacheCon US 2008 I had a slide of interesting reading material. Here are the books on the list, and links to some of the articles: Continue reading →

Security Roadmap for ApacheCon US 2008

Posted on November 5, 2008 by Sander

At the end of my conference presentations, I usually put a Conference Roadmap slide. This slide shows sessions at the conference that are related to mine, and that attendees may find worth while to check out. For my Hardening Enterprise Apache Installations session this coming Thursday, I would suggest the following related conference content:

Training: Web Application Security Bootcamp by Christian Wenz
Thursday, 9AM: Hardening Enterprise Apache Installations Against Attacks by yours truly
Thursday, 10AM: Web Intrusion Detection with ModSecurity by Ivan Ristic
Thursday, 2PM: (In)secure Ajax and Web 2.0 Web Sites by Christian Wenz
Thursday, 3PM: Geronimo Security, now and in the future by David Jencks
Thursday, 4:30PM: Securing Apache Tomcat for your Environment by Mark Thomas
Thursday, 5:30PM: Securing Communications with your Apache HTTP Server by Lars Eilebrecht

Besides the training (which happened on Monday), this means that you can pretty much stay in the same room all Thursday and catch all the Security-related talks. In addition, of course, this track will be streamed live for a modest fee, so you can watch from the comfort of your own office if you find yourself unable to make it to ApacheCon this year.

Celebrating Obama Victory

Posted on November 5, 2008 by Sander

This is the Next Generation Brass Band in New Orleans, celebrating Barack Obama’s presidential election victory on the corner of Bourbon Street in New Orleans.

This was more fun than all the Bourbon Street craziness combined.

SQL Considered Harmful

Posted on November 4, 2008 by Sander

According to the Web Hacking Incidents Database 2007 Annual Report, SQL Injection is still the most common attack vector for security breaches on websites. Consider the following cartoon:

Why is it that our websites almost universally use a data access language whose statements can be completely subverted by the parameters fed into the queries? The problem is that Continue reading →

ApacheCon New Orleans, day 1

Posted on November 3, 2008 by Sander

Flew into New Orleans late last night for ApacheCon US 2008. The taxi booth at the airport actually has a flat rate posted: $28 for travel to Downtown or the French Quarter. Our cabbie charged us $30, which is close enough. We went for coffee and beignets at Cafe Du Monde, which is part of New Orleans, The Ride. Beignets are like donuts, except with more powdered sugar and slightly undercooked which may not be intentional.

ApacheCon Jack-o-Lantern

Posted on November 1, 2008 by Sander

Last night we made an ApacheCon US 2008 Jack-o-Lantern! It projects “ApacheCon 2008” on the wall behind it if there is enough light inside: a Mini-Maglite did the trick, with the lens taken off to make for a nice point source and a crisp image.

Meanwhile, I’ve been working on the slide deck for this week’s presentation at the conference. I think it’s shaping up pretty nicely, although I’m going to have to put a ton of content in the handout. There is simply too much to talk about. However, by putting some of the technical details in the paper handout, I can keep the slides themselves cleaner and improve the flow of the story.

SF Chronicle Special on New Orleans

Posted on October 12, 2008 by Sander

With ApacheCon US 2008 fast approaching, a weekend special on New Orleans in the San Francisco Chronicle might be of interest. Note that the conference is organizing its own volunteer day on the Saturday after, in cooperation with one of the organizations listed in the Chronicle article.

ApacheCon US 2008

Posted on August 1, 2008 by Sander

Registration is now open for ApacheCon US 2008. There will be an Early Bird discount, so register early and Save! The schedule is up and I’m very happy to see the return of the schedule grid that shows the entire conference on one page. J. Aaron has done a great job on the site.

I will be presenting one session at the conference: Hardening Enterprise Apache Installations Against Attacks will discuss security issues with the Apache Web Server and how the developer team reacts to issues as they are found. We’ll also talk about protecting applications that are served by the Apache server and may be the target of attacks that do not subvert the web server itself, but the code behind it.

The first time I did this talk, at AacheCon EU 2008, I ran out of time. There’s so much to talk about! The feedback forms submitted by the attendees did, however, identify some spots I can tighten up, so I’m looking forward to present a new, updated version of the talk this fall.

Hope to see you, first week of November, in New Orleans!

Rendering httpd Development Activity

Posted on June 16, 2008 by Sander

This has already been Slashdotted, but it’s so cool I just had to mention it. Michael Ogawa at UC Davis has graphed the development activity of a number of open source projects, including the Apache HTTP Server. If you run the video, you’ll see developer’s names float in and out as their activity level rises and subsides:

code_swarm – Apache from Michael Ogawa on Vimeo.

If you’re seeing this in syndication, the embedded video may not come across so do click on the post title, or go directly to the movie site. There is a sound control in the movie pane to turn down the perky electrobeat, although it fits the datastream perfectly.

Very cool stuff.

Sander's Weblog

Open Source, Apache, Apple, Cloud and maybe even some Crypto stuff

Category Archives: Apache